last executing test programs: 1.814264499s ago: executing program 1 (id=2081): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000e00)=ANY=[@ANYBLOB="611582000000000061138c0000000700bfa000000000000007000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350607000fff07206706000003000000160302000ee60060bf350000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dc725f431bcab0ef59b8f0e431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa0100000000000000b93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4ffcae1a8a793a7795a9214a92f66e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc3086936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61dc18402cde8bf777b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154baa8e51489a614e69722bac30000000000000000000000000000a006b178438e930b2494db1bf624a70a19a45b8b71869afb13cb2ac1d2f3ec0d93a3e4fd0ad076c7d826f218aa6ba8ec5e58b7c64dc8616127087901dc65418a4b25bfa7ae8b5ad9642815f319230425e8bd89c6983d816d97d81a739917eecd26f9a3aecaf0acdaf6cffab38eae3b10b122b4bf521a46bf01a0c136f745113b589459fbe1666087a7c554a55e2b42ab7e405a77f405a348a64e356b7fb61e48ea9c87bf13f97052c51fdd49f3dbccf9874cf61807ae4b1665ccdd026d4580a068395e8cb851eeadb1da6d1009513ca73a685c66fb15f27eb74a7a4eb5966e3ef4be3ca8ba81b2d17d797265390ce616c3d7b566fe956fb93c6a43f4dc6bfc194daeb7b998d550773bc14aca"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48) 1.69825979s ago: executing program 2 (id=2084): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket(0x26, 0xa, 0x8) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x40, 0x2, [@TCA_TBF_BURST={0x8, 0x6, 0x70dab7c4}, @TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0x138f}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xc79753c9f991ecb0}]}}]}, 0x6c}}, 0x0) sendmsg$nl_route_sched_retired(r5, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000680)=@delqdisc={0x1fc, 0x25, 0x2, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, r8, {0x5, 0x6}, {0xf, 0xd}, {0xffe0, 0xa}}, [@q_dsmark={{0xb}, {0x14, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x8}, @TCA_DSMARK_INDICES={0x6, 0x1, 0xc}]}}, @q_dsmark={{0xb}, {0x2c, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x1}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x5}, @TCA_DSMARK_INDICES={0x0, 0x1, 0x10}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x6}]}}, @q_dsmark={{0xb}, {0x3c, 0x2, [@TCA_DSMARK_INDICES={0x6}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x40}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x5}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x1}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0xc55}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x13}]}}, @q_dsmark={{0xb}, {0x4c, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x8}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x8}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x1}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x1ff}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x20}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x1}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x9}]}}, @q_dsmark={{0xb}, {0x14, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x7}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x2d}]}}, @q_dsmark={{0xb}, {0x20, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0xc}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x8}, @TCA_DSMARK_INDICES={0x6}, @TCA_DSMARK_SET_TC_INDEX={0x4}]}}, @q_dsmark={{0xb}, {0x18, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x2}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x3}]}}, @q_dsmark={{0xb}, {0x18, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x3}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x800}]}}, @q_dsmark={{0xb}, {0x40, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x19}, @TCA_DSMARK_DEFAULT_INDEX={0x6}, @TCA_DSMARK_INDICES={0x6}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x7}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x2}, @TCA_DSMARK_INDICES={0x6}]}}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x408d6}, 0x4000044) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x0, 0xfff}, 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="850000007d00000035000000000000c594d2e64e679a11000000000000000000"], &(0x7f0000000140)='GPL\x00', 0x0, 0xa0, &(0x7f0000000180)=""/153}, 0x15) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r9, 0x0, 0xe, 0x0, &(0x7f0000000040)="6100000000000000040000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd010000000000000000006000000001007300fe880001000000000000060000007d01ff020000000000000000000000000001"], 0xfdef) ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000380)=r4) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x19f980037e0b71c) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB='\x00+'], 0x168) listen(r0, 0x0) syz_emit_ethernet(0x8a, &(0x7f00000005c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd600a843500540600fe8000000000000000000000000000aafe8100000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50c2000090780000220a000000000000000004021312d97376d54ac169fef2aca59833ac1ffc1e1020000000000000000000000000001e0f0040bece9292e5c3372a86ed2d000000"], 0x0) 1.635090121s ago: executing program 1 (id=2087): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan0\x00'}) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={0x0, 0x4540, 0xff}, 0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) syz_emit_ethernet(0xa6, &(0x7f0000000000)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000210", 0x70, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x37, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87c1faffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1f02"}, {0x0, 0x1, "005ff9297d00001392000100"}]}}}}}}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) sendmsg$NL802154_CMD_SET_CHANNEL(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r1, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000002ea04850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000480)='ext4_request_inode\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000fc850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000480)='ext4_request_inode\x00', r3}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001c00)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r4, &(0x7f0000000340)=0xfffffffffffffffc, 0x69) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000d40)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000a40)="0036d551863e1902129da79f5986e05288f50e5398660c1a29b0f45c0cc36902e0251c8d34197b357b32b161f9ad72d55a0eab976aae24ed805271b43f0ce2fea5e764494873e0d82a172b3bb54f59b458fd35039c7d81e9ab07f2fb4dad61bd500a119b54c74a12e4569e47b69a95f92c", 0x71}, {&(0x7f0000000d40)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e", 0x58}], 0x2}}], 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendmsg$inet(r0, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000880)}, 0x0) 1.577441941s ago: executing program 2 (id=2089): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f00000000c0)=0x6, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000480)=ANY=[@ANYRES16=0x0], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x30675b431484db47, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90) socket$kcm(0xa, 0x1, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x35, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x7c}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x90) r1 = socket$phonet(0x23, 0x2, 0x1) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)={0x28, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_NOLEARN={0x5}]}]}, 0x28}}, 0x0) r5 = socket$kcm(0xa, 0x6, 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000001c0)=@base={0x5, 0x16, 0x8, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', r7}, 0x48) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001ac0)='cpuacct.usage_percpu_user\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r5, 0x10d, 0xa, &(0x7f0000000000)=r8, 0x4) setsockopt$ax25_SO_BINDTODEVICE(r8, 0x101, 0x19, &(0x7f0000000080)=@rose={'rose', 0x0}, 0x10) 1.395552746s ago: executing program 2 (id=2092): close(0xffffffffffffffff) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newneigh={0x30, 0x1c, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r1, 0x40, 0xa2}, [@NDA_LLADDR={0xa, 0x2, @remote}, @NDA_VLAN={0x6, 0x5, 0x1}]}, 0x30}, 0x1, 0x1000000000000000}, 0x0) 1.23076817s ago: executing program 0 (id=2094): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x12}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0xb000000}, 0x0) 1.23011827s ago: executing program 3 (id=2095): r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x2}, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_GET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="180000001014010000000000000000000400"], 0x18}}, 0x44) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) 1.222695858s ago: executing program 2 (id=2096): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000000406010300000000000000f000000001050001000717809ded02"], 0x1c}}, 0x0) 1.168357384s ago: executing program 0 (id=2097): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000a00)=ANY=[@ANYBLOB="b70200001a000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b70600007fffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e0794ba217d24cb1dd5eab952f7a5004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a6dc4facc231ab7ea0c34f17e3946e0ebc622003b538dfc8e012e79578e51bc5f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b803000000661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7b148be3b2e6ea09c346dfebd38608b32a0080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e14861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16b089f37b3591a15c0a9be6eb18208404c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b74cd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979009857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef09eecfc3344b8d3d524a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f50714600fb6241c6e955031795b2c2f56411e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef568fc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeedd005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9085b3ec57b00c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc101438d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe00000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b625491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd907000000000000000d9cae846bcbfa8cce7b893e578af7dc7d5e8732cac2d114b1457261bc5dfb508078d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000ff0300000000000000000000000000000000005205000000dc1c010100000000000052a93466ae595c6a8cda6d0d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e80339f9953c3093c3690d10ecb65dbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd5236460000000000000000000000000000000000000000000000ff01000000000000ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac47bde21d3ebfb569ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1c"], 0x0}, 0x90) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000001040)=ANY=[@ANYBLOB="9feb0100180000000000000030000000300000000a0000000000430000000002000000000000000002000084000000000600000001000000000000000000000600000000000000000000000000002e"], 0x0, 0x52}, 0x20) 1.111096574s ago: executing program 3 (id=2099): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000482a00090000000000000014000400002c45001180", @ANYRESHEX, @ANYRESDEC], 0x5c}, 0x1, 0x3000000}, 0x0) 1.026684629s ago: executing program 0 (id=2100): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="30000e00", @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000300", @ANYRES32=r2, @ANYBLOB="0a0006"], 0x30}}, 0x0) 1.025971438s ago: executing program 2 (id=2101): socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0xc}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ip6gre0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x8, &(0x7f0000004380)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7235f1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a49bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d67"], &(0x7f00000003c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r4, 0xffffffffffffffff, 0x2, 0x0, 0x4, @prog_fd}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000700)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fefdffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000000404000001000000b70500002a0000006a0a00fe00000000850000000b000000b70000005920000095000000000000006c8f5d76781dcb7729f01726a067818b990b13bfdd5db1b7ef826f015cd03018d546fa9b6827767c171a4f0720596bb3b4d821d976f5843061cc2e3afbae82d7932d4f91f718f0e56315040148e11bac31821236192321fa3b3042"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x0, 0xcc0, 0x6414, &(0x7f0000000000)="5ae02efc441a80536af0d1d905c723fa", &(0x7f0000000040)=""/24}, 0x28) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000008c0)=ANY=[@ANYBLOB="540100001800010000000000000000001d010000150003000000000000000000981904f611df61b6020000001e01060000fe"], 0x154}}, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010066657468305f746f5f687372000000001400000010000100000000000000000a00"/160], 0xa0}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000060000000400000000000007000000000000006463e40901050000000900000000000000010000850000000000000000020000000000000000000000da00"], &(0x7f0000000340)=""/142, 0x52, 0x8e}, 0x20) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x2c, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12}, [@TCA_RATE={0x6}]}, 0x2c}}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r8, &(0x7f00000001c0)=ANY=[@ANYBLOB="0063f3ed50319ccde5aa707573657420"], 0x8) write$cgroup_int(r9, &(0x7f0000000200), 0x42400) ioctl$SIOCSIFHWADDR(r7, 0x89f1, &(0x7f0000000900)={'ip6_vti0\x00', @random="0600002000"}) sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, 0x0, 0x1, 0x0, 0x0, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}]}]}, 0x28}}, 0x0) 1.009680788s ago: executing program 3 (id=2102): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x18, 0x1409, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}}, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@cgroup, 0x7f4961d50721ea53, 0x0, 0x9, &(0x7f0000000000)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000140)=[0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0]}, 0x40) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006}]}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'xfrm0\x00', 0x0}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[@ANYBLOB="9feb010018000000000000000800ef00000000000000"], 0x0, 0x1a, 0x0, 0xffffffff}, 0x20) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000001c0), 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendto$packet(r3, &(0x7f0000000180)='`', 0x500, 0x800800, &(0x7f0000000240)={0x2f, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14) socket$nl_generic(0x10, 0x3, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) 838.8184ms ago: executing program 2 (id=2104): socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)) r0 = socket(0x28, 0x5, 0x0) socket(0x0, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) pipe(0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00'}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x18, 0x8, 0x40, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x15, 0x0, 0x0) socket(0x10, 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000000), 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffad, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x900000000000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0xfffffffffffffffc}, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000018c0)={0x0, 0x0, 0x0}, 0x0) 838.511467ms ago: executing program 0 (id=2105): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3, 0x4, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000100000000000000000007110bb000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 807.427558ms ago: executing program 3 (id=2107): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r2, @ANYBLOB="fe000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="600000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000003800128008000100677265002c00028008000700ac1e000106000f0020000000050008000000000008000100", @ANYRES32=0x0, @ANYBLOB="060010000000000008000a00", @ANYRES32=r5], 0x60}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) r8 = socket(0x1, 0x803, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)=ANY=[@ANYBLOB="940000001000010400fe00"/20, @ANYRES32=0x0, @ANYBLOB="444dc9fe000000006400128009000100766c616e000000005400028006000100000000000c000200020000000a000000040004801c0003800c00010068e30000030000000c0001007f000000070000001c0004800c0001000200000060d506000c000100000000000200000008000500", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r9], 0x94}}, 0x0) 667.269359ms ago: executing program 0 (id=2108): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x48, 0x30, 0x0, 0x0, 0x0, {}, [{0x34, 0x1, [@m_csum={0x30, 0x0, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00655813000500000000000000100007000000", @ANYRES32=r2, @ANYBLOB="00000000000000000c001a8008"], 0x2c}}, 0x0) 665.350415ms ago: executing program 1 (id=2109): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000003e00)={0x0, 0x0, &(0x7f0000003dc0)={&(0x7f0000000440)=ANY=[@ANYBLOB="141d00001000010000000000000000090000000a20000000000a05140000000000000000010000000900010073797a300000000058000000160a09000900000000000000010000000900010073797a30000000000900020073797a32000000002c00038018000380140001006d6163736563300000000000000000000800024000000000080001400000000014000000110001"], 0xa0}}, 0x0) 538.811595ms ago: executing program 0 (id=2110): socket$inet6_sctp(0xa, 0x1, 0x84) r0 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f00000001c0)) syz_80211_inject_frame(&(0x7f0000000080)=@device_b, &(0x7f0000000780)=ANY=[@ANYBLOB], 0x404) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="01e70018000b0000000004"], 0x18}}, 0x0) 538.108824ms ago: executing program 1 (id=2111): r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=@newtaction={0xd8, 0x30, 0xffff, 0x0, 0x0, {}, [{0xc4, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x54, 0x2, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}, @TCA_GACT_PROB={0xc, 0x3, {0xfa665a81a6d02b4d}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xd8}}, 0x0) (async) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=@newtaction={0xd8, 0x30, 0xffff, 0x0, 0x0, {}, [{0xc4, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x54, 0x2, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}, @TCA_GACT_PROB={0xc, 0x3, {0xfa665a81a6d02b4d}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xd8}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$rxrpc(0x21, 0x2, 0x0) (async) socket$rxrpc(0x21, 0x2, 0x0) socket$rxrpc(0x21, 0x2, 0x2) (async) socket$rxrpc(0x21, 0x2, 0x2) socket(0x0, 0x0, 0x0) socket$inet6(0xa, 0x6, 0x0) (async) socket$inet6(0xa, 0x6, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) (async) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b70200"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='finish_task_reaping\x00', r3}, 0x10) ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) unshare(0x2000400) getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000040)=0xffffffffffffff45) bind$alg(r0, &(0x7f0000001800)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5, 0x10}, @union={0x0, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x0, 0x1, 0x20000000}]}]}}, 0x0, 0x42}, 0x20) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5, 0x10}, @union={0x0, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x0, 0x1, 0x20000000}]}]}}, 0x0, 0x42}, 0x20) accept4(r0, 0x0, 0x0, 0x0) (async) r4 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9c000000", @ANYRES16=0x0, @ANYBLOB="000000000000000000004a0000000e34475b38657464657673696d0000000f0002006e657464657673696d3000006500a80004a187dfaa0fa877357fd5b65b30fa2ba3e89a604dba8c25906886efc7b685c2875e9a47e4c776155946bb563712f564c719c205aa78764f842f100ed54ccb9ad58c6d9b3b1cdec668e5fdcdc3bc5273459437bd9f6e420d81a9a0ced4528a54335838a8000000"], 0xfffffdef}}, 0x0) 537.78201ms ago: executing program 4 (id=2112): r0 = socket$kcm(0x2, 0x3, 0x2) sendmsg$inet(r0, &(0x7f0000003a80)={&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000003a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xd}, @multicast1}}}], 0x20}, 0x4008804) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f00000002c0)=@l2tp={0x2, 0x0, @loopback}, 0x80, &(0x7f0000000940)=[{&(0x7f0000000600)="3282db78e0ea55c52d87bc2a166b9e46818f5faca0b3a411e056b7928ccacd30019d925e47ecd2f92675d1d8c795dd0ab0a9c457007d002ae359e2b5d768e71db355cf220bb96b7a64e1d2629c3e21c5decd0e2e6f107c35a8081587d3dc42a0bc0d0c5e85c355c9cbadd6e8f8014acb52d24b961a3989d5102d540829ad660fdca299e7e74a71ed264d75a3e1dfb8331f1b441972bc5982dbe74341fa418cfee6039c15eda91b1ecf8887e008b15c4c7505c31efe20a7b838369c2857906c492432ba88cd2591215c875a7c854aa65bcc2e04eabc2ef716297c6d5c1357ed811a106739f968547df4ae455ecd6b0566ef52705630df27d81e2a544ecc09f8c73cec559d206644acdc56c717e19f04613456b8d7a386c0a700c032d0165c3b3f5716aa7f24e6fca522f91350793d13ba7f887e7b48cd3e6e41139d0deb8de9aeac59bf750ce01a", 0x147}, {&(0x7f0000000fc0)="da755100baaec2220000", 0xa}], 0x2}, 0x8400) sendmsg$inet(r0, &(0x7f0000000c00)={&(0x7f0000000540)={0x2, 0x0, @empty=0x30000000}, 0x10, &(0x7f00000005c0)=[{&(0x7f0000000580)="6e4602e2", 0x4}], 0x1}, 0x0) 462.39588ms ago: executing program 4 (id=2113): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000a80)=ANY=[@ANYBLOB="500000001000030500000000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b0001006d61637365630000180002800c0001000000000000000000050009000000000008000500", @ANYRESHEX], 0x50}}, 0x0) 383.685074ms ago: executing program 4 (id=2114): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)=[{&(0x7f0000000d00)="e8", 0x1}], 0x1}, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000040)=0x6, 0x4) sendmmsg$inet6(r0, &(0x7f0000000740)=[{{&(0x7f0000000100)={0xa, 0x4e21, 0x0, @empty}, 0x1c, 0x0}, 0x700}], 0x300, 0x0) 230.454412ms ago: executing program 4 (id=2115): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7400000010000305000025000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000004c0012800c0001006d6163766c616e003c00028008000100100000001c0088de02000400a8aaaaaaaabb00000a000400d8928afb7028000008000300030000000a000400aaaaaaaaaabb000008000500", @ANYRES32=r2], 0x74}}, 0x0) 208.541076ms ago: executing program 3 (id=2116): bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="200000001200010a0000000000000000800058653d987aa7c9c9bc92d792b0bcf4449d2d1b34c4e315dc2813bb654f72e180b3434aa4bd5817f0ee30728985fc9b9bcdf2a4fec6b93cb56a170acc44522627dc426a2ed8743920db82b3ac380a53cade8c650dadef139e2276c330dbd85c7079253066dc1a47d398058ebf669ab4e8c3f1c76bde3537caafadcb6b51b31da1242f1a447edcf247f65310e65cb162a5b21b878b0b3f888a86e46e99b86d421c5169e3"], 0x26}}, 0x0) 185.56663ms ago: executing program 1 (id=2117): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x23}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r2}]}}}, @IFLA_MTU={0x8, 0x4, 0xff7f}]}, 0x44}}, 0x0) 70.141056ms ago: executing program 4 (id=2118): syz_emit_ethernet(0xbe, &(0x7f00000003c0)={@local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @remote, @local}, {0x0, 0x4e21, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "292134495a5dae3596d3b3c46534a96601bffcdf63174b82ed619b66e285d151", "2cc0ce4cba607db248c0e141d0c01b22e9337b08498908e2471cd13a3a0da1d0786c2bcc16d025f5561362d44f306ed5", "aa5edfef23f8eb9182fe2289ffffff7f2ba44faa4c37cf7226000600", {"8ba47ef851832cacdd3375029c216e81", "bc134fdac2bb6b1ff0e5d6be8d8fd9ce"}}}}}}}, 0x0) 69.826933ms ago: executing program 3 (id=2119): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="381d0000006237441cce23b820000000000000004d77282138c36a163564790ee884c6f772f60e505cb7b3adf69e07012cde3b0d54a6", @ANYRES32=r0, @ANYBLOB="000080000000000018003480"], 0x38}, 0x1, 0x300}, 0x20000841) socket$inet_mptcp(0x2, 0x1, 0x106) r1 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0) socket$nl_route(0x10, 0x3, 0x0) 53.462762ms ago: executing program 1 (id=2120): setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000058650e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) 0s ago: executing program 4 (id=2121): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x74, &(0x7f0000000180)={&(0x7f0000000300)={0x24, 0x3b, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x500, 0x0, 0x0, @str='\x00\x00'}]}]}, 0x24}}, 0x0) kernel console output (not intermixed with test programs): e. Skipping batadv-on-batadv check for gretap1 [ 113.490924][ T5612] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.572652][ T5612] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.601050][ T5182] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.615476][ T5182] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.687945][ T6077] netlink: 'syz.1.288': attribute type 8 has an invalid length. [ 113.709587][ T6077] __nla_validate_parse: 6 callbacks suppressed [ 113.709605][ T6077] netlink: 224 bytes leftover after parsing attributes in process `syz.1.288'. [ 113.758385][ T5182] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.765662][ T5182] bridge0: port 2(bridge_slave_1) entered forwarding state [ 113.791099][ T6081] netlink: 8 bytes leftover after parsing attributes in process `syz.4.289'. [ 113.802596][ T6081] netlink: 8 bytes leftover after parsing attributes in process `syz.4.289'. [ 113.821274][ T6078] netlink: 4093 bytes leftover after parsing attributes in process `syz.4.289'. [ 113.921616][ T6074] netlink: 4093 bytes leftover after parsing attributes in process `syz.4.289'. [ 114.112495][ T5612] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 114.139530][ T6093] tipc: Started in network mode [ 114.147744][ T6093] tipc: Node identity , cluster identity 4711 [ 114.153850][ T6093] tipc: Failed to set node id, please configure manually [ 114.169533][ T6093] tipc: Enabling of bearer rejected, failed to enable media [ 114.582651][ T6116] netlink: 220 bytes leftover after parsing attributes in process `syz.3.299'. [ 114.672099][ T5612] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 114.698833][ T6122] netlink: 'syz.4.301': attribute type 6 has an invalid length. [ 114.832360][ T5612] veth0_vlan: entered promiscuous mode [ 114.879300][ T5612] veth1_vlan: entered promiscuous mode [ 115.018939][ T5612] veth0_macvtap: entered promiscuous mode [ 115.063808][ T5612] veth1_macvtap: entered promiscuous mode [ 115.102581][ T5612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.128666][ T5612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.148961][ T5612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.170396][ T5612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.209055][ T5612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.230086][ T5612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.239845][ T6133] netlink: 8 bytes leftover after parsing attributes in process `syz.4.304'. [ 115.251334][ T5612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 115.251449][ T5612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.257538][ T5612] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 115.280350][ T6133] netlink: 8 bytes leftover after parsing attributes in process `syz.4.304'. [ 115.336252][ T6132] netlink: 4093 bytes leftover after parsing attributes in process `syz.4.304'. [ 115.379810][ T6138] netlink: 264 bytes leftover after parsing attributes in process `syz.3.306'. [ 115.402170][ T5612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.425296][ T5612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.440987][ T5612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.460338][ T5612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.481576][ T5612] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.505901][ T5612] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.539994][ T6142] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 115.552108][ T5612] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 115.583489][ T5612] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.599335][ T5612] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.609964][ T5612] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.619321][ T5612] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.674036][ T6145] tipc: Started in network mode [ 115.679811][ T6145] tipc: Node identity , cluster identity 4711 [ 115.690577][ T6145] tipc: Failed to set node id, please configure manually [ 115.714888][ T6145] tipc: Enabling of bearer rejected, failed to enable media [ 115.946525][ T5684] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.969357][ T5684] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.072030][ T5684] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.096392][ T5684] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.117223][ T6162] netlink: 'syz.0.314': attribute type 4 has an invalid length. [ 116.283034][ T6164] team0: entered promiscuous mode [ 116.312327][ T6164] team_slave_0: entered promiscuous mode [ 116.331115][ T6164] team_slave_1: entered promiscuous mode [ 116.349411][ T6164] team0: left promiscuous mode [ 116.369672][ T6164] team_slave_0: left promiscuous mode [ 116.380173][ T6164] team_slave_1: left promiscuous mode [ 116.531196][ T6175] bond0: entered promiscuous mode [ 116.544753][ T6175] bond_slave_0: entered promiscuous mode [ 116.565247][ T6175] bond_slave_1: entered promiscuous mode [ 116.580970][ T6175] team0: entered promiscuous mode [ 116.587801][ T6175] team_slave_0: entered promiscuous mode [ 116.593759][ T6175] team_slave_1: entered promiscuous mode [ 116.600972][ T6175] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 116.611212][ T6175] bridge1: entered promiscuous mode [ 116.635273][ T6179] tipc: Started in network mode [ 116.642174][ T6179] tipc: Node identity , cluster identity 4711 [ 116.654446][ T6179] tipc: Failed to set node id, please configure manually [ 116.677210][ T6179] tipc: Enabling of bearer rejected, failed to enable media [ 117.410813][ T6224] tipc: Started in network mode [ 117.426199][ T6224] tipc: Node identity , cluster identity 4711 [ 117.440350][ T6224] tipc: Failed to set node id, please configure manually [ 117.455529][ T6224] tipc: Enabling of bearer rejected, failed to enable media [ 117.962532][ T6252] tipc: Started in network mode [ 117.980951][ T6252] tipc: Node identity , cluster identity 4711 [ 117.998160][ T6252] tipc: Failed to set node id, please configure manually [ 118.011205][ T6252] tipc: Enabling of bearer rejected, failed to enable media [ 118.761084][ T6297] __nla_validate_parse: 21 callbacks suppressed [ 118.761155][ T6297] netlink: 12 bytes leftover after parsing attributes in process `syz.3.364'. [ 118.804883][ T6296] tipc: Started in network mode [ 118.826284][ T6296] tipc: Node identity , cluster identity 4711 [ 118.832766][ T6296] tipc: Failed to set node id, please configure manually [ 118.845715][ T6296] tipc: Enabling of bearer rejected, failed to enable media [ 119.131689][ T6311] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 119.367964][ T6325] netlink: 80 bytes leftover after parsing attributes in process `syz.2.376'. [ 119.382857][ T6330] netlink: 4093 bytes leftover after parsing attributes in process `syz.0.375'. [ 119.409226][ T6328] sctp: [Deprecated]: syz.4.377 (pid 6328) Use of int in maxseg socket option. [ 119.409226][ T6328] Use struct sctp_assoc_value instead [ 119.442917][ T6324] netlink: 4093 bytes leftover after parsing attributes in process `syz.0.375'. [ 119.488477][ T6330] netlink: 8 bytes leftover after parsing attributes in process `syz.0.375'. [ 119.488618][ T6332] tipc: Started in network mode [ 119.509079][ T6332] tipc: Node identity , cluster identity 4711 [ 119.515382][ T6332] tipc: Failed to set node id, please configure manually [ 119.522470][ T6330] netlink: 8 bytes leftover after parsing attributes in process `syz.0.375'. [ 119.524767][ T6332] tipc: Enabling of bearer rejected, failed to enable media [ 119.599416][ T6338] netlink: 8 bytes leftover after parsing attributes in process `syz.2.379'. [ 120.088347][ T6359] netlink: 16 bytes leftover after parsing attributes in process `syz.1.387'. [ 120.381136][ T6373] netlink: 80 bytes leftover after parsing attributes in process `syz.0.389'. [ 120.469602][ T6375] tipc: Started in network mode [ 120.484870][ T6375] tipc: Node identity , cluster identity 4711 [ 120.505645][ T6375] tipc: Failed to set node id, please configure manually [ 120.535304][ T6375] tipc: Enabling of bearer rejected, failed to enable media [ 120.673378][ T6383] xt_l2tp: v2 doesn't support IP mode [ 120.789070][ T6392] netlink: 32 bytes leftover after parsing attributes in process `syz.2.396'. [ 121.246811][ T6416] tipc: Started in network mode [ 121.263602][ T6416] tipc: Node identity , cluster identity 4711 [ 121.308075][ T6416] tipc: Failed to set node id, please configure manually [ 121.364857][ T6416] tipc: Enabling of bearer rejected, failed to enable media [ 121.375338][ T6426] netlink: 'syz.0.412': attribute type 49 has an invalid length. [ 121.665789][ T6435] x_tables: duplicate underflow at hook 1 [ 121.786820][ T6441] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.029483][ T6450] dccp_v6_rcv: dropped packet with invalid checksum [ 122.219137][ T6461] tipc: Started in network mode [ 122.226796][ T6461] tipc: Node identity type_len, cluster identity 4711 [ 122.246958][ T6461] tipc: Enabling of bearer rejected, failed to enable media [ 122.566632][ T6475] warning: `syz.1.433' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 122.790169][ T6490] tipc: Started in network mode [ 122.808371][ T6490] tipc: Node identity type_len, cluster identity 4711 [ 122.829953][ T6490] tipc: Enabling of bearer rejected, failed to enable media [ 123.881000][ T6532] tipc: Started in network mode [ 123.908116][ T6532] tipc: Node identity type_len, cluster identity 4711 [ 123.926765][ T6532] tipc: Enabling of bearer rejected, failed to enable media [ 124.101728][ T6546] __nla_validate_parse: 10 callbacks suppressed [ 124.101806][ T6546] netlink: 4093 bytes leftover after parsing attributes in process `syz.0.456'. [ 124.162110][ T6544] netlink: 4093 bytes leftover after parsing attributes in process `syz.0.456'. [ 124.235488][ T6546] dccp_v6_rcv: dropped packet with invalid checksum [ 124.330766][ T6560] netlink: 4654 bytes leftover after parsing attributes in process `syz.1.462'. [ 124.382918][ T6560] netlink: 4654 bytes leftover after parsing attributes in process `syz.1.462'. [ 124.403304][ T6560] FAULT_INJECTION: forcing a failure. [ 124.403304][ T6560] name failslab, interval 1, probability 0, space 0, times 1 [ 124.441117][ T6560] CPU: 0 PID: 6560 Comm: syz.1.462 Not tainted 6.10.0-syzkaller-04473-g0e03c643dc93 #0 [ 124.456638][ T6560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 124.466738][ T6560] Call Trace: [ 124.470043][ T6560] [ 124.472997][ T6560] dump_stack_lvl+0x241/0x360 [ 124.477911][ T6560] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.483145][ T6560] ? __pfx__printk+0x10/0x10 [ 124.487775][ T6560] ? ref_tracker_alloc+0x332/0x490 [ 124.492928][ T6560] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 124.498513][ T6560] should_fail_ex+0x3b0/0x4e0 [ 124.503239][ T6560] ? skb_clone+0x20c/0x390 [ 124.507697][ T6560] should_failslab+0x9/0x20 [ 124.512241][ T6560] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 124.517660][ T6560] skb_clone+0x20c/0x390 [ 124.521947][ T6560] __netlink_deliver_tap+0x3cc/0x7c0 [ 124.527282][ T6560] ? netlink_deliver_tap+0x2e/0x1b0 [ 124.533174][ T6560] netlink_deliver_tap+0x19d/0x1b0 [ 124.540291][ T6560] netlink_sendskb+0x68/0x140 [ 124.546786][ T6560] netlink_unicast+0x39d/0x990 [ 124.554121][ T6560] ? __asan_memcpy+0x40/0x70 [ 124.561719][ T6560] ? __pfx_netlink_unicast+0x10/0x10 [ 124.567239][ T6560] netlink_rcv_skb+0x262/0x430 [ 124.572185][ T6560] ? __pfx_genl_rcv_msg+0x10/0x10 [ 124.578837][ T6560] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 124.585119][ T6560] ? __netlink_deliver_tap+0x77e/0x7c0 [ 124.592844][ T6560] genl_rcv+0x28/0x40 [ 124.597800][ T6560] netlink_unicast+0x7f0/0x990 [ 124.603167][ T6560] ? __pfx_netlink_unicast+0x10/0x10 [ 124.609101][ T6560] ? __virt_addr_valid+0x183/0x530 [ 124.614626][ T6560] ? __check_object_size+0x49c/0x900 [ 124.619959][ T6560] ? bpf_lsm_netlink_send+0x9/0x10 [ 124.625399][ T6560] netlink_sendmsg+0x8e4/0xcb0 [ 124.630849][ T6560] ? __pfx_netlink_sendmsg+0x10/0x10 [ 124.637094][ T6560] ? __import_iovec+0x536/0x820 [ 124.642179][ T6560] ? aa_sock_msg_perm+0x91/0x160 [ 124.647171][ T6560] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 124.647398][ T6572] netlink: 4 bytes leftover after parsing attributes in process `syz.3.464'. [ 124.652545][ T6560] ? security_socket_sendmsg+0x87/0xb0 [ 124.652655][ T6560] ? __pfx_netlink_sendmsg+0x10/0x10 [ 124.652693][ T6560] __sock_sendmsg+0x221/0x270 [ 124.679534][ T6560] ____sys_sendmsg+0x525/0x7d0 [ 124.684369][ T6560] ? __pfx_____sys_sendmsg+0x10/0x10 [ 124.690609][ T6560] __sys_sendmsg+0x2b0/0x3a0 [ 124.695271][ T6560] ? __pfx___sys_sendmsg+0x10/0x10 [ 124.700607][ T6560] ? vfs_write+0x7c4/0xc90 [ 124.705328][ T6560] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 124.714107][ T6560] ? do_syscall_64+0x100/0x230 [ 124.720676][ T6560] ? do_syscall_64+0xb6/0x230 [ 124.725775][ T6560] do_syscall_64+0xf3/0x230 [ 124.732437][ T6560] ? clear_bhb_loop+0x35/0x90 [ 124.737191][ T6560] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.745154][ T6560] RIP: 0033:0x7fb27e775a99 [ 124.753504][ T6560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.783777][ T6560] RSP: 002b:00007fb27f585048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 124.794911][ T6560] RAX: ffffffffffffffda RBX: 00007fb27e903f60 RCX: 00007fb27e775a99 [ 124.806308][ T6560] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 124.815421][ T6560] RBP: 00007fb27f5850a0 R08: 0000000000000000 R09: 0000000000000000 [ 124.824404][ T6560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 124.832499][ T6560] R13: 000000000000000b R14: 00007fb27e903f60 R15: 00007ffe8a0bbfe8 [ 124.840523][ T6560] [ 124.858023][ T6574] tipc: Enabling of bearer rejected, failed to enable media [ 125.265616][ T6602] FAULT_INJECTION: forcing a failure. [ 125.265616][ T6602] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 125.293276][ T6602] CPU: 0 PID: 6602 Comm: syz.1.473 Not tainted 6.10.0-syzkaller-04473-g0e03c643dc93 #0 [ 125.302940][ T6602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 125.313020][ T6602] Call Trace: [ 125.316426][ T6602] [ 125.320629][ T6602] dump_stack_lvl+0x241/0x360 [ 125.327104][ T6602] ? __pfx_dump_stack_lvl+0x10/0x10 [ 125.332979][ T6602] ? __pfx__printk+0x10/0x10 [ 125.338143][ T6602] ? __pfx_lock_release+0x10/0x10 [ 125.343307][ T6602] should_fail_ex+0x3b0/0x4e0 [ 125.348027][ T6602] _copy_to_user+0x2f/0xb0 [ 125.352573][ T6602] bpf_verifier_vlog+0x31e/0x860 [ 125.357556][ T6602] __btf_verifier_log+0xd5/0x120 [ 125.362536][ T6602] ? bpf_verifier_vlog+0x32b/0x860 [ 125.367675][ T6602] ? __pfx___btf_verifier_log+0x10/0x10 [ 125.373265][ T6602] ? btf_parse_hdr+0x1e3/0x710 [ 125.378069][ T6602] btf_parse_hdr+0x34d/0x710 [ 125.382693][ T6602] btf_new_fd+0x391/0xd30 [ 125.387055][ T6602] ? __pfx_btf_new_fd+0x10/0x10 [ 125.391931][ T6602] ? bpf_btf_load+0xcf/0x1a0 [ 125.396550][ T6602] __sys_bpf+0x6ef/0x810 [ 125.400823][ T6602] ? __pfx___sys_bpf+0x10/0x10 [ 125.405641][ T6602] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 125.411644][ T6602] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 125.418090][ T6602] ? do_syscall_64+0x100/0x230 [ 125.422890][ T6602] __x64_sys_bpf+0x7c/0x90 [ 125.427874][ T6602] do_syscall_64+0xf3/0x230 [ 125.432857][ T6602] ? clear_bhb_loop+0x35/0x90 [ 125.438051][ T6602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.444148][ T6602] RIP: 0033:0x7fb27e775a99 [ 125.450693][ T6602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.471319][ T6602] RSP: 002b:00007fb27f585048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 125.479799][ T6602] RAX: ffffffffffffffda RBX: 00007fb27e903f60 RCX: 00007fb27e775a99 [ 125.489260][ T6602] RDX: 0000000000000020 RSI: 00000000200000c0 RDI: 0000000000000012 [ 125.497283][ T6602] RBP: 00007fb27f5850a0 R08: 0000000000000000 R09: 0000000000000000 [ 125.505874][ T6602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 125.513995][ T6602] R13: 000000000000000b R14: 00007fb27e903f60 R15: 00007ffe8a0bbfe8 [ 125.523952][ T6602] [ 125.753683][ T6617] tipc: Started in network mode [ 125.764445][ T6617] tipc: Node identity type_len, cluster identity 4711 [ 125.858481][ T6617] tipc: Enabling of bearer rejected, failed to enable media [ 125.920498][ T6624] netlink: 4 bytes leftover after parsing attributes in process `syz.0.479'. [ 126.240884][ T6637] netlink: 92 bytes leftover after parsing attributes in process `syz.1.483'. [ 126.411876][ T6643] netlink: 5300 bytes leftover after parsing attributes in process `syz.2.485'. [ 126.424807][ T6643] openvswitch: netlink: IP tunnel dst address not specified [ 126.621478][ T6652] xt_CT: You must specify a L4 protocol and not use inversions on it [ 126.848492][ T6663] dccp_v6_rcv: dropped packet with invalid checksum [ 126.906854][ T6666] tipc: Enabling of bearer rejected, failed to enable media [ 126.934860][ T6667] netlink: 22 bytes leftover after parsing attributes in process `syz.3.493'. [ 127.297317][ T6683] netlink: 8 bytes leftover after parsing attributes in process `syz.2.499'. [ 127.642225][ T6697] tipc: Enabling of bearer rejected, failed to enable media [ 127.784227][ T6699] netlink: 'syz.3.506': attribute type 11 has an invalid length. [ 127.952661][ T6708] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 128.123601][ T6711] vlan2: entered promiscuous mode [ 128.144941][ T6711] veth1_virt_wifi: entered promiscuous mode [ 128.164333][ T6711] veth1_virt_wifi: left promiscuous mode [ 128.166924][ T6714] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 128.206918][ T6716] macvlan2: entered promiscuous mode [ 128.212742][ T5182] IPVS: starting estimator thread 0... [ 128.213567][ T6716] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 128.334992][ T6718] IPVS: using max 16 ests per chain, 38400 per kthread [ 128.482383][ T6728] tipc: Enabling of bearer rejected, failed to enable media [ 128.517352][ T6725] dccp_v6_rcv: dropped packet with invalid checksum [ 129.175392][ T6759] __nla_validate_parse: 4 callbacks suppressed [ 129.175413][ T6759] netlink: 16 bytes leftover after parsing attributes in process `syz.2.526'. [ 129.207040][ T6758] netlink: 48 bytes leftover after parsing attributes in process `syz.1.527'. [ 129.573603][ T6772] tipc: Started in network mode [ 129.605661][ T6772] tipc: Node identity 3a20300a74797065, cluster identity 4711 [ 129.613512][ T6772] tipc: Enabling of bearer rejected, failed to enable media [ 129.727978][ T6774] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 129.852847][ T6780] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 130.037245][ T6790] netlink: 104 bytes leftover after parsing attributes in process `syz.1.537'. [ 130.523929][ T6811] tipc: Enabling of bearer rejected, failed to enable media [ 130.804800][ T6823] netlink: 12 bytes leftover after parsing attributes in process `syz.1.549'. [ 130.829489][ T6823] netlink: 'syz.1.549': attribute type 1 has an invalid length. [ 130.876837][ T6823] netlink: 124 bytes leftover after parsing attributes in process `syz.1.549'. [ 131.030145][ T6832] netlink: 12 bytes leftover after parsing attributes in process `syz.3.554'. [ 131.327572][ T6844] tipc: Enabling of bearer rejected, failed to enable media [ 131.357180][ T6837] netlink: 16 bytes leftover after parsing attributes in process `syz.3.554'. [ 131.459384][ T6848] netlink: 68 bytes leftover after parsing attributes in process `syz.1.561'. [ 131.916973][ T6875] netlink: 'syz.2.572': attribute type 34 has an invalid length. [ 132.342612][ T6890] netlink: 244 bytes leftover after parsing attributes in process `syz.1.579'. [ 132.498735][ T6889] netlink: 24 bytes leftover after parsing attributes in process `syz.0.576'. [ 132.551577][ T6898] netlink: 'syz.2.580': attribute type 10 has an invalid length. [ 132.592740][ T6898] bridge0: port 3(dummy0) entered blocking state [ 132.623651][ T6898] bridge0: port 3(dummy0) entered disabled state [ 132.660988][ T6898] dummy0: entered allmulticast mode [ 132.672494][ T6898] dummy0: entered promiscuous mode [ 132.680709][ T6898] bridge0: port 3(dummy0) entered blocking state [ 132.687334][ T6898] bridge0: port 3(dummy0) entered forwarding state [ 133.095294][ T6927] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 133.146630][ T6931] netlink: 'syz.2.595': attribute type 1 has an invalid length. [ 133.533208][ T6947] netlink: 'syz.0.600': attribute type 29 has an invalid length. [ 133.550611][ T1251] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.564780][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.570624][ T6947] netlink: 'syz.0.600': attribute type 29 has an invalid length. [ 133.821520][ T6949] vlan2: entered promiscuous mode [ 133.831458][ T6949] bond0: (slave vlan2): Opening slave failed [ 134.101421][ T6955] vlan2: entered promiscuous mode [ 134.126981][ T6955] nlmon0: entered promiscuous mode [ 134.147415][ T6955] bond0: (slave vlan2): Enslaving as an active interface with an up link [ 134.465824][ T6975] tap0: tun_chr_ioctl cmd 1074025677 [ 134.476762][ T6975] tap0: linktype set to 768 [ 134.486049][ T6976] __nla_validate_parse: 6 callbacks suppressed [ 134.486064][ T6976] netlink: 12 bytes leftover after parsing attributes in process `syz.3.614'. [ 134.520089][ T6975] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 134.607726][ T6980] netlink: 12 bytes leftover after parsing attributes in process `syz.4.616'. [ 134.623694][ T6980] netlink: 12 bytes leftover after parsing attributes in process `syz.4.616'. [ 135.025815][ T7004] vlan2: entered promiscuous mode [ 135.035851][ T7004] nlmon0: entered promiscuous mode [ 135.051945][ T7004] bond0: (slave vlan2): Enslaving as an active interface with an up link [ 135.270505][ T7016] netlink: 28 bytes leftover after parsing attributes in process `syz.3.626'. [ 135.756936][ T7030] FAULT_INJECTION: forcing a failure. [ 135.756936][ T7030] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 135.783205][ T5110] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 135.794837][ T5110] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 135.804837][ T7030] CPU: 1 PID: 7030 Comm: syz.3.633 Not tainted 6.10.0-syzkaller-04473-g0e03c643dc93 #0 [ 135.814496][ T7030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 135.824573][ T7030] Call Trace: [ 135.827879][ T7030] [ 135.831017][ T7030] dump_stack_lvl+0x241/0x360 [ 135.836636][ T7030] ? __pfx_dump_stack_lvl+0x10/0x10 [ 135.845259][ T5110] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 135.845595][ T7030] ? __pfx__printk+0x10/0x10 [ 135.858071][ T5110] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 135.860637][ T7030] ? __pfx_lock_release+0x10/0x10 [ 135.869609][ T5110] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 135.872575][ T7030] should_fail_ex+0x3b0/0x4e0 [ 135.872614][ T7030] _copy_to_user+0x2f/0xb0 [ 135.880224][ T5110] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 135.884184][ T7030] bpf_verifier_vlog+0x31e/0x860 [ 135.884226][ T7030] __btf_verifier_log+0xd5/0x120 [ 135.884259][ T7030] ? bpf_verifier_vlog+0x32b/0x860 [ 135.884285][ T7030] ? __pfx___btf_verifier_log+0x10/0x10 [ 135.884321][ T7030] ? btf_parse_hdr+0x1e3/0x710 [ 135.884348][ T7030] btf_parse_hdr+0x34d/0x710 [ 135.884378][ T7030] btf_new_fd+0x391/0xd30 [ 135.884412][ T7030] ? __pfx_btf_new_fd+0x10/0x10 [ 135.884441][ T7030] ? bpf_btf_load+0xcf/0x1a0 [ 135.884468][ T7030] __sys_bpf+0x6ef/0x810 [ 135.884492][ T7030] ? __pfx___sys_bpf+0x10/0x10 [ 135.884527][ T7030] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 135.884556][ T7030] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 135.884584][ T7030] ? do_syscall_64+0x100/0x230 [ 135.884612][ T7030] __x64_sys_bpf+0x7c/0x90 [ 135.884645][ T7030] do_syscall_64+0xf3/0x230 [ 135.884668][ T7030] ? clear_bhb_loop+0x35/0x90 [ 135.884697][ T7030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.884721][ T7030] RIP: 0033:0x7f3743775a99 [ 135.884740][ T7030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.024534][ T7030] RSP: 002b:00007f37431ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 136.034589][ T7030] RAX: ffffffffffffffda RBX: 00007f3743903f60 RCX: 00007f3743775a99 [ 136.044197][ T7030] RDX: 0000000000000020 RSI: 00000000200000c0 RDI: 0000000000000012 [ 136.054978][ T7030] RBP: 00007f37431ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 136.065413][ T7030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 136.074871][ T7030] R13: 000000000000000b R14: 00007f3743903f60 R15: 00007fff3881a998 [ 136.082992][ T7030] [ 136.388901][ T7045] netlink: 'syz.0.638': attribute type 2 has an invalid length. [ 136.413882][ T7045] netlink: 64 bytes leftover after parsing attributes in process `syz.0.638'. [ 136.484030][ T7053] netlink: 32 bytes leftover after parsing attributes in process `syz.1.641'. [ 136.546526][ T7049] vlan2: entered promiscuous mode [ 136.556804][ T7049] bond0: (slave vlan2): Opening slave failed [ 136.612921][ T7057] netlink: 'syz.3.643': attribute type 7 has an invalid length. [ 136.671102][ T7031] chnl_net:caif_netlink_parms(): no params data found [ 136.712868][ T7059] vlan2: entered promiscuous mode [ 136.721015][ T7059] nlmon0: entered promiscuous mode [ 136.769026][ T7059] nlmon0: left promiscuous mode [ 137.108468][ T7074] ipip0: entered promiscuous mode [ 137.123328][ T7031] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.134138][ T7031] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.163350][ T7031] bridge_slave_0: entered allmulticast mode [ 137.195309][ T7031] bridge_slave_0: entered promiscuous mode [ 137.239226][ T7031] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.253115][ T7031] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.260997][ T7031] bridge_slave_1: entered allmulticast mode [ 137.277436][ T7031] bridge_slave_1: entered promiscuous mode [ 137.335099][ T7090] netlink: 'syz.3.654': attribute type 1 has an invalid length. [ 137.352418][ T7090] netlink: 224 bytes leftover after parsing attributes in process `syz.3.654'. [ 137.380320][ T7090] netlink: 8 bytes leftover after parsing attributes in process `syz.3.654'. [ 137.396495][ T7096] netlink: 32 bytes leftover after parsing attributes in process `syz.1.656'. [ 137.421063][ T7031] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 137.447102][ T7031] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 137.643028][ T7031] team0: Port device team_slave_0 added [ 137.682338][ T7031] team0: Port device team_slave_1 added [ 137.800816][ T7110] netlink: 84 bytes leftover after parsing attributes in process `syz.2.661'. [ 137.836248][ T7031] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 137.863932][ T7031] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 137.943440][ T7031] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 137.946937][ T5110] Bluetooth: hci0: command tx timeout [ 138.022583][ T7031] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 138.036079][ T7031] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 138.103309][ T7031] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 138.359908][ T5693] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.571077][ T7031] hsr_slave_0: entered promiscuous mode [ 138.587714][ T7031] hsr_slave_1: entered promiscuous mode [ 138.604070][ T7031] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 138.611957][ T7031] Cannot create hsr debugfs directory [ 138.651536][ T5693] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.687478][ T7143] vlan3: entered allmulticast mode [ 138.693114][ T7143] macvlan0: entered allmulticast mode [ 138.708825][ T7143] veth1_vlan: entered allmulticast mode [ 138.722649][ T7145] netlink: 'syz.2.672': attribute type 34 has an invalid length. [ 138.808513][ T5693] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.029647][ T5693] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.122514][ T7165] bridge0: port 3(team0) entered blocking state [ 139.159829][ T7165] bridge0: port 3(team0) entered disabled state [ 139.179479][ T7165] team0: entered allmulticast mode [ 139.191384][ T7165] team_slave_0: entered allmulticast mode [ 139.199349][ T7165] team_slave_1: entered allmulticast mode [ 139.235456][ T7165] team0: entered promiscuous mode [ 139.252122][ T7165] team_slave_0: entered promiscuous mode [ 139.281156][ T7165] team_slave_1: entered promiscuous mode [ 139.318752][ T7165] bridge0: port 3(team0) entered blocking state [ 139.327798][ T7165] bridge0: port 3(team0) entered forwarding state [ 139.371866][ T7183] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 139.653585][ T7188] __nla_validate_parse: 3 callbacks suppressed [ 139.653606][ T7188] netlink: 203516 bytes leftover after parsing attributes in process `syz.2.685'. [ 139.795391][ T5693] bridge_slave_1: left allmulticast mode [ 139.801493][ T5693] bridge_slave_1: left promiscuous mode [ 139.812854][ T5693] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.835893][ T5693] bridge_slave_0: left allmulticast mode [ 139.843453][ T5693] bridge_slave_0: left promiscuous mode [ 139.861023][ T5693] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.912445][ T7194] Driver unsupported XDP return value 0 on prog (id 204) dev N/A, expect packet loss! [ 140.024954][ T5110] Bluetooth: hci0: command tx timeout [ 140.570366][ T5693] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 140.597072][ T5693] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 140.612647][ T5693] bond0 (unregistering): (slave vlan2): Releasing backup interface [ 140.636935][ T5693] nlmon0: left promiscuous mode [ 140.649430][ T5693] bond0 (unregistering): Released all slaves [ 140.773966][ T5693] tipc: Left network mode [ 141.405021][ T5693] hsr_slave_0: left promiscuous mode [ 141.431084][ T5693] hsr_slave_1: left promiscuous mode [ 141.467713][ T5693] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 141.504819][ T5693] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 141.528520][ T5693] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 141.560232][ T5693] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 141.610831][ T5693] veth1_macvtap: left promiscuous mode [ 141.624699][ T5693] veth0_macvtap: left promiscuous mode [ 141.634758][ T5693] veth1_vlan: left promiscuous mode [ 141.640241][ T5693] veth0_vlan: left promiscuous mode [ 142.039585][ T7259] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.712'. [ 142.060094][ T7259] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 142.070211][ T7259] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 142.106488][ T5110] Bluetooth: hci0: command tx timeout [ 142.123456][ T7261] netlink: 202920 bytes leftover after parsing attributes in process `syz.1.713'. [ 142.465540][ T5693] team0 (unregistering): Port device team_slave_1 removed [ 142.516892][ T5693] team0 (unregistering): Port device team_slave_0 removed [ 142.949790][ T7031] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 142.979263][ T7031] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 143.046365][ T7031] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 143.088586][ T7031] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 143.488212][ T7031] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.572211][ T7031] 8021q: adding VLAN 0 to HW filter on device team0 [ 143.637572][ T5137] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.645038][ T5137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 143.710082][ T5137] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.722546][ T5137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.168057][ T7310] netlink: 'syz.0.727': attribute type 10 has an invalid length. [ 144.185805][ T5110] Bluetooth: hci0: command tx timeout [ 144.263882][ T7310] bridge0: port 3(team0) entered disabled state [ 144.359839][ T7310] team0: left allmulticast mode [ 144.404689][ T7310] team_slave_0: left allmulticast mode [ 144.427300][ T7310] team_slave_1: left allmulticast mode [ 144.437452][ T7310] team0: left promiscuous mode [ 144.442281][ T7310] team_slave_0: left promiscuous mode [ 144.464916][ T7310] team_slave_1: left promiscuous mode [ 144.470987][ T7310] bridge0: port 3(team0) entered disabled state [ 144.650514][ T7325] netlink: 'syz.0.731': attribute type 7 has an invalid length. [ 144.692707][ T7325] netlink: 'syz.0.731': attribute type 39 has an invalid length. [ 144.719286][ T7031] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 144.762516][ T7329] netlink: 28 bytes leftover after parsing attributes in process `syz.1.732'. [ 144.815455][ T7325] bridge2: port 1(gretap1) entered blocking state [ 144.842578][ T7325] bridge2: port 1(gretap1) entered disabled state [ 144.863055][ T7325] gretap1: entered allmulticast mode [ 144.885700][ T7325] gretap1: entered promiscuous mode [ 145.101274][ T7350] netlink: 8 bytes leftover after parsing attributes in process `syz.1.737'. [ 145.524041][ T7370] netlink: 20 bytes leftover after parsing attributes in process `syz.0.744'. [ 145.593525][ T7031] veth0_vlan: entered promiscuous mode [ 145.625837][ T7374] netlink: 16 bytes leftover after parsing attributes in process `syz.2.746'. [ 145.661901][ T7031] veth1_vlan: entered promiscuous mode [ 145.744246][ T7031] veth0_macvtap: entered promiscuous mode [ 145.825380][ T7031] veth1_macvtap: entered promiscuous mode [ 145.889528][ T7376] ɶƣ0GC¦: entered promiscuous mode [ 145.967661][ T7031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 145.998380][ T7031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.022664][ T7031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.070003][ T7031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.083482][ T7031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.100091][ T7031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.126462][ T7031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.147345][ T7031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.159690][ T7031] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 146.192015][ T7031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 146.219615][ T7031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.248591][ T7031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 146.261144][ T7031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.279412][ T7031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 146.296206][ T7031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.317118][ T7031] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 146.337853][ T7388] netlink: 16 bytes leftover after parsing attributes in process `syz.3.750'. [ 146.358226][ T7031] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.392945][ T7031] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.409694][ T7031] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.428154][ T7031] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.513133][ T7391] dccp_v6_rcv: dropped packet with invalid checksum [ 146.525676][ T7393] dccp_invalid_packet: P.Data Offset(0) too small [ 146.626553][ T7395] dccp_v6_rcv: dropped packet with invalid checksum [ 146.734016][ T7393] tipc: Enabled bearer , priority 10 [ 146.758744][ T5689] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 146.781811][ T7401] : renamed from ipvlan1 [ 146.784749][ T5689] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 146.893400][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 146.930270][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 147.433086][ T7434] netlink: 'syz.1.769': attribute type 10 has an invalid length. [ 147.548770][ T7434] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 147.564939][ T7443] netlink: 'syz.1.769': attribute type 8 has an invalid length. [ 147.764037][ T7448] dccp_v4_rcv: dropped packet with invalid checksum [ 147.857527][ T5137] tipc: Node number set to 722801931 [ 148.377081][ T5114] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 148.386153][ T5114] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 148.393781][ T5114] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 148.405514][ T5114] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 148.413327][ T5114] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 148.420912][ T5114] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 148.426865][ T7469] netlink: 12 bytes leftover after parsing attributes in process `syz.0.780'. [ 148.953136][ T7484] netlink: 644 bytes leftover after parsing attributes in process `syz.2.784'. [ 148.971389][ T5689] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.389423][ T5689] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.633745][ T5689] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.869540][ T5689] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.956200][ T7464] chnl_net:caif_netlink_parms(): no params data found [ 150.392033][ T7521] xt_cluster: you have exceeded the maximum number of cluster nodes (768 > 32) [ 150.505250][ T5110] Bluetooth: hci0: command tx timeout [ 150.549212][ T7464] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.556653][ T7464] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.570396][ T7464] bridge_slave_0: entered allmulticast mode [ 150.588556][ T7527] netlink: 8 bytes leftover after parsing attributes in process `syz.3.796'. [ 150.598662][ T7464] bridge_slave_0: entered promiscuous mode [ 150.607873][ T7464] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.615217][ T7464] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.615218][ T7527] netlink: 4 bytes leftover after parsing attributes in process `syz.3.796'. [ 150.622428][ T7464] bridge_slave_1: entered allmulticast mode [ 150.642096][ T7464] bridge_slave_1: entered promiscuous mode [ 150.664251][ T5689] bridge_slave_1: left allmulticast mode [ 150.677638][ T5689] bridge_slave_1: left promiscuous mode [ 150.702895][ T5689] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.703323][ T5110] block nbd0: Receive control failed (result -107) [ 150.735502][ T5689] bridge_slave_0: left allmulticast mode [ 150.741500][ T5689] bridge_slave_0: left promiscuous mode [ 150.756594][ T5689] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.968138][ T7539] netlink: 4 bytes leftover after parsing attributes in process `syz.3.801'. [ 150.994365][ T7542] vcan0: tx address claim with dlc 1 [ 151.689833][ T5689] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 151.710489][ T5689] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 151.730846][ T5689] bond0 (unregistering): Released all slaves [ 151.874343][ T7543] netlink: 'syz.3.801': attribute type 14 has an invalid length. [ 152.061582][ T7464] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 152.139489][ T7464] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 152.288937][ T7571] netlink: 8 bytes leftover after parsing attributes in process `syz.0.810'. [ 152.386865][ T7464] team0: Port device team_slave_0 added [ 152.398786][ T7575] netlink: 4 bytes leftover after parsing attributes in process `syz.1.812'. [ 152.408425][ T7575] bridge_slave_1: left allmulticast mode [ 152.414100][ T7575] bridge_slave_1: left promiscuous mode [ 152.421534][ T7575] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.433479][ T7575] bridge_slave_0: left allmulticast mode [ 152.446642][ T7575] bridge_slave_0: left promiscuous mode [ 152.452577][ T7575] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.584929][ T5110] Bluetooth: hci0: command tx timeout [ 152.594806][ T7580] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 152.641439][ T7464] team0: Port device team_slave_1 added [ 152.710389][ T5689] hsr_slave_0: left promiscuous mode [ 152.728814][ T5689] hsr_slave_1: left promiscuous mode [ 152.758696][ T5689] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 152.779336][ T5689] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 152.801430][ T5689] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 152.812803][ T7588] netlink: 20 bytes leftover after parsing attributes in process `syz.3.816'. [ 152.821718][ T5689] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 152.836680][ T7586] netlink: 12 bytes leftover after parsing attributes in process `syz.0.815'. [ 152.882321][ T5689] veth1_macvtap: left promiscuous mode [ 152.901429][ T5689] veth0_macvtap: left promiscuous mode [ 152.923399][ T5689] veth1_vlan: left promiscuous mode [ 152.930137][ T5689] veth0_vlan: left promiscuous mode [ 152.960158][ T7590] netlink: 64 bytes leftover after parsing attributes in process `syz.3.816'. [ 153.772716][ T5689] team0 (unregistering): Port device team_slave_1 removed [ 153.837188][ T5689] team0 (unregistering): Port device team_slave_0 removed [ 154.323420][ T7588] ipip0: entered promiscuous mode [ 154.439731][ T7464] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 154.485020][ T7464] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.544923][ T7464] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 154.567474][ T7464] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 154.596328][ T7464] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 154.638416][ T7464] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 154.664626][ T5110] Bluetooth: hci0: command tx timeout [ 154.853102][ T7611] netlink: 'syz.3.824': attribute type 24 has an invalid length. [ 155.083086][ T7464] hsr_slave_0: entered promiscuous mode [ 155.126079][ T7464] hsr_slave_1: entered promiscuous mode [ 155.145856][ T7464] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 155.153488][ T7464] Cannot create hsr debugfs directory [ 155.415916][ T7645] Bluetooth: hci3: expected 2 bytes, got 7 bytes [ 155.679212][ T7651] netlink: 192 bytes leftover after parsing attributes in process `syz.1.837'. [ 155.917778][ T7661] netlink: 4 bytes leftover after parsing attributes in process `syz.3.840'. [ 155.946121][ T7662] netlink: 'syz.0.841': attribute type 4 has an invalid length. [ 156.300554][ T7464] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 156.336301][ T7464] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 156.363235][ T7686] netlink: 28 bytes leftover after parsing attributes in process `syz.0.849'. [ 156.391915][ T7464] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 156.449179][ T7464] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 156.662391][ T7698] netlink: 76 bytes leftover after parsing attributes in process `syz.0.854'. [ 156.682106][ T7698] block nbd0: NBD_DISCONNECT [ 156.699345][ T7698] block nbd0: Send disconnect failed -32 [ 156.719990][ T7698] block nbd0: shutting down sockets [ 156.744704][ T5110] Bluetooth: hci0: command tx timeout [ 156.762002][ T7702] netlink: 8 bytes leftover after parsing attributes in process `syz.1.855'. [ 156.813365][ T7464] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.886572][ T7464] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.923066][ T5149] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.931068][ T5149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.999173][ T5137] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.008919][ T5137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.062900][ T7706] netlink: 8 bytes leftover after parsing attributes in process `syz.0.858'. [ 157.511373][ T7727] netlink: 12 bytes leftover after parsing attributes in process `syz.1.866'. [ 157.648369][ T7734] team0: Port device bridge0 added [ 157.771113][ T7464] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.180722][ T7755] netlink: 8 bytes leftover after parsing attributes in process `syz.2.874'. [ 158.376593][ T7768] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 158.473952][ T7776] netlink: 8 bytes leftover after parsing attributes in process `syz.0.880'. [ 158.511639][ T7464] veth0_vlan: entered promiscuous mode [ 158.518027][ T7776] netlink: 4 bytes leftover after parsing attributes in process `syz.0.880'. [ 158.573498][ T7464] veth1_vlan: entered promiscuous mode [ 158.688169][ T7464] veth0_macvtap: entered promiscuous mode [ 158.721970][ T7464] veth1_macvtap: entered promiscuous mode [ 158.820818][ T7464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.888018][ T7464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.908407][ T7464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.920907][ T7464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.933825][ T7464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.948106][ T7464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.961539][ T7464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.972400][ T7464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.006744][ T7464] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 159.076344][ T7464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.114694][ T7464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.137236][ T7464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.164666][ T7464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.192315][ T7464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 159.216030][ T7464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 159.277144][ T7464] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 159.350788][ T7464] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.385260][ T7464] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.407346][ T7464] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.435185][ T7464] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.663420][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.680155][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.736863][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.758626][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.341436][ T7873] netlink: 'syz.4.907': attribute type 3 has an invalid length. [ 160.477626][ T7876] xt_CT: You must specify a L4 protocol and not use inversions on it [ 160.574289][ T7884] Êü: entered promiscuous mode [ 160.611358][ T7876] netlink: 'syz.1.910': attribute type 27 has an invalid length. [ 161.094507][ T7876] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 161.225172][ T5110] Bluetooth: hci0: command tx timeout [ 161.260020][ T7876] macsec0: left promiscuous mode [ 161.268719][ T7876] macsec0: left allmulticast mode [ 161.289768][ T7876] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.304822][ T7876] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.314657][ T7876] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.328054][ T7876] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.483299][ T7890] __nla_validate_parse: 10 callbacks suppressed [ 161.483321][ T7890] netlink: 8 bytes leftover after parsing attributes in process `syz.0.905'. [ 161.721082][ T7932] netlink: 84 bytes leftover after parsing attributes in process `syz.0.919'. [ 161.750096][ T7910] syzkaller0: entered promiscuous mode [ 161.767890][ T7910] syzkaller0: entered allmulticast mode [ 163.835840][ T7965] netlink: 'syz.1.933': attribute type 49 has an invalid length. [ 163.875664][ T7969] netlink: 20 bytes leftover after parsing attributes in process `syz.2.934'. [ 164.340937][ T8004] netlink: 188 bytes leftover after parsing attributes in process `syz.2.943'. [ 164.368791][ T8004] netlink: 'syz.2.943': attribute type 1 has an invalid length. [ 164.580583][ T8017] IPVS: Error joining to the multicast group [ 164.592151][ T8015] netlink: 8 bytes leftover after parsing attributes in process `syz.4.949'. [ 164.784400][ T8028] tipc: Enabling of bearer rejected, failed to enable media [ 164.991864][ T8027] xt_CT: You must specify a L4 protocol and not use inversions on it [ 165.018652][ T8035] netlink: 76 bytes leftover after parsing attributes in process `syz.3.955'. [ 165.036704][ T8035] block nbd0: not configured, cannot reconfigure [ 165.056759][ T8033] netlink: 76 bytes leftover after parsing attributes in process `syz.1.954'. [ 165.072852][ T8027] netlink: 'syz.4.953': attribute type 27 has an invalid length. [ 165.090753][ T8027] netlink: 4 bytes leftover after parsing attributes in process `syz.4.953'. [ 165.320170][ T8027] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.329333][ T8027] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.659054][ T8057] SET target dimension over the limit! [ 165.718483][ T8027] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 165.775968][ T8027] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 165.965727][ T8027] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.981103][ T8027] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.999403][ T8027] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.008427][ T8027] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.133486][ T8033] Êü: entered promiscuous mode [ 166.165900][ T8038] netlink: 8 bytes leftover after parsing attributes in process `syz.1.954'. [ 166.515100][ T8078] IPv6: Can't replace route, no match found [ 166.851674][ T8092] netlink: 4 bytes leftover after parsing attributes in process `syz.4.976'. [ 166.900951][ T8094] netlink: 12 bytes leftover after parsing attributes in process `syz.3.977'. [ 166.993980][ T8097] netlink: 7 bytes leftover after parsing attributes in process `syz.1.978'. [ 167.321977][ T8112] netlink: 8 bytes leftover after parsing attributes in process `syz.1.984'. [ 167.358038][ T8117] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 167.382390][ T8053] IPVS: starting estimator thread 0... [ 167.484740][ T8118] IPVS: using max 16 ests per chain, 38400 per kthread [ 168.088626][ T8145] netlink: 48 bytes leftover after parsing attributes in process `syz.4.991'. [ 169.090692][ T8171] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1002'. [ 169.117519][ T8171] bMtadv_lave_0: renamed from lo (while UP) [ 169.166135][ T8171] bMtadv_lave_0: entered allmulticast mode [ 170.084132][ T8212] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1018'. [ 170.525987][ T8227] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1020'. [ 170.716944][ T8231] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1022'. [ 170.798751][ T8233] dccp_v6_rcv: dropped packet with invalid checksum [ 171.515620][ T8253] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 171.530444][ T8252] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1032'. [ 172.310393][ T8287] netlink: 'syz.2.1040': attribute type 10 has an invalid length. [ 172.354649][ T8287] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1040'. [ 172.384170][ T8291] netlink: 'syz.2.1040': attribute type 1 has an invalid length. [ 172.388415][ T8287] team0: entered promiscuous mode [ 172.417994][ T8291] netlink: 9352 bytes leftover after parsing attributes in process `syz.2.1040'. [ 172.440854][ T8287] team_slave_0: entered promiscuous mode [ 172.453424][ T8291] netlink: 'syz.2.1040': attribute type 1 has an invalid length. [ 172.470443][ T8287] team_slave_1: entered promiscuous mode [ 172.476422][ T8291] netlink: 'syz.2.1040': attribute type 2 has an invalid length. [ 172.488820][ T8287] team0: entered allmulticast mode [ 172.494056][ T8287] team_slave_0: entered allmulticast mode [ 172.512346][ T8287] team_slave_1: entered allmulticast mode [ 172.523908][ T8287] bridge0: port 4(team0) entered blocking state [ 172.538288][ T8287] bridge0: port 4(team0) entered disabled state [ 172.538510][ T8299] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1044'. [ 172.560659][ T8287] bridge0: port 4(team0) entered blocking state [ 172.567992][ T8287] bridge0: port 4(team0) entered forwarding state [ 172.579031][ T8297] netlink: 'syz.3.1043': attribute type 4 has an invalid length. [ 172.589050][ T8297] netlink: 'syz.3.1043': attribute type 1 has an invalid length. [ 172.602992][ T8297] netlink: 'syz.3.1043': attribute type 7 has an invalid length. [ 172.631047][ T29] audit: type=1107 audit(1721278841.524:2): pid=8294 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='Š63ú\›†m!öiN›íŠÉÍ‹ôEð~8§*ÔŽFEß@P7+¼kÜÖ' [ 172.829198][ T8302] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 172.974235][ T8306] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 173.040841][ T8313] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048) [ 173.122535][ T8316] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 173.226316][ T8053] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 173.432434][ T8333] vlan2: entered promiscuous mode [ 173.443486][ T8333] vlan2: entered allmulticast mode [ 173.587906][ T8340] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1060'. [ 173.627419][ T7900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 173.873949][ T8350] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1064'. [ 174.674951][ T7906] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 174.865257][ T8382] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 175.176974][ T7919] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 175.446753][ T8424] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1081'. [ 175.494675][ T8428] netlink: 'syz.0.1080': attribute type 26 has an invalid length. [ 175.626730][ T8434] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1080'. [ 175.707097][ T7906] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 175.786211][ T7919] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 176.282765][ T7919] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 176.503086][ T8472] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1096'. [ 176.552480][ T8472] openvswitch: netlink: VXLAN extension 43 out of range max 1 [ 176.748656][ T7900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 176.888657][ T8491] netlink: 'syz.0.1098': attribute type 26 has an invalid length. [ 176.897974][ T8483] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1100'. [ 176.949923][ T8495] netlink: 'syz.4.1102': attribute type 1 has an invalid length. [ 176.978457][ T8495] netlink: 67 bytes leftover after parsing attributes in process `syz.4.1102'. [ 177.182275][ T8488] tipc: Cannot configure node identity twice [ 177.197114][ T8488] tipc: Cannot configure node identity twice [ 177.806292][ T7900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 177.983861][ T8534] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1112'. [ 178.191129][ T8548] vlan3: entered promiscuous mode [ 178.212624][ T8548] batman_adv: batadv0: Adding interface: vlan3 [ 178.229736][ T8548] batman_adv: batadv0: The MTU of interface vlan3 is too small (1480) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 178.266707][ T8548] batman_adv: batadv0: Not using interface vlan3 (retrying later): interface not active [ 178.562996][ T8575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.572636][ T8575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.582590][ T8575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.592433][ T8575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.623907][ T8575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.663885][ T8575] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.733342][ T8584] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 179.076306][ T8588] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1127'. [ 179.115989][ T8590] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1129'. [ 179.491278][ T8609] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1138'. [ 179.527684][ T8603] netlink: 'syz.2.1135': attribute type 10 has an invalid length. [ 179.553012][ T8603] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 179.561986][ T8603] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 179.575614][ T8603] team0: Port device netdevsim0 added [ 179.745943][ T8622] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1140'. [ 180.253141][ T8650] hsr0: entered promiscuous mode [ 180.275074][ T8650] hsr_slave_0: left promiscuous mode [ 180.293186][ T8650] hsr_slave_1: left promiscuous mode [ 180.359873][ T8650] hsr0 (unregistering): left promiscuous mode [ 180.544791][ T8659] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1157'. [ 180.645040][ T8660] bond0: entered promiscuous mode [ 180.672319][ T8660] bond_slave_0: entered promiscuous mode [ 180.684989][ T8666] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1156'. [ 180.700949][ T8660] bond_slave_1: entered promiscuous mode [ 180.731906][ T8660] bond0: left promiscuous mode [ 180.748413][ T8660] bond_slave_0: left promiscuous mode [ 180.780402][ T8660] bond_slave_1: left promiscuous mode [ 180.805828][ T8673] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1162'. [ 180.824631][ T8670] bridge0: entered allmulticast mode [ 180.835826][ T8671] bridge0: left allmulticast mode [ 181.033836][ T8684] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1166'. [ 181.315097][ T8700] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1172'. [ 182.030646][ T7906] net_ratelimit: 11 callbacks suppressed [ 182.030680][ T7906] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.142947][ T8756] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 182.166719][ T8756] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 182.203301][ T8761] netlink: 'syz.2.1196': attribute type 1 has an invalid length. [ 182.229020][ T8759] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 182.345009][ T8053] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.701860][ T8789] dccp_v6_rcv: dropped packet with invalid checksum [ 183.067806][ T7906] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 183.355948][ T8829] FAULT_INJECTION: forcing a failure. [ 183.355948][ T8829] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 183.381249][ T8829] CPU: 0 PID: 8829 Comm: syz.4.1222 Not tainted 6.10.0-syzkaller-04473-g0e03c643dc93 #0 [ 183.393045][ T8829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 183.403111][ T8829] Call Trace: [ 183.406406][ T8829] [ 183.409332][ T8829] dump_stack_lvl+0x241/0x360 [ 183.414024][ T8829] ? __pfx_dump_stack_lvl+0x10/0x10 [ 183.419248][ T8829] ? __pfx__printk+0x10/0x10 [ 183.423858][ T8829] ? __pfx_lock_release+0x10/0x10 [ 183.428899][ T8829] should_fail_ex+0x3b0/0x4e0 [ 183.433581][ T8829] _copy_from_iter+0x1f6/0x1960 [ 183.438440][ T8829] ? __virt_addr_valid+0x183/0x530 [ 183.443567][ T8829] ? skb_set_owner_w+0x238/0x3e0 [ 183.448883][ T8829] ? __pfx_lock_release+0x10/0x10 [ 183.454060][ T8829] ? __pfx__copy_from_iter+0x10/0x10 [ 183.460398][ T8829] ? __virt_addr_valid+0x183/0x530 [ 183.465996][ T8829] ? __virt_addr_valid+0x183/0x530 [ 183.472374][ T8829] ? __virt_addr_valid+0x45f/0x530 [ 183.477541][ T8829] ? __phys_addr_symbol+0x2f/0x70 [ 183.482577][ T8829] ? __check_object_size+0x49c/0x900 [ 183.487863][ T8829] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 183.493607][ T8829] skb_copy_datagram_from_iter+0xf3/0x6c0 [ 183.499335][ T8829] ? skb_put+0x114/0x1f0 [ 183.503598][ T8829] tun_get_user+0xec3/0x4720 [ 183.508205][ T8829] ? __lock_acquire+0x1346/0x1fd0 [ 183.513242][ T8829] ? __pfx_tun_get_user+0x10/0x10 [ 183.518286][ T8829] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 183.523747][ T8829] ? tun_get+0x1e/0x2f0 [ 183.527910][ T8829] ? __pfx_lock_release+0x10/0x10 [ 183.532992][ T8829] ? tun_get+0x1e/0x2f0 [ 183.537154][ T8829] ? tun_get+0x27d/0x2f0 [ 183.541419][ T8829] tun_chr_write_iter+0x113/0x1f0 [ 183.546448][ T8829] vfs_write+0xa72/0xc90 [ 183.550700][ T8829] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 183.557059][ T8829] ? __pfx_vfs_write+0x10/0x10 [ 183.561879][ T8829] ksys_write+0x1a0/0x2c0 [ 183.566300][ T8829] ? __pfx_ksys_write+0x10/0x10 [ 183.576761][ T8829] ? do_syscall_64+0x100/0x230 [ 183.582747][ T8829] ? do_syscall_64+0xb6/0x230 [ 183.587538][ T8829] do_syscall_64+0xf3/0x230 [ 183.592645][ T8829] ? clear_bhb_loop+0x35/0x90 [ 183.597356][ T8829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.603283][ T8829] RIP: 0033:0x7fbd63d75a99 [ 183.608376][ T8829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.629842][ T8829] RSP: 002b:00007fbd64a5e048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 183.638568][ T8829] RAX: ffffffffffffffda RBX: 00007fbd63f03f60 RCX: 00007fbd63d75a99 [ 183.649181][ T8829] RDX: 000000000000fdef RSI: 0000000020000380 RDI: 0000000000000003 [ 183.657340][ T8829] RBP: 00007fbd64a5e0a0 R08: 0000000000000000 R09: 0000000000000000 [ 183.665689][ T8829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 183.673686][ T8829] R13: 000000000000000b R14: 00007fbd63f03f60 R15: 00007ffcbc54eb18 [ 183.681812][ T8829] [ 183.700228][ T5149] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 183.710256][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 183.736635][ T8833] dccp_v6_rcv: dropped packet with invalid checksum [ 183.839148][ T8836] macvlan2: entered allmulticast mode [ 183.845519][ T8836] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 183.855196][ T8836] team0: Port device macvlan2 added [ 183.860978][ T8838] __nla_validate_parse: 7 callbacks suppressed [ 183.861009][ T8838] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1226'. [ 183.991909][ T8845] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1228'. [ 184.113568][ T7906] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 184.185396][ T8860] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1231'. [ 184.325583][ T8866] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1236'. [ 184.416469][ T8871] macvlan2: entered allmulticast mode [ 184.438612][ T8871] mac80211_hwsim hwsim3 wlan0: entered promiscuous mode [ 184.450862][ T8871] mac80211_hwsim hwsim3 wlan0: entered allmulticast mode [ 184.465782][ T8871] macvlan2: entered promiscuous mode [ 184.480295][ T8871] team0: Port device macvlan2 added [ 184.656563][ T8882] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1241'. [ 184.712270][ T8884] bridge0: entered promiscuous mode [ 184.755373][ T8884] bridge0: left promiscuous mode [ 184.842928][ T8892] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1247'. [ 185.178788][ T8905] vlan4: entered promiscuous mode [ 185.194907][ T8905] batadv0: entered promiscuous mode [ 185.217919][ T8905] vlan4: entered allmulticast mode [ 185.223168][ T8905] batadv0: entered allmulticast mode [ 185.244179][ T8905] team0: Port device vlan4 added [ 185.316876][ T8918] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1256'. [ 185.661654][ T8942] netlink: 'syz.0.1261': attribute type 1 has an invalid length. [ 185.714853][ T8942] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1261'. [ 186.081157][ T8960] netlink: 'syz.3.1266': attribute type 1 has an invalid length. [ 186.117867][ T8960] netlink: 9328 bytes leftover after parsing attributes in process `syz.3.1266'. [ 186.163143][ T8967] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1269'. [ 186.186689][ T8960] netlink: 'syz.3.1266': attribute type 2 has an invalid length. [ 186.203756][ T8960] netlink: 'syz.3.1266': attribute type 1 has an invalid length. [ 187.231468][ T7900] net_ratelimit: 13 callbacks suppressed [ 187.231492][ T7900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 187.246390][ T5110] block nbd0: Receive control failed (result -107) [ 187.306665][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 187.317398][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 187.497864][ T9021] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 188.226919][ T9064] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 188.239706][ T9065] xt_hashlimit: max too large, truncated to 1048576 [ 188.266044][ T7906] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 188.539509][ T9074] vlan2: entered promiscuous mode [ 188.552008][ T9074] erspan0: entered promiscuous mode [ 188.560671][ T9074] erspan0: left promiscuous mode [ 188.600209][ T7919] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 188.653478][ T9081] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 188.860140][ T9094] syzkaller1: entered promiscuous mode [ 188.914826][ T9094] syzkaller1: entered allmulticast mode [ 188.954245][ T9101] __nla_validate_parse: 6 callbacks suppressed [ 188.954274][ T9101] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1313'. [ 188.978433][ T9105] netlink: 'syz.1.1315': attribute type 1 has an invalid length. [ 189.001986][ T9105] netlink: 9352 bytes leftover after parsing attributes in process `syz.1.1315'. [ 189.012586][ T9101] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1313'. [ 189.034372][ T9105] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1315'. [ 189.313337][ T7900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 189.406238][ T9122] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 189.579728][ T9134] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1321'. [ 189.597253][ T9133] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 189.638614][ T9133] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 189.769095][ T9142] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1329'. [ 190.154891][ T9163] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1336'. [ 190.165755][ T9166] netlink: 'syz.3.1337': attribute type 3 has an invalid length. [ 190.165815][ T9166] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1337'. [ 190.205308][ T9163] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1336'. [ 190.243842][ T9169] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1338'. [ 191.020637][ T9213] Bluetooth: MGMT ver 1.23 [ 191.474451][ T9234] xt_l2tp: wrong L2TP version: 0 [ 191.626131][ T9238] netlink: 'syz.1.1364': attribute type 6 has an invalid length. [ 191.671056][ T9238] netlink: 'syz.1.1364': attribute type 1 has an invalid length. [ 191.678741][ T9244] netlink: 'syz.2.1365': attribute type 1 has an invalid length. [ 192.237974][ T9269] netlink: 'syz.2.1376': attribute type 29 has an invalid length. [ 192.270366][ T9269] net_ratelimit: 4 callbacks suppressed [ 192.270384][ T9269] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.291022][ T9269] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.300419][ T9269] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.319373][ T9269] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.352745][ T9269] netem: invalid attributes len -24 [ 192.368703][ T9269] netem: change failed [ 192.385979][ T9268] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.426368][ T5149] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.436656][ T9276] block nbd0: NBD_DISCONNECT [ 192.442199][ T9276] block nbd0: Send disconnect failed -32 [ 192.472551][ T9276] block nbd0: shutting down sockets [ 192.515736][ T9280] macvlan0: entered promiscuous mode [ 192.537514][ T9280] ipvlan0: entered promiscuous mode [ 192.575506][ T9280] ipvlan0: left promiscuous mode [ 192.597116][ T9280] macvlan0: left promiscuous mode [ 192.627345][ T9281] vlan2: entered allmulticast mode [ 192.632940][ T9281] mac80211_hwsim hwsim19 wlan1: entered allmulticast mode [ 192.828538][ T7913] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.895978][ T9303] ɶƣ0GC¦: entered promiscuous mode [ 192.983632][ T9309] FAULT_INJECTION: forcing a failure. [ 192.983632][ T9309] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 193.036604][ T9309] CPU: 1 PID: 9309 Comm: syz.4.1392 Not tainted 6.10.0-syzkaller-04473-g0e03c643dc93 #0 [ 193.052954][ T9309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 193.063411][ T9309] Call Trace: [ 193.066718][ T9309] [ 193.069657][ T9309] dump_stack_lvl+0x241/0x360 [ 193.074343][ T9309] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.079554][ T9309] ? __pfx__printk+0x10/0x10 [ 193.084172][ T9309] should_fail_ex+0x3b0/0x4e0 [ 193.088868][ T9309] _copy_from_user+0x2f/0xe0 [ 193.093472][ T9309] move_addr_to_kernel+0x82/0x150 [ 193.098506][ T9309] copy_msghdr_from_user+0x43e/0x680 [ 193.103820][ T9309] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 193.109653][ T9309] __sys_sendmsg+0x23d/0x3a0 [ 193.114679][ T9309] ? __pfx___sys_sendmsg+0x10/0x10 [ 193.120900][ T9309] ? vfs_write+0x7c4/0xc90 [ 193.126795][ T9309] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 193.134235][ T9309] ? do_syscall_64+0x100/0x230 [ 193.139034][ T9309] ? do_syscall_64+0xb6/0x230 [ 193.143742][ T9309] do_syscall_64+0xf3/0x230 [ 193.148258][ T9309] ? clear_bhb_loop+0x35/0x90 [ 193.152952][ T9309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.158852][ T9309] RIP: 0033:0x7fbd63d75a99 [ 193.163273][ T9309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.182976][ T9309] RSP: 002b:00007fbd64a5e048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 193.191403][ T9309] RAX: ffffffffffffffda RBX: 00007fbd63f03f60 RCX: 00007fbd63d75a99 [ 193.199377][ T9309] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000003 [ 193.207729][ T9309] RBP: 00007fbd64a5e0a0 R08: 0000000000000000 R09: 0000000000000000 [ 193.215983][ T9309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.227451][ T9309] R13: 000000000000000b R14: 00007fbd63f03f60 R15: 00007ffcbc54eb18 [ 193.236690][ T9309] [ 193.262095][ T9305] team0: Port device bridge1 added [ 193.415202][ T9318] netlink: 'syz.0.1394': attribute type 1 has an invalid length. [ 193.465873][ T7906] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 193.528499][ T9321] netlink: 'syz.1.1396': attribute type 1 has an invalid length. [ 193.530577][ T9327] netlink: 'syz.3.1398': attribute type 1 has an invalid length. [ 193.831058][ T9340] dccp_invalid_packet: P.Data Offset(0) too small [ 193.850983][ T9343] netlink: 'syz.3.1402': attribute type 8 has an invalid length. [ 194.247224][ T9367] __nla_validate_parse: 21 callbacks suppressed [ 194.247251][ T9367] netlink: 3712 bytes leftover after parsing attributes in process `syz.0.1407'. [ 194.368579][ T9369] netlink: 4654 bytes leftover after parsing attributes in process `syz.4.1409'. [ 194.386743][ T9369] netlink: 4654 bytes leftover after parsing attributes in process `syz.4.1409'. [ 194.505466][ T5149] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 194.528686][ T9379] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1413'. [ 194.736607][ T9391] team0: entered promiscuous mode [ 194.755928][ T9391] team_slave_0: entered promiscuous mode [ 194.794996][ T9391] team_slave_1: entered promiscuous mode [ 194.870574][ T9391] team0: left promiscuous mode [ 194.880298][ T9391] team_slave_0: left promiscuous mode [ 194.890837][ T9391] team_slave_1: left promiscuous mode [ 194.988827][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.009098][ T9401] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1420'. [ 195.299996][ T9421] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1427'. [ 195.369658][ T9423] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1428'. [ 195.421965][ T9426] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1429'. [ 196.010107][ T9461] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1443'. [ 196.263726][ T9475] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1442'. [ 196.517111][ T9486] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.540087][ T9488] IPVS: length: 37 != 24 [ 196.654452][ T9494] tipc: Enabling of bearer rejected, failed to enable media [ 196.889552][ T9507] netlink: 'syz.1.1462': attribute type 49 has an invalid length. [ 197.281180][ T9526] netlink: 'syz.0.1468': attribute type 1 has an invalid length. [ 197.339741][ T9528] net_ratelimit: 6 callbacks suppressed [ 197.339763][ T9528] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 197.390257][ T9534] netlink: 'syz.3.1472': attribute type 2 has an invalid length. [ 197.443271][ T9534] netlink: 'syz.3.1472': attribute type 2 has an invalid length. [ 197.471757][ T9534] netlink: 'syz.3.1472': attribute type 2 has an invalid length. [ 197.626167][ T5149] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 197.831446][ T9553] syzkaller0: entered promiscuous mode [ 197.860142][ T9553] syzkaller0: entered allmulticast mode [ 198.133390][ T9578] FAULT_INJECTION: forcing a failure. [ 198.133390][ T9578] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 198.185222][ T7919] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 198.206001][ T9578] CPU: 1 PID: 9578 Comm: syz.3.1485 Not tainted 6.10.0-syzkaller-04473-g0e03c643dc93 #0 [ 198.216958][ T9578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 198.228490][ T9578] Call Trace: [ 198.231902][ T9578] [ 198.235222][ T9578] dump_stack_lvl+0x241/0x360 [ 198.240306][ T9578] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.246156][ T9578] ? __pfx__printk+0x10/0x10 [ 198.251424][ T9578] ? __pfx_lock_release+0x10/0x10 [ 198.257933][ T9578] should_fail_ex+0x3b0/0x4e0 [ 198.263673][ T9578] _copy_to_user+0x2f/0xb0 [ 198.270071][ T9578] bpf_verifier_vlog+0x31e/0x860 [ 198.276132][ T9578] __btf_verifier_log+0xd5/0x120 [ 198.285195][ T9578] ? bpf_verifier_vlog+0x32b/0x860 [ 198.292964][ T9578] ? __pfx___btf_verifier_log+0x10/0x10 [ 198.301238][ T9578] ? btf_parse_hdr+0x1e3/0x710 [ 198.308017][ T9578] btf_parse_hdr+0x3a1/0x710 [ 198.313059][ T9578] btf_new_fd+0x391/0xd30 [ 198.319214][ T9578] ? __pfx_btf_new_fd+0x10/0x10 [ 198.324263][ T9578] ? bpf_btf_load+0xcf/0x1a0 [ 198.328878][ T9578] __sys_bpf+0x6ef/0x810 [ 198.333116][ T9578] ? __pfx___sys_bpf+0x10/0x10 [ 198.337892][ T9578] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 198.343884][ T9578] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 198.350217][ T9578] ? do_syscall_64+0x100/0x230 [ 198.354988][ T9578] __x64_sys_bpf+0x7c/0x90 [ 198.359406][ T9578] do_syscall_64+0xf3/0x230 [ 198.363909][ T9578] ? clear_bhb_loop+0x35/0x90 [ 198.368604][ T9578] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.374505][ T9578] RIP: 0033:0x7f3743775a99 [ 198.379477][ T9578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.399973][ T9578] RSP: 002b:00007f37431ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 198.408398][ T9578] RAX: ffffffffffffffda RBX: 00007f3743903f60 RCX: 00007f3743775a99 [ 198.416378][ T9578] RDX: 0000000000000020 RSI: 00000000200000c0 RDI: 0000000000000012 [ 198.424346][ T9578] RBP: 00007f37431ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 198.432314][ T9578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 198.440277][ T9578] R13: 000000000000000b R14: 00007f3743903f60 R15: 00007fff3881a998 [ 198.448269][ T9578] [ 198.675340][ T7906] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 198.907940][ T7919] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 199.720223][ T7900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 200.298040][ T9597] netlink: 'syz.3.1487': attribute type 4 has an invalid length. [ 200.375964][ T9607] __nla_validate_parse: 11 callbacks suppressed [ 200.375987][ T9607] netlink: 5300 bytes leftover after parsing attributes in process `syz.4.1490'. [ 200.434189][ T9607] openvswitch: netlink: IP tunnel dst address not specified [ 200.518938][ T9613] xt_TCPMSS: Only works on TCP SYN packets [ 200.610734][ T9617] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1494'. [ 200.626769][ T9622] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1495'. [ 200.645028][ T9617] netlink: 'syz.1.1494': attribute type 1 has an invalid length. [ 200.663051][ T9617] netlink: 'syz.1.1494': attribute type 2 has an invalid length. [ 200.697032][ T9626] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1497'. [ 200.723748][ T9617] team0: Port device team_slave_0 removed [ 200.747860][ T7906] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 200.778869][ T9617] netlink: 112 bytes leftover after parsing attributes in process `syz.1.1494'. [ 200.815242][ T9617] tipc: Enabled bearer , priority 16 [ 200.835154][ T9631] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1498'. [ 200.877102][ T9631] nbd: socks must be embedded in a SOCK_ITEM attr [ 200.914729][ T9638] netlink: 23 bytes leftover after parsing attributes in process `syz.4.1498'. [ 201.489614][ T9672] netlink: 165 bytes leftover after parsing attributes in process `syz.3.1507'. [ 201.536037][ T9672] netlink: 277 bytes leftover after parsing attributes in process `syz.3.1507'. [ 201.587389][ T9678] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1510'. [ 201.709046][ T9684] netlink: 'syz.2.1512': attribute type 34 has an invalid length. [ 201.804856][ T5149] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 201.934948][ T5149] tipc: Node number set to 722801931 [ 201.950914][ T8053] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 202.087269][ T9701] macvlan2: entered allmulticast mode [ 202.188337][ T4492] Bluetooth: hci4: command 0x0406 tx timeout [ 202.196964][ T5108] Bluetooth: hci2: command 0x0406 tx timeout [ 202.197011][ T5101] Bluetooth: hci1: command 0x0406 tx timeout [ 202.255945][ T9714] xt_socket: unknown flags 0x8 [ 202.640157][ T9738] netlink: 'syz.0.1527': attribute type 10 has an invalid length. [ 202.711833][ T9738] bridge0: port 3(dummy0) entered blocking state [ 202.719695][ T9738] bridge0: port 3(dummy0) entered disabled state [ 202.735507][ T9738] dummy0: entered allmulticast mode [ 202.742403][ T9738] dummy0: entered promiscuous mode [ 202.753430][ T9738] bridge0: port 3(dummy0) entered blocking state [ 202.759992][ T9738] bridge0: port 3(dummy0) entered forwarding state [ 202.825624][ T5149] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 202.996654][ T9758] netlink: zone id is out of range [ 203.103930][ T9758] netlink: set zone limit has 4 unknown bytes [ 203.155093][ T9765] vlan3: entered promiscuous mode [ 203.185308][ T9765] bond0: (slave vlan3): Opening slave failed [ 203.340062][ T9775] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 203.354036][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 203.373272][ T9774] ɶƣ0GC¦: entered promiscuous mode [ 203.785304][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 203.825000][ T9806] netlink: 'syz.2.1549': attribute type 2 has an invalid length. [ 203.864904][ T7906] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 204.118354][ T9828] FAULT_INJECTION: forcing a failure. [ 204.118354][ T9828] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 204.163732][ T9828] CPU: 1 PID: 9828 Comm: syz.2.1558 Not tainted 6.10.0-syzkaller-04473-g0e03c643dc93 #0 [ 204.173614][ T9828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 204.183693][ T9828] Call Trace: [ 204.186987][ T9828] [ 204.189917][ T9828] dump_stack_lvl+0x241/0x360 [ 204.194605][ T9828] ? __pfx_dump_stack_lvl+0x10/0x10 [ 204.199802][ T9828] ? __pfx__printk+0x10/0x10 [ 204.204389][ T9828] ? __pfx_lock_release+0x10/0x10 [ 204.209416][ T9828] should_fail_ex+0x3b0/0x4e0 [ 204.214557][ T9828] _copy_to_user+0x2f/0xb0 [ 204.219219][ T9828] bpf_verifier_vlog+0x31e/0x860 [ 204.224247][ T9828] __btf_verifier_log+0xd5/0x120 [ 204.230249][ T9828] ? bpf_verifier_vlog+0x32b/0x860 [ 204.236909][ T9828] ? __pfx___btf_verifier_log+0x10/0x10 [ 204.242568][ T9828] ? btf_parse_hdr+0x1e3/0x710 [ 204.247543][ T9828] btf_parse_hdr+0x3a1/0x710 [ 204.252324][ T9828] btf_new_fd+0x391/0xd30 [ 204.256805][ T9828] ? __pfx_btf_new_fd+0x10/0x10 [ 204.261699][ T9828] ? bpf_btf_load+0xcf/0x1a0 [ 204.266328][ T9828] __sys_bpf+0x6ef/0x810 [ 204.270742][ T9828] ? __pfx___sys_bpf+0x10/0x10 [ 204.275581][ T9828] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 204.282316][ T9828] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 204.288794][ T9828] ? do_syscall_64+0x100/0x230 [ 204.293602][ T9828] __x64_sys_bpf+0x7c/0x90 [ 204.298048][ T9828] do_syscall_64+0xf3/0x230 [ 204.302568][ T9828] ? clear_bhb_loop+0x35/0x90 [ 204.307268][ T9828] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.313805][ T9828] RIP: 0033:0x7ff079175a99 [ 204.319017][ T9828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.340486][ T9828] RSP: 002b:00007ff079e9a048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 204.349910][ T9828] RAX: ffffffffffffffda RBX: 00007ff079303f60 RCX: 00007ff079175a99 [ 204.359962][ T9828] RDX: 0000000000000020 RSI: 00000000200000c0 RDI: 0000000000000012 [ 204.368302][ T9828] RBP: 00007ff079e9a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 204.377454][ T9828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 204.386850][ T9828] R13: 000000000000000b R14: 00007ff079303f60 R15: 00007ffee7c055f8 [ 204.395742][ T9828] [ 204.490393][ T9832] netlink: 'syz.3.1559': attribute type 2 has an invalid length. [ 204.505337][ T9832] netlink: 'syz.3.1559': attribute type 1 has an invalid length. [ 204.546696][ T9832] netlink: 'syz.3.1559': attribute type 2 has an invalid length. [ 204.565057][ T9832] netlink: 'syz.3.1559': attribute type 1 has an invalid length. [ 204.810758][ T9849] netlink: 'syz.2.1564': attribute type 23 has an invalid length. [ 204.904998][ T5149] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 204.945684][ T9853] FAULT_INJECTION: forcing a failure. [ 204.945684][ T9853] name failslab, interval 1, probability 0, space 0, times 0 [ 204.972553][ T9853] CPU: 0 PID: 9853 Comm: syz.2.1566 Not tainted 6.10.0-syzkaller-04473-g0e03c643dc93 #0 [ 204.982300][ T9853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 204.994520][ T9853] Call Trace: [ 204.998033][ T9853] [ 205.002024][ T9853] dump_stack_lvl+0x241/0x360 [ 205.007777][ T9853] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.013019][ T9853] ? __pfx__printk+0x10/0x10 [ 205.017640][ T9853] ? __pfx___might_resched+0x10/0x10 [ 205.022972][ T9853] should_fail_ex+0x3b0/0x4e0 [ 205.027697][ T9853] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 205.033978][ T9853] should_failslab+0x9/0x20 [ 205.038516][ T9853] __kmalloc_noprof+0xd8/0x400 [ 205.043330][ T9853] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 205.049442][ T9853] genl_rcv_msg+0x802/0xec0 [ 205.053969][ T9853] ? mark_lock+0x9a/0x350 [ 205.058358][ T9853] ? __pfx_genl_rcv_msg+0x10/0x10 [ 205.063454][ T9853] ? __pfx_lock_acquire+0x10/0x10 [ 205.068527][ T9853] ? __pfx_netlbl_mgmt_add+0x10/0x10 [ 205.073860][ T9853] ? __pfx___might_resched+0x10/0x10 [ 205.079177][ T9853] netlink_rcv_skb+0x1e3/0x430 [ 205.084147][ T9853] ? __pfx_genl_rcv_msg+0x10/0x10 [ 205.089833][ T9853] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 205.095535][ T9853] genl_rcv+0x28/0x40 [ 205.103099][ T9853] netlink_unicast+0x7f0/0x990 [ 205.109977][ T9853] ? __pfx_netlink_unicast+0x10/0x10 [ 205.115579][ T9853] ? __virt_addr_valid+0x183/0x530 [ 205.122492][ T9853] ? __check_object_size+0x49c/0x900 [ 205.130563][ T9853] ? bpf_lsm_netlink_send+0x9/0x10 [ 205.136181][ T9853] netlink_sendmsg+0x8e4/0xcb0 [ 205.142019][ T9853] ? __pfx_netlink_sendmsg+0x10/0x10 [ 205.148050][ T9853] ? __import_iovec+0x536/0x820 [ 205.153108][ T9853] ? aa_sock_msg_perm+0x91/0x160 [ 205.158539][ T9853] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 205.164009][ T9853] ? security_socket_sendmsg+0x87/0xb0 [ 205.170315][ T9853] ? __pfx_netlink_sendmsg+0x10/0x10 [ 205.176255][ T9853] __sock_sendmsg+0x221/0x270 [ 205.181015][ T9853] ____sys_sendmsg+0x525/0x7d0 [ 205.185920][ T9853] ? __pfx_____sys_sendmsg+0x10/0x10 [ 205.191329][ T9853] __sys_sendmsg+0x2b0/0x3a0 [ 205.196120][ T9853] ? __pfx___sys_sendmsg+0x10/0x10 [ 205.201365][ T9853] ? vfs_write+0x7c4/0xc90 [ 205.206248][ T9853] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 205.212744][ T9853] ? do_syscall_64+0x100/0x230 [ 205.217600][ T9853] ? do_syscall_64+0xb6/0x230 [ 205.222594][ T9853] do_syscall_64+0xf3/0x230 [ 205.227167][ T9853] ? clear_bhb_loop+0x35/0x90 [ 205.231935][ T9853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.237955][ T9853] RIP: 0033:0x7ff079175a99 [ 205.242389][ T9853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.263316][ T9853] RSP: 002b:00007ff079e9a048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 205.272378][ T9853] RAX: ffffffffffffffda RBX: 00007ff079303f60 RCX: 00007ff079175a99 [ 205.280477][ T9853] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004 [ 205.291297][ T9853] RBP: 00007ff079e9a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 205.301260][ T9853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 205.312141][ T9853] R13: 000000000000000b R14: 00007ff079303f60 R15: 00007ffee7c055f8 [ 205.321585][ T9853] [ 205.333439][ T8053] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 205.342833][ T9859] netlink: 'syz.4.1568': attribute type 7 has an invalid length. [ 205.658664][ T9875] netlink: 'syz.1.1575': attribute type 10 has an invalid length. [ 205.689796][ T9875] __nla_validate_parse: 6 callbacks suppressed [ 205.689816][ T9875] netlink: 210880 bytes leftover after parsing attributes in process `syz.1.1575'. [ 205.721732][ T9880] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1574'. [ 205.813879][ T9875] mac80211_hwsim hwsim2 wlan0 (unregistering): left allmulticast mode [ 205.869247][ T9875] team0: Port device macvlan2 removed [ 205.952039][ T7906] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.005832][ T9887] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1574'. [ 206.191164][ T9912] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1582'. [ 206.689067][ T9938] netlink: 'syz.4.1594': attribute type 2 has an invalid length. [ 206.985415][ T9959] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1600'. [ 207.055042][ T9962] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1602'. [ 207.087099][ T9963] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1601'. [ 207.175290][ T9965] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1604'. [ 207.381561][ T9975] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1608'. [ 207.573575][ T9992] FAULT_INJECTION: forcing a failure. [ 207.573575][ T9992] name failslab, interval 1, probability 0, space 0, times 0 [ 207.589452][ T9988] team0: Port device netdevsim0 added [ 207.596807][ T9992] CPU: 0 PID: 9992 Comm: syz.1.1613 Not tainted 6.10.0-syzkaller-04473-g0e03c643dc93 #0 [ 207.606553][ T9992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 207.616626][ T9992] Call Trace: [ 207.619930][ T9992] [ 207.622881][ T9992] dump_stack_lvl+0x241/0x360 [ 207.628057][ T9992] ? __pfx_dump_stack_lvl+0x10/0x10 [ 207.634377][ T9992] ? __pfx__printk+0x10/0x10 [ 207.640955][ T9992] ? __pfx___might_resched+0x10/0x10 [ 207.646854][ T9992] should_fail_ex+0x3b0/0x4e0 [ 207.651856][ T9992] ? hash_ipportnet_create+0x2fa/0x1040 [ 207.657427][ T9992] should_failslab+0x9/0x20 [ 207.661941][ T9992] kmalloc_trace_noprof+0x6c/0x2c0 [ 207.667057][ T9992] hash_ipportnet_create+0x2fa/0x1040 [ 207.672441][ T9992] ? __pfx_hash_ipportnet_create+0x10/0x10 [ 207.678258][ T9992] ip_set_create+0xa5c/0x1900 [ 207.682942][ T9992] ? ip_set_create+0x45e/0x1900 [ 207.687797][ T9992] ? trace_raw_output_contention_end+0x1a/0xd0 [ 207.693963][ T9992] ? __pfx_ip_set_create+0x10/0x10 [ 207.699066][ T9992] ? trace_contention_end+0x3c/0x120 [ 207.704374][ T9992] ? nfnetlink_rcv_msg+0x225/0x1180 [ 207.709573][ T9992] nfnetlink_rcv_msg+0xbec/0x1180 [ 207.714641][ T9992] ? nfnetlink_rcv_msg+0x225/0x1180 [ 207.720886][ T9992] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 207.727049][ T9992] netlink_rcv_skb+0x1e3/0x430 [ 207.737731][ T9992] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 207.743437][ T9992] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 207.749213][ T9992] ? apparmor_capable+0x138/0x1b0 [ 207.755286][ T9992] ? bpf_lsm_capable+0x9/0x10 [ 207.760546][ T9992] ? security_capable+0x90/0xb0 [ 207.765614][ T9992] nfnetlink_rcv+0x297/0x2a90 [ 207.770506][ T9992] ? __pfx_validate_chain+0x10/0x10 [ 207.775984][ T9992] ? mark_lock+0x9a/0x350 [ 207.780776][ T9992] ? __pfx_validate_chain+0x10/0x10 [ 207.786127][ T9992] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 207.791636][ T9992] ? mark_lock+0x9a/0x350 [ 207.796213][ T9992] ? __lock_acquire+0x1346/0x1fd0 [ 207.801388][ T9992] ? __pfx_lock_release+0x10/0x10 [ 207.806602][ T9992] ? netlink_deliver_tap+0x2e/0x1b0 [ 207.811875][ T9992] ? __pfx_lock_release+0x10/0x10 [ 207.816958][ T9992] ? netlink_deliver_tap+0x2e/0x1b0 [ 207.823043][ T9992] netlink_unicast+0x7f0/0x990 [ 207.828105][ T9992] ? __pfx_netlink_unicast+0x10/0x10 [ 207.833694][ T9992] ? __virt_addr_valid+0x183/0x530 [ 207.838935][ T9992] ? __check_object_size+0x49c/0x900 [ 207.844555][ T9992] ? bpf_lsm_netlink_send+0x9/0x10 [ 207.850242][ T9992] netlink_sendmsg+0x8e4/0xcb0 [ 207.855160][ T9992] ? __pfx_netlink_sendmsg+0x10/0x10 [ 207.861101][ T9992] ? __import_iovec+0x536/0x820 [ 207.866859][ T9992] ? aa_sock_msg_perm+0x91/0x160 [ 207.871953][ T9992] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 207.877431][ T9992] ? security_socket_sendmsg+0x87/0xb0 [ 207.884712][ T9992] ? __pfx_netlink_sendmsg+0x10/0x10 [ 207.890026][ T9992] __sock_sendmsg+0x221/0x270 [ 207.894743][ T9992] ____sys_sendmsg+0x525/0x7d0 [ 207.899986][ T9992] ? __pfx_____sys_sendmsg+0x10/0x10 [ 207.905319][ T9992] __sys_sendmsg+0x2b0/0x3a0 [ 207.910303][ T9992] ? __pfx___sys_sendmsg+0x10/0x10 [ 207.915708][ T9992] ? vfs_write+0x7c4/0xc90 [ 207.920353][ T9992] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 207.927633][ T9992] ? do_syscall_64+0x100/0x230 [ 207.933119][ T9992] ? do_syscall_64+0xb6/0x230 [ 207.939670][ T9992] do_syscall_64+0xf3/0x230 [ 207.945556][ T9992] ? clear_bhb_loop+0x35/0x90 [ 207.951877][ T9992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.958545][ T9992] RIP: 0033:0x7fb27e775a99 [ 207.963476][ T9992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 207.986154][ T9992] RSP: 002b:00007fb27f585048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 207.996542][ T9992] RAX: ffffffffffffffda RBX: 00007fb27e903f60 RCX: 00007fb27e775a99 [ 208.005590][ T9992] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 208.013558][ T9992] RBP: 00007fb27f5850a0 R08: 0000000000000000 R09: 0000000000000000 [ 208.021520][ T9992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 208.029487][ T9992] R13: 000000000000004d R14: 00007fb27e903f60 R15: 00007ffe8a0bbfe8 [ 208.037478][ T9992] [ 208.113905][ T9988] team0: Port device netdevsim0 removed [ 208.122287][ T9995] validate_nla: 2 callbacks suppressed [ 208.122303][ T9995] netlink: 'syz.2.1615': attribute type 3 has an invalid length. [ 208.122707][ T8053] net_ratelimit: 3 callbacks suppressed [ 208.122724][ T8053] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 208.149229][ T8053] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 208.157614][ T9995] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1615'. [ 208.162127][ T9988] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 208.348430][ T8053] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 208.563042][T10021] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 208.591355][T10007] netlink: 'syz.1.1618': attribute type 24 has an invalid length. [ 208.612401][T10021] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 208.868467][T10037] netlink: 'syz.0.1628': attribute type 12 has an invalid length. [ 208.901125][T10039] netlink: 'syz.2.1630': attribute type 6 has an invalid length. [ 209.048662][T10051] netlink: 'syz.4.1635': attribute type 10 has an invalid length. [ 209.090850][T10051] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 209.116969][T10061] netlink: 'syz.0.1636': attribute type 7 has an invalid length. [ 209.133526][T10061] netlink: 'syz.0.1636': attribute type 39 has an invalid length. [ 209.145684][ T7906] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 209.178124][T10063] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 209.208760][T10063] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 209.250667][T10069] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 209.280653][T10069] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 209.368797][T10063] netlink: 'syz.2.1637': attribute type 24 has an invalid length. [ 209.799448][T10091] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 209.808732][T10091] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 209.817982][T10091] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 209.827498][T10091] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 209.856625][T10091] vxlan0: entered promiscuous mode [ 210.105744][T10114] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 210.267044][T10120] netlink: 'syz.0.1655': attribute type 1 has an invalid length. [ 210.285526][T10120] netlink: 'syz.0.1655': attribute type 1 has an invalid length. [ 210.305254][T10127] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 210.497611][T10135] IPVS: length: 4096 != 8 [ 211.225173][T10164] __nla_validate_parse: 10 callbacks suppressed [ 211.225191][T10164] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1674'. [ 211.276378][T10164] RDS: rds_bind could not find a transport for fe80::36, load rds_tcp or rds_rdma? [ 211.692933][T10182] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1679'. [ 211.864166][T10196] netlink: 'syz.2.1683': attribute type 11 has an invalid length. [ 212.018830][T10213] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1686'. [ 212.633381][T10252] --map-set only usable from mangle table [ 212.864419][T10263] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1706'. [ 212.892928][T10263] bridge0: port 4(team0) entered disabled state [ 212.899605][T10263] bridge0: port 3(dummy0) entered disabled state [ 212.906974][T10263] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.968168][T10263] bridge0: port 4(team0) entered blocking state [ 212.974744][T10263] bridge0: port 4(team0) entered forwarding state [ 212.981916][T10263] bridge0: port 3(dummy0) entered blocking state [ 212.988462][T10263] bridge0: port 3(dummy0) entered forwarding state [ 212.995348][T10263] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.002558][T10263] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.019134][T10273] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1707'. [ 213.051247][T10263] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 213.305389][ T5182] net_ratelimit: 16 callbacks suppressed [ 213.305407][ T5182] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 213.436880][T10292] validate_nla: 5 callbacks suppressed [ 213.436899][T10292] netlink: 'syz.2.1715': attribute type 4 has an invalid length. [ 213.491938][T10292] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1715'. [ 213.555969][T10298] macvtap1: entered promiscuous mode [ 213.561961][T10298] team0: entered promiscuous mode [ 213.642996][T10298] team_slave_1: entered promiscuous mode [ 213.687675][T10298] bridge0: entered promiscuous mode [ 213.714922][T10298] bridge1: entered promiscuous mode [ 213.733188][T10298] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 213.770600][T10310] netlink: 'syz.3.1719': attribute type 21 has an invalid length. [ 213.798436][T10310] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1719'. [ 213.849731][T10312] netlink: 'syz.2.1720': attribute type 17 has an invalid length. [ 213.871775][T10312] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1720'. [ 213.996421][T10324] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1724'. [ 214.019152][T10324] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1724'. [ 214.114142][T10328] netlink: 'syz.2.1725': attribute type 12 has an invalid length. [ 214.118672][ T5114] block nbd0: Receive control failed (result -107) [ 214.355648][ T7900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.421478][T10345] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.430930][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.440529][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.448829][ T7914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.457304][ T7914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 215.305032][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 215.385241][ T5182] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 215.411591][T10408] netlink: 'syz.1.1750': attribute type 5 has an invalid length. [ 215.487548][T10408] : entered promiscuous mode [ 215.735836][T10434] netlink: 'syz.3.1757': attribute type 2 has an invalid length. [ 215.874877][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 216.482724][T10485] __nla_validate_parse: 5 callbacks suppressed [ 216.482744][T10485] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1776'. [ 216.644362][T10493] xt_CT: You must specify a L4 protocol and not use inversions on it [ 216.928352][T10515] netlink: 'syz.4.1788': attribute type 34 has an invalid length. [ 217.125906][T10529] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1791'. [ 217.286300][T10532] sctp: [Deprecated]: syz.2.1793 (pid 10532) Use of int in maxseg socket option. [ 217.286300][T10532] Use struct sctp_assoc_value instead [ 217.515751][T10552] netlink: 15998 bytes leftover after parsing attributes in process `syz.0.1803'. [ 217.548961][T10554] netlink: 15998 bytes leftover after parsing attributes in process `syz.0.1803'. [ 217.632177][T10559] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1802'. [ 217.681439][T10564] FAULT_INJECTION: forcing a failure. [ 217.681439][T10564] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 217.695322][T10564] CPU: 0 PID: 10564 Comm: syz.3.1807 Not tainted 6.10.0-syzkaller-04473-g0e03c643dc93 #0 [ 217.705170][T10564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 217.721584][T10564] Call Trace: [ 217.721676][T10564] [ 217.721691][T10564] dump_stack_lvl+0x241/0x360 [ 217.721766][T10564] ? __pfx_dump_stack_lvl+0x10/0x10 [ 217.721794][T10564] ? __pfx__printk+0x10/0x10 [ 217.721822][T10564] ? snprintf+0xda/0x120 [ 217.721849][T10564] should_fail_ex+0x3b0/0x4e0 [ 217.753926][T10564] _copy_to_user+0x2f/0xb0 [ 217.758374][T10564] simple_read_from_buffer+0xca/0x150 [ 217.763770][T10564] proc_fail_nth_read+0x1e9/0x250 [ 217.768819][T10564] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 217.774376][T10564] ? rw_verify_area+0x520/0x6b0 [ 217.779240][T10564] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 217.784798][T10564] vfs_read+0x204/0xbc0 [ 217.788978][T10564] ? __pfx_lock_release+0x10/0x10 [ 217.794012][T10564] ? __pfx_vfs_read+0x10/0x10 [ 217.798698][T10564] ? __fget_files+0x29/0x470 [ 217.803293][T10564] ? __fget_files+0x3f6/0x470 [ 217.808494][T10564] ksys_read+0x1a0/0x2c0 [ 217.812872][T10564] ? __pfx_ksys_read+0x10/0x10 [ 217.818814][T10564] ? do_syscall_64+0x100/0x230 [ 217.824918][T10564] ? do_syscall_64+0xb6/0x230 [ 217.830583][T10564] do_syscall_64+0xf3/0x230 [ 217.835608][T10564] ? clear_bhb_loop+0x35/0x90 [ 217.840308][T10564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.846505][T10564] RIP: 0033:0x7f374377457c [ 217.851214][T10564] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 217.872851][T10564] RSP: 002b:00007f37431ff040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 217.881410][T10564] RAX: ffffffffffffffda RBX: 00007f3743903f60 RCX: 00007f374377457c [ 217.889931][T10564] RDX: 000000000000000f RSI: 00007f37431ff0b0 RDI: 0000000000000005 [ 217.898010][T10564] RBP: 00007f37431ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 217.906130][T10564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 217.914161][T10564] R13: 000000000000000b R14: 00007f3743903f60 R15: 00007fff3881a998 [ 217.922386][T10564] [ 218.085325][T10574] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1808'. [ 218.146397][T10577] netlink: 'syz.1.1810': attribute type 1 has an invalid length. [ 218.185858][T10579] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1811'. [ 218.207790][T10582] FAULT_INJECTION: forcing a failure. [ 218.207790][T10582] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 218.229226][T10582] CPU: 1 PID: 10582 Comm: syz.2.1813 Not tainted 6.10.0-syzkaller-04473-g0e03c643dc93 #0 [ 218.239096][T10582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 218.250078][T10582] Call Trace: [ 218.253424][T10582] [ 218.256576][T10582] dump_stack_lvl+0x241/0x360 [ 218.262371][T10582] ? __pfx_dump_stack_lvl+0x10/0x10 [ 218.268358][T10582] ? __pfx__printk+0x10/0x10 [ 218.273877][T10582] ? __pfx_lock_release+0x10/0x10 [ 218.279040][T10582] ? validate_chain+0x11e/0x5900 [ 218.284067][T10582] should_fail_ex+0x3b0/0x4e0 [ 218.288895][T10582] _copy_from_iter+0x1f6/0x1960 [ 218.293798][T10582] ? __pfx_validate_chain+0x10/0x10 [ 218.299148][T10582] ? __pfx__copy_from_iter+0x10/0x10 [ 218.304672][T10582] tun_get_user+0x25f/0x4720 [ 218.309424][T10582] ? __pfx_lock_release+0x10/0x10 [ 218.314508][T10582] ? __lock_acquire+0x1346/0x1fd0 [ 218.320151][T10582] ? __pfx_tun_get_user+0x10/0x10 [ 218.325240][T10582] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 218.331023][T10582] ? tun_get+0x1e/0x2f0 [ 218.335665][T10582] ? __pfx_lock_release+0x10/0x10 [ 218.341457][T10582] ? tun_get+0x1e/0x2f0 [ 218.345934][T10582] ? tun_get+0x27d/0x2f0 [ 218.350262][T10582] tun_chr_write_iter+0x113/0x1f0 [ 218.356998][T10582] vfs_write+0xa72/0xc90 [ 218.361513][T10582] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 218.367366][T10582] ? __pfx_vfs_write+0x10/0x10 [ 218.373268][T10582] ksys_write+0x1a0/0x2c0 [ 218.378496][T10582] ? __pfx_ksys_write+0x10/0x10 [ 218.383570][T10582] ? do_syscall_64+0x100/0x230 [ 218.388639][T10582] ? do_syscall_64+0xb6/0x230 [ 218.394759][T10582] do_syscall_64+0xf3/0x230 [ 218.400079][T10582] ? clear_bhb_loop+0x35/0x90 [ 218.405304][T10582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.412639][T10582] RIP: 0033:0x7ff079175a99 [ 218.417187][T10582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 218.437867][T10582] RSP: 002b:00007ff079e9a048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 218.447963][T10582] RAX: ffffffffffffffda RBX: 00007ff079303f60 RCX: 00007ff079175a99 [ 218.457280][T10582] RDX: 000000000000004e RSI: 0000000020000280 RDI: 0000000000000003 [ 218.468303][T10582] RBP: 00007ff079e9a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 218.477620][T10582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 218.490152][T10582] R13: 000000000000000b R14: 00007ff079303f60 R15: 00007ffee7c055f8 [ 218.501777][T10582] [ 218.564241][ T7900] net_ratelimit: 12 callbacks suppressed [ 218.564267][ T7900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.821819][T10602] netlink: 'syz.2.1820': attribute type 1 has an invalid length. [ 218.866964][T10602] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1820'. [ 219.014014][T10609] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1823'. [ 219.057865][T10609] block nbd0: NBD_DISCONNECT [ 219.074774][T10609] block nbd0: Send disconnect failed -32 [ 219.090728][T10609] block nbd0: shutting down sockets [ 219.096725][T10615] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1825'. [ 219.119406][T10615] vlan4: entered allmulticast mode [ 219.138000][T10615] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 219.474691][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 219.625265][ T7900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 219.790166][T10665] netlink: 'syz.0.1836': attribute type 24 has an invalid length. [ 219.833290][T10669] xt_TCPMSS: Only works on TCP SYN packets [ 219.912729][T10660] bridge2: entered promiscuous mode [ 219.922683][T10660] team0: Port device bridge2 added [ 220.185626][T10689] caif0: Master is either lo or non-ether device [ 220.435983][T10697] syzkaller0: entered promiscuous mode [ 220.444195][T10697] syzkaller0: entered allmulticast mode [ 220.480980][ T5687] syzkaller0: tun_net_xmit 48 [ 220.497188][T10697] syzkaller0: tun_chr_ioctl cmd 2147767520 [ 220.504591][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 220.513263][ T7913] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 220.539411][T10697] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 220.564662][T10697] syzkaller0: Linktype set failed because interface is up [ 220.612079][T10697] syzkaller0: tun_net_xmit 1280 [ 220.665876][ T5182] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 220.813216][T10723] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0 [ 220.825140][T10716] IPVS: stopping master sync thread 10723 ... [ 220.851191][T10720] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 220.866300][T10720] ip6t_srh: unknown srh match flags 4020 [ 220.921233][T10728] netlink: 'syz.1.1857': attribute type 8 has an invalid length. [ 221.544711][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 221.723154][ T5182] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 222.673762][ T5110] Bluetooth: hci3: command 0x0405 tx timeout [ 222.748019][ T7906] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 222.929883][T10716] ip6gretap0: entered promiscuous mode [ 222.936055][T10716] macsec1: entered promiscuous mode [ 222.941431][T10716] macsec1: entered allmulticast mode [ 222.947074][T10716] ip6gretap0: entered allmulticast mode [ 222.956109][T10716] ip6gretap0: left allmulticast mode [ 222.964729][T10716] ip6gretap0: left promiscuous mode [ 223.212908][T10759] __nla_validate_parse: 8 callbacks suppressed [ 223.212949][T10759] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1870'. [ 223.266171][T10760] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1870'. [ 223.306092][T10765] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1871'. [ 223.313512][T10759] netlink: 'syz.4.1870': attribute type 4 has an invalid length. [ 223.333954][T10760] netlink: 'syz.4.1870': attribute type 4 has an invalid length. [ 223.365404][T10759] netlink: 'syz.4.1870': attribute type 4 has an invalid length. [ 223.409161][T10767] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 223.784876][ T7900] net_ratelimit: 1 callbacks suppressed [ 223.784896][ T7900] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 223.841924][T10796] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1879'. [ 223.987713][T10803] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.085356][T10811] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 224.099433][T10809] netlink: 'syz.0.1886': attribute type 2 has an invalid length. [ 224.111977][T10809] netlink: 'syz.0.1886': attribute type 8 has an invalid length. [ 224.121667][T10809] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1886'. [ 224.285348][T10819] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 224.421797][T10825] syzkaller1: entered promiscuous mode [ 224.434833][T10825] syzkaller1: entered allmulticast mode [ 224.603319][T10827] tipc: Enabling of bearer rejected, failed to enable media [ 224.835280][ T7906] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 224.974866][T10850] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1903'. [ 225.064592][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 225.239233][T10868] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1912'. [ 225.260929][T10871] netdevsim netdevsim1 : renamed from netdevsim0 [ 225.592775][T10894] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1922'. [ 225.610598][T10895] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1921'. [ 226.060251][ T5182] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 226.104636][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 226.485245][T10932] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1936'. [ 226.585951][ T7914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 226.893111][T10941] syzkaller0: entered promiscuous mode [ 226.900458][T10941] syzkaller0: entered allmulticast mode [ 227.066255][ T7906] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 227.145048][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 228.902870][T10975] caif0: Master is either lo or non-ether device [ 229.155294][ T7906] net_ratelimit: 3 callbacks suppressed [ 229.155315][ T7906] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 229.207255][T10994] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1956'. [ 229.224581][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 229.268640][T10994] macvtap1: entered promiscuous mode [ 229.284672][T10994] bond0: entered promiscuous mode [ 229.295410][T10994] bond_slave_0: entered promiscuous mode [ 229.316843][T10994] bond_slave_1: entered promiscuous mode [ 229.362035][T10994] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 229.387986][T10994] mac80211_hwsim hwsim19 wlan1: entered promiscuous mode [ 229.427099][T10994] macvtap1: entered allmulticast mode [ 229.445135][T10994] bond0: entered allmulticast mode [ 229.461856][T10994] bond_slave_0: entered allmulticast mode [ 229.476794][T10994] bond_slave_1: entered allmulticast mode [ 229.494668][T10994] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 229.506245][T10994] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 229.625027][ T7914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 230.168373][T11036] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1969'. [ 230.195687][ T7906] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 230.265022][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 230.425947][T11064] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1976'. [ 230.706624][T11081] IPv6: Can't replace route, no match found [ 230.925283][T11093] xt_hashlimit: max too large, truncated to 1048576 [ 231.227572][ T7906] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 231.237047][T11115] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1997'. [ 231.304542][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 231.515246][T11131] netlink: 'syz.0.2003': attribute type 21 has an invalid length. [ 231.555519][T11131] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2003'. [ 231.598510][T11136] netlink: 'syz.1.2001': attribute type 10 has an invalid length. [ 231.643297][T11136] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2001'. [ 231.683579][T11136] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 231.763159][T11144] netlink: 47 bytes leftover after parsing attributes in process `syz.0.2006'. [ 231.918250][T11146] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 232.131874][T11166] vlan2: entered promiscuous mode [ 232.145555][T11166] bond0: (slave vlan2): Opening slave failed [ 232.202315][T11171] ɶƣ0GC¦: entered promiscuous mode [ 232.265768][ T5182] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 232.562172][T11187] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2018'. [ 232.613153][T11189] netlink: 'syz.4.2020': attribute type 2 has an invalid length. [ 232.625805][T11189] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2020'. [ 233.138737][T11211] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2029'. [ 233.163654][T11214] FAULT_INJECTION: forcing a failure. [ 233.163654][T11214] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 233.211142][T11214] CPU: 1 PID: 11214 Comm: syz.0.2030 Not tainted 6.10.0-syzkaller-04473-g0e03c643dc93 #0 [ 233.222024][T11214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 233.232758][T11214] Call Trace: [ 233.236088][T11214] [ 233.239056][T11214] dump_stack_lvl+0x241/0x360 [ 233.243906][T11214] ? __pfx_dump_stack_lvl+0x10/0x10 [ 233.249461][T11214] ? __pfx__printk+0x10/0x10 [ 233.254482][T11214] ? __pfx_lock_release+0x10/0x10 [ 233.259650][T11214] should_fail_ex+0x3b0/0x4e0 [ 233.265229][T11214] _copy_to_user+0x2f/0xb0 [ 233.271934][T11214] bpf_verifier_vlog+0x31e/0x860 [ 233.279362][T11214] __btf_verifier_log+0xd5/0x120 [ 233.285541][T11214] ? bpf_verifier_vlog+0x32b/0x860 [ 233.292340][T11214] ? __pfx___btf_verifier_log+0x10/0x10 [ 233.300285][T11214] ? btf_parse_hdr+0x1e3/0x710 [ 233.307033][T11214] btf_parse_hdr+0x3cb/0x710 [ 233.312380][T11214] btf_new_fd+0x391/0xd30 [ 233.317844][T11214] ? __pfx_btf_new_fd+0x10/0x10 [ 233.324261][T11214] ? bpf_btf_load+0xcf/0x1a0 [ 233.328865][T11214] __sys_bpf+0x6ef/0x810 [ 233.333219][T11214] ? __pfx___sys_bpf+0x10/0x10 [ 233.338021][T11214] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 233.344011][T11214] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 233.350338][T11214] ? do_syscall_64+0x100/0x230 [ 233.355105][T11214] __x64_sys_bpf+0x7c/0x90 [ 233.359525][T11214] do_syscall_64+0xf3/0x230 [ 233.364023][T11214] ? clear_bhb_loop+0x35/0x90 [ 233.368718][T11214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.374612][T11214] RIP: 0033:0x7f513d775a99 [ 233.379044][T11214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.401308][T11214] RSP: 002b:00007f513e5d1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 233.409750][T11214] RAX: ffffffffffffffda RBX: 00007f513d903f60 RCX: 00007f513d775a99 [ 233.417720][T11214] RDX: 0000000000000020 RSI: 00000000200000c0 RDI: 0000000000000012 [ 233.425698][T11214] RBP: 00007f513e5d10a0 R08: 0000000000000000 R09: 0000000000000000 [ 233.433667][T11214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 233.441638][T11214] R13: 000000000000000b R14: 00007f513d903f60 R15: 00007ffe29741a48 [ 233.449621][T11214] [ 233.531416][T11223] netlink: 'syz.3.2032': attribute type 2 has an invalid length. [ 234.046871][T11249] netlink: 'syz.3.2041': attribute type 2 has an invalid length. [ 234.074626][T11249] netlink: 'syz.3.2041': attribute type 8 has an invalid length. [ 234.100221][T11249] netlink: 'syz.3.2041': attribute type 1 has an invalid length. [ 234.125208][T11249] netlink: 'syz.3.2041': attribute type 1 has an invalid length. [ 234.134348][T11249] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.394113][T11262] netlink: 'syz.0.2046': attribute type 7 has an invalid length. [ 234.424325][T11226] net_ratelimit: 61 callbacks suppressed [ 234.424352][T11226] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 234.439804][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 234.456059][T11265] netlink: 'syz.4.2048': attribute type 2 has an invalid length. [ 234.474912][T11265] __nla_validate_parse: 2 callbacks suppressed [ 234.474958][T11265] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2048'. [ 234.506114][ T5182] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 234.719286][T11268] IPVS: persistence engine module ip_vs_pe_si not found [ 234.752933][T11278] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 235.253238][T11307] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2061'. [ 235.464662][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.540198][T11321] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2069'. [ 235.560137][ T5182] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.562398][T11321] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2069'. [ 235.632578][T11321] vlan5: entered allmulticast mode [ 235.638195][T11321] macvlan0: entered allmulticast mode [ 235.643932][T11321] veth1_vlan: entered allmulticast mode [ 235.684436][T11324] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 235.705421][ T7914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 235.907444][T11340] IPv6: sit2: Disabled Multicast RS [ 235.949021][ T7914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 236.187761][T11356] tap0: tun_chr_ioctl cmd 1074025677 [ 236.214377][T11356] tap0: linktype set to 778 [ 236.424127][T11373] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2090'. [ 236.427162][T11374] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 236.683627][T11386] openvswitch: ɶƣ0GC¦: Dropping previously announced user features [ 236.773765][T11391] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2101'. [ 236.778232][T11393] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2098'. [ 237.019486][T11407] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2107'. [ 237.029603][T11408] netlink: 256 bytes leftover after parsing attributes in process `syz.4.2106'. [ 237.188145][T11415] bond1: (slave gre1): The slave device specified does not support setting the MAC address [ 237.216568][T11415] bond1: (slave gre1): Error -95 calling set_mac_address [ 237.346529][T11425] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 237.369829][T11407] vlan2: entered promiscuous mode [ 237.400787][T11407] bond1: (slave vlan2): Opening slave failed [ 237.771179][T11446] validate_nla: 3 callbacks suppressed [ 237.771197][T11446] netlink: 'syz.1.2120': attribute type 10 has an invalid length. [ 237.798016][T11446] [ 237.801020][T11446] ====================================================== [ 237.808940][T11446] WARNING: possible circular locking dependency detected [ 237.815978][T11446] 6.10.0-syzkaller-04473-g0e03c643dc93 #0 Not tainted [ 237.822755][T11446] ------------------------------------------------------ [ 237.829786][T11446] syz.1.2120/11446 is trying to acquire lock: [ 237.835865][T11446] ffff888060a90768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_open+0xe7/0x200 [ 237.845034][T11446] [ 237.845034][T11446] but task is already holding lock: [ 237.852401][T11446] ffff888068d2cd40 (team->team_lock_key#3){+.+.}-{3:3}, at: team_add_slave+0xad/0x2760 [ 237.862115][T11446] [ 237.862115][T11446] which lock already depends on the new lock. [ 237.862115][T11446] [ 237.873977][T11446] [ 237.873977][T11446] the existing dependency chain (in reverse order) is: [ 237.883232][T11446] [ 237.883232][T11446] -> #1 (team->team_lock_key#3){+.+.}-{3:3}: [ 237.893740][T11446] lock_acquire+0x1ed/0x550 [ 237.899926][T11446] __mutex_lock+0x136/0xd70 [ 237.905484][T11448] openvswitch: netlink: Key type 1280 is out of range max 32 [ 237.906013][T11446] team_port_change_check+0x51/0x1e0 [ 237.920211][T11446] team_device_event+0x161/0x5b0 [ 237.925739][T11446] notifier_call_chain+0x19f/0x3e0 [ 237.931415][T11446] dev_close_many+0x33c/0x4c0 [ 237.936884][T11446] unregister_netdevice_many_notify+0x50b/0x1c40 [ 237.943923][T11446] macvlan_device_event+0x7e0/0x870 [ 237.949779][T11446] notifier_call_chain+0x19f/0x3e0 [ 237.955439][T11446] unregister_netdevice_many_notify+0xd81/0x1c40 [ 237.962416][T11446] unregister_netdevice_queue+0x303/0x370 [ 237.968691][T11446] _cfg80211_unregister_wdev+0x162/0x560 [ 237.974957][T11446] ieee80211_remove_interfaces+0x4db/0x700 [ 237.981394][T11446] ieee80211_unregister_hw+0x5d/0x2c0 [ 237.987332][T11446] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 237.993700][T11446] hwsim_del_radio_nl+0x5bd/0x600 [ 237.999798][T11446] genl_rcv_msg+0xb14/0xec0 [ 238.005012][T11446] netlink_rcv_skb+0x1e3/0x430 [ 238.010513][T11446] genl_rcv+0x28/0x40 [ 238.015074][T11446] netlink_unicast+0x7f0/0x990 [ 238.020550][T11446] netlink_sendmsg+0x8e4/0xcb0 [ 238.025959][T11446] __sock_sendmsg+0x221/0x270 [ 238.031364][T11446] ____sys_sendmsg+0x525/0x7d0 [ 238.036946][T11446] __sys_sendmsg+0x2b0/0x3a0 [ 238.042207][T11446] do_syscall_64+0xf3/0x230 [ 238.047425][T11446] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.053979][T11446] [ 238.053979][T11446] -> #0 (&rdev->wiphy.mtx){+.+.}-{3:3}: [ 238.061803][T11446] validate_chain+0x18e0/0x5900 [ 238.068114][T11446] __lock_acquire+0x1346/0x1fd0 [ 238.075108][T11446] lock_acquire+0x1ed/0x550 [ 238.080880][T11446] __mutex_lock+0x136/0xd70 [ 238.088608][T11446] ieee80211_open+0xe7/0x200 [ 238.095855][T11446] __dev_open+0x2d3/0x450 [ 238.103587][T11446] dev_open+0xae/0x1b0 [ 238.110510][T11446] team_add_slave+0x9c8/0x2760 [ 238.116757][T11446] do_setlink+0xe70/0x41f0 [ 238.122646][T11446] rtnl_newlink+0x180d/0x20a0 [ 238.129341][T11446] rtnetlink_rcv_msg+0x73f/0xcf0 [ 238.135643][T11446] netlink_rcv_skb+0x1e3/0x430 [ 238.141704][T11446] netlink_unicast+0x7f0/0x990 [ 238.147488][T11446] netlink_sendmsg+0x8e4/0xcb0 [ 238.153288][T11446] __sock_sendmsg+0x221/0x270 [ 238.158544][T11446] ____sys_sendmsg+0x525/0x7d0 [ 238.163882][T11446] __sys_sendmsg+0x2b0/0x3a0 [ 238.168992][T11446] do_syscall_64+0xf3/0x230 [ 238.174007][T11446] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.180431][T11446] [ 238.180431][T11446] other info that might help us debug this: [ 238.180431][T11446] [ 238.190658][T11446] Possible unsafe locking scenario: [ 238.190658][T11446] [ 238.198095][T11446] CPU0 CPU1 [ 238.203451][T11446] ---- ---- [ 238.208802][T11446] lock(team->team_lock_key#3); [ 238.214641][T11446] lock(&rdev->wiphy.mtx); [ 238.224405][T11446] lock(team->team_lock_key#3); [ 238.234201][T11446] lock(&rdev->wiphy.mtx); [ 238.238722][T11446] [ 238.238722][T11446] *** DEADLOCK *** [ 238.238722][T11446] [ 238.246876][T11446] 2 locks held by syz.1.2120/11446: [ 238.252062][T11446] #0: ffffffff8f5f1788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 238.261473][T11446] #1: ffff888068d2cd40 (team->team_lock_key#3){+.+.}-{3:3}, at: team_add_slave+0xad/0x2760 [ 238.271693][T11446] [ 238.271693][T11446] stack backtrace: [ 238.277578][T11446] CPU: 0 PID: 11446 Comm: syz.1.2120 Not tainted 6.10.0-syzkaller-04473-g0e03c643dc93 #0 [ 238.287518][T11446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 238.297578][T11446] Call Trace: [ 238.300853][T11446] [ 238.303779][T11446] dump_stack_lvl+0x241/0x360 [ 238.308464][T11446] ? __pfx_dump_stack_lvl+0x10/0x10 [ 238.313710][T11446] ? print_circular_bug+0x130/0x1a0 [ 238.319625][T11446] check_noncircular+0x36a/0x4a0 [ 238.325594][T11446] ? __pfx_check_noncircular+0x10/0x10 [ 238.333683][T11446] ? lockdep_lock+0x123/0x2b0 [ 238.341043][T11446] ? validate_chain+0x11e/0x5900 [ 238.346389][T11446] ? mark_lock+0x9a/0x350 [ 238.352627][T11446] ? _find_first_zero_bit+0xd3/0x100 [ 238.358127][T11446] validate_chain+0x18e0/0x5900 [ 238.363136][T11446] ? __pfx_validate_chain+0x10/0x10 [ 238.368782][T11446] ? mark_lock+0x9a/0x350 [ 238.373683][T11446] ? __pfx_validate_chain+0x10/0x10 [ 238.379008][T11446] ? __pfx_validate_chain+0x10/0x10 [ 238.384420][T11446] ? mark_lock+0x9a/0x350 [ 238.388881][T11446] ? __lock_acquire+0x1346/0x1fd0 [ 238.394448][T11446] ? mark_lock+0x9a/0x350 [ 238.398990][T11446] __lock_acquire+0x1346/0x1fd0 [ 238.404687][T11446] lock_acquire+0x1ed/0x550 [ 238.409690][T11446] ? ieee80211_open+0xe7/0x200 [ 238.415278][T11446] ? __pfx_lock_acquire+0x10/0x10 [ 238.420334][T11446] ? __pfx___might_resched+0x10/0x10 [ 238.425910][T11446] ? ib_device_get_by_netdev+0x595/0x5e0 [ 238.431609][T11446] ? ib_device_get_by_netdev+0x85/0x5e0 [ 238.438009][T11446] ? __pfx_ib_device_get_by_netdev+0x10/0x10 [ 238.448095][T11446] ? net_generic+0x1f/0x240 [ 238.452744][T11446] ? net_generic+0x1f0/0x240 [ 238.457575][T11446] __mutex_lock+0x136/0xd70 [ 238.462741][T11446] ? ieee80211_open+0xe7/0x200 [ 238.467887][T11446] ? rxe_notify+0xef/0x4c0 [ 238.472346][T11446] ? __pfx_vxlan_netdevice_event+0x10/0x10 [ 238.478200][T11446] ? __pfx_rxe_notify+0x10/0x10 [ 238.483112][T11446] ? is_hsr_master+0x19/0x70 [ 238.489058][T11446] ? ieee80211_open+0xe7/0x200 [ 238.494149][T11446] ? __pfx___mutex_lock+0x10/0x10 [ 238.499296][T11446] ? ip6_route_dev_notify+0x99/0x600 [ 238.504962][T11446] ieee80211_open+0xe7/0x200 [ 238.509675][T11446] __dev_open+0x2d3/0x450 [ 238.514823][T11446] ? __pfx___dev_open+0x10/0x10 [ 238.520167][T11446] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 238.526893][T11446] dev_open+0xae/0x1b0 [ 238.532466][T11446] ? __pfx_dev_open+0x10/0x10 [ 238.539443][T11446] ? rcu_is_watching+0x15/0xb0 [ 238.549244][T11446] ? team_add_slave+0x69e/0x2760 [ 238.554303][T11446] ? team_add_slave+0x8b5/0x2760 [ 238.560691][T11446] team_add_slave+0x9c8/0x2760 [ 238.566154][T11446] ? __dev_change_flags+0x515/0x6f0 [ 238.573413][T11446] ? __pfx_team_add_slave+0x10/0x10 [ 238.580956][T11446] ? __pfx___dev_change_flags+0x10/0x10 [ 238.588217][T11446] ? preempt_count_add+0x93/0x190 [ 238.593353][T11446] ? vprintk_emit+0x631/0x770 [ 238.598048][T11446] ? mutex_is_locked+0x12/0x50 [ 238.602837][T11446] do_setlink+0xe70/0x41f0 [ 238.607254][T11446] ? _printk+0xd5/0x120 [ 238.611403][T11446] ? __nla_validate_parse+0x4f4/0x3090 [ 238.616859][T11446] ? __pfx__printk+0x10/0x10 [ 238.621442][T11446] ? __pfx_do_setlink+0x10/0x10 [ 238.626310][T11446] ? __nla_validate_parse+0x26ce/0x3090 [ 238.631857][T11446] ? kmalloc_trace_noprof+0x19c/0x2c0 [ 238.637220][T11446] ? rtnl_newlink+0xf2/0x20a0 [ 238.641905][T11446] ? __pfx___nla_validate_parse+0x10/0x10 [ 238.647835][T11446] ? validate_linkmsg+0x71e/0x900 [ 238.653345][T11446] rtnl_newlink+0x180d/0x20a0 [ 238.660189][T11446] ? rtnl_newlink+0x531/0x20a0 [ 238.666551][T11446] ? __pfx_rtnl_newlink+0x10/0x10 [ 238.672297][T11446] ? __pfx___mutex_trylock_common+0x10/0x10 [ 238.678204][T11446] ? rcu_is_watching+0x15/0xb0 [ 238.682972][T11446] ? trace_contention_end+0x3c/0x120 [ 238.688261][T11446] ? __mutex_lock+0x2ef/0xd70 [ 238.692957][T11446] ? __pfx_lock_release+0x10/0x10 [ 238.697995][T11446] ? __pfx_rtnl_newlink+0x10/0x10 [ 238.703026][T11446] rtnetlink_rcv_msg+0x73f/0xcf0 [ 238.707966][T11446] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 238.713082][T11446] ? __lock_acquire+0x1346/0x1fd0 [ 238.718108][T11446] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 238.723591][T11446] netlink_rcv_skb+0x1e3/0x430 [ 238.728365][T11446] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 238.733828][T11446] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 238.739139][T11446] ? netlink_deliver_tap+0x2e/0x1b0 [ 238.744402][T11446] netlink_unicast+0x7f0/0x990 [ 238.749185][T11446] ? __pfx_netlink_unicast+0x10/0x10 [ 238.755797][T11446] ? __virt_addr_valid+0x183/0x530 [ 238.761314][T11446] ? __check_object_size+0x49c/0x900 [ 238.768427][T11446] ? bpf_lsm_netlink_send+0x9/0x10 [ 238.779021][T11446] netlink_sendmsg+0x8e4/0xcb0 [ 238.783845][T11446] ? __pfx_netlink_sendmsg+0x10/0x10 [ 238.789389][T11446] ? __import_iovec+0x536/0x820 [ 238.794705][T11446] ? aa_sock_msg_perm+0x91/0x160 [ 238.799671][T11446] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 238.805072][T11446] ? security_socket_sendmsg+0x87/0xb0 [ 238.810752][T11446] ? __pfx_netlink_sendmsg+0x10/0x10 [ 238.816078][T11446] __sock_sendmsg+0x221/0x270 [ 238.820874][T11446] ____sys_sendmsg+0x525/0x7d0 [ 238.825762][T11446] ? __pfx_____sys_sendmsg+0x10/0x10 [ 238.831624][T11446] __sys_sendmsg+0x2b0/0x3a0 [ 238.836384][T11446] ? __pfx___sys_sendmsg+0x10/0x10 [ 238.842227][T11446] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 238.849123][T11446] ? do_syscall_64+0x100/0x230 [ 238.853909][T11446] ? do_syscall_64+0xb6/0x230 [ 238.858604][T11446] do_syscall_64+0xf3/0x230 [ 238.863886][T11446] ? clear_bhb_loop+0x35/0x90 [ 238.869210][T11446] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.875487][T11446] RIP: 0033:0x7fb27e775a99 [ 238.880012][T11446] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.900078][T11446] RSP: 002b:00007fb27f585048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 238.908611][T11446] RAX: ffffffffffffffda RBX: 00007fb27e903f60 RCX: 00007fb27e775a99 [ 238.916597][T11446] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000003 [ 238.924755][T11446] RBP: 00007fb27e7e4e5d R08: 0000000000000000 R09: 0000000000000000 [ 238.932931][T11446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 238.941225][T11446] R13: 000000000000004d R14: 00007fb27e903f60 R15: 00007ffe8a0bbfe8 [ 238.951765][T11446] [ 238.990057][T11446] mac80211_hwsim hwsim6 wlan1: entered promiscuous mode [ 239.011978][T11446] team0: Port device wlan1 added [ 239.022661][T11451] netlink: 'syz.2.2122': attribute type 10 has an invalid length. [ 239.037797][T11451] bridge0: port 4(team0) entered disabled state [ 239.046078][T11451] team0: left allmulticast mode [ 239.054778][T11451] team_slave_0: left allmulticast mode [ 239.060279][T11451] team_slave_1: left allmulticast mode [ 239.081193][T11451] netdevsim netdevsim2 netdevsim0: left allmulticast mode [ 239.095729][T11451] vlan4: left allmulticast mode [ 239.102283][T11451] batadv0: left allmulticast mode [ 239.109894][T11451] team0: left promiscuous mode [ 239.115082][T11451] team_slave_0: left promiscuous mode [ 239.120682][T11451] team_slave_1: left promiscuous mode [ 239.126474][T11451] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 239.133968][T11451] bridge0: port 4(team0) entered disabled state