last executing test programs: 1m32.55974601s ago: executing program 4 (id=536): r0 = socket$netlink(0x10, 0x3, 0x15) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700070053a577d1e8f1012300010000005600006425000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 1m11.901118364s ago: executing program 4 (id=536): r0 = socket$netlink(0x10, 0x3, 0x15) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700070053a577d1e8f1012300010000005600006425000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 54.849836254s ago: executing program 4 (id=536): r0 = socket$netlink(0x10, 0x3, 0x15) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700070053a577d1e8f1012300010000005600006425000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 42.657403436s ago: executing program 4 (id=536): r0 = socket$netlink(0x10, 0x3, 0x15) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700070053a577d1e8f1012300010000005600006425000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 31.208088606s ago: executing program 4 (id=536): r0 = socket$netlink(0x10, 0x3, 0x15) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700070053a577d1e8f1012300010000005600006425000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 11.943311396s ago: executing program 4 (id=536): r0 = socket$netlink(0x10, 0x3, 0x15) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700070053a577d1e8f1012300010000005600006425000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 3.707192389s ago: executing program 3 (id=1466): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000080)=ANY=[@ANYRESHEX, @ANYRES64=0x0, @ANYRESOCT=0x0, @ANYRESOCT], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x90) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000100)={'tunl0\x00', &(0x7f0000000340)={'syztnl0\x00', 0x0, 0x40, 0x700, 0xac, 0xe44, {{0x1d, 0x4, 0x2, 0x36, 0x74, 0x65, 0x0, 0x5, 0x2f, 0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@generic={0x94, 0x10, "d6437e0fb72aefe2e13076fae1cb"}, @noop, @noop, @cipso={0x86, 0x38, 0x3, [{0x2, 0xb, "1340009c4791fbed04"}, {0x5, 0x6, "d0dfba66"}, {0x1, 0x11, "249dab8daf946e09df82b175254301"}, {0x5, 0x10, "a5392f5ee6728845357cabdb87d9"}]}, @ra={0x94, 0x4}, @end, @timestamp_addr={0x44, 0xc, 0x50, 0x1, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4}]}, @noop, @end]}}}}}) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400)=0xffffffffffffffff, 0x4) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x40, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x3, 0x5}, 0x48) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000000)) write$cgroup_int(r4, &(0x7f0000000200), 0x44000) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) setsockopt$packet_drop_memb(r4, 0x107, 0x2, &(0x7f00000001c0)={r5, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x16}}, 0x10) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x4}, 0x48) r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000005c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0xfffffffc, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5}, 0x48) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0xf, 0xf, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {0x85, 0x0, 0x0, 0xba}}, {}, [], {{}, {0x5}}}, &(0x7f00000010c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r9 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000680)=@generic={&(0x7f0000000640)='./file0\x00', 0x0, 0x10}, 0x18) ioctl$sock_inet_udp_SIOCINQ(r4, 0x541b, &(0x7f00000008c0)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r0, 0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)=r0}, 0x20) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000800)=@bpf_lsm={0x1d, 0x9, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9}, [@ldst={0x3, 0x4, 0x1, 0x1, 0xa, 0x10, 0x4}, @exit, @generic={0xf8, 0x3, 0x3, 0x1, 0x8}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @jmp={0x5, 0x0, 0x3, 0xa, 0xa, 0x100}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}]}, &(0x7f0000000000)='GPL\x00', 0xff, 0xc0, &(0x7f0000000280)=""/192, 0x41100, 0x8, '\x00', r1, 0x1b, r2, 0x8, &(0x7f0000000440)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000000480)={0x0, 0x1, 0x90c5, 0x8}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000780)=[r3, r4, r6, r7, 0xffffffffffffffff, r8, r9, 0xffffffffffffffff, r10], &(0x7f00000007c0)=[{0x4, 0x3, 0x8, 0xa}, {0x1, 0x1, 0x9, 0x1}, {0x0, 0x4, 0x3, 0x6}, {0x1, 0x1, 0x2, 0xc}], 0x10, 0xc953}, 0x90) 3.597728931s ago: executing program 3 (id=1467): mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0xb, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000000)={0x28, 0x0, 0x0, @host}, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000080000000008100000008000300", @ANYRES32=r4, @ANYBLOB="0a000600ffffffffffff0000060066008e8800002200330008030000080211000001080211000000ffffffffffff00000802110000010000040067"], 0x58}}, 0x0) mmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x90013, r0, 0x0) socket$xdp(0x2c, 0x3, 0x0) r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000500)={r0}, 0x8) connect$vsock_stream(r5, &(0x7f0000000540)={0x28, 0x0, 0x0, @hyper}, 0x10) r6 = socket(0x1, 0x3, 0x0) bind$unix(r6, 0x0, 0x0) sendmsg$NL80211_CMD_GET_POWER_SAVE(r6, &(0x7f0000000740)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000140)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="200026bd7000fedbdf253e0000000c009908000001005e00000052c11331c2056bd195eef3eee6f434546ed8e087b72d859bfcc3178a9bf34042eaa0a3bd51c5e516a7f99b2724c03d678d47bb129d53ad4d902c2e45c5c6c43497793b49e1776f2fb0435a5120c76649adda182611c977ce2c7d7b47a039ea04809f7d4e5bb0a3f2f3b4e53881372fa4a7550ed589ca14"], 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x40000) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000033c0)={&(0x7f0000000000)=""/5, 0xa00000, 0x1000}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0xb, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7fff8, 0x0, 0x0, 0x0, 0x355c}, [@call={0x85, 0x0, 0x0, 0xb3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x37}, @alu={0x7, 0x0, 0x6, 0x7, 0x0, 0xffffffffffffffe0}, @generic={0xfb, 0x6, 0x4, 0xff, 0xba}, @call={0x85, 0x0, 0x0, 0x5d}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0xa, 0x0, 0x0, 0x0, 0x1}]}, &(0x7f0000000280)='GPL\x00', 0x9, 0xe9, &(0x7f00000002c0)=""/233, 0x40f00, 0x41, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000003c0)={0x2, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000004c0)=[0xffffffffffffffff], &(0x7f0000000640)=[{0x5, 0x2, 0x7, 0xc}, {0x3, 0x3, 0x4, 0x9}, {0x4, 0x4, 0xf, 0x8}], 0x10, 0x4}, 0x90) getuid() setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f00000005c0)={0x67, 0x4, 0x1, 0x6, 0x0, [@mcast1, @private2={0xfc, 0x2, '\x00', 0x1}]}, 0x28) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000580)={0x2c, 0x3, 0x1, 0x301, 0x0, 0x0, {}, [@CTA_MARK={0x8}, @CTA_ID={0x8}, @CTA_STATUS_MASK={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r9) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) writev(r8, &(0x7f0000000800)=[{&(0x7f0000000c00)="89e7ee2c7cdad9b4b47381", 0xb}, {&(0x7f00000005c0)="c288fb", 0x3}], 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) 2.197348806s ago: executing program 1 (id=1471): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000140)=@framed={{}, [@printk={@lli, {0x3, 0x3, 0x3, 0xa, 0x1, 0xfe00}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xc7}}]}, &(0x7f0000000040)='syzkaller\x00', 0x1, 0xfe7, &(0x7f0000001e00)=""/4071, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xb0ffffff}, 0x90) 2.175110511s ago: executing program 0 (id=1472): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000000000000feff000000000a20000000000a010100000000000000000a0000005700010073797a310000000014000000020a010100000000000000fffffff00020000000020a01040000000000000000020000000900010073797a30"], 0x7c}}, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000180), 0x12) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="200000002000ff07090f9becdb4cb96b0a000000ff000001000000007bffd290", 0x20}], 0x1, 0x0, 0x0, 0x81000000}, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuset.effective_mems\x00', 0x0, 0x0) close(0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) r1 = socket(0x26, 0x6, 0x10000) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000100), 0x4) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket(0x11, 0x0, 0x0) 2.110958136s ago: executing program 1 (id=1473): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x5}, @NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x1}]}}}, {0x14, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x4}}}]}]}], {0x14, 0x11, 0x1, 0x500}}, 0xd0}}, 0x0) 2.061887679s ago: executing program 2 (id=1474): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001a00010000000000000048880a0000000000000000000000140002"], 0x44}}, 0x0) 2.029828667s ago: executing program 0 (id=1475): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0xb, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100ffffff850007010000f8ffffffb702000008000000b70300000010000085000000c800000095"], &(0x7f00000005c0)='GPL\x00', 0x8}, 0x90) 2.020243444s ago: executing program 1 (id=1476): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1809000000000000006a00000008000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b703000000000000850000000e000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000000000000b70000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x9, 0x1003, &(0x7f0000001e40)=""/4099}, 0x90) 1.947815863s ago: executing program 2 (id=1477): openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000100)=0x4, 0x4) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_group_source_req(r1, 0x0, 0x2d, &(0x7f0000000300)={0x0, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @loopback}}}, 0x108) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x2}, 0x1c) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f00000000c0)=0xffffffff, 0x4) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e20}, @IFLA_GENEVE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8}]}, 0x48}}, 0x0) 1.940582896s ago: executing program 0 (id=1478): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40841, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000740)=ANY=[@ANYBLOB="4001000010000100000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000000000000000000946b82adacb8475362fb16211cb07d0bdc402696f57b72b60c8b8ce00240c5cc7e364789b95a28ad474a3f9b8250c5b3787fa25ef7216ab9f4096045e18345191267cb9f0e7176e3c2d6061f756a769b7b433db08cb13d9a4a8a2d185a54ea7d0d268654e2cac31979574e904eec72ca79c3e7c81ae89e3a2ae780", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000006c000000ac1414bb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000480003006465666c617465000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800180005000000"], 0x140}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000062010b00000000009500000000000005a9180fad4db1fc11018f8a52680ff4e4306b07aa7898d361d92046b7cb"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) getsockopt$sock_buf(r1, 0x1, 0x37, 0x0, &(0x7f0000001000)=0x29) (async) getsockopt$sock_buf(r1, 0x1, 0x37, 0x0, &(0x7f0000001000)=0x29) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x12, 0x8, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000009701b36e3e8b77f400004b9cee37b65edec2ead2ff66f2f600000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7030000000000008500000039000000b7000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r4 = socket$kcm(0x2, 0xa, 0x2) accept4$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000080)=0x1c, 0x80000) (async) r5 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000080)=0x1c, 0x80000) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000002b00)=ANY=[@ANYBLOB="b702000007000000bfa300000000000007030000f0ffffff7a0af0ff0020000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26ffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a55b000000c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2d90addedc28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000801989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c1f860d050d694cc7806d294d3665016a7b29da0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d40887c58559b7dcb98a6273b8c651e57f727041c62cea5b7bd24d9f679e4fbe948dfb4cc4a389469608241630459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b83720eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb89872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebed161980f2fde4f9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e4bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802c8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000ff0ffd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af0be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99e85b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5359dbdfbf31a562395020becaf3fd1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4b28288e78980c1184d8223edbc4bf9258b7374e79a8f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b5524642c248aa813edaa626f0000000000000000000000000000000003ba5bac34b611569a451564d3a5400f9097ffe7a37e765bc652be71ee24250d6d9cf19878dd62c53062d6000c40bde6a6135eae8a00000000008d797190a26c933f933aff5c521eeb7a84a62d149d846e74e76b515b6b8be29e8b69310fa130cf6d6b74f33205d3cc218ca554ed8085ae044f5bf2e89ad07963acbd4dd4dc5b4552591edde7a22ad06f7567e6fec2f65011b579bf609d61a3ff4d6f490824bb035995449fc34106ae6889f036d67b6aaee784f855ebc746ac871b5d2031ac0a252ac1f86e93e245f3793cea80b6de773899d49d11d3b1ed79163b111c976cf840a2ef6214a43338fba8c9edb6be26e68fcc5d47ed74a66ce8aba726ab955b9b32ab1890e84a5e2d7476252af25e5c95c5a8b2b1b5c8a2645b01b823c0f169d6ab529cc889bb07889d9e155114cf3e26a50c527ec6d4021cd2cacfea6d7e41e39e26b3967cad65c648b170f12ea9cc69dcee64be0c27b1f4f7f5ce3e62c35602c9d2921326891901661c85b988494f094abb91ed813b42828aa93105896e0aee851a8087e169a1d69e841257d9053d0cdc3a6ac4f12084cc6470abebe8b344b1f56690a2687b428686c854c21831da277e8b8a21b7b91a46d22ba083eca7b1f8268048cde7d6f237dca42035881b29ca9c8c2937971821b613894297ff6f7796053a4de1fd77e180cc22b205d43bb4a1b59962c1f605ea1b74585cf5e8d579f157cb45561c357f9976cec6a43388b3049a0d9c171ff6145266ba119d00000000001ef3794a930eb12f3a6215c510bf0bca70c127e9c70cc7bef921249a7f18a0034ce3264a9e96656b47233e2ed7c76520e649c3fd550bdafd77c5cd72b4446d3e157ddd97e7622a6891fb739acd3b2cdaf65ac78490f0641be6e8c6f55bf3d228786895ff5fd5970faacd8a5025aca0aa1931f477ba06aa60051298c8bf7f3b399194f98dc3f4e8513ad06da09dc393c1284515986b8c70ac69512f6c0c04f42edb3a097a11f2ab480e3e391abffae097752300576337c6dd24c4a98280684aa1fe8c7b43ee8bce05fe979b34da18cdb44dbb030b8009cd3b3b44fd8e7b534acd3f1839cb54817668ab446d3d47848429ea831a57f222c714870582a8832c2a326c5d1e406c8b05dedddceb24483f8f998b05c3ddf85c3799c9000000000000000000000000001e57cf839eb3150d6a076fb7b86fae98dbb46014f483aecb4ec4f0877371bcae8912c78aff857c669760f0e55041563c5c3e8ee4a0eef885fd43fe34a1febc82370d1d07fdfe705ada47288e41e7e6ee82d66b99ae4b0889fe949e7342ca97c1a64dcc7f6a0c0da07de8c808b4caec54820f856889fc5f1af3d675206e3257f974d6e45ff1e905c2f0fc0173ac6714acaaca2397bee23630ecaa2c1c6ddc3085689a033d6d41a1a7ac59baec299158faa52308856805f2130863f4668e27b8bbef4f4cd43a2fd294b5b0bf2b0e4afbe570c54aa214579ca0caf54231d00a94eda2be6f037e2befdd03bf152f696ca1d1ea86eb7ee1f021062ad71246dae1580c4f959a320912032ed468a8ed9f27a2258ddf465de77a51b4713bc6b789a0e8b203f0f592ddb27aa90989a9e0cb624bc34e7d6ebf156ea251e3a2f83ada9f0b70035e8ed200a52b00"/3910], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r9, 0xe0, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000440)={@map, 0xffffffffffffffff, 0xd, 0x0, 0x0, @prog_id=r10}, 0x20) (async) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000440)={@map, 0xffffffffffffffff, 0xd, 0x0, 0x0, @prog_id=r10}, 0x20) sendmsg$nl_route(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000011000500000000000000000007800000", @ANYRES32=r8, @ANYBLOB="00000000000000000c001a800800058004000380"], 0x2c}}, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000100)={@private2={0xfc, 0x2, '\x00', 0x1}, 0x2e, r8}) (async) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000100)={@private2={0xfc, 0x2, '\x00', 0x1}, 0x2e, r8}) r11 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_TIMESTAMP(r11, 0x1, 0x40, &(0x7f0000000000)=0x8, 0x4) (async) setsockopt$SO_TIMESTAMP(r11, 0x1, 0x40, &(0x7f0000000000)=0x8, 0x4) getsockopt$SO_TIMESTAMP(r11, 0x1, 0x41, &(0x7f0000000040), &(0x7f0000000080)=0x29) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r12 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r12, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6c01000017000100000000000000000000000000000000000000ffffac1e00010000000000000000e0000002000000000000000000000000fe8000000000000000000000000000002001000000000000000000000000000200"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa0000000000000000000000002001000000000000000000000000000100000002000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000f4ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000044000800000000000000000000000000000000000000000000000000000000007f00000100"/196], 0x16c}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$inet_icmp_raw(0x2, 0x3, 0x1) (async) r13 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendfile(r13, 0xffffffffffffffff, &(0x7f0000000040)=0x6, 0x3) ioctl$sock_inet_SIOCADDRT(r13, 0x890b, &(0x7f0000000100)={0x0, {0x2, 0x4e23, @remote}, {0x2, 0x0, @loopback}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x36}}, 0x107}) write$tun(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000ffffffffffffaaaaaaaaaaaa88a8"], 0xfdef) (async) write$tun(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000ffffffffffffaaaaaaaaaaaa88a8"], 0xfdef) 1.8954503s ago: executing program 1 (id=1479): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x2, 0x8, 0xb}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket(0x40000000015, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}, 0x1c) bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendmsg$xdp(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x50}}, 0x8000) sendmsg$NFT_BATCH(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a280100000b0a01010000000000000000010000000900010073797a30000000000c000b400000000000010000e8000980e4000280140001800800015200000080080001400000000114000180080001400000000008000140020010001c000180080001400000000508000140000000040800014000000008440001800800014000000101080001400000008008000140000000070800014000001000080001400000000408000140000000020800014000000b9b0800014000000004440001800800014000000006080001408000000108000140000003ff0800014000000001080001400000000908000140000000090800014000000008080001400000000814000180080001400000010008000140000000710c0010"], 0x150}, 0x1, 0x1200000000000000}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) unshare(0x20000600) ppoll(&(0x7f0000000000)=[{}], 0x46, 0x0, 0x0, 0x0) 1.797728433s ago: executing program 1 (id=1480): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) unshare(0x400) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x6}, 0x4) ioctl$sock_inet_SIOCSIFDSTADDR(r2, 0x8918, &(0x7f0000000440)={'wlan1\x00', {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}}) setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x30, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x34, 0x0, 0x8, 0x101, 0x0, 0x0, {}, [@CTA_TIMEOUT_L3PROTO={0x6}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_DATA={0x4}]}, 0x34}}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x20, 0x1, 0x8, 0x5, 0x0, 0x0, {}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0) syz_emit_ethernet(0xfdef, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800450000380000000000019078ac1e0001ac1414aa030090780300000045000000000000000dbc74000000000000000000000000040022ebff"], 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x24, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0x4}, @IFLA_GROUP={0x8}]}, 0x2c}}, 0x0) sendmsg$inet(r0, &(0x7f0000000680)={&(0x7f0000000300)={0x2, 0x4e22, @empty}, 0x10, &(0x7f0000000600)=[{&(0x7f0000000480)="d0a168ebcf32f8228e0e057a8fbc866825864ecfe7653d7c0c54d014b66f0bb3dd8b8e92533235261ba8c44a9d14b472ccb3e19704030b269d4deff06c3842e648307632b2bdf93d8851afbd88431f0b0bfa01933a416966b8acace30493fefd3617e72a6466b046c7bc38e18b4f6a6a3f5202a11e62c0638e895edb25bd6404a79beae2fdbd228d64bb78d04ebccbeb77b048fc82615817e5cbe867325d864b5bc5b745e6e181422860cceb4d33e2e1a7bf6e70cb5ba36082a1469daffddec0566b53417c0d461764", 0xc9}, {&(0x7f0000000400)="e9a391a7", 0x4}, {&(0x7f0000000580)="2b03299ab79f0b904e06f7b877fa4950c8e0833176278d57f97bb2d1786068b358c48178e0bcba8e24e91b01562ddf235867cb871ee4bbafe0cc0ead2f0addbc8631e1288893260a8bf469cc6208c4e2fab377995233516651523c873c29cee5ba20e7ddb6a77cea", 0x68}], 0x3, &(0x7f0000000640)}, 0x40041) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r1}, 0x10) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r6, &(0x7f0000000280)={0x0, 0xb00, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="380000000b060101000000000000000000000000100007800c00018008000140e000000205000100070000000900020073797a31"], 0x38}}, 0x0) r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r5}, 0x8) close(r7) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r9, 0x0, 0x0) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r7, &(0x7f00000008c0)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000880)={&(0x7f0000000800)={0x70, r10, 0x5, 0x70bd25, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}]}, 0x70}, 0x1, 0x0, 0x0, 0xa000}, 0x20000084) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r7, 0x84, 0x73, &(0x7f0000000700)={0x0, 0x7, 0x20, 0x7, 0x5}, &(0x7f0000000740)=0x18) syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r7) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) r11 = openat$cgroup(r8, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) openat$cgroup_subtree(r11, &(0x7f0000000180), 0x2, 0x0) 514.406924ms ago: executing program 3 (id=1481): socket(0x8, 0x0, 0x0) r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYRES32=r2, @ANYBLOB="14000200fe8000000000000000000000000000aa080009003f0c000014000100ffffffe0000000000064"], 0x48}}, 0x0) 482.638438ms ago: executing program 2 (id=1482): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000b40)={0x48, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_TAGLST={0x24, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}, {0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x1}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0xffffffffffffffff}]}, 0x48}, 0x1, 0xffffff7f00000000}, 0x0) 351.14075ms ago: executing program 2 (id=1483): r0 = socket$inet(0x2, 0x4000000805, 0x0) listen(r0, 0x3f) (async) sendmmsg(r0, &(0x7f0000000100)=[{{&(0x7f0000000000)=@un=@file={0x1, './file0\x00'}, 0x80, &(0x7f0000000300)}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0x80}}], 0x2, 0x0) (async) r1 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz1\x00', 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000040)='blkio.bfq.idle_time\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000080)=0x20) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0) 350.653762ms ago: executing program 1 (id=1484): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)={0x80, 0x0, 0x2, 0x401, 0x0, 0x0, {0x2}, [@CTA_EXPECT_TUPLE={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x2}}]}, @CTA_EXPECT_MASK={0x24, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASTER={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x80}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$inet6_icmp(0xa, 0x2, 0x3a) r1 = socket(0x2b, 0x80801, 0x1) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x4001, 0x3, 0x2b0, 0x138, 0x0, 0x148, 0x0, 0x148, 0x218, 0x240, 0x240, 0x218, 0x240, 0x7fffffe, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'ip6gretap0\x00', 'netdevsim0\x00'}, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@unspec=@connlabel={{0x28}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private1, 'ip6erspan0\x00'}}}, {{@ip={@local, @loopback, 0x0, 0x0, 'veth0_vlan\x00', 'macvtap0\x00'}, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28, 'rpfilter\x00', 0x2}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x310) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x9, 0x2, &(0x7f0000000100)=@raw=[@ldst={0x1, 0x0, 0x4, 0x0, 0x1, 0x20}, @jmp={0x5, 0x0, 0x9}], &(0x7f0000000000)='GPL\x00'}, 0x90) r6 = socket$inet6_udp(0xa, 0x2, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMKSA(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x44, r10, 0xf2473ed90fb552e1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x8000}, @NL80211_ATTR_PMKID={0x14, 0x55, "7480687fd2c4dbf658cbed78fa8c1143"}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@device_b}]}, 0x44}}, 0x0) sendmsg$NL80211_CMD_SET_MCAST_RATE(r7, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, r8, 0x8, 0x70bd29, 0xffffffff, {{}, {@val={0x8, 0x3, r11}, @val={0xc, 0x99, {0x0, 0x4}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xa}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x3c}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x5a}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xb4}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x78}]}, 0x50}, 0x1, 0x0, 0x0, 0x4805}, 0x20000081) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000500)=@nat={'nat\x00', 0x2, 0x5, 0x528, 0x298, 0x298, 0xffffffff, 0x388, 0xf0, 0x458, 0x458, 0xffffffff, 0x458, 0x458, 0x5, 0x0, {[{{@uncond, 0x0, 0xa8, 0xf0}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv4=@local, @ipv6=@mcast2, @icmp_id, @gre_key}}}, {{@ipv6={@private2, @rand_addr=' \x01\x00', [], [], 'pim6reg1\x00', 'lo\x00'}, 0x0, 0x160, 0x1a8, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @private2, @private0, @private0}}, @common=@ipv6header={{0x28}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv6=@private0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @icmp_id}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x0, @ipv6=@local, @ipv6=@empty, @gre_key, @icmp_id}}}, {{@ipv6={@mcast1, @empty, [], [], 'bond_slave_1\x00', 'nicvf0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x588) r12 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r12, 0x89f1, &(0x7f00000007c0)={'sit0\x00', &(0x7f00000006c0)}) r13 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r13, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x4}, @IFLA_BOND_AD_USER_PORT_KEY={0x6, 0x19, 0x2}]}}}]}, 0x44}}, 0x0) sendmsg$IEEE802154_SET_MACPARAMS(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r3, 0x1}, 0x14}}, 0x0) sendmsg$NL80211_CMD_SET_BEACON(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x8f4}}, 0x2400c009) 349.838084ms ago: executing program 0 (id=1485): socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000080)=0x3, 0x4) (async) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c) (async) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000440)='GPL\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r3}, 0x10) (async) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000100)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x7f}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x2}]}, 0x40}, 0x1, 0x0, 0x0, 0xa388c328aa26be3f}, 0x8000) (async) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) (async) r7 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r7, &(0x7f0000000380)={0x2, 0x0, @remote}, 0x10) (async) sendto$inet(r7, 0x0, 0x0, 0x20008004, 0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r8, 0x4000) sendmmsg(r7, &(0x7f00000033c0)=[{{&(0x7f0000000000)=@rc={0x1f, @fixed}, 0x80, 0x0}}, {{&(0x7f0000001900)=@can, 0x80, 0x0}}], 0x2, 0x0) (async) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01001c0000004095b4b2bc000008000300", @ANYRES32=r9, @ANYBLOB="080026006c09000008009f0007000000"], 0x2c}}, 0x0) (async) r10 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="1400000037000b63d25a80648c2594f90524fc60", 0x14}], 0x1}, 0x0) 305.948792ms ago: executing program 3 (id=1486): getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c0000001800ffff00000000000000000a000000ff000009"], 0x1c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5c0000001000390400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000003c0012800b000100697036746e6c00002c0002801400030020fd0000ffffa888000000000000000114000200fc"], 0x5c}}, 0x0) 194.291769ms ago: executing program 3 (id=1487): r0 = socket$kcm(0x2, 0x3, 0x84) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1, 0x0, 0x0, 0x7400}, 0x0) sendmsg$inet(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000007000000890704e068000000110000000000000000dbc790ad000000fc000000fdef00001400000000000000000000000100000004000000000000001c000000000000000000000008"], 0x68}, 0x0) 172.368108ms ago: executing program 0 (id=1488): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-avx2\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$kcm(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000580)="7acefe397314b582d9872ceca6b9446e5d8e78836f82b4cc6cbc22691f89bbd44fa88e08908d8e4c7bc078d289f31804e4b4a8e1eb78633f38b0ab14424ccfe48cf6667e298a371233c52791fb9a3e27c4bdd5e6f911448d13bac299e6ac1a27ba1147e1782c1a2fee5ee0352fdb9f5b244bb32865611e4ef2c8d1990ec9524277a0c7aac82b0349fbac2beadaebc01f9dd7cc0b42bc213f769c1a54398dcefa1b9d8d66d5b0d188d92d02af869cc23282327dc8d209e7aba6e8b7a526966847d97707a38d989ac3eed5a1894f98e4f485e3ea2d9950723e8e5796b08fded10ecafcd4fab3f5100083f49011753b58a91f74c7bb1dfdfca56faca3a83ecb538ddb20c086231fbf792a2ad14f409b80fd3ab1648e64b4c574424893d619e6de3aadc95c37793d683f0d46bbb8b5d27ea7a7e983f8a2a54f294559b1e80b0d9964b2b2c830fd783d3a56589513957c9ce2216393676dd05146ba88cb6decf8b36026849efad41402b62b5538b3e5ff58c3a4298d44abc58d5016622a95b6ae17d90a52535f12fc1ac484719599c5a9afe6aefa7298f07b3a61049df20394cf57bb6fab6e66f5a5eb14642c4a5ba4f827dfe64c7fe14df25a556eb8bda9a26d0b6f4281b27edb23acb07cc0fb6a95f93be37c2f05ec8afbe8c57293beb2e2ca5273f5dbcce424b7feab76f9ae2e47667422729877f3d5a5074f173f6e611d8fd1b6987d37785bf8ea0e35788cd0622cde98723204ac5c69313d3da20ccc3e8a907e0b23ff07000030b2c746c91c7a2eee17ea23efd0c658419191e34140fd549620c97fd0530004b1ea5589c8c0bfc75668f0e5535c431c0e0d3c78c43475104a9a1b957849e946587e33604110db4a862ce4960752c640d0251f4bdff38835a7e6cb34b61b9126850523a055439a9b62c0baf5cab6844badc5d8c6be657e529f1665d785aaaa244062f20037302b588c7701459167773933ffce26c63008bf1fe2f12d2df70e682248b34feded8542c930bbf5a918dff9719e784d590a34e83cb28443dace188e45e3729e7e999ea2eaef4ac1e60fa045f67447914ee7bb166190bf00fe4da4a62ee17d19eff5fedfc153e81646098243a391f7ed1db266ca73b71079d59245f62c2012df2b5b65237f1561f5502a7e94d0bf095ef658fb4c3cb814bf1da3c6d659c58622f4b77c55fdb594903aee50fca92096f932078b12543288b16c767b039638380ec705cff60d854c8023dcfeafba9bc7c6375af6b98533f640ce81902f7fdd6cda0494c607dc4fcf4e2d58c1e050cb5ed5886151330014728326c82fc285031d6eda54e21a34c17af93ef27afc6afaeabe6d2428dfb8b3fc9f40667b7af05e5406daac306082c30c7e72d8bd9bb838aadee4a49b9c1bd3820e55bb15fabdf6100ee61fb3e4cfeaad", 0x3f1}], 0x1}, 0x0) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x4) (async) syz_emit_ethernet(0x60, &(0x7f0000000380)={@local, @random="56460a7cef90", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x2a, 0x2f, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, {[], {{0x0, 0x8906, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}, {"9e000000000000008a93d432c48b68505514375b0133"}}}}}}}, 0x0) 170.307399ms ago: executing program 2 (id=1489): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="5cfff000", @ANYRES16=r1, @ANYBLOB="17090000000000000000010000000500070000000000080009000000000914002000ff18000000000000000000000000000108000a0000000000060002000100000014001f"], 0x5c}, 0x1, 0x620b}, 0x0) 1.474554ms ago: executing program 0 (id=1490): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a74000000060a0904000000000000000002000000480004802c0001800a0001006c696d69740000001c0033f62437014000000000000000010c00024000000000000000001800018011000100666c6f775f6f66666c6f6164000000000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a"], 0x9c}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) pipe(&(0x7f0000000040)) r1 = socket$inet(0x2, 0x80001, 0x84) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) (async) bind$inet(r1, &(0x7f0000000180)={0x2, 0xce20, @local}, 0x10) listen(r1, 0x3a5) (async) r2 = socket$inet(0x2, 0x80001, 0x84) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) (async) bind$inet(r2, &(0x7f00000003c0)={0x2, 0xce20, @local}, 0x10) (async) listen(r2, 0x3) (async) listen(r1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_crypto(0x10, 0x3, 0x15) (async) epoll_create1(0x0) socket(0x10, 0x803, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) (async) socket$inet6_udp(0xa, 0x2, 0x0) (async) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f00000005c0)=ANY=[@ANYRES64=r3], &(0x7f0000000000)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x90) socket$nl_route(0x10, 0x3, 0x0) 126.937µs ago: executing program 3 (id=1491): mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0xb, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000000)={0x28, 0x0, 0x0, @host}, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000080000000008100000008000300", @ANYRES32=r4, @ANYBLOB="0a000600ffffffffffff0000060066008e8800002200330008030000080211000001080211000000ffffffffffff00000802110000010000040067"], 0x58}}, 0x0) mmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x90013, r0, 0x0) socket$xdp(0x2c, 0x3, 0x0) r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000500)={r0}, 0x8) connect$vsock_stream(r5, &(0x7f0000000540)={0x28, 0x0, 0x0, @hyper}, 0x10) r6 = socket(0x1, 0x3, 0x0) bind$unix(r6, 0x0, 0x0) sendmsg$NL80211_CMD_GET_POWER_SAVE(r6, &(0x7f0000000740)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000140)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="200026bd7000fedbdf253e0000000c009908000001005e00000052c11331c2056bd195eef3eee6f434546ed8e087b72d859bfcc3178a9bf34042eaa0a3bd51c5e516a7f99b2724c03d678d47bb129d53ad4d902c2e45c5c6c43497793b49e1776f2fb0435a5120c76649adda182611c977ce2c7d7b47a039ea04809f7d4e5bb0a3f2f3b4e53881372fa4a7550ed589ca14"], 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x40000) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000033c0)={&(0x7f0000000000)=""/5, 0xa00000, 0x1000}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0xb, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7fff8, 0x0, 0x0, 0x0, 0x355c}, [@call={0x85, 0x0, 0x0, 0xb3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x37}, @alu={0x7, 0x0, 0x6, 0x7, 0x0, 0xffffffffffffffe0}, @generic={0xfb, 0x6, 0x4, 0xff, 0xba}, @call={0x85, 0x0, 0x0, 0x5d}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0xa, 0x0, 0x0, 0x0, 0x1}]}, &(0x7f0000000280)='GPL\x00', 0x9, 0xe9, &(0x7f00000002c0)=""/233, 0x40f00, 0x41, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000003c0)={0x2, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000004c0)=[0xffffffffffffffff], &(0x7f0000000640)=[{0x5, 0x2, 0x7, 0xc}, {0x3, 0x3, 0x4, 0x9}, {0x4, 0x4, 0xf, 0x8}], 0x10, 0x4}, 0x90) getuid() setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f00000005c0)={0x67, 0x4, 0x1, 0x6, 0x0, [@mcast1, @private2={0xfc, 0x2, '\x00', 0x1}]}, 0x28) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000580)={0x2c, 0x3, 0x1, 0x301, 0x0, 0x0, {}, [@CTA_MARK={0x8}, @CTA_ID={0x8}, @CTA_STATUS_MASK={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r9) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) writev(r8, &(0x7f0000000800)=[{&(0x7f0000000c00)="89e7ee2c7cdad9b4b47381", 0xb}, {&(0x7f00000005c0)="c288fb", 0x3}], 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) 0s ago: executing program 2 (id=1492): sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040), 0xc, 0x0}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0), 0x48) sendmsg$RDMA_NLDEV_CMD_GET(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x10) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000cc0)={'wlan0\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f00000001c0)="79534f3417b39ad1124f60ae1de107bcc10d1f69377ffd17fb5efc724a6ab6f745e1006932e86557cfb14daca97f23e2aeb558c2d49239b42f877a34637d9d2a41caa30f0f5c9c60255e1c4976e42a0eb1e4f415d843429a5b550e7d4b009c4f818455cc956bb85e5eda9608e1ab8b6ab213ce0810c0757783dfb33519efe82eacf172acbcf6be4407f889bfe6200d9c334e7fdd3351bceb0f4f7e0cb635131b7ebb85084ddd7674f3acc738a6c3b6be606d1ee87aad6378cf34d298039211eaf064adb20ca6527e9595bcde3d3588efd3", 0xd1, 0x0, &(0x7f0000000100)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10) sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="2508007a0000000000000700000008000300", @ANYRES32=r4, @ANYBLOB="1400140064756d6d7930000000000000000000001400040076657468315f746f5f626f016400005405005300010000000800050004"], 0x54}}, 0x0) kernel console output (not intermixed with test programs): multicast mode [ 129.156610][ T6759] hsr_slave_0: entered promiscuous mode [ 129.198425][ T6759] hsr_slave_1: entered promiscuous mode [ 129.225206][ T6971] netlink: 36 bytes leftover after parsing attributes in process `syz.1.535'. [ 129.443140][ T6972] tun0: tun_chr_ioctl cmd 35111 [ 130.039833][ T6988] netlink: 8 bytes leftover after parsing attributes in process `syz.2.539'. [ 130.416082][ T5110] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 130.418072][ T7000] netlink: 12 bytes leftover after parsing attributes in process `syz.1.542'. [ 130.442639][ T5110] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 130.451595][ T5110] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 130.458659][ T7000] block nbd0: not configured, cannot reconfigure [ 130.470597][ T5110] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 130.479740][ T5110] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 130.487152][ T5110] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 130.499215][ T6995] dummy0: entered promiscuous mode [ 130.504730][ T6995] macsec2: entered allmulticast mode [ 130.510746][ T6995] dummy0: entered allmulticast mode [ 130.538101][ T6995] dummy0: left allmulticast mode [ 130.560760][ T6995] dummy0: left promiscuous mode [ 130.721581][ T5099] Bluetooth: hci0: command tx timeout [ 131.017704][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.408762][ T7013] pim6reg1: entered promiscuous mode [ 132.414194][ T7013] pim6reg1: entered allmulticast mode [ 132.433274][ T7022] netlink: 24 bytes leftover after parsing attributes in process `syz.2.549'. [ 132.460032][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.549407][ T5099] Bluetooth: hci1: command tx timeout [ 132.641363][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.659925][ T7033] netlink: 16 bytes leftover after parsing attributes in process `syz.2.551'. [ 132.704377][ T7036] netlink: 72 bytes leftover after parsing attributes in process `syz.0.553'. [ 132.743853][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.913298][ T7044] netlink: 44 bytes leftover after parsing attributes in process `syz.1.555'. [ 132.925056][ T7042] netlink: 20 bytes leftover after parsing attributes in process `syz.0.556'. [ 132.995481][ T7050] netlink: 596 bytes leftover after parsing attributes in process `syz.0.557'. [ 133.004096][ T6759] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 133.043729][ T7044] netlink: 44 bytes leftover after parsing attributes in process `syz.1.555'. [ 133.072471][ T7050] netlink: 4 bytes leftover after parsing attributes in process `syz.0.557'. [ 133.091209][ T6759] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 133.133046][ T6759] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 133.170222][ T6759] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 133.192289][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.202300][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.295538][ T6999] chnl_net:caif_netlink_parms(): no params data found [ 133.488593][ T12] bridge_slave_1: left allmulticast mode [ 133.511375][ T12] bridge_slave_1: left promiscuous mode [ 133.517233][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.547577][ T12] bridge_slave_0: left allmulticast mode [ 133.562425][ T12] bridge_slave_0: left promiscuous mode [ 133.654305][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.165251][ T12] ip6gretap0: left promiscuous mode [ 134.434759][ T12] team0: Port device vlan2 removed [ 134.628654][ T5099] Bluetooth: hci1: command tx timeout [ 134.936712][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 134.961273][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 134.980237][ T12] bond0 (unregistering): Released all slaves [ 135.189775][ T7164] netlink: 12 bytes leftover after parsing attributes in process `syz.1.565'. [ 135.331083][ T6999] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.354919][ T6999] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.378531][ T6999] bridge_slave_0: entered allmulticast mode [ 135.400909][ T6999] bridge_slave_0: entered promiscuous mode [ 135.424254][ T6999] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.433337][ T6999] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.447702][ T6999] bridge_slave_1: entered allmulticast mode [ 135.460026][ T6999] bridge_slave_1: entered promiscuous mode [ 135.581701][ T6999] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 135.620264][ T6999] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 135.630929][ T7187] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 135.660437][ T7187] netlink: 'syz.2.572': attribute type 3 has an invalid length. [ 135.689331][ T7187] netlink: 'syz.2.572': attribute type 3 has an invalid length. [ 135.803004][ T6999] team0: Port device team_slave_0 added [ 135.834594][ T6759] 8021q: adding VLAN 0 to HW filter on device bond0 [ 135.865579][ T6999] team0: Port device team_slave_1 added [ 135.996005][ T6999] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 136.014750][ T6999] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 136.061313][ T6999] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 136.143916][ T7212] ebt_limit: overflow, try lower: 0/0 [ 136.163052][ T6999] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 136.168056][ T7214] __nla_validate_parse: 1 callbacks suppressed [ 136.168080][ T7214] netlink: 12 bytes leftover after parsing attributes in process `syz.0.581'. [ 136.177193][ T6999] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 136.213555][ T6999] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 136.402579][ T7212] netlink: 4 bytes leftover after parsing attributes in process `syz.1.580'. [ 136.435883][ T7212] vxcan3: entered promiscuous mode [ 136.481183][ T7222] netlink: 4 bytes leftover after parsing attributes in process `syz.1.580'. [ 136.507207][ T7226] Cannot find add_set index 0 as target [ 136.605555][ T6759] 8021q: adding VLAN 0 to HW filter on device team0 [ 136.622461][ T6999] hsr_slave_0: entered promiscuous mode [ 136.629644][ T6999] hsr_slave_1: entered promiscuous mode [ 136.636164][ T6999] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 136.645776][ T6999] Cannot create hsr debugfs directory [ 136.702407][ T7233] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 136.732730][ T5099] Bluetooth: hci1: command tx timeout [ 136.787413][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.794634][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 136.805776][ T7235] netlink: 76 bytes leftover after parsing attributes in process `syz.2.588'. [ 136.891105][ T7241] netlink: 252 bytes leftover after parsing attributes in process `syz.0.591'. [ 136.920152][ T12] tipc: Left network mode [ 136.931147][ T5147] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.938456][ T5147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 137.101262][ T7251] netlink: 'syz.1.596': attribute type 11 has an invalid length. [ 137.167127][ T7252] veth1_virt_wifi: entered promiscuous mode [ 137.186053][ T7246] veth1_virt_wifi: left promiscuous mode [ 137.305942][ T7259] netlink: 12 bytes leftover after parsing attributes in process `syz.0.599'. [ 137.312477][ T7260] netlink: 4 bytes leftover after parsing attributes in process `syz.2.600'. [ 137.351111][ T7256] netlink: 12 bytes leftover after parsing attributes in process `syz.1.598'. [ 137.536212][ T12] hsr_slave_0: left promiscuous mode [ 137.552396][ T12] hsr_slave_1: left promiscuous mode [ 137.573407][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 137.586156][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 137.604394][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 137.618437][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 137.626397][ T7270] netlink: 8 bytes leftover after parsing attributes in process `syz.0.604'. [ 137.654674][ T12] veth1_macvtap: left promiscuous mode [ 137.660761][ T12] veth0_macvtap: left promiscuous mode [ 137.666476][ T12] veth1_vlan: left promiscuous mode [ 137.674806][ T12] veth0_vlan: left promiscuous mode [ 137.697216][ T7274] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 137.906068][ T12] team0 (unregistering): Port device macvlan2 removed [ 138.350062][ T5110] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 138.359823][ T5110] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 138.367854][ T5110] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 138.376384][ T5110] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 138.384544][ T5110] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 138.392241][ T5110] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 138.516754][ T12] team0 (unregistering): Port device team_slave_1 removed [ 138.557059][ T12] team0 (unregistering): Port device team_slave_0 removed [ 138.789965][ T5099] Bluetooth: hci1: command tx timeout [ 138.946242][ T7277] netlink: 24 bytes leftover after parsing attributes in process `syz.0.604'. [ 139.058406][ T5108] bridge0: port 3(syz_tun) entered disabled state [ 139.101219][ T5108] syz_tun (unregistering): left allmulticast mode [ 139.116656][ T5108] syz_tun (unregistering): left promiscuous mode [ 139.133634][ T5108] bridge0: port 3(syz_tun) entered disabled state [ 139.207289][ T7289] Bluetooth: MGMT ver 1.22 [ 139.217150][ T7289] Bluetooth: hci3: unsupported parameter 64512 [ 139.238887][ T7289] Bluetooth: hci3: invalid length 0, exp 2 for type 3 [ 139.825138][ T6759] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 139.922412][ T7282] chnl_net:caif_netlink_parms(): no params data found [ 139.969192][ T7319] block nbd2: not configured, cannot reconfigure [ 140.047123][ T7323] Cannot find add_set index 0 as target [ 140.123827][ T6759] veth0_vlan: entered promiscuous mode [ 140.172323][ T6999] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 140.196972][ T6759] veth1_vlan: entered promiscuous mode [ 140.231249][ T7333] block nbd0: not configured, cannot reconfigure [ 140.271757][ T6999] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 140.298929][ T6999] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 140.349622][ T7282] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.360340][ T7282] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.368110][ T7282] bridge_slave_0: entered allmulticast mode [ 140.375288][ T7282] bridge_slave_0: entered promiscuous mode [ 140.386818][ T7282] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.395084][ T7282] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.402524][ T7282] bridge_slave_1: entered allmulticast mode [ 140.409984][ T7282] bridge_slave_1: entered promiscuous mode [ 140.416711][ T6999] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 140.467785][ T5099] Bluetooth: hci3: command tx timeout [ 140.598857][ T7282] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 140.630065][ T7282] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 140.736597][ T7355] FAULT_INJECTION: forcing a failure. [ 140.736597][ T7355] name failslab, interval 1, probability 0, space 0, times 0 [ 140.762060][ T6759] veth0_macvtap: entered promiscuous mode [ 140.769976][ T7355] CPU: 0 PID: 7355 Comm: syz.0.630 Not tainted 6.10.0-rc6-syzkaller-00165-g0ec986ed7bab #0 [ 140.780008][ T7355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 140.790102][ T7355] Call Trace: [ 140.793415][ T7355] [ 140.796383][ T7355] dump_stack_lvl+0x241/0x360 [ 140.801087][ T7355] ? __pfx_dump_stack_lvl+0x10/0x10 [ 140.806320][ T7355] ? __pfx__printk+0x10/0x10 [ 140.810955][ T7355] ? __pfx___might_resched+0x10/0x10 [ 140.816258][ T7355] ? __mutex_lock+0x2ef/0xd70 [ 140.820958][ T7355] should_fail_ex+0x3b0/0x4e0 [ 140.825662][ T7355] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 140.831922][ T7355] should_failslab+0x9/0x20 [ 140.836445][ T7355] __kmalloc_noprof+0xd8/0x400 [ 140.841236][ T7355] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 140.847331][ T7355] genl_rcv_msg+0x802/0xec0 [ 140.851847][ T7355] ? mark_lock+0x9a/0x350 [ 140.856196][ T7355] ? __pfx_genl_rcv_msg+0x10/0x10 [ 140.861254][ T7355] ? __pfx_lock_acquire+0x10/0x10 [ 140.866310][ T7355] ? __pfx_nbd_genl_reconfigure+0x10/0x10 [ 140.872094][ T7355] ? __pfx___might_resched+0x10/0x10 [ 140.877413][ T7355] netlink_rcv_skb+0x1e3/0x430 [ 140.882200][ T7355] ? __pfx_genl_rcv_msg+0x10/0x10 [ 140.887238][ T7355] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 140.892567][ T7355] genl_rcv+0x28/0x40 [ 140.896564][ T7355] netlink_unicast+0x7ea/0x980 [ 140.901352][ T7355] ? __pfx_netlink_unicast+0x10/0x10 [ 140.906644][ T7355] ? __virt_addr_valid+0x183/0x520 [ 140.911774][ T7355] ? __check_object_size+0x49c/0x900 [ 140.917088][ T7355] ? bpf_lsm_netlink_send+0x9/0x10 [ 140.922220][ T7355] netlink_sendmsg+0x8db/0xcb0 [ 140.927007][ T7355] ? __pfx_netlink_sendmsg+0x10/0x10 [ 140.932342][ T7355] ? __import_iovec+0x536/0x820 [ 140.937218][ T7355] ? aa_sock_msg_perm+0x91/0x160 [ 140.942197][ T7355] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 140.947499][ T7355] ? security_socket_sendmsg+0x87/0xb0 [ 140.952976][ T7355] ? __pfx_netlink_sendmsg+0x10/0x10 [ 140.958275][ T7355] __sock_sendmsg+0x221/0x270 [ 140.962977][ T7355] ____sys_sendmsg+0x525/0x7d0 [ 140.967783][ T7355] ? __pfx_____sys_sendmsg+0x10/0x10 [ 140.973142][ T7355] __sys_sendmsg+0x2b0/0x3a0 [ 140.977751][ T7355] ? __pfx___sys_sendmsg+0x10/0x10 [ 140.982871][ T7355] ? vfs_write+0x7c4/0xc90 [ 140.987371][ T7355] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 140.993722][ T7355] ? do_syscall_64+0x100/0x230 [ 140.998533][ T7355] ? do_syscall_64+0xb6/0x230 [ 141.003411][ T7355] do_syscall_64+0xf3/0x230 [ 141.007956][ T7355] ? clear_bhb_loop+0x35/0x90 [ 141.012670][ T7355] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.018590][ T7355] RIP: 0033:0x7f9a9e975bd9 [ 141.023017][ T7355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.042813][ T7355] RSP: 002b:00007f9a9f718048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 141.051257][ T7355] RAX: ffffffffffffffda RBX: 00007f9a9eb03f60 RCX: 00007f9a9e975bd9 [ 141.059264][ T7355] RDX: 0000000000000000 RSI: 0000000020000e80 RDI: 0000000000000004 [ 141.067267][ T7355] RBP: 00007f9a9f7180a0 R08: 0000000000000000 R09: 0000000000000000 [ 141.075280][ T7355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 141.083263][ T7355] R13: 000000000000000b R14: 00007f9a9eb03f60 R15: 00007ffd3770d4f8 [ 141.091264][ T7355] [ 141.103493][ T6759] veth1_macvtap: entered promiscuous mode [ 141.170220][ T6759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 141.181315][ T6759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 141.192616][ T6759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 141.206963][ T6759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 141.217093][ T6759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 141.237459][ T6759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 141.255562][ T6759] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 141.287107][ T7282] team0: Port device team_slave_0 added [ 141.323350][ T6759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 141.357459][ T6759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 141.372641][ T6759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 141.384239][ T6759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 141.394175][ T6759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 141.404814][ T6759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 141.418476][ T6759] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 141.434330][ T7282] team0: Port device team_slave_1 added [ 141.506969][ T6759] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.521997][ T6759] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.531923][ T6759] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.541983][ T6759] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.576689][ T7282] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 141.584108][ T7366] block nbd0: not configured, cannot reconfigure [ 141.593463][ T7282] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 141.647628][ T7282] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 141.750522][ T7282] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 141.757793][ T7282] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 141.799104][ T7282] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 141.948929][ T7380] ipt_REJECT: TCP_RESET invalid for non-tcp [ 141.983810][ T7380] __nla_validate_parse: 5 callbacks suppressed [ 141.983832][ T7380] netlink: 24 bytes leftover after parsing attributes in process `syz.2.640'. [ 142.042860][ T7282] hsr_slave_0: entered promiscuous mode [ 142.050148][ T7282] hsr_slave_1: entered promiscuous mode [ 142.056414][ T7282] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 142.064851][ T7282] Cannot create hsr debugfs directory [ 142.100233][ T7380] nbd: couldn't find device at index -1 [ 142.297961][ T6999] 8021q: adding VLAN 0 to HW filter on device bond0 [ 142.413343][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.463918][ T6727] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 142.485153][ T6727] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 142.547734][ T5099] Bluetooth: hci3: command tx timeout [ 142.588566][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.753724][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.774975][ T6999] 8021q: adding VLAN 0 to HW filter on device team0 [ 142.794349][ T6745] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 142.802963][ T6745] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 142.817198][ T7402] netlink: 12 bytes leftover after parsing attributes in process `syz.0.645'. [ 142.843213][ T5149] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.843714][ T7402] block nbd0: not configured, cannot reconfigure [ 142.850423][ T5149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.929812][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.977255][ T7404] dummy0: entered promiscuous mode [ 142.991828][ T7404] macsec2: entered allmulticast mode [ 142.997250][ T7404] dummy0: entered allmulticast mode [ 143.016729][ T7404] dummy0: left allmulticast mode [ 143.032774][ T7404] dummy0: left promiscuous mode [ 143.066132][ T7412] netlink: 4 bytes leftover after parsing attributes in process `syz.3.650'. [ 143.200041][ T7417] netlink: 'syz.3.652': attribute type 1 has an invalid length. [ 143.215836][ T5151] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.220428][ T7417] netlink: 3440 bytes leftover after parsing attributes in process `syz.3.652'. [ 143.223139][ T5151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 143.247094][ T7417] netlink: 'syz.3.652': attribute type 1 has an invalid length. [ 143.256175][ T7417] netlink: 5880 bytes leftover after parsing attributes in process `syz.3.652'. [ 143.285197][ T7418] netlink: 'syz.2.653': attribute type 1 has an invalid length. [ 143.448096][ T7420] bond1: (slave gre1): The slave device specified does not support setting the MAC address [ 143.481107][ T7420] bond1: (slave gre1): Setting fail_over_mac to active for active-backup mode [ 143.524325][ T7420] bond1: (slave gre1): making interface the new active one [ 143.542618][ T7420] bond1: (slave gre1): Enslaving as an active interface with an up link [ 143.884222][ T12] bridge_slave_1: left allmulticast mode [ 143.909480][ T12] bridge_slave_1: left promiscuous mode [ 143.915330][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.976896][ T12] bridge_slave_0: left allmulticast mode [ 143.990397][ T12] bridge_slave_0: left promiscuous mode [ 143.996291][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.157054][ T7451] netlink: 12 bytes leftover after parsing attributes in process `syz.0.664'. [ 144.395626][ T7455] x_tables: duplicate underflow at hook 2 [ 144.600464][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 144.612370][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 144.624410][ T12] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 144.632779][ T5099] Bluetooth: hci3: command tx timeout [ 144.645085][ T12] bond0 (unregistering): Released all slaves [ 144.677024][ T7445] netlink: 8 bytes leftover after parsing attributes in process `syz.3.662'. [ 144.871574][ T12] tipc: Disabling bearer [ 144.898771][ T12] tipc: Left network mode [ 144.976919][ T6999] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 145.011558][ T7473] netlink: 12 bytes leftover after parsing attributes in process `syz.2.672'. [ 145.304209][ T7486] netlink: 'syz.2.676': attribute type 1 has an invalid length. [ 145.345926][ T7486] netlink: 8 bytes leftover after parsing attributes in process `syz.2.676'. [ 145.455140][ T12] hsr_slave_0: left promiscuous mode [ 145.472565][ T12] hsr_slave_1: left promiscuous mode [ 145.495800][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 145.511087][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 145.531464][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 145.540598][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 145.569052][ T12] veth1_macvtap: left promiscuous mode [ 145.575432][ T12] veth0_macvtap: left promiscuous mode [ 145.582003][ T12] veth1_vlan: left promiscuous mode [ 145.607596][ T12] veth0_vlan: left promiscuous mode [ 146.099521][ T12] team0 (unregistering): Port device team_slave_1 removed [ 146.145591][ T12] team0 (unregistering): Port device team_slave_0 removed [ 146.587610][ T7282] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 146.690478][ T7282] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 146.707639][ T5099] Bluetooth: hci3: command tx timeout [ 146.757662][ T7282] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 146.771899][ T7282] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 147.038059][ T6999] veth0_vlan: entered promiscuous mode [ 147.093242][ T6999] veth1_vlan: entered promiscuous mode [ 147.099686][ T7526] netlink: 12 bytes leftover after parsing attributes in process `syz.0.688'. [ 147.135239][ T7530] FAULT_INJECTION: forcing a failure. [ 147.135239][ T7530] name failslab, interval 1, probability 0, space 0, times 0 [ 147.176649][ T7530] CPU: 0 PID: 7530 Comm: syz.2.690 Not tainted 6.10.0-rc6-syzkaller-00165-g0ec986ed7bab #0 [ 147.186727][ T7530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 147.196816][ T7530] Call Trace: [ 147.197237][ T7282] 8021q: adding VLAN 0 to HW filter on device bond0 [ 147.200122][ T7530] [ 147.200134][ T7530] dump_stack_lvl+0x241/0x360 [ 147.214430][ T7530] ? __pfx_dump_stack_lvl+0x10/0x10 [ 147.219678][ T7530] ? __pfx__printk+0x10/0x10 [ 147.224326][ T7530] ? __ip_dev_find+0x532/0x610 [ 147.225808][ T7282] 8021q: adding VLAN 0 to HW filter on device team0 [ 147.229115][ T7530] ? __ip_dev_find+0xa4/0x610 [ 147.229149][ T7530] ? __pfx___ip_dev_find+0x10/0x10 [ 147.229182][ T7530] should_fail_ex+0x3b0/0x4e0 [ 147.229220][ T7530] ? dst_alloc+0x12b/0x190 [ 147.229243][ T7530] should_failslab+0x9/0x20 [ 147.229275][ T7530] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 147.229316][ T7530] dst_alloc+0x12b/0x190 [ 147.229347][ T7530] ip_route_output_key_hash_rcu+0x13cc/0x2390 [ 147.229391][ T7530] ip_route_output_key_hash+0x193/0x2b0 [ 147.229418][ T7530] ? ip_route_output_key_hash+0xdf/0x2b0 [ 147.229443][ T7530] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 147.229465][ T7530] ? count_memcg_event_mm+0x94/0x420 [ 147.229519][ T7530] ip_route_output_flow+0x29/0x140 [ 147.229559][ T7530] udp_sendmsg+0x174a/0x2a60 [ 147.229607][ T7530] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 147.229636][ T7530] ? __pfx_udp_sendmsg+0x10/0x10 [ 147.229681][ T7530] ? aa_sk_perm+0x967/0xab0 [ 147.229730][ T7530] ? __pfx_aa_sk_perm+0x10/0x10 [ 147.229758][ T7530] ? iovec_from_user+0x61/0x240 [ 147.229785][ T7530] ? sock_rps_record_flow+0x1a/0x400 [ 147.229813][ T7530] ? inet_sendmsg+0x2ba/0x390 [ 147.229835][ T7530] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 147.229857][ T7530] ? security_socket_sendmsg+0x87/0xb0 [ 147.229888][ T7530] __sock_sendmsg+0x1a6/0x270 [ 147.229928][ T7530] ____sys_sendmsg+0x525/0x7d0 [ 147.229969][ T7530] ? __pfx_____sys_sendmsg+0x10/0x10 [ 147.230019][ T7530] __sys_sendmmsg+0x3b2/0x740 [ 147.230061][ T7530] ? __pfx___sys_sendmmsg+0x10/0x10 [ 147.230136][ T7530] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 147.230168][ T7530] ? ksys_write+0x23e/0x2c0 [ 147.230196][ T7530] ? __pfx_lock_release+0x10/0x10 [ 147.230231][ T7530] ? vfs_write+0x7c4/0xc90 [ 147.230265][ T7530] ? __mutex_unlock_slowpath+0x21d/0x750 [ 147.230294][ T7530] ? __pfx_vfs_write+0x10/0x10 [ 147.230350][ T7530] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 147.230380][ T7530] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 147.230407][ T7530] ? do_syscall_64+0x100/0x230 [ 147.230445][ T7530] __x64_sys_sendmmsg+0xa0/0xb0 [ 147.230479][ T7530] do_syscall_64+0xf3/0x230 [ 147.230513][ T7530] ? clear_bhb_loop+0x35/0x90 [ 147.230551][ T7530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.230584][ T7530] RIP: 0033:0x7faf34f75bd9 [ 147.230606][ T7530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.230625][ T7530] RSP: 002b:00007faf35c9a048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 147.230652][ T7530] RAX: ffffffffffffffda RBX: 00007faf35103f60 RCX: 00007faf34f75bd9 [ 147.230670][ T7530] RDX: 000000000000002d RSI: 0000000020007fc0 RDI: 0000000000000003 [ 147.230691][ T7530] RBP: 00007faf35c9a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 147.230707][ T7530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 147.230721][ T7530] R13: 000000000000000b R14: 00007faf35103f60 R15: 00007ffee20f4bf8 [ 147.230758][ T7530] [ 147.240175][ T7531] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.689'. [ 147.333257][ T7534] netlink: 12 bytes leftover after parsing attributes in process `syz.3.689'. [ 147.397415][ T7531] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 147.576569][ T7531] af_packet: tpacket_rcv: packet too big, clamped from 212980 to 3952. macoff=96 [ 147.641548][ T5096] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.648795][ T5096] bridge0: port 1(bridge_slave_0) entered forwarding state [ 147.674162][ T5096] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.681378][ T5096] bridge0: port 2(bridge_slave_1) entered forwarding state [ 147.697363][ T6999] veth0_macvtap: entered promiscuous mode [ 147.732683][ T6999] veth1_macvtap: entered promiscuous mode [ 147.853951][ T7543] netlink: 'syz.3.695': attribute type 3 has an invalid length. [ 147.905721][ T7543] netlink: 'syz.3.695': attribute type 3 has an invalid length. [ 148.004997][ T6999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.034292][ T6999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.046391][ T7550] netlink: 'syz.3.698': attribute type 7 has an invalid length. [ 148.047442][ T6999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.072156][ T6999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.103749][ T6999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 148.133110][ T6999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.146521][ T6999] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 148.193028][ T7558] netlink: 8 bytes leftover after parsing attributes in process `syz.3.701'. [ 148.208318][ T6999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 148.237050][ T6999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.249595][ T6999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 148.260266][ T6999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.270235][ T6999] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 148.281082][ T6999] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 148.282471][ T7556] dccp_invalid_packet: P.Data Offset(100) too large [ 148.297139][ T6999] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 148.315842][ T7556] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 148.355462][ T6999] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.395372][ T6999] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.414484][ T6999] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.426682][ T7566] netlink: 12 bytes leftover after parsing attributes in process `syz.3.704'. [ 148.447408][ T6999] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.750968][ T6745] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.759075][ T6745] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 148.774959][ T7575] netlink: 'syz.3.707': attribute type 3 has an invalid length. [ 148.835736][ T7282] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 148.933212][ T7582] netlink: 32 bytes leftover after parsing attributes in process `syz.2.709'. [ 148.934493][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 148.978000][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 149.148712][ T7282] veth0_vlan: entered promiscuous mode [ 149.183677][ T7282] veth1_vlan: entered promiscuous mode [ 149.302648][ T7282] veth0_macvtap: entered promiscuous mode [ 149.349480][ T7282] veth1_macvtap: entered promiscuous mode [ 149.401700][ T7282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.463652][ T7282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.488489][ T7282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.508690][ T7282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.527659][ T7282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.548365][ T7282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.565651][ T7282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 149.579719][ T7282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.598134][ T5110] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 149.613352][ T5110] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 149.620585][ T7282] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 149.634804][ T5110] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 149.642270][ T7598] netlink: 'syz.0.717': attribute type 9 has an invalid length. [ 149.655077][ T5110] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 149.665479][ T7605] Bluetooth: hci3: invalid length 0, exp 2 for type 0 [ 149.677909][ T5110] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 149.685657][ T5110] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 149.800809][ T7282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.811459][ T7282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.821484][ T7282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.841412][ T7282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.858127][ T7282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.884984][ T7282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.895094][ T7282] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 149.913131][ T7282] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 149.925681][ T7282] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 150.009246][ T7609] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 150.135953][ T6722] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.172425][ T7282] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.184432][ T7282] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.195349][ T7282] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.204338][ T7282] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.248705][ T6722] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.420707][ T6722] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.638039][ T5099] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 150.654960][ T5099] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 150.666736][ T5099] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 150.682603][ T5099] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 150.692872][ T5099] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 150.708202][ T5099] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 150.719267][ T6722] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 150.913900][ T7635] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.729'. [ 150.967451][ T2483] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.982469][ T2483] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 151.759018][ T5110] Bluetooth: hci4: command tx timeout [ 152.271344][ T7639] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.328352][ T7602] chnl_net:caif_netlink_parms(): no params data found [ 152.360949][ T6745] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 152.375164][ T6745] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 152.447011][ T7646] netlink: 20 bytes leftover after parsing attributes in process `syz.2.733'. [ 152.787874][ T5110] Bluetooth: hci0: command tx timeout [ 152.866020][ T6722] bridge_slave_1: left allmulticast mode [ 152.874035][ T6722] bridge_slave_1: left promiscuous mode [ 152.893111][ T6722] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.909839][ T6722] bridge_slave_0: left allmulticast mode [ 152.928853][ T6722] bridge_slave_0: left promiscuous mode [ 152.934670][ T6722] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.316427][ T29] audit: type=1107 audit(1720412174.592:3): pid=7672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='O' [ 153.453235][ T7678] netlink: 'syz.2.743': attribute type 8 has an invalid length. [ 153.640788][ T6722] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 153.652704][ T6722] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 153.672612][ T6722] bond0 (unregistering): Released all slaves [ 153.708898][ T7673] netlink: 'syz.2.743': attribute type 10 has an invalid length. [ 153.734046][ T7673] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 153.778827][ T7673] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 153.827643][ T5110] Bluetooth: hci4: command tx timeout [ 154.015260][ T7602] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.022794][ T7602] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.047947][ T7602] bridge_slave_0: entered allmulticast mode [ 154.073883][ T7602] bridge_slave_0: entered promiscuous mode [ 154.091293][ T7602] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.106607][ T7602] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.114820][ T7602] bridge_slave_1: entered allmulticast mode [ 154.122509][ T7602] bridge_slave_1: entered promiscuous mode [ 154.299130][ T7697] netlink: 24 bytes leftover after parsing attributes in process `syz.0.750'. [ 154.400246][ T7602] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 154.431750][ T7602] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 154.463692][ T7705] netlink: 4 bytes leftover after parsing attributes in process `syz.1.753'. [ 154.495429][ T7707] netlink: 'syz.0.754': attribute type 1 has an invalid length. [ 154.503596][ T7707] netlink: 3440 bytes leftover after parsing attributes in process `syz.0.754'. [ 154.513061][ T7707] netlink: 'syz.0.754': attribute type 1 has an invalid length. [ 154.521112][ T7707] netlink: 5880 bytes leftover after parsing attributes in process `syz.0.754'. [ 154.635274][ T7709] netlink: 8 bytes leftover after parsing attributes in process `syz.1.756'. [ 154.662488][ T7602] team0: Port device team_slave_0 added [ 154.666591][ T7709] netlink: 32 bytes leftover after parsing attributes in process `syz.1.756'. [ 154.673336][ T7602] team0: Port device team_slave_1 added [ 154.713226][ T6722] hsr_slave_0: left promiscuous mode [ 154.727747][ T6722] hsr_slave_1: left promiscuous mode [ 154.736963][ T7715] netlink: 'syz.0.757': attribute type 4 has an invalid length. [ 154.737059][ T6722] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 154.753610][ T6722] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 154.762478][ T6722] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 154.771596][ T6722] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 154.799583][ T6722] veth1_macvtap: left promiscuous mode [ 154.805298][ T6722] veth0_macvtap: left promiscuous mode [ 154.811613][ T6722] veth1_vlan: left promiscuous mode [ 154.817101][ T6722] veth0_vlan: left promiscuous mode [ 154.877258][ T5110] Bluetooth: hci0: command tx timeout [ 155.328916][ T6722] team0 (unregistering): Port device team_slave_1 removed [ 155.371003][ T6722] team0 (unregistering): Port device team_slave_0 removed [ 155.810167][ T7721] netlink: 8 bytes leftover after parsing attributes in process `syz.2.760'. [ 155.849370][ T7602] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 155.856373][ T7602] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.912663][ T5110] Bluetooth: hci4: command tx timeout [ 155.928010][ T7602] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 155.941466][ T7602] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 155.948663][ T7602] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.974741][ T7602] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 155.976726][ T7727] xt_SECMARK: invalid mode: 0 [ 156.045951][ T7624] chnl_net:caif_netlink_parms(): no params data found [ 156.165199][ T7602] hsr_slave_0: entered promiscuous mode [ 156.166437][ T7733] netlink: 12 bytes leftover after parsing attributes in process `syz.1.765'. [ 156.186389][ T7602] hsr_slave_1: entered promiscuous mode [ 156.193492][ T7602] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 156.207570][ T7602] Cannot create hsr debugfs directory [ 156.303637][ T7738] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 156.341287][ T7743] netlink: 12 bytes leftover after parsing attributes in process `syz.0.769'. [ 156.400972][ T7741] netlink: 'syz.1.768': attribute type 21 has an invalid length. [ 156.533417][ T7624] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.545015][ T7624] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.555802][ T7624] bridge_slave_0: entered allmulticast mode [ 156.569775][ T7624] bridge_slave_0: entered promiscuous mode [ 156.639894][ T7756] netlink: 'syz.2.772': attribute type 5 has an invalid length. [ 156.673386][ T7624] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.701635][ T7624] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.718903][ T7624] bridge_slave_1: entered allmulticast mode [ 156.739444][ T7624] bridge_slave_1: entered promiscuous mode [ 156.948284][ T5110] Bluetooth: hci0: command tx timeout [ 156.991564][ T7624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 157.039273][ T7624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 157.242583][ T7624] team0: Port device team_slave_0 added [ 157.351011][ T7602] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.393938][ T7624] team0: Port device team_slave_1 added [ 157.610328][ T7602] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.683814][ T7807] __nla_validate_parse: 6 callbacks suppressed [ 157.683836][ T7807] netlink: 36 bytes leftover after parsing attributes in process `syz.1.788'. [ 157.712507][ T7802] bridge0: entered promiscuous mode [ 157.718503][ T7802] macsec1: entered promiscuous mode [ 157.727569][ T7802] bridge0: left promiscuous mode [ 157.767391][ T7624] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 157.784595][ T7624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.813561][ T7624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 157.848904][ T7602] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.866874][ T7624] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 157.874515][ T7624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 157.910554][ T7624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 157.987731][ T5110] Bluetooth: hci4: command tx timeout [ 158.018994][ T7602] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.126010][ T7624] hsr_slave_0: entered promiscuous mode [ 158.142636][ T7624] hsr_slave_1: entered promiscuous mode [ 158.158509][ T7624] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 158.166100][ T7624] Cannot create hsr debugfs directory [ 158.230743][ T7825] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 158.281489][ T6722] bridge_slave_1: left allmulticast mode [ 158.287420][ T6722] bridge_slave_1: left promiscuous mode [ 158.293233][ T6722] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.311966][ T6722] bridge_slave_0: left allmulticast mode [ 158.312151][ T7831] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 158.321571][ T6722] bridge_slave_0: left promiscuous mode [ 158.334870][ T6722] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.670307][ T6722] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 158.685682][ T6722] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 158.700201][ T6722] bond0 (unregistering): Released all slaves [ 158.726680][ T7825] bridge2: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 158.774869][ T7833] pimreg: entered allmulticast mode [ 158.992344][ T7846] netlink: 32 bytes leftover after parsing attributes in process `syz.1.800'. [ 159.028052][ T5110] Bluetooth: hci0: command tx timeout [ 159.093575][ T7846] netlink: 8 bytes leftover after parsing attributes in process `syz.1.800'. [ 159.158835][ T7852] netlink: 8 bytes leftover after parsing attributes in process `syz.0.803'. [ 159.309395][ T7857] netlink: 'syz.0.804': attribute type 2 has an invalid length. [ 159.337536][ T7857] netlink: 8 bytes leftover after parsing attributes in process `syz.0.804'. [ 159.466365][ T7602] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 159.541570][ T7866] netlink: 'syz.2.807': attribute type 10 has an invalid length. [ 159.563673][ T7602] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 159.598498][ T7602] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 159.668769][ T6722] hsr_slave_0: left promiscuous mode [ 159.679757][ T6722] hsr_slave_1: left promiscuous mode [ 159.699006][ T6722] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 159.716879][ T6722] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 159.721436][ T7875] netlink: 76 bytes leftover after parsing attributes in process `syz.1.812'. [ 159.736318][ T6722] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 159.745453][ T6722] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 159.842944][ T6722] veth1_macvtap: left promiscuous mode [ 159.862316][ T6722] veth0_macvtap: left promiscuous mode [ 159.877701][ T6722] veth1_vlan: left promiscuous mode [ 159.885327][ T6722] veth0_vlan: left promiscuous mode [ 159.956570][ T7888] netlink: 16 bytes leftover after parsing attributes in process `syz.1.816'. [ 160.021001][ T7892] netlink: 4 bytes leftover after parsing attributes in process `syz.2.818'. [ 160.586856][ T6722] team0 (unregistering): Port device team_slave_1 removed [ 160.624329][ T6722] team0 (unregistering): Port device team_slave_0 removed [ 161.006013][ T7602] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 161.206294][ T7910] netlink: 12 bytes leftover after parsing attributes in process `syz.1.823'. [ 161.395628][ T7920] netlink: 'syz.0.828': attribute type 64 has an invalid length. [ 161.400913][ T7918] netlink: 8 bytes leftover after parsing attributes in process `syz.2.827'. [ 161.520035][ T7602] 8021q: adding VLAN 0 to HW filter on device bond0 [ 161.605036][ T7602] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.667346][ T5144] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.674552][ T5144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.767164][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.774362][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.856230][ T7943] Cannot find add_set index 0 as target [ 161.953393][ T7624] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 161.975826][ T7624] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 162.032399][ T7624] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 162.051116][ T7624] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 162.115754][ T7602] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 162.244086][ T7957] nbd: illegal input index 2490432 [ 162.465059][ T7624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 162.526650][ T7624] 8021q: adding VLAN 0 to HW filter on device team0 [ 162.578526][ T5147] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.585832][ T5147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 162.639401][ T5147] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.646606][ T5147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.722514][ T7602] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 162.833969][ T7624] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 162.853517][ T7624] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 162.974718][ T7602] veth0_vlan: entered promiscuous mode [ 163.010587][ T7602] veth1_vlan: entered promiscuous mode [ 163.120658][ T7602] veth0_macvtap: entered promiscuous mode [ 163.164185][ T7602] veth1_macvtap: entered promiscuous mode [ 163.235663][ T7602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.274901][ T7602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.310464][ T7602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.342866][ T7602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.370962][ T7602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.400504][ T7602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.425834][ T7602] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 163.473987][ T7602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.509598][ T7602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.531849][ T7602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.552826][ T7602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.574366][ T7602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.595596][ T7602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.623316][ T7602] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 163.656795][ T7602] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.678258][ T7602] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.703946][ T7602] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.724970][ T7602] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.827175][ T7624] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 164.048880][ T8007] netlink: 'syz.2.856': attribute type 20 has an invalid length. [ 164.074169][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.113279][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.217679][ T6727] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.225554][ T6727] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.247401][ T8013] tipc: Started in network mode [ 164.252487][ T8013] tipc: Node identity 2d14142a, cluster identity 4711 [ 164.266447][ T8013] tipc: Enabling of bearer rejected, failed to enable media [ 164.587162][ T7624] veth0_vlan: entered promiscuous mode [ 164.603678][ T29] audit: type=1107 audit(1720412185.882:4): pid=8021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='O' [ 164.604920][ T8023] netlink: 'syz.2.861': attribute type 10 has an invalid length. [ 164.698840][ T7624] veth1_vlan: entered promiscuous mode [ 164.734221][ T8024] netlink: 'syz.2.861': attribute type 8 has an invalid length. [ 164.791750][ T7624] veth0_macvtap: entered promiscuous mode [ 164.840589][ T7624] veth1_macvtap: entered promiscuous mode [ 164.953180][ T7624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 164.998898][ T7624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.017414][ T7624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 165.038127][ T7624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.051251][ T7624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 165.062637][ T7624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.079254][ T7624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 165.094536][ T7624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.119292][ T7624] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 165.140536][ T8028] netlink: 'syz.3.862': attribute type 63 has an invalid length. [ 165.192138][ T7624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 165.244027][ T7624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.245155][ T8037] __nla_validate_parse: 5 callbacks suppressed [ 165.245174][ T8037] netlink: 210620 bytes leftover after parsing attributes in process `syz.0.865'. [ 165.265844][ T7624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 165.276802][ T8037] openvswitch: netlink: ufid size 2296 bytes exceeds the range (1, 16) [ 165.293941][ T7624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.310921][ T7624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 165.331719][ T7624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.352484][ T7624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 165.367661][ T7624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.400085][ T7624] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 165.421834][ T7624] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.436207][ T7624] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.447250][ T7624] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.456080][ T7624] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.491833][ T8040] netlink: 'syz.0.866': attribute type 1 has an invalid length. [ 165.520359][ T8040] netlink: 3440 bytes leftover after parsing attributes in process `syz.0.866'. [ 165.532466][ T8040] netlink: 'syz.0.866': attribute type 1 has an invalid length. [ 165.567452][ T8040] netlink: 5880 bytes leftover after parsing attributes in process `syz.0.866'. [ 165.637204][ T8042] netlink: 68 bytes leftover after parsing attributes in process `syz.3.867'. [ 165.740587][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.764448][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 165.832722][ T8045] netlink: 'syz.0.868': attribute type 1 has an invalid length. [ 165.923264][ T8051] bond3: (slave gre1): The slave device specified does not support setting the MAC address [ 165.945782][ T8051] bond3: (slave gre1): Setting fail_over_mac to active for active-backup mode [ 165.991254][ T8051] bond3: (slave gre1): making interface the new active one [ 166.029617][ T8051] bond3: (slave gre1): Enslaving as an active interface with an up link [ 166.072333][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 166.098959][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 166.127636][ T8055] sctp: [Deprecated]: syz.2.871 (pid 8055) Use of int in max_burst socket option. [ 166.127636][ T8055] Use struct sctp_assoc_value instead [ 166.318343][ T29] audit: type=1107 audit(1720412187.592:5): pid=8060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='O' [ 166.348162][ T8061] netlink: 'syz.0.873': attribute type 10 has an invalid length. [ 166.493466][ T8066] netlink: 'syz.0.873': attribute type 8 has an invalid length. [ 166.594606][ T8071] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 166.739055][ T8081] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 166.918970][ T8088] netlink: 8 bytes leftover after parsing attributes in process `syz.3.884'. [ 167.062379][ T8093] netlink: 12 bytes leftover after parsing attributes in process `syz.3.886'. [ 167.148395][ T51] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.470281][ T8102] netlink: 'syz.0.888': attribute type 3 has an invalid length. [ 167.534948][ T51] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.653793][ T8102] netlink: 12 bytes leftover after parsing attributes in process `syz.0.888'. [ 167.766654][ T51] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.874719][ T5099] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 167.888428][ T5099] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 167.896647][ T5099] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 167.904925][ T8114] netlink: 12 bytes leftover after parsing attributes in process `syz.2.893'. [ 167.961520][ T51] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.973447][ T5099] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 167.984555][ T5099] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 167.994390][ T5099] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 168.391012][ T8126] netlink: 20 bytes leftover after parsing attributes in process `syz.0.898'. [ 168.402123][ T51] bridge_slave_1: left allmulticast mode [ 168.418511][ T51] bridge_slave_1: left promiscuous mode [ 168.447798][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.463870][ T51] bridge_slave_0: left allmulticast mode [ 168.469963][ T51] bridge_slave_0: left promiscuous mode [ 168.475783][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.768869][ T8145] netlink: 'syz.0.901': attribute type 1 has an invalid length. [ 169.105081][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 169.119350][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 169.135462][ T51] bond0 (unregistering): Released all slaves [ 169.341307][ T8113] chnl_net:caif_netlink_parms(): no params data found [ 169.390897][ T8151] netlink: 596 bytes leftover after parsing attributes in process `syz.3.904'. [ 169.459826][ T29] audit: type=1107 audit(1720412190.742:6): pid=8147 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='O' [ 169.608309][ T8153] validate_nla: 1 callbacks suppressed [ 169.608330][ T8153] netlink: 'syz.2.902': attribute type 8 has an invalid length. [ 169.911742][ T51] hsr_slave_0: left promiscuous mode [ 169.924230][ T51] hsr_slave_1: left promiscuous mode [ 169.953168][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 169.967377][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 169.984299][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 170.002415][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 170.004709][ T8168] netlink: 'syz.2.909': attribute type 10 has an invalid length. [ 170.046562][ T51] veth1_macvtap: left promiscuous mode [ 170.053922][ T51] veth0_macvtap: left promiscuous mode [ 170.060933][ T51] veth1_vlan: left promiscuous mode [ 170.066406][ T51] veth0_vlan: left promiscuous mode [ 170.072439][ T5110] Bluetooth: hci0: command tx timeout [ 170.593205][ T51] team0 (unregistering): Port device team_slave_1 removed [ 170.645973][ T51] team0 (unregistering): Port device team_slave_0 removed [ 171.044075][ T8113] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.053834][ T8113] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.061175][ T8113] bridge_slave_0: entered allmulticast mode [ 171.068667][ T8113] bridge_slave_0: entered promiscuous mode [ 171.082591][ T8171] netlink: 'syz.3.910': attribute type 2 has an invalid length. [ 171.165912][ T8175] __nla_validate_parse: 1 callbacks suppressed [ 171.165933][ T8175] netlink: 72 bytes leftover after parsing attributes in process `syz.1.912'. [ 171.191818][ T8113] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.210417][ T8113] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.226426][ T8113] bridge_slave_1: entered allmulticast mode [ 171.257514][ T8113] bridge_slave_1: entered promiscuous mode [ 171.342159][ T8113] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 171.384948][ T8113] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 171.556614][ T8113] team0: Port device team_slave_0 added [ 171.584925][ T8113] team0: Port device team_slave_1 added [ 171.743373][ T8113] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 171.756176][ T8113] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 171.784671][ T8201] FAULT_INJECTION: forcing a failure. [ 171.784671][ T8201] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 171.806452][ T8201] CPU: 0 PID: 8201 Comm: syz.0.925 Not tainted 6.10.0-rc6-syzkaller-00165-g0ec986ed7bab #0 [ 171.816487][ T8201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 171.826578][ T8201] Call Trace: [ 171.829891][ T8201] [ 171.832853][ T8201] dump_stack_lvl+0x241/0x360 [ 171.837586][ T8201] ? __pfx_dump_stack_lvl+0x10/0x10 [ 171.842835][ T8201] ? __pfx__printk+0x10/0x10 [ 171.847511][ T8201] ? __pfx_lock_release+0x10/0x10 [ 171.852583][ T8201] should_fail_ex+0x3b0/0x4e0 [ 171.857313][ T8201] _copy_from_user+0x2f/0xe0 [ 171.861944][ T8201] copy_msghdr_from_user+0xae/0x680 [ 171.867199][ T8201] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 171.873063][ T8201] __sys_sendmsg+0x23d/0x3a0 [ 171.877698][ T8201] ? __pfx___sys_sendmsg+0x10/0x10 [ 171.882929][ T8201] ? vfs_write+0x7c4/0xc90 [ 171.887422][ T8201] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 171.893889][ T8201] ? do_syscall_64+0x100/0x230 [ 171.898702][ T8201] ? do_syscall_64+0xb6/0x230 [ 171.903421][ T8201] do_syscall_64+0xf3/0x230 [ 171.907973][ T8201] ? clear_bhb_loop+0x35/0x90 [ 171.912702][ T8201] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 171.918647][ T8201] RIP: 0033:0x7f9a9e975bd9 [ 171.923098][ T8201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 171.942837][ T8201] RSP: 002b:00007f9a9f718048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 171.951300][ T8201] RAX: ffffffffffffffda RBX: 00007f9a9eb03f60 RCX: 00007f9a9e975bd9 [ 171.957956][ T8113] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 171.959284][ T8201] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 171.972874][ T8113] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 171.978371][ T8201] RBP: 00007f9a9f7180a0 R08: 0000000000000000 R09: 0000000000000000 [ 171.978393][ T8201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 171.978407][ T8201] R13: 000000000000000b R14: 00007f9a9eb03f60 R15: 00007ffd3770d4f8 [ 171.978443][ T8201] [ 172.017442][ T8113] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 172.054406][ T8113] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 172.074299][ T8206] batman_adv: batadv0: Adding interface: gretap1 [ 172.097602][ T8206] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 172.151572][ T8209] netlink: 252 bytes leftover after parsing attributes in process `syz.2.927'. [ 172.152249][ T5110] Bluetooth: hci0: command tx timeout [ 172.166612][ T8206] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active [ 172.208524][ T8211] netlink: 76 bytes leftover after parsing attributes in process `syz.2.928'. [ 172.374845][ T8113] hsr_slave_0: entered promiscuous mode [ 172.382943][ T8113] hsr_slave_1: entered promiscuous mode [ 172.419558][ T8219] netlink: 'syz.2.932': attribute type 9 has an invalid length. [ 172.634871][ T8225] netlink: 8 bytes leftover after parsing attributes in process `syz.2.935'. [ 172.832510][ T8230] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 173.125494][ T8242] netlink: 16 bytes leftover after parsing attributes in process `syz.1.942'. [ 173.210865][ T8244] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.943'. [ 173.256406][ T8244] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 173.259551][ T8246] vlan2: entered promiscuous mode [ 173.503406][ T8113] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 173.552003][ T8253] netlink: 'syz.2.948': attribute type 21 has an invalid length. [ 173.565050][ T8253] netlink: 100 bytes leftover after parsing attributes in process `syz.2.948'. [ 173.582563][ T8113] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 173.628497][ T8113] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 173.662375][ T8256] netlink: 132 bytes leftover after parsing attributes in process `syz.1.949'. [ 173.687390][ T8113] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 173.959658][ T8269] Bluetooth: MGMT ver 1.22 [ 174.046432][ T8113] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.172118][ T8278] netlink: 20 bytes leftover after parsing attributes in process `syz.2.957'. [ 174.199766][ T8266] dvmrp0: entered allmulticast mode [ 174.227839][ T5110] Bluetooth: hci0: command tx timeout [ 174.257252][ T8113] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.299579][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.306819][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.329187][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.336461][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.479728][ T8289] netlink: 191416 bytes leftover after parsing attributes in process `syz.0.959'. [ 174.522777][ T8289] netlink: zone id is out of range [ 174.542110][ T8289] netlink: zone id is out of range [ 174.552246][ T8289] netlink: zone id is out of range [ 174.572512][ T8289] netlink: zone id is out of range [ 174.593248][ T8289] netlink: zone id is out of range [ 174.611043][ T8289] netlink: zone id is out of range [ 174.636716][ T8289] netlink: zone id is out of range [ 174.653056][ T8289] netlink: zone id is out of range [ 174.862885][ T8296] netlink: 'syz.0.962': attribute type 4 has an invalid length. [ 174.936850][ T8113] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.077104][ T8307] nbd: illegal input index 4128832 [ 175.473809][ T8329] netlink: 'syz.1.973': attribute type 3 has an invalid length. [ 175.493791][ T8329] netlink: 'syz.1.973': attribute type 3 has an invalid length. [ 175.779301][ T8113] veth0_vlan: entered promiscuous mode [ 175.812175][ T8344] netlink: 'syz.1.978': attribute type 1 has an invalid length. [ 175.819835][ T8113] veth1_vlan: entered promiscuous mode [ 175.937950][ T8113] veth0_macvtap: entered promiscuous mode [ 175.957255][ T8113] veth1_macvtap: entered promiscuous mode [ 176.001659][ T8352] block nbd1: not configured, cannot reconfigure [ 176.042210][ T8113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 176.072798][ T8113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.107592][ T8113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 176.140724][ T8113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.154976][ T8113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 176.171444][ T8113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.194565][ T8113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 176.215892][ T8113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.248716][ T8113] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 176.268394][ T8113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 176.279292][ T8113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.307704][ T5110] Bluetooth: hci0: command tx timeout [ 176.313605][ T8113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 176.364404][ T8113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.393612][ T8113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 176.426436][ T8113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.443130][ T8113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 176.459430][ T8113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.484375][ T8113] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 176.594459][ T8113] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.607499][ T8364] __nla_validate_parse: 3 callbacks suppressed [ 176.607526][ T8364] netlink: 104 bytes leftover after parsing attributes in process `syz.2.985'. [ 176.624935][ T8113] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.634237][ T8113] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.646019][ T8113] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.899102][ T7120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 176.918621][ T7120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 177.041365][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 177.061831][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 177.252941][ T8388] tipc: Started in network mode [ 177.265371][ T8388] tipc: Node identity 2d14142a, cluster identity 4711 [ 177.303248][ T8388] tipc: Enabling of bearer rejected, failed to enable media [ 177.489526][ T8390] ip6gretap0: entered promiscuous mode [ 177.504697][ T8390] ip6gretap0: left promiscuous mode [ 177.560985][ T8392] netlink: 28 bytes leftover after parsing attributes in process `syz.0.993'. [ 177.582879][ T8395] netlink: 24 bytes leftover after parsing attributes in process `syz.0.993'. [ 177.637922][ T8397] x_tables: duplicate underflow at hook 4 [ 177.738588][ T29] audit: type=1107 audit(1720412199.022:7): pid=8399 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='O' [ 177.739717][ T8401] netlink: 'syz.0.997': attribute type 10 has an invalid length. [ 177.793357][ T8404] netlink: 'syz.1.998': attribute type 4 has an invalid length. [ 177.873951][ T8409] netlink: 'syz.2.996': attribute type 10 has an invalid length. [ 177.882517][ T8408] netlink: 'syz.0.997': attribute type 8 has an invalid length. [ 178.139473][ T8417] dummy0: entered promiscuous mode [ 178.144843][ T8417] macsec1: entered allmulticast mode [ 178.170086][ T8417] dummy0: entered allmulticast mode [ 178.186224][ T8417] dummy0: left allmulticast mode [ 178.194761][ T8417] dummy0: left promiscuous mode [ 178.339265][ T8424] netlink: 'syz.2.1006': attribute type 1 has an invalid length. [ 178.367472][ T8424] netlink: 3440 bytes leftover after parsing attributes in process `syz.2.1006'. [ 178.380586][ T8424] netlink: 'syz.2.1006': attribute type 1 has an invalid length. [ 178.389380][ T8424] netlink: 5880 bytes leftover after parsing attributes in process `syz.2.1006'. [ 178.514315][ T8431] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1008'. [ 178.560664][ T8432] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1009'. [ 178.741556][ T8440] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1013'. [ 179.008115][ T8455] net_ratelimit: 24 callbacks suppressed [ 179.008140][ T8455] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 179.148131][ T8464] netlink: 240 bytes leftover after parsing attributes in process `syz.0.1021'. [ 179.318436][ T6722] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.976896][ T8481] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1025'. [ 180.082050][ T6722] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.169279][ T8490] netlink: 'syz.0.1032': attribute type 11 has an invalid length. [ 180.205610][ T8490] netlink: 'syz.0.1032': attribute type 11 has an invalid length. [ 180.301206][ T6722] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.362102][ T8490] debugfs: Directory 'netdev:' with parent 'phy15' already present! [ 180.467980][ T8490] ieee802154 phy0 wpan0: encryption failed: -22 [ 180.539224][ T6722] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.557840][ T5099] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 180.569216][ T5099] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 180.577885][ T5099] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 180.587952][ T5099] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 180.598743][ T5099] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 180.606218][ T5099] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 181.203975][ T6722] bridge_slave_1: left allmulticast mode [ 181.252275][ T6722] bridge_slave_1: left promiscuous mode [ 181.272889][ T6722] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.300441][ T8539] block nbd0: not configured, cannot reconfigure [ 181.310747][ T6722] bridge_slave_0: left allmulticast mode [ 181.337029][ T6722] bridge_slave_0: left promiscuous mode [ 181.350252][ T6722] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.445316][ T8549] Unsupported ieee802154 address type: 0 [ 181.800796][ T6722] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 181.818452][ T6722] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 181.834788][ T6722] bond0 (unregistering): Released all slaves [ 181.854979][ T8514] chnl_net:caif_netlink_parms(): no params data found [ 181.870880][ T8547] __nla_validate_parse: 3 callbacks suppressed [ 181.870896][ T8547] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1040'. [ 182.233331][ T8514] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.241612][ T8514] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.249887][ T8514] bridge_slave_0: entered allmulticast mode [ 182.259307][ T8514] bridge_slave_0: entered promiscuous mode [ 182.281746][ T8573] validate_nla: 1 callbacks suppressed [ 182.281768][ T8573] netlink: 'syz.0.1050': attribute type 16 has an invalid length. [ 182.303317][ T8573] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1050'. [ 182.332619][ T8514] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.346746][ T8576] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1051'. [ 182.348183][ T8514] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.387740][ T8514] bridge_slave_1: entered allmulticast mode [ 182.395434][ T8514] bridge_slave_1: entered promiscuous mode [ 182.483297][ T8583] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1054'. [ 182.538286][ T8576] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1051'. [ 182.585672][ T8514] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 182.607008][ T8514] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 182.707733][ T5099] Bluetooth: hci0: command tx timeout [ 182.737044][ T6722] hsr_slave_0: left promiscuous mode [ 182.776183][ T6722] hsr_slave_1: left promiscuous mode [ 182.786006][ T6722] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 182.801395][ T6722] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 182.816910][ T6722] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 182.823318][ T8602] netlink: 252 bytes leftover after parsing attributes in process `syz.2.1059'. [ 182.835262][ T6722] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 182.883466][ T6722] veth1_macvtap: left promiscuous mode [ 182.897893][ T6722] veth0_macvtap: left promiscuous mode [ 182.903832][ T6722] veth1_vlan: left promiscuous mode [ 182.916442][ T6722] veth0_vlan: left promiscuous mode [ 183.441253][ T6722] team0 (unregistering): Port device team_slave_1 removed [ 183.486101][ T6722] team0 (unregistering): Port device team_slave_0 removed [ 184.062743][ T8588] pimreg24: entered allmulticast mode [ 184.091103][ T8585] pimreg: entered allmulticast mode [ 184.110284][ T8514] team0: Port device team_slave_0 added [ 184.158005][ T8514] team0: Port device team_slave_1 added [ 184.309874][ T8630] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1069'. [ 184.327144][ T8514] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 184.349964][ T8514] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.393673][ T8514] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 184.406510][ T8632] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1070'. [ 184.416944][ T8632] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1070'. [ 184.437204][ T8514] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 184.444840][ T8634] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1071'. [ 184.446545][ T8514] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.525479][ T8514] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 184.601255][ T8639] bridge0: entered promiscuous mode [ 184.608917][ T8639] vlan2: entered promiscuous mode [ 184.621618][ T8639] bridge0: left promiscuous mode [ 184.751270][ T8514] hsr_slave_0: entered promiscuous mode [ 184.771382][ T8514] hsr_slave_1: entered promiscuous mode [ 184.782227][ T8636] tap1: tun_chr_ioctl cmd 35108 [ 184.791803][ T5099] Bluetooth: hci0: command tx timeout [ 184.835984][ T8645] vlan2: entered promiscuous mode [ 185.665179][ T8514] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 185.709855][ T8514] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 185.756400][ T8514] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 185.791038][ T8514] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 185.798635][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880200ce000: rx timeout, send abort [ 185.813118][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880200ce000: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 186.306991][ T8514] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.406824][ T8514] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.445419][ T5151] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.452663][ T5151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.495324][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.502594][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.868549][ T5099] Bluetooth: hci0: command tx timeout [ 186.939451][ T8742] block nbd2: not configured, cannot reconfigure [ 187.131400][ T8739] team0: Port device team_slave_0 removed [ 187.149025][ T8756] __nla_validate_parse: 4 callbacks suppressed [ 187.149047][ T8756] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1111'. [ 187.198472][ T8756] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1111'. [ 187.235494][ T8756] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1111'. [ 187.281653][ T8751] netlink: 'syz.1.1108': attribute type 4 has an invalid length. [ 187.288517][ T8756] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1111'. [ 187.380176][ T8767] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1115'. [ 187.389340][ T8755] netlink: 'syz.1.1108': attribute type 4 has an invalid length. [ 187.401843][ T8769] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1116'. [ 187.492339][ T8514] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.653682][ T8777] tipc: Started in network mode [ 187.676132][ T8777] tipc: Node identity 2d14142a, cluster identity 4711 [ 187.695586][ T8777] tipc: Enabling of bearer rejected, failed to enable media [ 188.065989][ T8514] veth0_vlan: entered promiscuous mode [ 188.113794][ T8514] veth1_vlan: entered promiscuous mode [ 188.159252][ T8815] netlink: 'syz.2.1126': attribute type 11 has an invalid length. [ 188.253577][ T8514] veth0_macvtap: entered promiscuous mode [ 188.288223][ T8514] veth1_macvtap: entered promiscuous mode [ 188.359259][ T8514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.384816][ T8514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.396685][ T8514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.408344][ T8514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.418459][ T8514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.430960][ T8514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.441684][ T8514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 188.452753][ T8514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.466226][ T8514] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 188.476990][ T8822] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1132'. [ 188.514158][ T8824] dummy0: entered promiscuous mode [ 188.528989][ T8828] x_tables: duplicate underflow at hook 1 [ 188.535899][ T8824] macsec2: entered allmulticast mode [ 188.555095][ T8824] dummy0: entered allmulticast mode [ 188.580233][ T8824] dummy0: left allmulticast mode [ 188.593352][ T8831] netlink: 'syz.1.1135': attribute type 1 has an invalid length. [ 188.595301][ T8824] dummy0: left promiscuous mode [ 188.602508][ T8831] netlink: 3440 bytes leftover after parsing attributes in process `syz.1.1135'. [ 188.618428][ T8831] netlink: 'syz.1.1135': attribute type 1 has an invalid length. [ 188.626726][ T8831] netlink: 5880 bytes leftover after parsing attributes in process `syz.1.1135'. [ 188.699273][ T8514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.723129][ T8514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.760383][ T8514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.787877][ T8514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.808618][ T8514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.826924][ T8514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.864438][ T8514] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 188.883505][ T8514] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.900716][ T8514] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 188.940760][ T8514] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.950712][ T5099] Bluetooth: hci0: command tx timeout [ 188.983736][ T8514] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.001283][ T8853] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 189.017562][ T8514] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.026286][ T8856] unsupported nlmsg_type 40 [ 189.053158][ T8514] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.110643][ T8858] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1143'. [ 189.378475][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 189.386328][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 189.495995][ T8875] block nbd1: not configured, cannot reconfigure [ 189.518968][ T6745] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 189.539637][ T6745] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 189.648972][ T8881] dummy0: entered promiscuous mode [ 189.654302][ T8881] macsec1: entered allmulticast mode [ 189.675059][ T8881] dummy0: entered allmulticast mode [ 189.703070][ T8881] dummy0: left allmulticast mode [ 189.710565][ T8881] dummy0: left promiscuous mode [ 189.763743][ T8883] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 190.092045][ T8904] xt_CT: You must specify a L4 protocol and not use inversions on it [ 190.772853][ T67] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.325564][ T67] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.571808][ T8951] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 191.613828][ T8951] netlink: 'syz.1.1174': attribute type 3 has an invalid length. [ 191.660678][ T8954] netlink: 'syz.0.1177': attribute type 10 has an invalid length. [ 191.711895][ T67] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.722707][ T8957] netlink: 'syz.3.1179': attribute type 3 has an invalid length. [ 191.769423][ T8951] netlink: 'syz.1.1174': attribute type 3 has an invalid length. [ 191.916987][ T67] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.000093][ T5110] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 192.018835][ T5110] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 192.036215][ T5110] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 192.059133][ T5110] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 192.091963][ T5110] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 192.103733][ T5110] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 192.257088][ T67] bridge_slave_1: left allmulticast mode [ 192.267049][ T67] bridge_slave_1: left promiscuous mode [ 192.302150][ T67] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.369118][ T67] bridge_slave_0: left allmulticast mode [ 192.375555][ T67] bridge_slave_0: left promiscuous mode [ 192.409747][ T67] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.434744][ T8999] __nla_validate_parse: 9 callbacks suppressed [ 192.434765][ T8999] netlink: 252 bytes leftover after parsing attributes in process `syz.3.1193'. [ 192.511513][ T9004] netlink: 816 bytes leftover after parsing attributes in process `syz.2.1195'. [ 192.709001][ T9017] FAULT_INJECTION: forcing a failure. [ 192.709001][ T9017] name failslab, interval 1, probability 0, space 0, times 0 [ 192.734358][ T9017] CPU: 1 PID: 9017 Comm: syz.0.1199 Not tainted 6.10.0-rc6-syzkaller-00165-g0ec986ed7bab #0 [ 192.744500][ T9017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 192.754594][ T9017] Call Trace: [ 192.757918][ T9017] [ 192.760892][ T9017] dump_stack_lvl+0x241/0x360 [ 192.765627][ T9017] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.770889][ T9017] ? __pfx__printk+0x10/0x10 [ 192.775540][ T9017] ? nf_ct_pernet+0x45/0x270 [ 192.780179][ T9017] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 192.786204][ T9017] ? __pfx_lock_release+0x10/0x10 [ 192.791308][ T9017] should_fail_ex+0x3b0/0x4e0 [ 192.796039][ T9017] ? __nf_conntrack_alloc+0x8f/0x380 [ 192.801370][ T9017] should_failslab+0x9/0x20 [ 192.805939][ T9017] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 192.811373][ T9017] __nf_conntrack_alloc+0x8f/0x380 [ 192.816543][ T9017] init_conntrack+0x3c3/0x1310 [ 192.821354][ T9017] ? __pfx_init_conntrack+0x10/0x10 [ 192.826565][ T9017] ? __pfx___nf_conntrack_find_get+0x10/0x10 [ 192.832551][ T9017] ? __local_bh_enable_ip+0x168/0x200 [ 192.837955][ T9017] nf_conntrack_in+0xd59/0x1880 [ 192.842833][ T9017] ? __pfx_nf_conntrack_in+0x10/0x10 [ 192.848138][ T9017] ? ipt_do_table+0x312/0x1860 [ 192.852910][ T9017] ? __pfx_ipt_do_table+0x10/0x10 [ 192.857955][ T9017] ? ipv4_conntrack_defrag+0x2a2/0x5a0 [ 192.863447][ T9017] ? ipv4_conntrack_local+0x120/0x200 [ 192.868847][ T9017] ? __pfx_ipv4_conntrack_local+0x10/0x10 [ 192.874607][ T9017] nf_hook_slow+0xc3/0x220 [ 192.879069][ T9017] ? __pfx_dst_output+0x10/0x10 [ 192.883969][ T9017] nf_hook+0x2c4/0x450 [ 192.888072][ T9017] ? nf_hook+0x9e/0x450 [ 192.892256][ T9017] ? __pfx_nf_hook+0x10/0x10 [ 192.896861][ T9017] ? __pfx_dst_output+0x10/0x10 [ 192.901731][ T9017] ? ip_fast_csum+0x1f0/0x2b0 [ 192.906415][ T9017] __ip_local_out+0x3d9/0x4e0 [ 192.911099][ T9017] ? __pfx_dst_output+0x10/0x10 [ 192.915959][ T9017] ip_send_skb+0x4a/0x100 [ 192.920315][ T9017] udp_send_skb+0xaa4/0x1470 [ 192.924924][ T9017] udp_sendmsg+0x1c21/0x2a60 [ 192.929603][ T9017] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 192.935193][ T9017] ? __pfx_udp_sendmsg+0x10/0x10 [ 192.940196][ T9017] ? aa_sk_perm+0x967/0xab0 [ 192.944724][ T9017] ? __pfx_aa_sk_perm+0x10/0x10 [ 192.949612][ T9017] ? iovec_from_user+0x61/0x240 [ 192.954480][ T9017] ? inet_sendmsg+0x2ba/0x390 [ 192.959178][ T9017] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 192.964484][ T9017] ? security_socket_sendmsg+0x87/0xb0 [ 192.969975][ T9017] __sock_sendmsg+0x1a6/0x270 [ 192.974681][ T9017] ____sys_sendmsg+0x525/0x7d0 [ 192.979504][ T9017] ? __pfx_____sys_sendmsg+0x10/0x10 [ 192.984853][ T9017] __sys_sendmmsg+0x3b2/0x740 [ 192.989590][ T9017] ? __pfx___sys_sendmmsg+0x10/0x10 [ 192.994854][ T9017] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 193.000867][ T9017] ? ksys_write+0x23e/0x2c0 [ 193.005432][ T9017] ? __pfx_lock_release+0x10/0x10 [ 193.010586][ T9017] ? vfs_write+0x7c4/0xc90 [ 193.015406][ T9017] ? __mutex_unlock_slowpath+0x21d/0x750 [ 193.021092][ T9017] ? __pfx_vfs_write+0x10/0x10 [ 193.025940][ T9017] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 193.031970][ T9017] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 193.038361][ T9017] ? do_syscall_64+0x100/0x230 [ 193.043190][ T9017] __x64_sys_sendmmsg+0xa0/0xb0 [ 193.048096][ T9017] do_syscall_64+0xf3/0x230 [ 193.052656][ T9017] ? clear_bhb_loop+0x35/0x90 [ 193.057391][ T9017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.063342][ T9017] RIP: 0033:0x7f9a9e975bd9 [ 193.067797][ T9017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.087462][ T9017] RSP: 002b:00007f9a9f6f7048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 193.095921][ T9017] RAX: ffffffffffffffda RBX: 00007f9a9eb04038 RCX: 00007f9a9e975bd9 [ 193.104111][ T9017] RDX: 000000000000002d RSI: 0000000020007fc0 RDI: 0000000000000003 [ 193.112111][ T9017] RBP: 00007f9a9f6f70a0 R08: 0000000000000000 R09: 0000000000000000 [ 193.120095][ T9017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.128075][ T9017] R13: 000000000000006e R14: 00007f9a9eb04038 R15: 00007ffd3770d4f8 [ 193.136103][ T9017] [ 193.414822][ T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 193.426794][ T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 193.439506][ T67] bond0 (unregistering): Released all slaves [ 193.457841][ T9005] bond0: option resend_igmp: invalid value (7540) [ 193.464687][ T9005] bond0: option resend_igmp: allowed values 0 - 255 [ 193.480407][ T9015] netlink: 'syz.2.1197': attribute type 10 has an invalid length. [ 194.150276][ T5099] Bluetooth: hci0: command tx timeout [ 194.633485][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.645980][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.171595][ T9030] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 195.199685][ T9034] netlink: 'syz.2.1205': attribute type 7 has an invalid length. [ 195.223972][ T9034] netlink: 180 bytes leftover after parsing attributes in process `syz.2.1205'. [ 195.275016][ T9041] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1207'. [ 195.367569][ T9045] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1209'. [ 195.498143][ T67] hsr_slave_0: left promiscuous mode [ 195.531621][ T67] hsr_slave_1: left promiscuous mode [ 195.551732][ T67] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 195.571700][ T67] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 195.601636][ T67] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 195.615546][ T67] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 195.671608][ T67] veth1_macvtap: left promiscuous mode [ 195.678148][ T67] veth0_macvtap: left promiscuous mode [ 195.684192][ T67] veth1_vlan: left promiscuous mode [ 195.697722][ T67] veth0_vlan: left promiscuous mode [ 196.238171][ T5110] Bluetooth: hci0: command tx timeout [ 196.396559][ T67] team0 (unregistering): Port device team_slave_1 removed [ 196.441923][ T67] team0 (unregistering): Port device team_slave_0 removed [ 196.707768][ T5110] Bluetooth: hci2: command 0x0406 tx timeout [ 196.928255][ T9057] netlink: 'syz.3.1214': attribute type 63 has an invalid length. [ 196.948457][ T9057] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1214'. [ 196.969559][ T9068] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1214'. [ 196.987530][ T9069] netlink: 'syz.2.1216': attribute type 12 has an invalid length. [ 197.132167][ T8975] chnl_net:caif_netlink_parms(): no params data found [ 197.258651][ T9083] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1221'. [ 197.272250][ T9080] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1220'. [ 198.312607][ T5099] Bluetooth: hci0: command tx timeout [ 198.789153][ T9088] dummy0: entered promiscuous mode [ 198.794350][ T9088] macsec1: entered allmulticast mode [ 198.800442][ T9088] dummy0: entered allmulticast mode [ 198.808804][ T9088] dummy0: left allmulticast mode [ 198.814015][ T9088] dummy0: left promiscuous mode [ 198.855391][ T9086] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1222'. [ 198.927440][ T9097] netlink: 'syz.0.1225': attribute type 3 has an invalid length. [ 198.945442][ T9097] netlink: 'syz.0.1225': attribute type 3 has an invalid length. [ 199.021048][ T9102] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1226'. [ 199.124648][ T8975] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.147756][ T8975] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.155053][ T8975] bridge_slave_0: entered allmulticast mode [ 199.178083][ T8975] bridge_slave_0: entered promiscuous mode [ 199.186603][ T9114] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1230'. [ 199.195664][ T8975] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.195785][ T8975] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.195973][ T8975] bridge_slave_1: entered allmulticast mode [ 199.216236][ T9114] block nbd0: not configured, cannot reconfigure [ 199.234230][ T8975] bridge_slave_1: entered promiscuous mode [ 199.339216][ T8975] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 199.362284][ T8975] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.423493][ T9123] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1233'. [ 199.456925][ T9125] FAULT_INJECTION: forcing a failure. [ 199.456925][ T9125] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 199.472836][ T9125] CPU: 0 PID: 9125 Comm: syz.1.1234 Not tainted 6.10.0-rc6-syzkaller-00165-g0ec986ed7bab #0 [ 199.482955][ T9125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 199.493033][ T9125] Call Trace: [ 199.496314][ T9125] [ 199.499261][ T9125] dump_stack_lvl+0x241/0x360 [ 199.503991][ T9125] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.509234][ T9125] ? __pfx__printk+0x10/0x10 [ 199.513869][ T9125] ? __pfx_lock_release+0x10/0x10 [ 199.518940][ T9125] should_fail_ex+0x3b0/0x4e0 [ 199.523675][ T9125] _copy_from_iter+0x1f6/0x1960 [ 199.528580][ T9125] ? __virt_addr_valid+0x183/0x520 [ 199.533738][ T9125] ? __pfx_lock_release+0x10/0x10 [ 199.538815][ T9125] ? __alloc_skb+0x28f/0x440 [ 199.543462][ T9125] ? __pfx__copy_from_iter+0x10/0x10 [ 199.548796][ T9125] ? __virt_addr_valid+0x183/0x520 [ 199.553956][ T9125] ? __virt_addr_valid+0x183/0x520 [ 199.559100][ T9125] ? __virt_addr_valid+0x44e/0x520 [ 199.564243][ T9125] ? __check_object_size+0x49c/0x900 [ 199.569546][ T9125] netlink_sendmsg+0x743/0xcb0 [ 199.574351][ T9125] ? __pfx_netlink_sendmsg+0x10/0x10 [ 199.579668][ T9125] ? __import_iovec+0x536/0x820 [ 199.584541][ T9125] ? aa_sock_msg_perm+0x91/0x160 [ 199.589493][ T9125] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 199.594796][ T9125] ? security_socket_sendmsg+0x87/0xb0 [ 199.600286][ T9125] ? __pfx_netlink_sendmsg+0x10/0x10 [ 199.605603][ T9125] __sock_sendmsg+0x221/0x270 [ 199.610298][ T9125] ____sys_sendmsg+0x525/0x7d0 [ 199.615075][ T9125] ? __pfx_____sys_sendmsg+0x10/0x10 [ 199.620378][ T9125] __sys_sendmsg+0x2b0/0x3a0 [ 199.624999][ T9125] ? __pfx___sys_sendmsg+0x10/0x10 [ 199.630128][ T9125] ? vfs_write+0x7c4/0xc90 [ 199.634630][ T9125] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 199.641002][ T9125] ? do_syscall_64+0x100/0x230 [ 199.645835][ T9125] ? do_syscall_64+0xb6/0x230 [ 199.650700][ T9125] do_syscall_64+0xf3/0x230 [ 199.655238][ T9125] ? clear_bhb_loop+0x35/0x90 [ 199.659967][ T9125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.665917][ T9125] RIP: 0033:0x7f3172f75bd9 [ 199.670366][ T9125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.690013][ T9125] RSP: 002b:00007f3173cad048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 199.698473][ T9125] RAX: ffffffffffffffda RBX: 00007f3173103f60 RCX: 00007f3172f75bd9 [ 199.706491][ T9125] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 199.714483][ T9125] RBP: 00007f3173cad0a0 R08: 0000000000000000 R09: 0000000000000000 [ 199.722468][ T9125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 199.730474][ T9125] R13: 000000000000000b R14: 00007f3173103f60 R15: 00007ffed6558b68 [ 199.738498][ T9125] [ 199.764399][ T9133] netlink: 'syz.3.1236': attribute type 10 has an invalid length. [ 199.801621][ T8975] team0: Port device team_slave_0 added [ 199.941683][ T8975] team0: Port device team_slave_1 added [ 200.400034][ T5099] Bluetooth: hci0: command tx timeout [ 201.334820][ T9142] netlink: 'syz.2.1238': attribute type 5 has an invalid length. [ 201.342796][ T9142] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1238'. [ 201.360103][ T9142] vlan2: entered promiscuous mode [ 201.368489][ T8975] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 201.375481][ T8975] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.402613][ T8975] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 201.455418][ T8975] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.477577][ T8975] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.521277][ T8975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.541475][ T9153] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1243'. [ 201.557597][ T9153] nbd: illegal input index 4849728 [ 201.671643][ T8975] hsr_slave_0: entered promiscuous mode [ 201.736304][ T8975] hsr_slave_1: entered promiscuous mode [ 201.780334][ T9171] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1245'. [ 201.818162][ T9171] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 202.205130][ T29] audit: type=1107 audit(1720412223.482:8): pid=9183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='O' [ 202.209453][ T9185] netlink: 'syz.2.1251': attribute type 10 has an invalid length. [ 202.286162][ T9194] netlink: 'syz.2.1251': attribute type 8 has an invalid length. [ 202.372748][ T9190] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1252'. [ 202.428753][ T9199] --map-set only usable from mangle table [ 202.757671][ T9216] netlink: 'syz.3.1259': attribute type 1 has an invalid length. [ 202.765487][ T9216] netlink: 9364 bytes leftover after parsing attributes in process `syz.3.1259'. [ 202.774945][ T9216] netlink: 'syz.3.1259': attribute type 1 has an invalid length. [ 203.896926][ T9208] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1259'. [ 204.053382][ T8975] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 204.106264][ T8975] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 204.138486][ T9230] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1264'. [ 204.152697][ T8975] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 204.196207][ T8975] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 204.232828][ T9239] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1268'. [ 204.310341][ T9236] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1267'. [ 204.320306][ T9236] netlink: 'syz.0.1267': attribute type 1 has an invalid length. [ 204.505422][ T8975] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.548552][ T8975] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.593375][ T5151] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.600656][ T5151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.634022][ T5151] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.641228][ T5151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.664587][ T9254] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1273'. [ 205.065209][ T9273] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1280'. [ 205.134611][ T9274] bond0: entered promiscuous mode [ 205.172168][ T9274] bond_slave_0: entered promiscuous mode [ 205.197754][ T9274] bond_slave_1: entered promiscuous mode [ 205.219638][ T9274] batadv0: entered promiscuous mode [ 205.266411][ T9274] bond0: left promiscuous mode [ 205.284831][ T9274] bond_slave_0: left promiscuous mode [ 205.315639][ T9274] bond_slave_1: left promiscuous mode [ 205.322794][ T9274] batadv0: left promiscuous mode [ 205.541769][ T8975] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 205.640023][ T9293] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1285'. [ 205.677626][ T9293] nbd: must specify at least one socket [ 205.859319][ T9305] FAULT_INJECTION: forcing a failure. [ 205.859319][ T9305] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 205.872756][ T9306] netlink: 'syz.3.1288': attribute type 10 has an invalid length. [ 205.929427][ T9305] CPU: 1 PID: 9305 Comm: syz.0.1289 Not tainted 6.10.0-rc6-syzkaller-00165-g0ec986ed7bab #0 [ 205.939562][ T9305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 205.949644][ T9305] Call Trace: [ 205.952944][ T9305] [ 205.955902][ T9305] dump_stack_lvl+0x241/0x360 [ 205.960612][ T9305] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.965845][ T9305] ? __pfx__printk+0x10/0x10 [ 205.970461][ T9305] should_fail_ex+0x3b0/0x4e0 [ 205.975159][ T9305] prepare_alloc_pages+0x1da/0x5d0 [ 205.980299][ T9305] __alloc_pages_noprof+0x166/0x6c0 [ 205.985524][ T9305] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 205.991291][ T9305] alloc_pages_mpol_noprof+0x3e8/0x680 [ 205.996795][ T9305] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 206.002813][ T9305] vma_alloc_folio_noprof+0xf3/0x1f0 [ 206.008126][ T9305] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 206.014040][ T9305] ? do_raw_spin_unlock+0x13c/0x8b0 [ 206.019272][ T9305] folio_prealloc+0x31/0x170 [ 206.023884][ T9305] do_wp_page+0x11cc/0x52f0 [ 206.028422][ T9305] ? __pfx_do_wp_page+0x10/0x10 [ 206.033297][ T9305] ? __pfx_lock_acquire+0x10/0x10 [ 206.038340][ T9305] ? do_raw_spin_lock+0x14f/0x370 [ 206.043400][ T9305] handle_pte_fault+0x117e/0x7090 [ 206.048440][ T9305] ? __pfx_validate_chain+0x10/0x10 [ 206.053655][ T9305] ? ip_fast_csum+0x1f0/0x2b0 [ 206.058346][ T9305] ? ip_skb_dst_mtu+0x6ba/0x9b0 [ 206.063214][ T9305] ? __pfx_handle_pte_fault+0x10/0x10 [ 206.068607][ T9305] ? __lock_acquire+0x1346/0x1fd0 [ 206.073675][ T9305] ? __pfx_lock_release+0x10/0x10 [ 206.078720][ T9305] handle_mm_fault+0x10df/0x1ba0 [ 206.083699][ T9305] ? __pfx_handle_mm_fault+0x10/0x10 [ 206.089012][ T9305] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 206.095362][ T9305] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 206.100667][ T9305] exc_page_fault+0x2b9/0x8c0 [ 206.105362][ T9305] asm_exc_page_fault+0x26/0x30 [ 206.110226][ T9305] RIP: 0010:__put_user_4+0x11/0x20 [ 206.115366][ T9305] Code: 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 [ 206.135069][ T9305] RSP: 0018:ffffc90002e9f9d8 EFLAGS: 00050202 [ 206.141142][ T9305] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000020007ff8 [ 206.149120][ T9305] RDX: 0000000020007fc0 RSI: ffffffff8bcaccc0 RDI: ffffffff8c1fe940 [ 206.157098][ T9305] RBP: ffffc90002e9fed0 R08: ffffffff8fad49ef R09: 1ffffffff1f5a93d [ 206.165077][ T9305] R10: dffffc0000000000 R11: fffffbfff1f5a93e R12: 1ffff920005d3f48 [ 206.173053][ T9305] R13: dffffc0000000000 R14: 000000000000002d R15: ffffc90002e9fd20 [ 206.181050][ T9305] __sys_sendmmsg+0x515/0x740 [ 206.185750][ T9305] ? __pfx___sys_sendmmsg+0x10/0x10 [ 206.190990][ T9305] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 206.196894][ T9305] ? ksys_write+0x23e/0x2c0 [ 206.201409][ T9305] ? __pfx_lock_release+0x10/0x10 [ 206.206466][ T9305] ? vfs_write+0x7c4/0xc90 [ 206.210983][ T9305] ? __mutex_unlock_slowpath+0x21d/0x750 [ 206.216625][ T9305] ? __pfx_vfs_write+0x10/0x10 [ 206.221507][ T9305] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 206.227502][ T9305] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 206.233835][ T9305] ? do_syscall_64+0x100/0x230 [ 206.238615][ T9305] __x64_sys_sendmmsg+0xa0/0xb0 [ 206.243486][ T9305] do_syscall_64+0xf3/0x230 [ 206.248013][ T9305] ? clear_bhb_loop+0x35/0x90 [ 206.252706][ T9305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.258614][ T9305] RIP: 0033:0x7f9a9e975bd9 [ 206.263032][ T9305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 206.282736][ T9305] RSP: 002b:00007f9a9f718048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 206.291154][ T9305] RAX: ffffffffffffffda RBX: 00007f9a9eb03f60 RCX: 00007f9a9e975bd9 [ 206.299132][ T9305] RDX: 000000000000002d RSI: 0000000020007fc0 RDI: 0000000000000003 [ 206.307106][ T9305] RBP: 00007f9a9f7180a0 R08: 0000000000000000 R09: 0000000000000000 [ 206.315084][ T9305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 206.323059][ T9305] R13: 000000000000000b R14: 00007f9a9eb03f60 R15: 00007ffd3770d4f8 [ 206.331060][ T9305] [ 206.486242][ T9317] Cannot find add_set index 0 as target [ 206.686834][ T8975] veth0_vlan: entered promiscuous mode [ 206.780445][ T9327] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 206.846268][ T9332] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1297'. [ 206.846377][ T8975] veth1_vlan: entered promiscuous mode [ 206.910718][ T9334] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1298'. [ 206.932002][ T8975] veth0_macvtap: entered promiscuous mode [ 207.018519][ T8975] veth1_macvtap: entered promiscuous mode [ 207.034185][ T9338] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1299'. [ 207.081724][ T8975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 207.109531][ T8975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 207.147367][ T8975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 207.167022][ T8975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 207.181414][ T8975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 207.191840][ T9348] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 207.212411][ T8975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 207.224363][ T8975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 207.241216][ T8975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 207.253641][ T8975] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 207.293699][ T8975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 207.306074][ T8975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 207.317242][ T8975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 207.330801][ T8975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 207.346295][ T8975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 207.361567][ T8975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 207.372903][ T8975] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 207.384123][ T8975] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 207.412045][ T8975] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 207.522005][ T8975] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.540356][ T8975] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.556247][ T8975] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.572622][ T8975] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.603278][ T9360] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xf [ 207.647999][ T9360] netlink: 'syz.3.1306': attribute type 3 has an invalid length. [ 207.812975][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 207.833546][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 207.957051][ T6745] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 207.982443][ T6745] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 208.098801][ T9395] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 208.250951][ T9397] block nbd2: not configured, cannot reconfigure [ 208.442813][ T9413] x_tables: duplicate underflow at hook 2 [ 208.842569][ T9425] (unnamed net_device) (uninitialized): down delay (6) is not a multiple of miimon (7), value rounded to 0 ms [ 209.014014][ T9438] netlink: 'syz.0.1333': attribute type 20 has an invalid length. [ 209.214163][ T9471] ebt_among: dst integrity fail: 101 [ 209.905339][ T9513] __nla_validate_parse: 5 callbacks suppressed [ 209.905362][ T9513] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1351'. [ 210.021865][ T9517] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1352'. [ 210.228354][ T9461] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.862769][ T9525] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1354'. [ 210.872244][ T9523] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1357'. [ 210.992275][ T9461] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.118053][ T9537] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1361'. [ 211.143671][ T9461] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.240188][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 211.249183][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 211.262087][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 211.271820][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 211.283554][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 211.297590][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 211.319928][ T9546] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1364'. [ 211.355166][ T9461] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.472053][ T9554] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1368'. [ 211.507786][ T9554] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1368'. [ 211.568375][ T9554] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1368'. [ 211.886778][ T9584] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1377'. [ 212.067676][ T5110] Bluetooth: hci5: command 0x0406 tx timeout [ 212.093664][ T9461] bridge_slave_1: left allmulticast mode [ 212.099542][ T9461] bridge_slave_1: left promiscuous mode [ 212.105628][ T9461] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.120308][ T9461] bridge_slave_0: left allmulticast mode [ 212.131086][ T9461] bridge_slave_0: left promiscuous mode [ 212.139422][ T9461] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.616680][ T9461] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 212.636175][ T9461] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 212.653316][ T9461] bond0 (unregistering): Released all slaves [ 213.128060][ T9624] netlink: 'syz.0.1386': attribute type 10 has an invalid length. [ 213.149623][ T9624] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 213.316609][ T9543] chnl_net:caif_netlink_parms(): no params data found [ 213.348500][ T5099] Bluetooth: hci0: command tx timeout [ 213.433963][ T9461] hsr_slave_0: left promiscuous mode [ 213.448779][ T9461] hsr_slave_1: left promiscuous mode [ 213.462476][ T9461] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 213.472477][ T9461] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 213.480873][ T9461] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 213.490243][ T9461] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 213.514219][ T9461] veth1_macvtap: left promiscuous mode [ 213.519956][ T9461] veth0_macvtap: left promiscuous mode [ 213.525570][ T9461] veth1_vlan: left promiscuous mode [ 213.531353][ T9461] veth0_vlan: left promiscuous mode [ 214.010599][ T9461] team0 (unregistering): Port device team_slave_1 removed [ 214.052893][ T9461] team0 (unregistering): Port device team_slave_0 removed [ 214.474364][ T9651] netlink: 'syz.3.1400': attribute type 1 has an invalid length. [ 214.488039][ T9651] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 214.650106][ T9665] netlink: 'syz.0.1403': attribute type 11 has an invalid length. [ 214.696653][ T9667] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 214.707207][ T9543] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.717445][ T9543] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.724766][ T9543] bridge_slave_0: entered allmulticast mode [ 214.758234][ T9543] bridge_slave_0: entered promiscuous mode [ 214.800292][ T9543] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.827733][ T9543] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.853164][ T9543] bridge_slave_1: entered allmulticast mode [ 214.877029][ T9543] bridge_slave_1: entered promiscuous mode [ 214.932718][ T9678] xt_SECMARK: invalid mode: 0 [ 215.030933][ T9677] __nla_validate_parse: 4 callbacks suppressed [ 215.030955][ T9677] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1406'. [ 215.073565][ T9671] macsec0: entered promiscuous mode [ 215.095848][ T9543] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 215.190546][ T9543] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 215.396250][ T9701] netlink: 'syz.2.1416': attribute type 4 has an invalid length. [ 215.408571][ T9543] team0: Port device team_slave_0 added [ 215.427719][ T5099] Bluetooth: hci0: command tx timeout [ 215.446669][ T9704] block nbd1: not configured, cannot reconfigure [ 215.454961][ T9543] team0: Port device team_slave_1 added [ 215.473701][ T9706] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1418'. [ 215.541804][ T9707] netlink: 'syz.0.1415': attribute type 9 has an invalid length. [ 215.554143][ T9710] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1418'. [ 215.576400][ T9543] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 215.606529][ T9543] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.667467][ T9543] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 215.705903][ T9543] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 215.726166][ T9543] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.745367][ T9723] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 215.807542][ T9543] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 215.840767][ T9730] netlink: 'syz.0.1421': attribute type 1 has an invalid length. [ 215.956705][ T9735] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1425'. [ 216.018464][ T9543] hsr_slave_0: entered promiscuous mode [ 216.036546][ T9543] hsr_slave_1: entered promiscuous mode [ 216.145062][ T9739] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 216.285200][ T9742] netlink: 'syz.3.1427': attribute type 34 has an invalid length. [ 216.568842][ T9751] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode [ 216.576269][ T9751] macsec1: entered promiscuous mode [ 216.611699][ T9751] mac80211_hwsim hwsim14 wlan0: left promiscuous mode [ 216.843507][ T9775] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1441'. [ 216.876581][ T9776] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1442'. [ 216.915468][ T9778] Cannot find add_set index 0 as target [ 216.994280][ T9782] netlink: 816 bytes leftover after parsing attributes in process `syz.0.1445'. [ 217.096446][ T9543] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 217.113376][ T9543] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 217.144992][ T9789] netlink: 596 bytes leftover after parsing attributes in process `syz.0.1449'. [ 217.146973][ T9543] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 217.206053][ T9543] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 217.227057][ T9789] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1449'. [ 217.244618][ T9795] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1450'. [ 217.346003][ T9786] syzkaller0: entered promiscuous mode [ 217.351950][ T9786] syzkaller0: entered allmulticast mode [ 217.424795][ T9804] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 217.483260][ T9804] netlink: 'syz.1.1452': attribute type 3 has an invalid length. [ 217.508449][ T5099] Bluetooth: hci0: command tx timeout [ 217.516606][ T9806] netlink: 'syz.3.1453': attribute type 3 has an invalid length. [ 217.535281][ T9806] netlink: 'syz.3.1453': attribute type 3 has an invalid length. [ 217.564386][ T9809] netlink: 'syz.0.1454': attribute type 10 has an invalid length. [ 217.657837][ T9809] bond0: (slave bond_slave_0): Releasing backup interface [ 217.782333][ T9543] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.845350][ T9543] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.888923][ T5147] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.896575][ T5147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.086061][ T9833] block nbd0: not configured, cannot reconfigure [ 219.443859][ T5147] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.451061][ T5147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.465923][ T9826] veth0_vlan: entered allmulticast mode [ 219.587672][ T5099] Bluetooth: hci0: command tx timeout [ 221.308819][ T9869] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 221.318491][ T9869] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 221.332950][ T9869] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 221.343418][ T9869] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 221.356904][ T9869] geneve2: entered promiscuous mode [ 221.362705][ T9869] geneve2: entered allmulticast mode [ 221.613021][ T9890] __nla_validate_parse: 9 callbacks suppressed [ 221.613044][ T9890] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1484'. [ 221.868927][ T9911] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI [ 221.881571][ T9911] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] [ 221.890011][ T9911] CPU: 1 PID: 9911 Comm: syz.0.1490 Not tainted 6.10.0-rc6-syzkaller-00165-g0ec986ed7bab #0 [ 221.900144][ T9911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 221.910230][ T9911] RIP: 0010:reuseport_add_sock+0x27e/0x5e0 [ 221.916087][ T9911] Code: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b 99 2e f8 83 fb 01 0f 85 a3 01 00 00 e8 6d 95 2e f8 49 8d 7e 12 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 4b 02 00 00 41 0f b7 5e 12 49 8d 7e 14 [ 221.935726][ T9911] RSP: 0018:ffffc90009db7c98 EFLAGS: 00010202 [ 221.941829][ T9911] RAX: 0000000000000002 RBX: ffff88807d98df98 RCX: ffff888021099e00 [ 221.949914][ T9911] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012 [ 221.957920][ T9911] RBP: 0000000000000001 R08: ffffffff896790dd R09: 1ffffffff1f5a93d [ 221.965087][ T9916] netlink: 'syz.2.1492': attribute type 20 has an invalid length. [ 221.965903][ T9911] R10: dffffc0000000000 R11: fffffbfff1f5a93e R12: ffff88807d98dac0 [ 221.981787][ T9911] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 [ 221.989787][ T9911] FS: 00007f9a9f6d66c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 221.998747][ T9911] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 222.005358][ T9911] CR2: 00007f9a9f6d5fa8 CR3: 000000007ee6a000 CR4: 00000000003506f0 [ 222.013360][ T9911] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 222.021362][ T9911] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 222.029363][ T9911] Call Trace: [ 222.032663][ T9911] [ 222.035612][ T9911] ? __die_body+0x88/0xe0 [ 222.039990][ T9911] ? die_addr+0x108/0x140 [ 222.044361][ T9911] ? exc_general_protection+0x3dd/0x5d0 [ 222.049988][ T9911] ? asm_exc_general_protection+0x26/0x30 [ 222.055737][ T9911] ? reuseport_add_sock+0x10d/0x5e0 [ 222.060979][ T9911] ? reuseport_add_sock+0x27e/0x5e0 [ 222.066213][ T9911] ? reuseport_add_sock+0x1da/0x5e0 [ 222.071464][ T9911] sctp_hash_endpoint+0x52a/0x600 [ 222.076520][ T9911] ? sctp_hash_endpoint+0x2b/0x600 [ 222.081667][ T9911] sctp_inet_listen+0x767/0xa20 [ 222.086558][ T9911] ? __pfx_sctp_inet_listen+0x10/0x10 [ 222.091978][ T9911] ? __pfx_aa_sk_perm+0x10/0x10 [ 222.097213][ T9911] ? __fget_files+0x3f6/0x470 [ 222.101924][ T9911] ? __fget_files+0x29/0x470 [ 222.106567][ T9911] ? bpf_lsm_socket_listen+0x9/0x10 [ 222.111803][ T9911] __sys_listen+0x1b7/0x230 [ 222.116341][ T9911] __x64_sys_listen+0x5a/0x70 [ 222.121050][ T9911] do_syscall_64+0xf3/0x230 [ 222.125594][ T9911] ? clear_bhb_loop+0x35/0x90 [ 222.130314][ T9911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.136240][ T9911] RIP: 0033:0x7f9a9e975bd9 [ 222.140667][ T9911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.160318][ T9911] RSP: 002b:00007f9a9f6d6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000032 [ 222.168755][ T9911] RAX: ffffffffffffffda RBX: 00007f9a9eb04110 RCX: 00007f9a9e975bd9 [ 222.176746][ T9911] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000008 [ 222.184797][ T9911] RBP: 00007f9a9e9e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 222.192791][ T9911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 222.200777][ T9911] R13: 000000000000000b R14: 00007f9a9eb04110 R15: 00007ffd3770d4f8 [ 222.208775][ T9911] [ 222.211797][ T9911] Modules linked in: [ 222.215869][ T9911] ---[ end trace 0000000000000000 ]--- [ 222.221389][ T9911] RIP: 0010:reuseport_add_sock+0x27e/0x5e0 [ 222.227243][ T9911] Code: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b 99 2e f8 83 fb 01 0f 85 a3 01 00 00 e8 6d 95 2e f8 49 8d 7e 12 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 4b 02 00 00 41 0f b7 5e 12 49 8d 7e 14 [ 222.247044][ T9911] RSP: 0018:ffffc90009db7c98 EFLAGS: 00010202 [ 222.253184][ T9911] RAX: 0000000000000002 RBX: ffff88807d98df98 RCX: ffff888021099e00 [ 222.261204][ T9911] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012 [ 222.269226][ T9911] RBP: 0000000000000001 R08: ffffffff896790dd R09: 1ffffffff1f5a93d [ 222.277226][ T9911] R10: dffffc0000000000 R11: fffffbfff1f5a93e R12: ffff88807d98dac0 [ 222.285263][ T9911] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 [ 222.293288][ T9911] FS: 00007f9a9f6d66c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 222.302279][ T9911] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 222.308937][ T9911] CR2: 00007f9a9f6d5fa8 CR3: 000000007ee6a000 CR4: 00000000003506f0 [ 222.316953][ T9911] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 222.325002][ T9911] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 222.333034][ T9911] Kernel panic - not syncing: Fatal exception in interrupt [ 222.340574][ T9911] Kernel Offset: disabled [ 222.344920][ T9911] Rebooting in 86400 seconds..