last executing test programs: 31.91661969s ago: executing program 4 (id=1858): r0 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000000040), 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, r0, 0x0, 0x7, &(0x7f0000000000)='\x00\x00\x00\x00\x00\x00\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@cgroup=r1, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 31.865908709s ago: executing program 4 (id=1859): r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$l2tp6(0xa, 0x2, 0x73) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'sit0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000080)={@empty, 0x33, r3}) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r4, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2800444}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x18, 0x140a, 0x800, 0x70bd27, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}}, 0x80c1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000ac0)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)=ANY=[@ANYRES32=r8, @ANYRES32=r7, @ANYBLOB="02"], 0x10) r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r10 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r10, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) r11 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r11, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r11, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x33}, 0xfffffffd, 0x33}, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0x2}, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0xfffffffe}}, 0xe8) sendmmsg(r11, &(0x7f0000000480), 0x21, 0x0) r12 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r12, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="8400000012000501000000000000000005001900ff00000044"], 0x84}, 0x1, 0x0, 0x0, 0x40}, 0x20040810) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000f00)=ANY=[@ANYRES32=r9, @ANYRES32=r6, @ANYBLOB="02"], 0x10) setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, &(0x7f0000000040)=0x1, 0x4) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000780)={0x1d, r5}, 0x10, &(0x7f0000000200)={&(0x7f0000000fc0)=@can={{}, 0x0, 0x0, 0x0, 0x0, "b171164680a4bf03"}, 0x48}}, 0x0) 31.656180003s ago: executing program 4 (id=1863): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0xe, 0x0, &(0x7f0000001300), &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, 0xf, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, 0x16, 0x1, 0x0, 0x0, {0xa}, [@typed={0x4}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@mcast1}]}, 0x2c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000880)={0x0, 0xfffffffffffffe62, &(0x7f0000000840)={&(0x7f00000009c0)=@bridge_getlink={0x28, 0x12, 0x101, 0x0, 0xffffffe0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x4000}, [@IFLA_EXT_MASK={0x8, 0x1d, 0xc3}]}, 0x28}}, 0x0) 31.272112547s ago: executing program 4 (id=1868): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r1, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000300)="c1", 0x1}], 0x1}, 0x0) (async) setsockopt$sock_int(r2, 0x1, 0x200000010, &(0x7f0000000000)=0xfffffffc, 0x4) recvmsg$unix(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)}, 0x40000000) r3 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) (async) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff3, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xfffa, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x84}]}}]}, 0x44}}, 0x24000000) r5 = socket$netlink(0x10, 0x3, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) 21.736213373s ago: executing program 4 (id=1868): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r1, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000300)="c1", 0x1}], 0x1}, 0x0) (async) setsockopt$sock_int(r2, 0x1, 0x200000010, &(0x7f0000000000)=0xfffffffc, 0x4) recvmsg$unix(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)}, 0x40000000) r3 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) (async) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff3, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xfffa, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x84}]}}]}, 0x44}}, 0x24000000) r5 = socket$netlink(0x10, 0x3, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) 10.018068567s ago: executing program 4 (id=1868): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r1, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000300)="c1", 0x1}], 0x1}, 0x0) (async) setsockopt$sock_int(r2, 0x1, 0x200000010, &(0x7f0000000000)=0xfffffffc, 0x4) recvmsg$unix(r2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)}, 0x40000000) r3 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) (async) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff3, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0xfffa, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x84}]}}]}, 0x44}}, 0x24000000) r5 = socket$netlink(0x10, 0x3, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.788829113s ago: executing program 3 (id=2166): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_DELTABLE={0x204, 0x2, 0xa, 0x401, 0x0, 0x0, {0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_USERDATA={0xde, 0x6, "625f29f656d7a543723e2ab51123b61cc383c087b94c80ff3aa7f71a65659b153bb50db4367ec820cfbc6e46058fdf5a9c79022e76467607d059719cbab4d44c0b5557574a4cf6d54a82561268a32d84e046ce97cbc6e438b12f7b388caaa9c6ec07c680843a4d884a8e47af3248bae1039bb15d3d01d2d781c80f975d5a2829c5d8191b08594805289ef7eeda0a722c9b228c9e5161a79e87d049b2ca54a3e92d876e59899a619aa8a00fe1d09731fc70b7684f6ab9cf7b405b20bccda9bbe0eaa59638a8b74ec29c30a16fd9b3bc0c7825d972dd776c893427"}, @NFTA_TABLE_USERDATA={0x101, 0x6, "fa4529aaac896a7b1875da2053db9fc7d4b0f05f0ea786d62430e2deb6c4b1a2a5b4cc8c4033de907f0b6a2e6ab590623a5af2a72417775a657856ba1de36c76f5abfe58d967674ace28b96568035c80e61bd7c706c8ea4176ae0826003c24a64822c907b546d5d4519158ba91c3a1912a39af60fc68b2ccf9812f461ecdd169eb5372452c1aec41c0e396cbfaa6e2e6b77c54227a81ec856081e5bb8d1638b4a5636ceda9bce1b165064a5dccd027f3bda854cedfe4b2a2a252b8645346fdd352f496f8528b6ff257d5c3016a519de9350a8a951c3c85c979f65ddb0c8c45c7a9ea71b67b2052f5baad8330e3038bf546c2bac3fefda1c6f5dcb8cf32"}]}, @NFT_MSG_NEWTABLE={0x44, 0x0, 0xa, 0x801, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x4}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x270}, 0x1, 0x0, 0x0, 0x800}, 0x2000c085) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'veth0_to_team\x00', 0x0}) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001200000008000700010000000c00018008000100", @ANYRES32=r3, @ANYBLOB="080006"], 0x30}}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f00000001c0), &(0x7f0000000200)=0x4) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x6, 0x1, &(0x7f0000000000)=@ccm_128={{0x304}, "37e37535de9553bb", "dbd93b660c212100ede52c9df59855cf", "5c841ff6", "05adc2593369aca7"}, 0x28) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000040)={'batadv0\x00', &(0x7f0000000340)=@ethtool_coalesce={0xe, 0x3, 0xe4, 0x0, 0x113e, 0x7fffffff, 0x9, 0x100, 0x0, 0x8, 0xa9f, 0x0, 0x1, 0x73, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffc}}) sendmsg$NFNL_MSG_CTHELPER_NEW(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20008004}, 0x20004000) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x303, 0x36}, "b1d65ab71f5ef2fe", "9e8ecc7bb5352776725e1047711330ff2bb17b550800", "dc5d3f00", "46b0dc72b7b1d30e"}, 0x38) 1.785253351s ago: executing program 1 (id=2167): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000600)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, 0x0, 0x8000) sendmsg$NFT_MSG_GETOBJ_RESET(r1, 0x0, 0x4000) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f0000002100)={0x0, 0x0, &(0x7f00000020c0)={&(0x7f0000002080)={0x38, r2, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x2a}, @void, @val={0xc, 0x99, {0x80000000, 0x5f}}}}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_NETNS_FD={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x8040}, 0x8080) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)={0x20, 0x5e, 0xe25, 0x0, 0x0, "", [@nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @u32=0x6}]}, @nested={0x4}]}, 0x20}], 0x1}, 0x0) sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0xa8, r2, 0x0, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_CQM={0x24, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x9c6}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x14a}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x10000}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0xc86}]}, @NL80211_ATTR_CQM={0x1c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x8}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x134}, @NL80211_ATTR_CQM_RSSI_THOLD={0x8, 0x1, [0x3]}]}, @NL80211_ATTR_CQM={0x34, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x17}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x3}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x3a7}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0xc0000000}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x46}, @NL80211_ATTR_CQM_RSSI_THOLD={0x8, 0x1, [0x7]}]}, @NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x6fc}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x5}]}, @NL80211_ATTR_CQM={0xc, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x80}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x40801}, 0x20004011) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0) sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x78, r5, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x20048041}, 0x20000800) 1.656084528s ago: executing program 1 (id=2168): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTLQI(r0, 0x0, 0x3, &(0x7f0000000000)=0x1, 0x4) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="06ce657420"], 0x5) splice(r1, 0x0, r3, 0x0, 0x3, 0x4) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=@newlink={0x50, 0x10, 0x2, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40, 0x6278}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x18, 0x2, 0x0, 0x1, @val={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x444c}}}}}}, @IFLA_GROUP={0x8, 0x1b, 0x55690764}]}, 0x50}}, 0x0) 1.491479709s ago: executing program 1 (id=2171): r0 = socket(0x1a, 0x1, 0xfffffffc) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000140)={0x8e54}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x2, {0x0, 0x0, 0x0, 0x0, {0xb}, {0xffff, 0xffff}, {0x0, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000005500010e0e0000000000000007000000", @ANYRES32=r2, @ANYBLOB="200001"], 0x38}}, 0x0) write(r0, &(0x7f00000000c0)="1800000016005f0214fffffffffffff8070000000e000000", 0x18) 1.490690902s ago: executing program 3 (id=2172): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r1) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="00000000408000001800128008000100736974000c00028008000100", @ANYRES32=r2], 0x38}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000400)={'sit0\x00', r2, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @empty}}}}) 1.385607572s ago: executing program 3 (id=2174): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700) pwritev(r0, &(0x7f00000004c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="db", 0xfffff000}], 0x3, 0x8040000, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0xb, &(0x7f0000000180)=@framed={{}, [@ldst={0x2, 0x0, 0x3, 0x1, 0x0, 0x18}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x6}, @generic={0x5, 0x3, 0x0, 0xffff, 0xfffffffa}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1.374604026s ago: executing program 1 (id=2175): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB="54000000090601080040000000000000050000000900020073797a310006000005000100070000002c000780060004404e21000005000700ff0000000c000180080001400a0101010c00028008000140"], 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000001f40)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000001f00)={&(0x7f0000001e80)={0x5c, 0x3, 0x6, 0x301, 0x0, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x80}, 0x40000) 1.275987804s ago: executing program 2 (id=2176): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x0, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x0, 0x3, 0x0, 0x0, 0x80000}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x4}}}}]}]}, 0x70}}, 0x44010) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00'}) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) setsockopt$RDS_CANCEL_SENT_TO(r1, 0x114, 0x1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0xd8, 0x24, 0xf0b, 0x0, 0x1000000, {0x0, 0x0, 0x12, r3, {0x0, 0x300}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0xa8, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x0, 0x0, 0x0, 0xd645, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffff]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x34, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x3f0000}]}, {0x24, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x6}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x2}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xbff3}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0xd5}]}]}, @TCA_TAPRIO_ATTR_TXTIME_DELAY={0x8, 0xb, 0x4}]}}]}, 0xd8}, 0x1, 0x7a00}, 0x0) 1.275076698s ago: executing program 3 (id=2177): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000006911d8000000000005000000000000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1.192530731s ago: executing program 1 (id=2179): sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000c80)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000800)=',', 0x1}], 0x1}}], 0x1, 0x0) r0 = socket$inet6(0xa, 0x802, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x4000000, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x8, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x2}, 0x1c) sendmmsg(r0, &(0x7f0000002cc0), 0x1a3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) setsockopt(r1, 0x9, 0x10000, &(0x7f0000000040)="f4f8690888ad5af3c5e092ad1a45a0256208c8850ff359", 0x17) sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.112022037s ago: executing program 3 (id=2180): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x64}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e01, @local}, 0x10) sendmsg$rds(r3, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000000, 0x12, r2, 0x0) mmap(&(0x7f00004ef000/0x4000)=nil, 0x4000, 0x2000006, 0x12, r2, 0x0) mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000008, 0x21013, r4, 0xdd8f7000) mmap(&(0x7f0000601000/0x3000)=nil, 0x3000, 0x2800007, 0x8032, 0xffffffffffffffff, 0x800000000000000) sendmsg$nl_route(r1, 0x0, 0x0) 1.068391671s ago: executing program 2 (id=2182): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_UPDELAY={0x8}]}}}]}, 0x3c}, 0x1, 0x2000000000000000}, 0x0) (async) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000000)={0x0, 'bridge_slave_0\x00', {0x4}, 0x2}) 1.015706414s ago: executing program 1 (id=2183): r0 = socket(0x2b, 0x1, 0x0) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r1, 0x1, 0x2c, &(0x7f0000000040)=0x800, 0x4) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1b, &(0x7f0000000000)={0x0, 0x0}, 0x10) sendmsg$rds(0xffffffffffffffff, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10, 0x0}, 0x0) r2 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r2, &(0x7f0000001f80)=[{{&(0x7f00000022c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000440)=[{&(0x7f0000002300)="ef", 0x1}], 0x1}}, {{&(0x7f0000000080)={0x2, 0x0, @private=0xa010102}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000200)='~', 0x1}], 0x1}}], 0x2, 0x0) r3 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000180)={0x101, 0x4, 0x1f4bf1ba, 0x0, r4}, 0x10) listen(r0, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r5, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r6, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) setsockopt$sock_attach_bpf(r5, 0x1, 0xd, &(0x7f00000000c0), 0x4) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0xe4, 0x24, 0x20, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xd, 0xc}, {0xfffa, 0x10}, {0xffe0, 0x9}}, [@TCA_STAB={0x70, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x36, 0xb0, 0x0, 0x7, 0x0, 0x0, 0x40, 0x1}}, {0x6, 0x2, [0x5ae]}}, {{0x1c, 0x1, {0x8, 0x26, 0x3, 0x0, 0x1, 0x0, 0xc, 0x1}}, {0x6, 0x2, [0x400]}}, {{0x1c, 0x1, {0x6, 0x6, 0x3, 0x1, 0x2, 0x3, 0x5, 0x2}}, {0x8, 0x2, [0x4, 0x2]}}]}, @qdisc_kind_options=@q_qfg={0x8}, @qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x9, "23b80e98653164d8897a7d1d6b979f4c"}}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x6}, @qdisc_kind_options=@q_taprio={{0xb}, {0x10, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME_EXTENSION={0xc, 0x9, 0x2}]}}]}, 0xe4}}, 0x0) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="04000000", @ANYRES16=0x0, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=0x0, @ANYBLOB="35000e0080000000ffffffffffff08021100000050505050505040000000000000000000640007100006020202020202250300ab4b00000005ff7f00000602020202020204002a0008000c000001000008000d"], 0x74}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c00018006000600800a000004050280ff0414"], 0x528}}, 0xc000) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@base={0x7, 0x4, 0x300, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r8, &(0x7f0000000000), 0x0}, 0x20) sendmsg$ETHTOOL_MSG_WOL_GET(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) 940.128196ms ago: executing program 0 (id=2184): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r1) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="00000000408000001800128008000100736974000c00028008000100", @ANYRES32=r2], 0x38}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000400)={'sit0\x00', r2, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @empty}}}}) 897.825561ms ago: executing program 2 (id=2185): bpf$TOKEN_CREATE(0x24, &(0x7f0000000280), 0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0004000000000000000002000000140001800600010002000000080006000400000091de2db6d113327cbb41dd4b8b862520956e7e14da5cf0e9b2d48c1cd966a531d886367d3e20cd9be4a0837aae351eea75fb1045d305ee85d20e261ac60d45868d74770b7b4bf70e5088"], 0x28}}, 0x20000000) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r2, 0x0) sendmmsg$sock(r2, &(0x7f0000000280)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b00010065727370616e000014"], 0x44}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000190001002dbd7000fedbdf2502201498ff02ff0b00160000304fbcf41cd160995bea2ff7cff8b6b22b7b5d49f98a9405da3f428bbfe04ac801d90f8acee60e74e0f19e2d3f3cfc41e3b489105f63de2d85b644526d8a15eb8b32526d17138ccde56a44b5b26640f73b3f1a2dad4368d68b7df6d00b0a9bd0bd96259d8c1ca61c610d516cf4524ebce8c1414a8e95ebaa5396e33e06f325cb207534f269689c56686d397864e36c30446ef99ad9149151e1fcae6549e33df6fffc4bb4aa4af19ea7cf2a5e979b9ef3d3eaac91a8"], 0x1c}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0xfffffffffffffea0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x4c804}, 0x4000041) r3 = socket(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f0000000000), 0x400000000000235, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_MON_PEER_GET(r5, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r6, &(0x7f0000000000)={0x1f, 0x8ef, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r7 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPCONNADD(r7, 0x400442c8, &(0x7f00000000c0)=ANY=[@ANYRES32=r6]) r8 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000000)={0x2041, 0x2}, 0x10) 755.41482ms ago: executing program 0 (id=2186): socket$inet_tcp(0x2, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={0x28, r1, 0x921, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT={0x8, 0xb, 0x9}]}]}, 0x28}}, 0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x73, &(0x7f00000004c0)={0x0, 0x2, 0x0, 0x0, 0x2}, &(0x7f0000000500)=0x18) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@ipv4_newroute={0x30, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@RTA_ENCAP={0x14, 0x9, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_VXLAN={0xc, 0x3, 0x0, 0x1, @LWTUNNEL_IP_OPT_VXLAN_GBP={0x8, 0x5}}}}]}, 0x30}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0xa4}, [@ldst={0x4}]}, &(0x7f0000000080)='GPL\x00', 0x8, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) socket$inet_tcp(0x2, 0x1, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) (async) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={0x28, r1, 0x921, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT={0x8, 0xb, 0x9}]}]}, 0x28}}, 0x0) (async) socket$inet_sctp(0x2, 0x1, 0x84) (async) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x73, &(0x7f00000004c0)={0x0, 0x2, 0x0, 0x0, 0x2}, &(0x7f0000000500)=0x18) (async) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@ipv4_newroute={0x30, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@RTA_ENCAP={0x14, 0x9, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_VXLAN={0xc, 0x3, 0x0, 0x1, @LWTUNNEL_IP_OPT_VXLAN_GBP={0x8, 0x5}}}}]}, 0x30}}, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0xa4}, [@ldst={0x4}]}, &(0x7f0000000080)='GPL\x00', 0x8, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async) 595.497934ms ago: executing program 2 (id=2187): r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f0000000000)=[{{0x1, 0x0, 0x0, 0x1}, {0x1, 0x1, 0x0, 0x1}}, {{0x3, 0x1, 0x1}, {0x0, 0x0, 0x1, 0x1}}, {{0x4, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}, {{0x3}, {0x4, 0x0, 0x1}}, {{0x3}, {0x3, 0x1, 0x1}}, {{0x4, 0x0, 0x1, 0x1}, {0x4, 0x1, 0x0, 0x1}}, {{0x0, 0x1, 0x1, 0x1}, {0x3, 0x1, 0x0, 0x1}}, {{0x0, 0x1, 0x1}, {0x3}}], 0x40) r1 = socket$packet(0x11, 0x2, 0x300) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000080)=0x14) setsockopt$CAN_RAW_JOIN_FILTERS(r0, 0x65, 0x6, &(0x7f00000000c0), 0x4) r3 = accept4(r0, 0x0, &(0x7f0000000100), 0x800) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xe4, 0x0, 0x1, 0x801, 0x0, 0x0, {0x7, 0x0, 0x2}, [@CTA_FILTER={0x1c, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x6d0}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x8}]}, @CTA_TUPLE_MASTER={0x68, 0xe, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010101}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x3a}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010102}, {0x8, 0x2, @loopback}}}]}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x9}, @CTA_SEQ_ADJ_ORIG={0x1c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x15e0}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xf5}]}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x4}, @CTA_LABELS_MASK={0x18, 0x17, [0x4, 0x200, 0x7f, 0xfff, 0x5]}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0xb5}]}, 0xe4}, 0x1, 0x0, 0x0, 0x10}, 0x8000) gettid() ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f0000000300)={@loopback, 0x58, r2}) openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x5ba876a7f4708e1e, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r3) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000400)={r3, 0x0, 0x6, 0x8000000000000001}) r6 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r3, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x50, r4, 0x800, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x4b}, @void, @val={0xc, 0x99, {0x4, 0x64}}}}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x1f}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x61}, @NL80211_ATTR_NETNS_FD={0x8}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r5}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r6}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000840}, 0x4) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r7, &(0x7f00000006c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000680)={&(0x7f0000000580)={0xcc, r4, 0x200, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_IE={0xb5, 0x2a, [@ext_channel_switch={0x3c, 0x4, {0x0, 0xfd, 0xb6, 0xfa}}, @ht={0x2d, 0x1a, {0x2, 0x0, 0x2, 0x0, {0xffffffffffff7fff, 0x1, 0x0, 0x4, 0x0, 0x0, 0x1, 0x2}, 0x400, 0x8, 0x7}}, @tim={0x5, 0x55, {0x5, 0x40, 0xe7, "2e061d9f451500ffc932f7acd99cd7bf945da772b9c1832c31a1e1d55004567cba96626a4ce90babe93039234a063e664cc0e21d58f646f305a12f30f4ac1b2d65b71ef57d4b1a95a49a4732539781322057"}}, @link_id={0x65, 0x12, {@from_mac=@device_b, @broadcast}}, @supported_rates={0x1, 0x6, [{0xb, 0x1}, {0xc, 0x1}, {0x3, 0x1}, {0x2}, {0x1}, {0x4}]}, @ht={0x2d, 0x1a, {0x1000, 0x1, 0x5, 0x0, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x800, 0x101, 0x7}}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x40880}, 0x40040) r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000740), r5) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r5, &(0x7f0000000840)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x68, r8, 0x4, 0x70bd2a, 0x25dfdbff, {{}, {}, {0x4c, 0x18, {0xf61, @media='eth\x00'}}}, ["", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x44000}, 0x4000) r9 = syz_genetlink_get_family_id$batadv(&(0x7f00000008c0), r0) sendmsg$BATADV_CMD_GET_GATEWAYS(r3, &(0x7f00000009c0)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000980)={&(0x7f0000000900)={0x48, r9, 0x100, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xc}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x9}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x5cfe}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000880) sendmsg$ETHTOOL_MSG_RINGS_SET(r3, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x24, 0x0, 0x100, 0x70bd26, 0x25dfdbfd, {}, [@ETHTOOL_A_RINGS_RX_JUMBO={0x8, 0x8, 0x2}, @ETHTOOL_A_RINGS_RX_MINI={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r5, 0x8983, &(0x7f0000000b00)={0x6, 'ip6tnl0\x00', {0x60}, 0x4}) r10 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000b80), r3) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f0000000c80)={&(0x7f0000000b40)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x44, r10, 0x20, 0x70bd2d, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @local}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private1={0xfc, 0x1, '\x00', 0x1}}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x5}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000050}, 0x4000) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000cc0)={0x3, 0x200, 0x5, 0x7fff, 0x0}, &(0x7f0000000d00)=0x10) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000d40)={r11, 0x7}, &(0x7f0000000d80)=0x8) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r7, &(0x7f0000000e80)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x88}, 0xc, &(0x7f0000000e40)={&(0x7f0000000e00)={0x24, 0x0, 0x20, 0x70bd26, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x20000854) socket$nl_route(0x10, 0x3, 0x0) socket(0xa, 0xa, 0x1) sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000001000)={&(0x7f0000000ec0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000fc0)={&(0x7f0000000f40)={0x68, 0x0, 0x800, 0x70bd27, 0x25dfdbff, {}, [@SEG6_ATTR_DST={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0xffff}, @SEG6_ATTR_DST={0x14, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}}, @SEG6_ATTR_DST={0x14, 0x1, @mcast1}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}]}, 0x68}, 0x1, 0x0, 0x0, 0x4000040}, 0xc800) 560.844537ms ago: executing program 0 (id=2188): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 416.756857ms ago: executing program 0 (id=2189): pipe(&(0x7f0000000240)={0xffffffffffffffff}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r0) openat$tun(0xffffffffffffff9c, 0x0, 0x101840, 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9feb010018000000000000d0006c0000006c000000050000000200000000000010100000000d000000000000070000000009000000000000120300000008000000050000930800000001000000ff010000b90800000700000002000000ffffff7f07000000ff070000930e0000050000000200000007000000070000000a00000002000000002e5f5f00"], &(0x7f00000000c0)=""/177, 0x89, 0xb1, 0x0, 0x80000001, 0x0, @void, @value}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="b400000000000000731132000000000016000000000001009500740000000000ba56e23690a87d00935e6c02bdc1aa666714e5893645da93e92b81970ec7"], &(0x7f0000003ff6)='GPL\x00', 0x8000, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 203.641238ms ago: executing program 0 (id=2190): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'vlan0\x00', 0x0}) (async) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000040)={r0, 0x37dc, 0x2106, 0x8639}) (async) r3 = socket$tipc(0x1e, 0x5, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(r2, 0x400442c8, &(0x7f0000000080)={r3, 0xfffffff8, 0x9, "ce5e836e52806d8b39dad636f6d108b4cfbe89345e77e7a716c3a9e2b88721db6e43531f7ebdd4f559a53f1d099b94c58f07a2a61c82103b9b034e69b97d04ba2b347c0f357abf3302b54047784249efc05a7a7502c89456da18681986e4cfaed83b079b191e063e21185c50e17a548b949aa71b89e90b9826e8239c629faccdbb47c23ad96c5a46344180f7255e8df946a398584e72bfce6d32f6bdde57fed68b9105fa7b889ace047fc02ff8e0051d20423b6e"}) (async) r4 = socket$kcm(0x29, 0x5, 0x0) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$tipc(0x1e, 0x5, 0x0) (async) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000140)={0x41, 0x2}, 0x10) (async) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r2) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$FIDEDUPERANGE(r8, 0xc0189436, &(0x7f00000001c0)={0x8, 0x8, 0x7, 0x0, 0x0, [{{}, 0x9}, {{r0}, 0x2}, {{r4}, 0x3}, {{r5}, 0x100}, {{r3}, 0x7}, {{r3}, 0x7}, {{r3}, 0x2}]}) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f00000002c0)={0x43, 0x0, 0x1}, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000340)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r5, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, r7, 0x400, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r9}, @void}}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x934) (async) ioctl$sock_inet_SIOCSIFDSTADDR(r2, 0x8918, &(0x7f0000000440)={'veth0\x00', {0x2, 0x4e20, @empty}}) ioctl$SIOCSIFHWADDR(r5, 0x8924, &(0x7f0000000480)={'bridge_slave_1\x00', @remote}) (async) close(r3) (async) write$cgroup_int(r2, &(0x7f00000004c0)=0x6, 0x12) (async) r10 = syz_genetlink_get_family_id$tipc(&(0x7f0000000540), r5) sendmsg$TIPC_CMD_GET_REMOTE_MNG(r5, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x1c, r10, 0x10, 0x70bd25, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", ""]}, 0x1c}}, 0x4040011) (async) r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r12 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000680), 0xffffffffffffffff) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000006c0)={'wpan4\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r11, &(0x7f0000000800)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000007c0)={&(0x7f0000000700)={0x98, r12, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_SEC_LEVEL={0x3c, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x2}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}, @NL802154_SECLEVEL_ATTR_FRAME={0x8}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x81}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x4}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5}]}]}, 0x98}}, 0x40080) (async) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000840)={'ip6tnl0\x00', @broadcast}) (async) sendmsg$NLBL_UNLABEL_C_STATICLIST(r11, &(0x7f00000009c0)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000980)={&(0x7f00000008c0)={0xbc, 0x0, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_SECCTX={0x29, 0x7, 'system_u:object_r:inetd_var_run_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @loopback}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bridge0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x64010101}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'lo\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @local}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @multicast1}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @remote}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8}, 0x40) (async) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000a00)={0x41, 0x0, 0x3}, 0x10) (async) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000a40)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x19, r1}) ioctl$AUTOFS_IOC_PROTOVER(r2, 0x80049363, &(0x7f0000000a80)) 201.553141ms ago: executing program 2 (id=2191): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @mcast1, 0x59d}, 0x1c) getsockopt$inet6_buf(r0, 0x29, 0x3d, &(0x7f0000000640)=""/183, &(0x7f0000000000)=0xb7) 126.94326ms ago: executing program 3 (id=2192): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0xa0103, 0x0) vmsplice(r1, 0x0, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x8001000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4d8, 0x340, 0x11, 0x148, 0x340, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x4003, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x0, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 56.738104ms ago: executing program 0 (id=2193): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000140), r0) sendmsg$NET_DM_CMD_STOP(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, r1, 0x1, 0x70bd2c, 0x25dfdbff, {}, [""]}, 0x14}}, 0x800) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r2, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @local}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40004084}, 0x40000) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000d042abd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="01000000000000375fbc3f57d43e8885002400127f00000100626f6e64000000001400028005000100050000c2e9f414eea6abdb1dc49ac8e6bb07a6438efa9d6f625ccedc25a0a06d7754b8392b696c04db64e5ea952e76654f9baaa53520d789b094c6da58a4ca6938fce95da39b8fa1f159079e"], 0x44}}, 0x0) 0s ago: executing program 2 (id=2194): socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_sock_diag(0x10, 0x3, 0x4) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0xfffffffc) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x30, r5, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x28, r7, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1a}]}]}, 0x28}}, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, 0x0, 0x10) connect$inet(0xffffffffffffffff, 0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r9, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1c}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0) kernel console output (not intermixed with test programs): z.2.583': attribute type 1 has an invalid length. [ 115.764969][ T8009] nbd: device at index 0 is going down [ 115.799523][ T8009] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 116.452629][ T8038] netlink: 8 bytes leftover after parsing attributes in process `syz.3.593'. [ 116.562551][ T8040] lo: entered promiscuous mode [ 116.578794][ T8040] tunl0: entered promiscuous mode [ 116.619641][ T8040] gre0: entered promiscuous mode [ 116.674605][ T8040] gretap0: entered promiscuous mode [ 116.710305][ T8040] erspan0: entered promiscuous mode [ 116.738997][ T8040] ip_vti0: entered promiscuous mode [ 116.929058][ T8053] netlink: 7144 bytes leftover after parsing attributes in process `syz.4.599'. [ 116.950638][ T8053] openvswitch: netlink: Flow actions attr not present in new flow. [ 117.035463][ T8054] netlink: 40 bytes leftover after parsing attributes in process `syz.4.599'. [ 117.071847][ T8061] netlink: 40 bytes leftover after parsing attributes in process `syz.4.599'. [ 117.705355][ T8091] xt_CT: You must specify a L4 protocol and not use inversions on it [ 117.869008][ T8097] netlink: 8 bytes leftover after parsing attributes in process `syz.1.614'. [ 118.008396][ T8104] –eth0_vlan: renamed from bridge_slave_1 (while UP) [ 118.050527][ T8105] netem: unknown loss type 0 [ 118.061051][ T8109] sctp: [Deprecated]: syz.1.618 (pid 8109) Use of struct sctp_assoc_value in delayed_ack socket option. [ 118.061051][ T8109] Use struct sctp_sack_info instead [ 118.077831][ T8105] netem: change failed [ 118.100811][ T8104] netlink: 4 bytes leftover after parsing attributes in process `syz.0.616'. [ 118.141249][ T8113] sctp: [Deprecated]: syz.1.618 (pid 8113) Use of struct sctp_assoc_value in delayed_ack socket option. [ 118.141249][ T8113] Use struct sctp_sack_info instead [ 118.193500][ T8114] netlink: 'syz.2.619': attribute type 10 has an invalid length. [ 118.218425][ T8114] team0: Device veth0_macvtap failed to register rx_handler [ 118.923434][ T8157] syz.2.630: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 118.966618][ T8157] CPU: 0 UID: 0 PID: 8157 Comm: syz.2.630 Not tainted 6.14.0-rc1-syzkaller-00102-g9dfedb8dc78b #0 [ 118.966646][ T8157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 118.966656][ T8157] Call Trace: [ 118.966662][ T8157] [ 118.966669][ T8157] dump_stack_lvl+0x241/0x360 [ 118.966695][ T8157] ? __pfx_dump_stack_lvl+0x10/0x10 [ 118.966714][ T8157] ? __pfx__printk+0x10/0x10 [ 118.966746][ T8157] ? __rcu_read_unlock+0xa1/0x110 [ 118.966770][ T8157] warn_alloc+0x278/0x410 [ 118.966794][ T8157] ? __vmalloc_node_range_noprof+0x106/0x1380 [ 118.966817][ T8157] ? __pfx_warn_alloc+0x10/0x10 [ 118.966840][ T8157] ? kasan_save_track+0x3f/0x80 [ 118.966860][ T8157] ? __kasan_kmalloc+0x98/0xb0 [ 118.966882][ T8157] ? xsk_setsockopt+0x4ea/0x950 [ 118.966899][ T8157] ? do_sock_setsockopt+0x3af/0x720 [ 118.966921][ T8157] ? __x64_sys_setsockopt+0x1ee/0x280 [ 118.966944][ T8157] ? do_syscall_64+0xf3/0x230 [ 118.966966][ T8157] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.966998][ T8157] __vmalloc_node_range_noprof+0x126/0x1380 [ 118.967048][ T8157] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 118.967074][ T8157] ? __kasan_kmalloc+0x98/0xb0 [ 118.967101][ T8157] vmalloc_user_noprof+0x74/0x80 [ 118.967122][ T8157] ? xskq_create+0xb6/0x170 [ 118.967139][ T8157] xskq_create+0xb6/0x170 [ 118.967159][ T8157] xsk_init_queue+0xa1/0x100 [ 118.967189][ T8157] xsk_setsockopt+0x4ea/0x950 [ 118.967211][ T8157] ? __pfx_xsk_setsockopt+0x10/0x10 [ 118.967228][ T8157] ? __pfx_aa_sk_perm+0x10/0x10 [ 118.967253][ T8157] ? aa_sock_opt_perm+0x79/0x120 [ 118.967279][ T8157] ? __pfx_xsk_setsockopt+0x10/0x10 [ 118.967295][ T8157] do_sock_setsockopt+0x3af/0x720 [ 118.967325][ T8157] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 118.967354][ T8157] ? __fget_files+0x395/0x410 [ 118.967371][ T8157] ? __fget_files+0x2a/0x410 [ 118.967396][ T8157] __x64_sys_setsockopt+0x1ee/0x280 [ 118.967427][ T8157] do_syscall_64+0xf3/0x230 [ 118.967459][ T8157] ? clear_bhb_loop+0x35/0x90 [ 118.967484][ T8157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.967505][ T8157] RIP: 0033:0x7fc1a398cde9 [ 118.967522][ T8157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.967535][ T8157] RSP: 002b:00007fc1a17f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 118.967553][ T8157] RAX: ffffffffffffffda RBX: 00007fc1a3ba5fa0 RCX: 00007fc1a398cde9 [ 118.967566][ T8157] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000005 [ 118.967576][ T8157] RBP: 00007fc1a3a0e2a0 R08: 0000000000000004 R09: 0000000000000000 [ 118.967586][ T8157] R10: 0000400000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.967597][ T8157] R13: 0000000000000000 R14: 00007fc1a3ba5fa0 R15: 00007ffcbe370408 [ 118.967627][ T8157] [ 118.968847][ T8157] Mem-Info: [ 119.295698][ T8157] active_anon:5093 inactive_anon:0 isolated_anon:0 [ 119.295698][ T8157] active_file:1415 inactive_file:38315 isolated_file:0 [ 119.295698][ T8157] unevictable:768 dirty:235 writeback:0 [ 119.295698][ T8157] slab_reclaimable:11707 slab_unreclaimable:103666 [ 119.295698][ T8157] mapped:29319 shmem:1410 pagetables:928 [ 119.295698][ T8157] sec_pagetables:0 bounce:0 [ 119.295698][ T8157] kernel_misc_reclaimable:0 [ 119.295698][ T8157] free:1338538 free_pcp:213 free_cma:0 [ 119.364141][ T8171] netlink: 4 bytes leftover after parsing attributes in process `syz.1.633'. [ 119.418138][ T8157] Node 0 active_anon:20252kB inactive_anon:0kB active_file:5660kB inactive_file:153184kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:115348kB dirty:936kB writeback:0kB shmem:4100kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11464kB pagetables:3652kB sec_pagetables:0kB all_unreclaimable? no [ 119.494118][ T8157] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 119.558279][ T8176] Illegal XDP return value 4294967274 on prog (id 213) dev N/A, expect packet loss! [ 119.566203][ T8175] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 119.584709][ T8157] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 119.616504][ T8175] team0: Device ipvlan2 is already an upper device of the team interface [ 119.629173][ T8177] openvswitch: netlink: Actions may not be safe on all matching packets [ 119.664504][ T8157] lowmem_reserve[]: 0 2491 2491 0 0 [ 119.696840][ T8157] Node 0 DMA32 free:1429540kB boost:0kB min:34184kB low:42728kB high:51272kB reserved_highatomic:0KB active_anon:20116kB inactive_anon:0kB active_file:5660kB inactive_file:152612kB unevictable:1536kB writepending:936kB present:3129332kB managed:2551084kB mlocked:0kB bounce:0kB free_pcp:1900kB local_pcp:1056kB free_cma:0kB [ 119.743759][ T8157] lowmem_reserve[]: 0 0 0 0 0 [ 119.749380][ T8157] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:572kB unevictable:0kB writepending:0kB present:1048580kB managed:620kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:4kB free_cma:0kB [ 119.779475][ T8157] lowmem_reserve[]: 0 0 0 0 0 [ 119.787489][ T8157] Node 1 Normal free:3910236kB boost:0kB min:55708kB low:69632kB high:83556kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:104kB local_pcp:104kB free_cma:0kB [ 119.819405][ T8157] lowmem_reserve[]: 0 0 0 0 0 [ 119.873332][ T8157] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 119.886649][ T8157] Node 0 DMA32: 142*4kB (UM) 407*8kB (UME) 183*16kB (UME) 191*32kB (UME) 115*64kB (UME) 52*128kB (UME) 27*256kB (UM) 14*512kB (UM) 9*1024kB (UM) 4*2048kB (UM) 335*4096kB (M) = 1430528kB [ 119.908975][ T8157] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 119.923384][ T8157] Node 1 Normal: 173*4kB (UME) 49*8kB (UME) 38*16kB (UME) 214*32kB (UME) 86*64kB (UME) 39*128kB (UME) 14*256kB (UME) 5*512kB (UM) 6*1024kB (UME) 4*2048kB (UE) 945*4096kB (M) = 3910236kB [ 119.991623][ T8157] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 120.002065][ T8157] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 120.013329][ T8157] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 120.025780][ T8157] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 120.061881][ T8157] 41139 total pagecache pages [ 120.066611][ T8157] 0 pages in swap cache [ 120.073519][ T8157] Free swap = 124996kB [ 120.077732][ T8157] Total swap = 124996kB [ 120.082545][ T8157] 2097051 pages RAM [ 120.086486][ T8157] 0 pages HighMem/MovableOnly [ 120.092015][ T8157] 427494 pages reserved [ 120.096199][ T8157] 0 pages cma reserved [ 120.273970][ T8195] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 120.288341][ T8194] ip6gre1: entered allmulticast mode [ 120.314529][ T8195] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 120.339516][ T8195] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 120.357000][ T8195] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 120.367578][ T8195] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 120.379750][ T8195] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 120.394189][ T8195] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 120.403719][ T8195] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 120.648369][ T8209] __nla_validate_parse: 1 callbacks suppressed [ 120.648388][ T8209] netlink: 20 bytes leftover after parsing attributes in process `syz.1.648'. [ 120.866309][ T8222] xt_NFQUEUE: number of total queues is 0 [ 121.173600][ T8235] netlink: 24 bytes leftover after parsing attributes in process `syz.2.659'. [ 121.179889][ T8247] netlink: 240 bytes leftover after parsing attributes in process `syz.3.661'. [ 121.500583][ T8261] netlink: 'syz.2.666': attribute type 5 has an invalid length. [ 121.993012][ T8284] netlink: 4 bytes leftover after parsing attributes in process `syz.3.674'. [ 122.012588][ T8287] wlan0 speed is unknown, defaulting to 1000 [ 122.022534][ T8283] bridge0: entered promiscuous mode [ 122.031276][ T8287] wlan0 speed is unknown, defaulting to 1000 [ 122.039154][ T8287] wlan0 speed is unknown, defaulting to 1000 [ 122.045601][ T8284] bridge_slave_1: left allmulticast mode [ 122.055891][ T8284] bridge_slave_1: left promiscuous mode [ 122.064661][ T8284] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.079685][ T8287] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 122.101058][ T8284] bridge_slave_0: left allmulticast mode [ 122.113975][ T8287] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 122.154445][ T8284] bridge_slave_0: left promiscuous mode [ 122.167695][ T8284] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.245972][ T8284] bridge0 (unregistering): left promiscuous mode [ 122.307279][ T8287] wlan0 speed is unknown, defaulting to 1000 [ 122.318913][ T8287] wlan0 speed is unknown, defaulting to 1000 [ 122.319549][ T8292] netlink: 8 bytes leftover after parsing attributes in process `syz.4.676'. [ 122.339726][ T8287] wlan0 speed is unknown, defaulting to 1000 [ 122.385505][ T8287] wlan0 speed is unknown, defaulting to 1000 [ 122.404598][ T8287] wlan0 speed is unknown, defaulting to 1000 [ 122.805698][ T8319] veth0_to_hsr: entered promiscuous mode [ 122.885116][ T8317] veth0_to_hsr: left promiscuous mode [ 122.980264][ T8324] : renamed from team_slave_1 (while UP) [ 123.017278][ T8327] netlink: 8 bytes leftover after parsing attributes in process `syz.2.688'. [ 123.026096][ T8326] netlink: 'syz.1.686': attribute type 3 has an invalid length. [ 123.061960][ T8326] netlink: 36 bytes leftover after parsing attributes in process `syz.1.686'. [ 123.079837][ T8326] netlink: 24 bytes leftover after parsing attributes in process `syz.1.686'. [ 123.356571][ T8350] netlink: 44 bytes leftover after parsing attributes in process `syz.3.687'. [ 123.884081][ T5945] wlan0 speed is unknown, defaulting to 1000 [ 123.949193][ T8330] wlan0 speed is unknown, defaulting to 1000 [ 124.155875][ T8384] netlink: 'syz.1.699': attribute type 1 has an invalid length. [ 124.185714][ T8384] netlink: 15334 bytes leftover after parsing attributes in process `syz.1.699'. [ 124.510135][ T8402] netlink: 'syz.3.702': attribute type 1 has an invalid length. [ 125.483469][ T8433] lo: left promiscuous mode [ 125.488182][ T8433] tunl0: left promiscuous mode [ 125.507980][ T8433] gre0: left promiscuous mode [ 125.517203][ T8433] gretap0: left promiscuous mode [ 125.530400][ T8433] erspan0: left promiscuous mode [ 125.546786][ T8433] ip_vti0: left promiscuous mode [ 125.892287][ T8433] bridge0: port 2(–eth0_vlan) entered disabled state [ 126.859264][ T8433] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.880065][ T8433] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.896668][ T8433] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.905893][ T8433] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.032608][ T8433] veth1_vlan: left allmulticast mode [ 127.048722][ T8433] macvlan2: left allmulticast mode [ 127.296779][ T8469] IPv6: sit1: Disabled Multicast RS [ 127.331413][ T8471] __nla_validate_parse: 4 callbacks suppressed [ 127.331432][ T8471] netlink: 28 bytes leftover after parsing attributes in process `syz.3.718'. [ 127.709933][ T8496] netlink: 28 bytes leftover after parsing attributes in process `syz.2.729'. [ 127.740207][ T8496] netlink: 28 bytes leftover after parsing attributes in process `syz.2.729'. [ 127.763491][ T8496] erspan0: entered promiscuous mode [ 127.784672][ T8496] gretap0: entered promiscuous mode [ 127.924662][ T8502] x_tables: duplicate underflow at hook 3 [ 128.011880][ T8508] netlink: 44 bytes leftover after parsing attributes in process `syz.2.734'. [ 128.047352][ T8508] netlink: 43 bytes leftover after parsing attributes in process `syz.2.734'. [ 128.086385][ T8508] netlink: 'syz.2.734': attribute type 6 has an invalid length. [ 128.124021][ T8515] net_ratelimit: 45 callbacks suppressed [ 128.124041][ T8515] openvswitch: netlink: ct_state flags 010000e0 unsupported [ 128.132626][ T8508] netlink: 'syz.2.734': attribute type 5 has an invalid length. [ 128.151784][ T8513] netlink: 12 bytes leftover after parsing attributes in process `syz.1.736'. [ 128.205519][ T8508] netlink: 43 bytes leftover after parsing attributes in process `syz.2.734'. [ 128.303474][ T8519] netlink: 6 bytes leftover after parsing attributes in process `syz.4.738'. [ 128.312853][ T8519] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 128.477754][ T8533] netlink: 4 bytes leftover after parsing attributes in process `syz.1.742'. [ 128.516726][ T8533] bridge_slave_1: left allmulticast mode [ 128.538931][ T8533] bridge_slave_1: left promiscuous mode [ 128.551094][ T8533] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.570277][ T8533] bridge_slave_0: left allmulticast mode [ 128.578966][ T8533] bridge_slave_0: left promiscuous mode [ 128.595014][ T8533] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.734338][ T8535] netlink: 4 bytes leftover after parsing attributes in process `syz.2.741'. [ 129.096346][ T8562] netdevsim netdevsim1 : renamed from netdevsim0 (while UP) [ 129.537466][ T8581] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 130.003075][ T8612] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 130.012263][ T8613] batadv_slave_0: default FDB implementation only supports local addresses [ 130.357198][ T8632] sch_tbf: peakrate 7 is lower than or equals to rate 2147483647 ! [ 130.782166][ T8650] netlink: 'syz.2.780': attribute type 7 has an invalid length. [ 130.859753][ T54] block nbd1: Receive control failed (result -107) [ 130.890098][ T8650] nbd1: detected capacity change from 0 to 256 [ 131.443763][ T8686] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 131.773856][ T8706] netlink: 'syz.1.794': attribute type 2 has an invalid length. [ 131.989508][ T8717] netlink: 'syz.4.800': attribute type 4 has an invalid length. [ 131.990514][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 132.708601][ T8754] netlink: 'syz.4.810': attribute type 1 has an invalid length. [ 132.748916][ T8754] __nla_validate_parse: 19 callbacks suppressed [ 132.748935][ T8754] netlink: 56 bytes leftover after parsing attributes in process `syz.4.810'. [ 133.164277][ T8781] netlink: 12 bytes leftover after parsing attributes in process `syz.4.815'. [ 133.273903][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.280727][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.322554][ T8789] netlink: 4 bytes leftover after parsing attributes in process `syz.3.819'. [ 133.993000][ T8817] netlink: 16 bytes leftover after parsing attributes in process `syz.2.827'. [ 134.234997][ T8833] netlink: 20 bytes leftover after parsing attributes in process `syz.2.832'. [ 134.273936][ T8838] netlink: 32 bytes leftover after parsing attributes in process `syz.4.834'. [ 134.322438][ T8838] netlink: 32 bytes leftover after parsing attributes in process `syz.4.834'. [ 134.473453][ T8843] netlink: 8 bytes leftover after parsing attributes in process `syz.3.835'. [ 134.483550][ T8845] netlink: 24 bytes leftover after parsing attributes in process `syz.2.837'. [ 134.499811][ T8843] netlink: 12 bytes leftover after parsing attributes in process `syz.3.835'. [ 134.509060][ T8843] netlink: 'syz.3.835': attribute type 5 has an invalid length. [ 137.943090][ T8881] netlink: 'syz.2.847': attribute type 2 has an invalid length. [ 137.948607][ T8877] __nla_validate_parse: 1 callbacks suppressed [ 137.948625][ T8877] netlink: 104 bytes leftover after parsing attributes in process `syz.0.846'. [ 138.139036][ T8889] netlink: 96 bytes leftover after parsing attributes in process `syz.4.848'. [ 138.172564][ T8891] netlink: 12 bytes leftover after parsing attributes in process `syz.2.851'. [ 138.383049][ T8897] netlink: 16 bytes leftover after parsing attributes in process `syz.0.852'. [ 138.593090][ T8914] netlink: 100 bytes leftover after parsing attributes in process `syz.3.857'. [ 138.711862][ T8918] (unnamed net_device) (uninitialized): (slave batadv_slave_0): Device is not bonding slave [ 138.760466][ T8918] (unnamed net_device) (uninitialized): option active_slave: invalid value (batadv_slave_0) [ 138.789039][ T8920] netlink: 8 bytes leftover after parsing attributes in process `syz.3.861'. [ 138.944358][ T8931] xt_TPROXY: Can be used only with -p tcp or -p udp [ 138.972630][ T8931] netlink: 12 bytes leftover after parsing attributes in process `syz.1.859'. [ 138.983719][ T8931] netlink: 12 bytes leftover after parsing attributes in process `syz.1.859'. [ 139.062671][ T8936] netlink: 'syz.2.866': attribute type 1 has an invalid length. [ 139.164348][ T8940] netlink: 'syz.3.867': attribute type 1 has an invalid length. [ 139.192917][ T8940] netlink: 'syz.3.867': attribute type 10 has an invalid length. [ 139.199488][ T8897] wlan0 speed is unknown, defaulting to 1000 [ 139.224833][ T8940] netlink: 236 bytes leftover after parsing attributes in process `syz.3.867'. [ 139.450198][ T8947] vlan2: entered promiscuous mode [ 139.473341][ T8952] netlink: 4 bytes leftover after parsing attributes in process `syz.2.870'. [ 139.480050][ T8947] vlan2: entered allmulticast mode [ 139.561829][ T8952] bridge_slave_1: left allmulticast mode [ 139.567532][ T8952] bridge_slave_1: left promiscuous mode [ 139.604054][ T8952] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.634574][ T8952] bridge_slave_0: left allmulticast mode [ 139.643996][ T8952] bridge_slave_0: left promiscuous mode [ 139.653021][ T8952] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.733215][ T8909] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 139.750593][ T8909] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 139.770865][ T8909] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 139.817300][ T8909] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 139.858894][ T8909] geneve2: entered promiscuous mode [ 139.876619][ T8909] geneve2: entered allmulticast mode [ 140.378550][ T8988] can: request_module (can-proto-4) failed. [ 140.591742][ T9007] bridge0: port 1(gretap0) entered blocking state [ 140.648043][ T9007] bridge0: port 1(gretap0) entered disabled state [ 140.736064][ T9007] gretap0: entered allmulticast mode [ 140.779129][ T9007] gretap0: entered promiscuous mode [ 140.877556][ T9023] netlink: 'syz.2.891': attribute type 11 has an invalid length. [ 141.067748][ T9032] Dead loop on virtual device ip6_vti0, fix it urgently! [ 141.424399][ T9060] xt_bpf: check failed: parse error [ 141.459829][ T9060] sock: sock_set_timeout: `syz.1.899' (pid 9060) tries to set negative timeout [ 141.525222][ T9064] netlink: 'syz.2.900': attribute type 2 has an invalid length. [ 141.589132][ T9064] netlink: 'syz.2.900': attribute type 1 has an invalid length. [ 141.933538][ T9090] ip6gre1: entered allmulticast mode [ 141.956397][ T9092] netlink: 'syz.3.909': attribute type 21 has an invalid length. [ 142.091939][ T9101] netlink: 'syz.4.910': attribute type 32 has an invalid length. [ 142.118491][ T9101] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 142.208938][ T9109] netlink: 'syz.3.913': attribute type 15 has an invalid length. [ 142.397776][ T9112] netlink: 'syz.1.916': attribute type 1 has an invalid length. [ 142.439890][ T9109] team0 (unregistering): Port device team_slave_0 removed [ 142.457613][ T9109] team0 (unregistering): Port device  removed [ 142.638882][ T9127] netlink: 'syz.4.919': attribute type 1 has an invalid length. [ 142.685088][ T9127] 8021q: adding VLAN 0 to HW filter on device bond1 [ 142.716747][ T9129] bond1: (slave gretap1): making interface the new active one [ 142.747351][ T9129] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 142.869045][ T9141] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 142.925357][ T9145] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 143.023496][ T9153] __nla_validate_parse: 23 callbacks suppressed [ 143.023515][ T9153] netlink: 224 bytes leftover after parsing attributes in process `syz.3.926'. [ 143.023661][ T9152] netlink: 224 bytes leftover after parsing attributes in process `syz.3.926'. [ 143.042623][ T9153] netlink: 24 bytes leftover after parsing attributes in process `syz.3.926'. [ 143.446574][ T9172] netlink: 32 bytes leftover after parsing attributes in process `syz.0.933'. [ 143.900383][ T9199] netlink: 60 bytes leftover after parsing attributes in process `syz.1.940'. [ 143.939858][ T9195] ip6gre1: entered allmulticast mode [ 144.102952][ T9208] netlink: 4 bytes leftover after parsing attributes in process `syz.3.942'. [ 144.787674][ T9229] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 145.111028][ T9240] netlink: 12 bytes leftover after parsing attributes in process `syz.3.955'. [ 145.120545][ T9244] nbd: must specify at least one socket [ 145.155881][ T9249] netlink: 4 bytes leftover after parsing attributes in process `syz.4.959'. [ 145.228506][ T9253] netlink: 48 bytes leftover after parsing attributes in process `syz.4.959'. [ 145.534252][ T9275] ªªªªªª: renamed from vlan0 (while UP) [ 145.554151][ T9278] netlink: 44 bytes leftover after parsing attributes in process `syz.0.967'. [ 145.850726][ T5840] Bluetooth: hci4: command 0x0405 tx timeout [ 145.937088][ T9308] xt_hashlimit: size too large, truncated to 1048576 [ 146.344129][ T9332] netlink: 'syz.4.979': attribute type 29 has an invalid length. [ 146.387706][ T9332] netlink: 'syz.4.979': attribute type 29 has an invalid length. [ 146.519069][ T9339] netlink: 'syz.0.982': attribute type 10 has an invalid length. [ 146.536729][ T9339] geneve0: entered promiscuous mode [ 146.546934][ T9339] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 146.690663][ T9347] netlink: 'syz.0.985': attribute type 4 has an invalid length. [ 146.974833][ T9366] xt_ipcomp: unknown flags B [ 147.002801][ T9366] xt_ipcomp: unknown flags B [ 147.348878][ T9389] lo: entered promiscuous mode [ 147.357294][ T9389] tunl0: entered promiscuous mode [ 147.374240][ T9389] gre0: entered promiscuous mode [ 147.387090][ T9389] gretap0: entered promiscuous mode [ 147.393368][ T9389] erspan0: entered promiscuous mode [ 147.399273][ T9389] ip_vti0: entered promiscuous mode [ 147.652014][ T9415] netlink: 'syz.2.1001': attribute type 4 has an invalid length. [ 147.690980][ T9417] IPVS: set_ctl: invalid protocol: 60060 127.0.0.1:20004 [ 147.702151][ T9405] netlink: 'syz.2.1001': attribute type 4 has an invalid length. [ 147.734076][ T9405] netlink: 'syz.2.1001': attribute type 4 has an invalid length. [ 147.966156][ T9432] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT [ 148.375369][ T9459] FAULT_INJECTION: forcing a failure. [ 148.375369][ T9459] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 148.410868][ T9459] CPU: 0 UID: 0 PID: 9459 Comm: syz.0.1013 Not tainted 6.14.0-rc1-syzkaller-00102-g9dfedb8dc78b #0 [ 148.410893][ T9459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 148.410903][ T9459] Call Trace: [ 148.410910][ T9459] [ 148.410917][ T9459] dump_stack_lvl+0x241/0x360 [ 148.410944][ T9459] ? __pfx_dump_stack_lvl+0x10/0x10 [ 148.410961][ T9459] ? __pfx__printk+0x10/0x10 [ 148.410987][ T9459] ? __pfx_lock_release+0x10/0x10 [ 148.411015][ T9459] should_fail_ex+0x40a/0x550 [ 148.411038][ T9459] _copy_from_user+0x2d/0xb0 [ 148.411056][ T9459] copy_msghdr_from_user+0xae/0x680 [ 148.411083][ T9459] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 148.411100][ T9459] ? __fget_files+0x2a/0x410 [ 148.411121][ T9459] ? __fget_files+0x2a/0x410 [ 148.411146][ T9459] __sys_sendmsg+0x209/0x350 [ 148.411167][ T9459] ? __pfx___sys_sendmsg+0x10/0x10 [ 148.411195][ T9459] ? do_sys_openat2+0x17a/0x1d0 [ 148.411238][ T9459] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 148.411261][ T9459] ? do_syscall_64+0x100/0x230 [ 148.411285][ T9459] ? do_syscall_64+0xb6/0x230 [ 148.411309][ T9459] do_syscall_64+0xf3/0x230 [ 148.411329][ T9459] ? clear_bhb_loop+0x35/0x90 [ 148.411365][ T9459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.411385][ T9459] RIP: 0033:0x7fbd27d8cde9 [ 148.411400][ T9459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.411413][ T9459] RSP: 002b:00007fbd28bde038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 148.411431][ T9459] RAX: ffffffffffffffda RBX: 00007fbd27fa6080 RCX: 00007fbd27d8cde9 [ 148.411443][ T9459] RDX: 0000000000044004 RSI: 00004000000000c0 RDI: 0000000000000004 [ 148.411454][ T9459] RBP: 00007fbd28bde090 R08: 0000000000000000 R09: 0000000000000000 [ 148.411464][ T9459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 148.411473][ T9459] R13: 0000000000000000 R14: 00007fbd27fa6080 R15: 00007ffc6654d278 [ 148.411499][ T9459] [ 148.753781][ T9463] netlink: 'syz.1.1014': attribute type 8 has an invalid length. [ 148.771306][ T9463] __nla_validate_parse: 4 callbacks suppressed [ 148.771324][ T9463] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1014'. [ 148.941706][ T9465] netlink: 'syz.0.1016': attribute type 21 has an invalid length. [ 148.970217][ T9465] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1016'. [ 148.998407][ T9465] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1016'. [ 149.066888][ T9471] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1019'. [ 149.178137][ T9475] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 149.266610][ T9475] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 149.304935][ T9478] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input14 [ 149.495080][ T9494] FAULT_INJECTION: forcing a failure. [ 149.495080][ T9494] name failslab, interval 1, probability 0, space 0, times 0 [ 149.508182][ T9494] CPU: 1 UID: 0 PID: 9494 Comm: syz.2.1025 Not tainted 6.14.0-rc1-syzkaller-00102-g9dfedb8dc78b #0 [ 149.508203][ T9494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 149.508213][ T9494] Call Trace: [ 149.508219][ T9494] [ 149.508227][ T9494] dump_stack_lvl+0x241/0x360 [ 149.508250][ T9494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 149.508265][ T9494] ? __pfx__printk+0x10/0x10 [ 149.508296][ T9494] should_fail_ex+0x40a/0x550 [ 149.508315][ T9494] ? __pfx_ip6_dst_gc+0x10/0x10 [ 149.508335][ T9494] should_failslab+0xac/0x100 [ 149.508351][ T9494] ? dst_alloc+0x12b/0x190 [ 149.508369][ T9494] kmem_cache_alloc_noprof+0x70/0x380 [ 149.508384][ T9494] ? __pfx_rt6_find_cached_rt+0x10/0x10 [ 149.508407][ T9494] ? __pfx_ip6_dst_gc+0x10/0x10 [ 149.508429][ T9494] dst_alloc+0x12b/0x190 [ 149.508453][ T9494] ip6_pol_route+0xb87/0x15d0 [ 149.508473][ T9494] ? ip6_pol_route+0x198/0x15d0 [ 149.508492][ T9494] ? __pfx_ip6_pol_route+0x10/0x10 [ 149.508524][ T9494] fib6_rule_lookup+0x3c2/0x790 [ 149.508541][ T9494] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 149.508557][ T9494] ? __pfx_fib6_rule_lookup+0x10/0x10 [ 149.508568][ T9494] ? up_write+0x1a9/0x590 [ 149.508586][ T9494] ? mark_lock+0x9a/0x360 [ 149.508611][ T9494] ? dev_get_by_index_rcu+0xef/0x110 [ 149.508628][ T9494] ? ip6_route_output_flags+0x30/0x610 [ 149.508641][ T9494] ? l3mdev_link_scope_lookup+0x112/0x1c0 [ 149.508664][ T9494] ? ip6_route_output_flags+0x30/0x610 [ 149.508680][ T9494] ip6_route_output_flags+0x38e/0x610 [ 149.508703][ T9494] ip6_dst_lookup_tail+0x290/0x14f0 [ 149.508736][ T9494] ? __pfx_ip6_dst_lookup_tail+0x10/0x10 [ 149.508755][ T9494] ? __pfx_lock_release+0x10/0x10 [ 149.508802][ T9494] ip6_dst_lookup_flow+0xb9/0x180 [ 149.508824][ T9494] ? __pfx_ip6_dst_lookup_flow+0x10/0x10 [ 149.508843][ T9494] ? __pfx_validate_chain+0x10/0x10 [ 149.508856][ T9494] ? rawv6_sendmsg+0xfa2/0x2410 [ 149.508882][ T9494] rawv6_sendmsg+0x121b/0x2410 [ 149.508924][ T9494] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 149.508971][ T9494] ? sock_rps_record_flow+0x1a/0x400 [ 149.508990][ T9494] ? inet_sendmsg+0x330/0x390 [ 149.509009][ T9494] __sock_sendmsg+0x1a6/0x270 [ 149.509029][ T9494] ____sys_sendmsg+0x52a/0x7e0 [ 149.509052][ T9494] ? __pfx_____sys_sendmsg+0x10/0x10 [ 149.509066][ T9494] ? __fget_files+0x2a/0x410 [ 149.509086][ T9494] ? __fget_files+0x2a/0x410 [ 149.509111][ T9494] __sys_sendmsg+0x269/0x350 [ 149.509129][ T9494] ? __pfx___sys_sendmsg+0x10/0x10 [ 149.509157][ T9494] ? do_sys_openat2+0x17a/0x1d0 [ 149.509195][ T9494] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 149.509220][ T9494] ? do_syscall_64+0x100/0x230 [ 149.509244][ T9494] ? do_syscall_64+0xb6/0x230 [ 149.509265][ T9494] do_syscall_64+0xf3/0x230 [ 149.509285][ T9494] ? clear_bhb_loop+0x35/0x90 [ 149.509308][ T9494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.509326][ T9494] RIP: 0033:0x7fc1a398cde9 [ 149.509341][ T9494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.509354][ T9494] RSP: 002b:00007fc1a17d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 149.509371][ T9494] RAX: ffffffffffffffda RBX: 00007fc1a3ba6080 RCX: 00007fc1a398cde9 [ 149.509381][ T9494] RDX: 0000000000044004 RSI: 00004000000000c0 RDI: 0000000000000004 [ 149.509391][ T9494] RBP: 00007fc1a17d5090 R08: 0000000000000000 R09: 0000000000000000 [ 149.509401][ T9494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 149.509411][ T9494] R13: 0000000000000000 R14: 00007fc1a3ba6080 R15: 00007ffcbe370408 [ 149.509438][ T9494] [ 149.909438][ T9497] sctp: [Deprecated]: syz.4.1026 (pid 9497) Use of int in max_burst socket option deprecated. [ 149.909438][ T9497] Use struct sctp_assoc_value instead [ 151.030960][ T9540] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1042'. [ 151.060712][ T9540] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1042'. [ 151.630493][ T9426] Set syz1 is full, maxelem 65536 reached [ 152.351383][ T9603] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1071'. [ 152.485475][ T9611] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1075'. [ 152.805681][ T9634] netlink: 'syz.1.1082': attribute type 1 has an invalid length. [ 152.822808][ T9634] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1082'. [ 152.839052][ T9638] netlink: 'syz.1.1082': attribute type 1 has an invalid length. [ 152.847261][ T9638] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1082'. [ 152.929549][ T9644] nbd: device at index 0 is going down [ 153.383970][ T9658] team0: Device vti0 is of different type [ 153.463277][ T9664] tipc: Started in network mode [ 153.468230][ T9664] tipc: Node identity , cluster identity 4711 [ 153.475940][ T9664] netlink: 'syz.1.1091': attribute type 1 has an invalid length. [ 153.484219][ T9664] netlink: 'syz.1.1091': attribute type 1 has an invalid length. [ 153.593939][ T9673] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 153.759609][ T9679] FAULT_INJECTION: forcing a failure. [ 153.759609][ T9679] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 153.785052][ T9679] CPU: 1 UID: 0 PID: 9679 Comm: syz.1.1096 Not tainted 6.14.0-rc1-syzkaller-00102-g9dfedb8dc78b #0 [ 153.785080][ T9679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 153.785089][ T9679] Call Trace: [ 153.785094][ T9679] [ 153.785102][ T9679] dump_stack_lvl+0x241/0x360 [ 153.785126][ T9679] ? __pfx_dump_stack_lvl+0x10/0x10 [ 153.785142][ T9679] ? __pfx__printk+0x10/0x10 [ 153.785167][ T9679] ? __pfx_lock_release+0x10/0x10 [ 153.785197][ T9679] should_fail_ex+0x40a/0x550 [ 153.785220][ T9679] _copy_from_user+0x2d/0xb0 [ 153.785237][ T9679] csum_and_copy_from_iter_full+0x1fa/0x2190 [ 153.785269][ T9679] ? rcu_is_watching+0x15/0xb0 [ 153.785285][ T9679] ? __pfx_csum_and_copy_from_iter_full+0x10/0x10 [ 153.785300][ T9679] ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0 [ 153.785326][ T9679] ? __build_skb_around+0x245/0x3d0 [ 153.785354][ T9679] ip_generic_getfrag+0x158/0x310 [ 153.785375][ T9679] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 153.785390][ T9679] ? raw6_getfrag+0x104/0x350 [ 153.785413][ T9679] ? skb_put+0x114/0x1f0 [ 153.785438][ T9679] __ip6_append_data+0x3cd4/0x44a0 [ 153.785474][ T9679] ? __pfx_raw6_getfrag+0x10/0x10 [ 153.785516][ T9679] ? __pfx___ip6_append_data+0x10/0x10 [ 153.785535][ T9679] ? ip6_setup_cork+0xa6c/0x1140 [ 153.785557][ T9679] ip6_append_data+0x264/0x3a0 [ 153.785580][ T9679] ? __pfx_raw6_getfrag+0x10/0x10 [ 153.785600][ T9679] rawv6_sendmsg+0x190a/0x2410 [ 153.785641][ T9679] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 153.785703][ T9679] ? sock_rps_record_flow+0x1a/0x400 [ 153.785722][ T9679] ? inet_sendmsg+0x330/0x390 [ 153.785743][ T9679] __sock_sendmsg+0x1a6/0x270 [ 153.785765][ T9679] ____sys_sendmsg+0x52a/0x7e0 [ 153.785788][ T9679] ? __pfx_____sys_sendmsg+0x10/0x10 [ 153.785802][ T9679] ? __fget_files+0x2a/0x410 [ 153.785821][ T9679] ? __fget_files+0x2a/0x410 [ 153.785845][ T9679] __sys_sendmsg+0x269/0x350 [ 153.785864][ T9679] ? __pfx___sys_sendmsg+0x10/0x10 [ 153.785890][ T9679] ? do_sys_openat2+0x17a/0x1d0 [ 153.785926][ T9679] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 153.785948][ T9679] ? do_syscall_64+0x100/0x230 [ 153.785970][ T9679] ? do_syscall_64+0xb6/0x230 [ 153.785991][ T9679] do_syscall_64+0xf3/0x230 [ 153.786011][ T9679] ? clear_bhb_loop+0x35/0x90 [ 153.786035][ T9679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.786054][ T9679] RIP: 0033:0x7f415c78cde9 [ 153.786070][ T9679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 153.786082][ T9679] RSP: 002b:00007f415d5e5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 153.786099][ T9679] RAX: ffffffffffffffda RBX: 00007f415c9a5fa0 RCX: 00007f415c78cde9 [ 153.786110][ T9679] RDX: 0000000000044004 RSI: 00004000000000c0 RDI: 0000000000000004 [ 153.786120][ T9679] RBP: 00007f415d5e5090 R08: 0000000000000000 R09: 0000000000000000 [ 153.786130][ T9679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 153.786139][ T9679] R13: 0000000000000000 R14: 00007f415c9a5fa0 R15: 00007fffd4603f08 [ 153.786163][ T9679] [ 154.371866][ T9707] __nla_validate_parse: 4 callbacks suppressed [ 154.371885][ T9707] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1103'. [ 154.449599][ T9707] veth0_to_hsr: mtu less than device minimum [ 154.543399][ T9716] netlink: 'syz.3.1108': attribute type 5 has an invalid length. [ 154.558281][ T9719] netlink: 'syz.1.1107': attribute type 8 has an invalid length. [ 155.008623][ T9747] netlink: 'syz.4.1119': attribute type 1 has an invalid length. [ 155.027319][ T9749] IPVS: set_ctl: invalid protocol: 136 255.255.255.255:20004 [ 155.037715][ T9747] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1119'. [ 155.086810][ T5833] IPVS: starting estimator thread 0... [ 155.109604][ T9759] netlink: 'syz.4.1119': attribute type 29 has an invalid length. [ 155.143238][ T9759] netlink: 'syz.4.1119': attribute type 29 has an invalid length. [ 155.180100][ T9758] IPVS: using max 23 ests per chain, 55200 per kthread [ 155.182171][ T9764] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1121'. [ 155.631806][ T9796] 8021q: VLANs not supported on lo [ 155.791905][ T9803] wireguard: wg2: Could not create IPv6 socket [ 155.805696][ T9803] wg2: entered promiscuous mode [ 155.812680][ T9803] wg2: entered allmulticast mode [ 155.851982][ T9807] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 155.954506][ T9816] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1135'. [ 156.158868][ T9828] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1140'. [ 156.260361][ T9836] xt_cgroup: invalid path, errno=-2 [ 156.292214][ T9836] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1142'. [ 156.309216][ T9836] veth1_macvtap: left promiscuous mode [ 156.319395][ T9836] macsec0: entered allmulticast mode [ 156.347515][ T9836] veth1_macvtap: entered promiscuous mode [ 156.358481][ T9836] veth1_macvtap: entered allmulticast mode [ 156.365119][ T9836] macsec0: left allmulticast mode [ 156.370942][ T9836] veth1_macvtap: left allmulticast mode [ 156.378651][ T9836] netlink: 'syz.2.1142': attribute type 29 has an invalid length. [ 156.627232][ T9851] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1147'. [ 156.636601][ T9851] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1147'. [ 156.649733][ T9851] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1147'. [ 156.849506][ T9863] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1150'. [ 156.859698][ T9863] (unnamed net_device) (uninitialized): option use_carrier: invalid value (4) [ 157.877432][ T9925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.891673][ T9925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.903085][ T9925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.923998][ T9925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.935149][ T9925] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.946880][ T9925] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.337164][ T9948] validate_nla: 2 callbacks suppressed [ 158.337186][ T9948] netlink: 'syz.3.1178': attribute type 7 has an invalid length. [ 158.429418][ T9952] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 158.437890][ T9952] batadv_slave_1: entered promiscuous mode [ 158.444698][ T9952] batadv_slave_1: entered allmulticast mode [ 158.840976][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 158.840995][ T29] audit: type=1107 audit(1739247301.511:35): pid=9965 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=';d›àĐÔigr‰̉Ø9p̣r³ÑMôd»Y÷‰&–¶j¡̀T¢^9E*Öl¦ÊƯ«̉å~h' [ 159.153102][ T5833] IPVS: starting estimator thread 0... [ 159.241838][ T9988] IPVS: using max 30 ests per chain, 72000 per kthread [ 159.586165][T10018] __nla_validate_parse: 4 callbacks suppressed [ 159.586183][T10018] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1203'. [ 159.593640][T10017] openvswitch: netlink: Port -1 exceeds max allowable 65535 [ 159.632793][T10018] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1203'. [ 159.770072][T10020] team0: Device vti1 is of different type [ 160.002702][T10034] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1207'. [ 160.072279][T10037] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1210'. [ 160.354056][T10049] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1215'. [ 160.636350][T10070] xt_ecn: cannot match TCP bits for non-tcp packets [ 160.829258][T10075] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1224'. [ 161.192053][T10090] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 161.203051][T10090] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 161.214880][T10090] bond0 (unregistering): (slave geneve0): Releasing backup interface [ 161.225982][T10090] bond0 (unregistering): Released all slaves [ 161.296855][T10095] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1230'. [ 161.318026][T10095] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1230'. [ 161.611992][T10116] netlink: zone id is out of range [ 161.651223][T10116] netlink: zone id is out of range [ 161.656532][T10116] netlink: zone id is out of range [ 161.686143][T10116] netlink: zone id is out of range [ 161.708419][T10116] netlink: zone id is out of range [ 161.723421][T10116] netlink: zone id is out of range [ 161.743490][T10116] netlink: zone id is out of range [ 161.753622][T10116] netlink: zone id is out of range [ 161.770459][T10116] netlink: zone id is out of range [ 161.787058][T10124] bond0: (slave bond_slave_0): Releasing backup interface [ 161.803499][T10126] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1239'. [ 161.833112][T10124] bond0: (slave bond_slave_1): Releasing backup interface [ 161.860235][T10128] netlink: 'syz.0.1239': attribute type 10 has an invalid length. [ 161.899402][T10124] team0: Port device team_slave_0 removed [ 161.921228][T10124] team0: Port device team_slave_1 removed [ 161.927840][T10124] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 161.938888][T10124] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 161.947446][T10124] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 161.955408][T10124] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 161.997233][T10124] bond0: (slave bond2): Releasing backup interface [ 162.081599][T10128] bridge0: port 3(team0) entered blocking state [ 162.093220][T10128] bridge0: port 3(team0) entered disabled state [ 162.111774][T10128] team0: entered allmulticast mode [ 162.116994][T10128] team_slave_0: entered allmulticast mode [ 162.135512][T10128] team_slave_1: entered allmulticast mode [ 162.160936][T10128] team0: entered promiscuous mode [ 162.166114][T10128] team_slave_0: entered promiscuous mode [ 162.176442][T10128] team_slave_1: entered promiscuous mode [ 162.900193][T10193] netlink: 'syz.2.1256': attribute type 18 has an invalid length. [ 163.026449][T10197] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 163.039287][T10197] x_tables: duplicate underflow at hook 1 [ 163.059289][T10197] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 163.083338][T10199] xt_TCPMSS: Only works on TCP SYN packets [ 163.489782][T10211] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1264'. [ 163.503238][T10211] bond_slave_1: entered promiscuous mode [ 163.652594][T10217] netlink: 'syz.0.1265': attribute type 1 has an invalid length. [ 164.628417][T10281] can: request_module (can-proto-0) failed. [ 164.944178][T10296] IPVS: Error connecting to the multicast addr [ 165.082576][T10310] __nla_validate_parse: 3 callbacks suppressed [ 165.082595][T10310] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1292'. [ 165.105205][T10313] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1292'. [ 165.381717][T10331] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1298'. [ 165.401865][T10331] geneve2: entered promiscuous mode [ 165.467842][T10337] netlink: 'syz.3.1298': attribute type 1 has an invalid length. [ 165.521292][T10331] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1298'. [ 165.637907][T10342] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1301'. [ 165.673017][T10345] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1303'. [ 165.858155][T10351] nbd: must specify a size in bytes for the device [ 165.865928][T10353] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1305'. [ 166.057050][T10363] delete_channel: no stack [ 166.070177][ T5840] Bluetooth: hci4: command 0x0405 tx timeout [ 166.071274][T10363] netlink: 'syz.3.1309': attribute type 21 has an invalid length. [ 166.113123][T10366] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1310'. [ 166.379557][T10383] netlink: 'syz.3.1315': attribute type 14 has an invalid length. [ 166.832045][T10405] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 167.054252][T10391] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1317'. [ 167.325027][T10421] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1328'. [ 167.749191][T10445] veth0: entered promiscuous mode [ 167.768763][T10441] veth0: left promiscuous mode [ 167.994449][T10465] net_ratelimit: 66 callbacks suppressed [ 167.994468][T10465] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 168.135535][T10474] netlink: 'syz.3.1341': attribute type 1 has an invalid length. [ 169.218652][T10535] bond0: (slave bond_slave_0): Releasing backup interface [ 169.266241][T10535] bond0: (slave bond_slave_1): Releasing backup interface [ 169.308256][T10535] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 169.339170][T10535] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 169.362855][T10535] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 170.583869][T10623] __nla_validate_parse: 7 callbacks suppressed [ 170.583887][T10623] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1377'. [ 170.655583][T10623] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1377'. [ 170.758888][T10632] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1380'. [ 170.804663][T10631] netlink: 'syz.1.1379': attribute type 2 has an invalid length. [ 170.828397][T10636] netlink: 'syz.3.1382': attribute type 1 has an invalid length. [ 170.833991][T10631] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1379'. [ 170.850352][T10634] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1381'. [ 170.894483][T10636] bond2: entered promiscuous mode [ 170.899715][T10636] bond2: entered allmulticast mode [ 170.911486][T10640] tipc: Failed to remove unknown binding: 66,1,1/0:2724226728/2724226730 [ 170.991195][T10639] veth5: entered allmulticast mode [ 171.046519][T10639] bond2: (slave veth5): Enslaving as an active interface with a down link [ 171.456633][T10667] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1390'. [ 171.560201][T10679] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1392'. [ 171.584276][T10678] bridge2: entered promiscuous mode [ 171.589674][T10678] bridge2: entered allmulticast mode [ 171.609671][T10678] team0: Port device bridge2 added [ 171.816614][T10693] netlink: 1256 bytes leftover after parsing attributes in process `syz.4.1398'. [ 171.840347][T10693] openvswitch: netlink: Unknown key attributes 20 [ 172.015900][T10705] xt_limit: Overflow, try lower: 0/0 [ 172.069625][T10710] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1402'. [ 172.096298][T10710] netlink: 'syz.4.1402': attribute type 1 has an invalid length. [ 172.416816][T10732] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1411'. [ 172.701061][T10755] netlink: 'syz.0.1419': attribute type 3 has an invalid length. [ 172.739833][T10755] netlink: 'syz.0.1419': attribute type 3 has an invalid length. [ 172.863836][T10765] netlink: 'syz.1.1420': attribute type 1 has an invalid length. [ 172.915474][T10765] 8021q: adding VLAN 0 to HW filter on device bond3 [ 172.959914][T10769] bond3: (slave gretap2): making interface the new active one [ 172.991131][T10769] bond3: (slave gretap2): Enslaving as an active interface with an up link [ 173.016133][T10768] netlink: 'syz.0.1423': attribute type 21 has an invalid length. [ 173.301291][T10792] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 173.379636][T10799] netlink: 'syz.0.1432': attribute type 28 has an invalid length. [ 173.389773][T10800] netlink: 'syz.0.1432': attribute type 28 has an invalid length. [ 173.397833][T10799] netlink: 'syz.0.1432': attribute type 3 has an invalid length. [ 173.726074][ T974] hid-generic 0005:0458:0009.0001: item fetching failed at offset 0/2 [ 173.735937][ T974] hid-generic 0005:0458:0009.0001: probe with driver hid-generic failed with error -22 [ 173.736190][T10819] sctp: [Deprecated]: syz.4.1437 (pid 10819) Use of int in maxseg socket option. [ 173.736190][T10819] Use struct sctp_assoc_value instead [ 173.775994][T10819] tipc: Enabling of bearer rejected, media not registered [ 174.016905][ T5880] IPVS: starting estimator thread 0... [ 174.110190][T10832] IPVS: using max 26 ests per chain, 62400 per kthread [ 174.639904][T10849] ieee802154 phy0 wpan0: encryption failed: -22 [ 174.661838][T10854] xt_socket: unknown flags 0x4 [ 174.753940][T10853] IPv6: Can't replace route, no match found [ 175.559936][T10926] lo: entered allmulticast mode [ 175.622721][T10921] __nla_validate_parse: 5 callbacks suppressed [ 175.622738][T10921] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1472'. [ 176.007835][T10951] validate_nla: 1 callbacks suppressed [ 176.007852][T10951] netlink: 'syz.3.1483': attribute type 9 has an invalid length. [ 176.022026][T10951] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1483'. [ 176.096472][T10957] batadv2: entered allmulticast mode [ 176.177884][T10961] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1486'. [ 176.214339][T10964] netlink: 'syz.2.1487': attribute type 5 has an invalid length. [ 176.670217][ T29] audit: type=1107 audit(1739247319.321:36): pid=10984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=',f{‰b¤uûéw˜&B² ƯÊ» y*´¤ù|âK5è.Ựü₫2½I•Ç9—DƯ$/•Â€·ọ̈¢kñ4ô(†]±:9ÉF]”K:ˆ•$ơ£•xfDöÜ36¼sK3ñJd›yÍS†p5$9öd2¸¢ö§‚ÿ^Äá!”bå W!œ×Ä2nª’ôPŸ! ă~z‰HHq+F“|̃íß´́+PÑê}W9qí0”z)ª÷h`̀œ´ă2ÎœJmQº¹U˜9˜È·{̉øÍơSÅP]' [ 176.752207][T10983] tipc: Failed to obtain node identity [ 176.757883][T10983] tipc: Enabling of bearer rejected, failed to enable media [ 177.023909][T11003] IPv6: sit1: Disabled Multicast RS [ 177.044691][T11004] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1500'. [ 177.054584][T11003] sit1: entered promiscuous mode [ 177.076766][T11004] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1500'. [ 177.188643][T11017] openvswitch: netlink: Key type 265 is out of range max 32 [ 177.194585][T11018] openvswitch: netlink: Actions may not be safe on all matching packets [ 177.202587][T11019] openvswitch: netlink: Key type 265 is out of range max 32 [ 177.297530][T11021] netlink: 'syz.1.1508': attribute type 1 has an invalid length. [ 177.566890][ T29] audit: type=1107 audit(1739247320.241:37): pid=11040 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='.º•mÜß:è€́qø̉43ŸÄæơäg·ÍD2Pä]ËD̃·“ß;f‹¯M°ÈêiL–®4R6âñ£|ø؇ëø¥|À¥R>ùá¹ĐJ§å×='éV-Ọø7€êñÚµ W*oó F¸ùœÍ#’µº9å|÷½]‘…QÆ :≺¯*/kÖ' [ 177.682095][T11047] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1516'. [ 177.690606][T11048] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1517'. [ 177.779675][T11052] netlink: 208 bytes leftover after parsing attributes in process `syz.4.1517'. [ 177.795480][T11052] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1517'. [ 178.251637][T11063] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1522'. [ 178.456578][T11062] bond0 (unregistering): Released all slaves [ 179.045731][T11121] netlink: 'syz.1.1538': attribute type 3 has an invalid length. [ 179.167867][T11126] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode balance-alb(6) [ 179.247254][T11130] netlink: 'syz.1.1543': attribute type 1 has an invalid length. [ 179.681190][T11154] netlink: 'syz.0.1553': attribute type 8 has an invalid length. [ 180.493147][T11205] netlink: 'syz.3.1569': attribute type 1 has an invalid length. [ 180.504816][T11205] netlink: 'syz.3.1569': attribute type 4 has an invalid length. [ 180.634374][T11216] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 180.655081][ T5945] IPVS: starting estimator thread 0... [ 180.751372][T11219] IPVS: using max 23 ests per chain, 55200 per kthread [ 180.779920][T11225] __nla_validate_parse: 16 callbacks suppressed [ 180.779940][T11225] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1575'. [ 180.967254][T11234] netlink: 'syz.4.1578': attribute type 10 has an invalid length. [ 180.990232][T11234] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 181.141939][T11243] delete_channel: no stack [ 181.180293][T11244] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1582'. [ 181.263086][T11254] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1583'. [ 181.490952][T11268] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1590'. [ 181.539134][T11274] FAULT_INJECTION: forcing a failure. [ 181.539134][T11274] name failslab, interval 1, probability 0, space 0, times 0 [ 181.561389][T11274] CPU: 0 UID: 0 PID: 11274 Comm: syz.4.1592 Not tainted 6.14.0-rc1-syzkaller-00102-g9dfedb8dc78b #0 [ 181.561417][T11274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 181.561427][T11274] Call Trace: [ 181.561434][T11274] [ 181.561441][T11274] dump_stack_lvl+0x241/0x360 [ 181.561485][T11274] ? __pfx_dump_stack_lvl+0x10/0x10 [ 181.561503][T11274] ? __pfx__printk+0x10/0x10 [ 181.561528][T11274] ? fs_reclaim_acquire+0x93/0x130 [ 181.561550][T11274] ? __pfx___might_resched+0x10/0x10 [ 181.561572][T11274] should_fail_ex+0x40a/0x550 [ 181.561595][T11274] should_failslab+0xac/0x100 [ 181.561614][T11274] __kmalloc_noprof+0xdd/0x4c0 [ 181.561630][T11274] ? kstrtouint_from_user+0x128/0x190 [ 181.561649][T11274] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 181.561677][T11274] tomoyo_realpath_from_path+0xcf/0x5e0 [ 181.561710][T11274] tomoyo_path_number_perm+0x236/0x860 [ 181.561729][T11274] ? __lock_acquire+0x1397/0x2100 [ 181.561752][T11274] ? tomoyo_path_number_perm+0x206/0x860 [ 181.561773][T11274] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 181.561826][T11274] ? __fget_files+0x2a/0x410 [ 181.561848][T11274] ? __fget_files+0x2a/0x410 [ 181.561869][T11274] security_file_ioctl+0xc6/0x2a0 [ 181.561890][T11274] __se_sys_ioctl+0x46/0x170 [ 181.561913][T11274] do_syscall_64+0xf3/0x230 [ 181.561935][T11274] ? clear_bhb_loop+0x35/0x90 [ 181.561960][T11274] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.561979][T11274] RIP: 0033:0x7f570cd8cde9 [ 181.562000][T11274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.562013][T11274] RSP: 002b:00007f570dc69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 181.562032][T11274] RAX: ffffffffffffffda RBX: 00007f570cfa5fa0 RCX: 00007f570cd8cde9 [ 181.562044][T11274] RDX: 0000400000000000 RSI: 0000000000008b04 RDI: 0000000000000007 [ 181.562055][T11274] RBP: 00007f570dc69090 R08: 0000000000000000 R09: 0000000000000000 [ 181.562065][T11274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 181.562075][T11274] R13: 0000000000000000 R14: 00007f570cfa5fa0 R15: 00007ffcdf2ab3a8 [ 181.562101][T11274] [ 181.562108][T11274] ERROR: Out of memory at tomoyo_realpath_from_path. [ 182.001960][T11295] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1600'. [ 182.020429][T11295] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1600'. [ 182.034172][T11297] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1599'. [ 182.238352][T11309] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1604'. [ 182.252471][T11309] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1604'. [ 182.293492][T11309] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 182.431553][T11320] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1609'. [ 182.624172][T11328] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 182.646354][T11328] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 182.835929][T11341] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 183.025846][T11356] netlink: 'syz.3.1622': attribute type 1 has an invalid length. [ 183.083982][T11356] bond0: entered promiscuous mode [ 183.089406][T11356] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.473328][ T29] audit: type=1107 audit(1739247326.131:38): pid=11381 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='ô(™´óo&Zw7æØlwæ¨%„Ÿêm8M°æ4èˆnƒnä„ 2ÅÅR₫‹[ƒó’Y7X Ë›~ÆaÏEÇ@1ơC_y*Ç æ̀₫°KÆdÜ 2`·bÔ¹¹#ªHÍf\ ¹d"Ó¿¬‘²áH®é^{‚ÆÄ–Ú:´Đ₫ rejected, failed to enable media [ 196.081489][T12130] CPU: 0 UID: 0 PID: 12130 Comm: syz.2.1860 Not tainted 6.14.0-rc1-syzkaller-00102-g9dfedb8dc78b #0 [ 196.081514][T12130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 196.081525][T12130] Call Trace: [ 196.081531][T12130] [ 196.081539][T12130] dump_stack_lvl+0x241/0x360 [ 196.081564][T12130] ? __pfx_dump_stack_lvl+0x10/0x10 [ 196.081582][T12130] ? __pfx__printk+0x10/0x10 [ 196.081621][T12130] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 196.081652][T12130] ? __pfx___might_resched+0x10/0x10 [ 196.081669][T12130] ? ima_get_action+0x75/0xb0 [ 196.081696][T12130] should_fail_ex+0x40a/0x550 [ 196.081719][T12130] should_failslab+0xac/0x100 [ 196.081737][T12130] kmem_cache_alloc_node_noprof+0x77/0x380 [ 196.081754][T12130] ? __alloc_skb+0x1c3/0x440 [ 196.081779][T12130] __alloc_skb+0x1c3/0x440 [ 196.081806][T12130] ? __pfx___alloc_skb+0x10/0x10 [ 196.081833][T12130] ? __lock_acquire+0x1397/0x2100 [ 196.081857][T12130] alloc_skb_with_frags+0xc3/0x820 [ 196.081887][T12130] sock_alloc_send_pskb+0x91a/0xa60 [ 196.081921][T12130] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 196.081941][T12130] ? __lock_acquire+0x1397/0x2100 [ 196.081965][T12130] ? dev_get_by_index+0x23/0x2d0 [ 196.081987][T12130] packet_sendmsg+0x4080/0x6c30 [ 196.082021][T12130] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 196.082059][T12130] ? __pfx___might_resched+0x10/0x10 [ 196.082091][T12130] ? __pfx_packet_sendmsg+0x10/0x10 [ 196.082107][T12130] ? aa_sk_perm+0x96d/0xab0 [ 196.082132][T12130] ? __pfx_aa_sk_perm+0x10/0x10 [ 196.082152][T12130] ? __fget_files+0x2a/0x410 [ 196.082169][T12130] ? aa_sock_msg_perm+0x91/0x160 [ 196.082194][T12130] ? __pfx_packet_sendmsg+0x10/0x10 [ 196.082208][T12130] __sock_sendmsg+0x221/0x270 [ 196.082231][T12130] __sys_sendto+0x363/0x4c0 [ 196.082258][T12130] ? __pfx___sys_sendto+0x10/0x10 [ 196.082292][T12130] ? __fget_files+0x2a/0x410 [ 196.082318][T12130] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 196.082341][T12130] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 196.082367][T12130] __x64_sys_sendto+0xde/0x100 [ 196.082392][T12130] do_syscall_64+0xf3/0x230 [ 196.082413][T12130] ? clear_bhb_loop+0x35/0x90 [ 196.082438][T12130] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.082458][T12130] RIP: 0033:0x7fc1a398cde9 [ 196.082476][T12130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 196.082490][T12130] RSP: 002b:00007fc1a17f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 196.082509][T12130] RAX: ffffffffffffffda RBX: 00007fc1a3ba5fa0 RCX: 00007fc1a398cde9 [ 196.082522][T12130] RDX: 0000000000000000 RSI: 0000400000000180 RDI: 0000000000000003 [ 196.082532][T12130] RBP: 00007fc1a17f6090 R08: 0000400000000140 R09: 0000000000000014 [ 196.082543][T12130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 196.082553][T12130] R13: 0000000000000000 R14: 00007fc1a3ba5fa0 R15: 00007ffcbe370408 [ 196.082580][T12130] [ 196.476777][T12137] IPv6: sit3: Disabled Multicast RS [ 196.486020][T12138] tipc: Enabled bearer , priority 10 [ 196.817491][T12149] bond3: (slave gretap2): Releasing active interface [ 197.009914][T12164] __nla_validate_parse: 17 callbacks suppressed [ 197.009932][T12164] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1872'. [ 197.367327][ T6358] gretap0: left allmulticast mode [ 197.390478][ T6358] gretap0: left promiscuous mode [ 197.408959][ T6358] bridge0: port 1(gretap0) entered disabled state [ 197.521091][ T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 197.532066][ T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 197.546924][ T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 197.559011][ T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 197.568699][ T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 197.583793][ T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 197.719831][ T6358] bond1 (unregistering): (slave gretap1): Releasing active interface [ 198.016718][ T6358] bond1 (unregistering): Released all slaves [ 198.404662][T12217] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 198.518051][T12222] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1886'. [ 198.732086][T12231] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1887'. [ 199.037930][T12187] chnl_net:caif_netlink_parms(): no params data found [ 199.074686][ T6358] hsr_slave_0: left promiscuous mode [ 199.084496][ T6358] hsr_slave_1: left promiscuous mode [ 199.094036][ T6358] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 199.103619][ T6358] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 199.139549][ T29] kauditd_printk_skb: 11 callbacks suppressed [ 199.139566][ T29] audit: type=1800 audit(1739247341.811:59): pid=12247 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1891" name="memory.events" dev="tmpfs" ino=1940 res=0 errno=0 [ 199.573191][ T6358] team0 (unregistering): Port device team_slave_1 removed [ 199.642237][ T6358] team0 (unregistering): Port device C removed [ 199.680221][ T5840] Bluetooth: hci4: command tx timeout [ 199.917452][T12264] ip6t_srh: unknown srh match flags 4001 [ 200.129115][T12247] IPv6: sit4: Disabled Multicast RS [ 200.148203][T12264] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 200.268330][T12275] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1899'. [ 200.430655][T12187] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.474444][T12187] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.491651][T12187] bridge_slave_0: entered allmulticast mode [ 200.501883][T12187] bridge_slave_0: entered promiscuous mode [ 200.515730][T12283] : entered promiscuous mode [ 200.532861][T12187] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.557757][T12187] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.580589][T12187] bridge_slave_1: entered allmulticast mode [ 200.587551][T12187] bridge_slave_1: entered promiscuous mode [ 200.713888][T12187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 200.744911][T12187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 200.807327][ T6358] IPVS: stop unused estimator thread 0... [ 200.840472][T12187] team0: Port device team_slave_0 added [ 200.861237][T12187] team0: Port device team_slave_1 added [ 200.924811][T12187] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 200.941046][T12187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.979942][T12187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 201.014255][T12187] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.023455][T12187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.060430][T12187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.149415][T12321] netlink: 'syz.0.1909': attribute type 1 has an invalid length. [ 201.157765][T12321] netlink: 228 bytes leftover after parsing attributes in process `syz.0.1909'. [ 201.168541][T12321] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1909'. [ 201.185879][T12187] hsr_slave_0: entered promiscuous mode [ 201.197560][T12187] hsr_slave_1: entered promiscuous mode [ 201.209855][T12187] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 201.220424][T12187] Cannot create hsr debugfs directory [ 201.245351][T12323] team0: entered promiscuous mode [ 201.251099][T12323] team_slave_0: entered promiscuous mode [ 201.257290][T12323] team_slave_1: entered promiscuous mode [ 201.266186][T12323] batadv_slave_1: entered promiscuous mode [ 201.412900][T12332] netlink: 'syz.2.1913': attribute type 10 has an invalid length. [ 201.440253][T12332] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 201.469159][T12332] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 201.482359][T12332] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 201.508169][T12334] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1914'. [ 201.539158][T12332] vcan0: entered allmulticast mode [ 201.578065][T12335] vcan0 (unregistering): left allmulticast mode [ 201.647445][T12339] netdevsim netdevsim3 : renamed from netdevsim0 (while UP) [ 201.752347][ T5840] Bluetooth: hci4: command tx timeout [ 201.763614][T12346] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1916'. [ 201.834203][T12350] FAULT_INJECTION: forcing a failure. [ 201.834203][T12350] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 201.877008][T12350] CPU: 1 UID: 0 PID: 12350 Comm: syz.2.1919 Not tainted 6.14.0-rc1-syzkaller-00102-g9dfedb8dc78b #0 [ 201.877035][T12350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 201.877045][T12350] Call Trace: [ 201.877051][T12350] [ 201.877059][T12350] dump_stack_lvl+0x241/0x360 [ 201.877084][T12350] ? __pfx_dump_stack_lvl+0x10/0x10 [ 201.877101][T12350] ? __pfx__printk+0x10/0x10 [ 201.877127][T12350] ? __pfx_lock_release+0x10/0x10 [ 201.877155][T12350] should_fail_ex+0x40a/0x550 [ 201.877177][T12350] _copy_from_user+0x2d/0xb0 [ 201.877194][T12350] copy_msghdr_from_user+0xae/0x680 [ 201.877218][T12350] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 201.877235][T12350] ? __fget_files+0x2a/0x410 [ 201.877254][T12350] ? __fget_files+0x2a/0x410 [ 201.877278][T12350] __sys_sendmsg+0x209/0x350 [ 201.877300][T12350] ? __pfx___sys_sendmsg+0x10/0x10 [ 201.877327][T12350] ? do_sys_openat2+0x17a/0x1d0 [ 201.877369][T12350] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 201.877391][T12350] ? do_syscall_64+0x100/0x230 [ 201.877415][T12350] ? do_syscall_64+0xb6/0x230 [ 201.877436][T12350] do_syscall_64+0xf3/0x230 [ 201.877456][T12350] ? clear_bhb_loop+0x35/0x90 [ 201.877478][T12350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.877497][T12350] RIP: 0033:0x7fc1a398cde9 [ 201.877512][T12350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 201.877525][T12350] RSP: 002b:00007fc1a17f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 201.877542][T12350] RAX: ffffffffffffffda RBX: 00007fc1a3ba5fa0 RCX: 00007fc1a398cde9 [ 201.877554][T12350] RDX: 0000000000040854 RSI: 0000400000006040 RDI: 0000000000000004 [ 201.877564][T12350] RBP: 00007fc1a17f6090 R08: 0000000000000000 R09: 0000000000000000 [ 201.877573][T12350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 201.877583][T12350] R13: 0000000000000000 R14: 00007fc1a3ba5fa0 R15: 00007ffcbe370408 [ 201.877605][T12350] [ 202.176720][T12362] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1921'. [ 202.186548][T12362] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1921'. [ 202.372078][T12187] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 202.403270][T12187] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 202.452423][T12371] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1926'. [ 202.455162][T12187] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 202.471676][T12187] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 202.778488][T12187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.828867][T12187] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.855543][ T3884] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.862774][ T3884] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.881584][T12397] FAULT_INJECTION: forcing a failure. [ 202.881584][T12397] name failslab, interval 1, probability 0, space 0, times 0 [ 202.881986][T12399] veth1_macvtap: left promiscuous mode [ 202.900601][T12397] CPU: 1 UID: 0 PID: 12397 Comm: syz.1.1939 Not tainted 6.14.0-rc1-syzkaller-00102-g9dfedb8dc78b #0 [ 202.900629][T12397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 202.900639][T12397] Call Trace: [ 202.900645][T12397] [ 202.900652][T12397] dump_stack_lvl+0x241/0x360 [ 202.900675][T12397] ? __pfx_dump_stack_lvl+0x10/0x10 [ 202.900689][T12397] ? __pfx__printk+0x10/0x10 [ 202.900714][T12397] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 202.900733][T12397] ? __pfx___might_resched+0x10/0x10 [ 202.900750][T12397] ? aa_label_sk_perm+0x4f3/0x6c0 [ 202.900775][T12397] should_fail_ex+0x40a/0x550 [ 202.900799][T12397] should_failslab+0xac/0x100 [ 202.900818][T12397] kmem_cache_alloc_node_noprof+0x77/0x380 [ 202.900835][T12397] ? __alloc_skb+0x1c3/0x440 [ 202.900862][T12397] __alloc_skb+0x1c3/0x440 [ 202.900888][T12397] ? __pfx___alloc_skb+0x10/0x10 [ 202.900930][T12397] netlink_sendmsg+0x638/0xcb0 [ 202.900961][T12397] ? __pfx_netlink_sendmsg+0x10/0x10 [ 202.900983][T12397] ? aa_sock_msg_perm+0x91/0x160 [ 202.901011][T12397] ? __pfx_netlink_sendmsg+0x10/0x10 [ 202.901028][T12397] __sock_sendmsg+0x221/0x270 [ 202.901053][T12397] ____sys_sendmsg+0x52a/0x7e0 [ 202.901079][T12397] ? __pfx_____sys_sendmsg+0x10/0x10 [ 202.901096][T12397] ? __fget_files+0x2a/0x410 [ 202.901117][T12397] ? __fget_files+0x2a/0x410 [ 202.901145][T12397] __sys_sendmsg+0x269/0x350 [ 202.901168][T12397] ? __pfx___sys_sendmsg+0x10/0x10 [ 202.901197][T12397] ? do_sys_openat2+0x17a/0x1d0 [ 202.901241][T12397] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 202.901266][T12397] ? do_syscall_64+0x100/0x230 [ 202.901292][T12397] ? do_syscall_64+0xb6/0x230 [ 202.901315][T12397] do_syscall_64+0xf3/0x230 [ 202.901337][T12397] ? clear_bhb_loop+0x35/0x90 [ 202.901363][T12397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.901385][T12397] RIP: 0033:0x7f415c78cde9 [ 202.901403][T12397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 202.901419][T12397] RSP: 002b:00007f415d5e5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 202.901442][T12397] RAX: ffffffffffffffda RBX: 00007f415c9a5fa0 RCX: 00007f415c78cde9 [ 202.901456][T12397] RDX: 0000000000040854 RSI: 0000400000006040 RDI: 0000000000000004 [ 202.901469][T12397] RBP: 00007f415d5e5090 R08: 0000000000000000 R09: 0000000000000000 [ 202.901481][T12397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 202.901493][T12397] R13: 0000000000000000 R14: 00007f415c9a5fa0 R15: 00007fffd4603f08 [ 202.901522][T12397] [ 202.902052][T12399] macsec0: entered promiscuous mode [ 203.175077][ T6358] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.183465][ T6358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.357612][T12403] syzkaller1: entered allmulticast mode [ 203.456928][T12187] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.486309][T12409] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1942'. [ 203.684027][T12423] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 203.788066][T12427] netlink: 'syz.2.1946': attribute type 6 has an invalid length. [ 203.830387][ T5840] Bluetooth: hci4: command tx timeout [ 203.965509][T12187] veth0_vlan: entered promiscuous mode [ 204.002873][T12187] veth1_vlan: entered promiscuous mode [ 204.041982][T12187] veth0_macvtap: entered promiscuous mode [ 204.068802][T12187] veth1_macvtap: entered promiscuous mode [ 204.108843][T12187] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 204.135523][T12187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.169195][T12187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.180680][T12187] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 204.203215][T12187] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.218134][T12187] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.227895][T12187] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.237526][T12187] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.372344][ T6353] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.389664][ T6353] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.422412][T12460] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1954'. [ 204.439176][ T6353] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.454432][ T6353] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.664911][T12467] netlink: 'syz.0.1957': attribute type 1 has an invalid length. [ 204.795601][T12477] netlink: 'syz.1.1960': attribute type 4 has an invalid length. [ 204.953150][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 204.975319][T12485] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1962'. [ 205.623475][T12513] netlink: 'syz.3.1971': attribute type 1 has an invalid length. [ 205.642646][T12513] netlink: 134744 bytes leftover after parsing attributes in process `syz.3.1971'. [ 205.986621][T12498] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.020511][T12507] syzkaller0: entered promiscuous mode [ 206.026046][T12507] syzkaller0: entered allmulticast mode [ 206.051257][T12513] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 206.207328][T12498] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.309094][ T6351] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.437090][T12498] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.496133][T12535] sctp: [Deprecated]: syz.0.1975 (pid 12535) Use of struct sctp_assoc_value in delayed_ack socket option. [ 206.496133][T12535] Use struct sctp_sack_info instead [ 206.517081][T12535] sctp: [Deprecated]: syz.0.1975 (pid 12535) Use of struct sctp_assoc_value in delayed_ack socket option. [ 206.517081][T12535] Use struct sctp_sack_info instead [ 206.551480][ T6351] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.636923][T12498] bond0: (slave netdevsim0): Releasing backup interface [ 206.662921][T12498] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.779481][T12537] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1976'. [ 206.802753][T12498] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.828210][ T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 206.838874][ T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 206.848173][ T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 206.860757][ T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 206.871912][ T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 206.882951][ T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 206.929338][ T6351] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.969278][T12498] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.015176][T12498] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.071994][ T6351] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.107733][T12498] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 207.241870][T12554] FAULT_INJECTION: forcing a failure. [ 207.241870][T12554] name failslab, interval 1, probability 0, space 0, times 0 [ 207.324304][T12554] CPU: 0 UID: 0 PID: 12554 Comm: syz.0.1981 Not tainted 6.14.0-rc1-syzkaller-00102-g9dfedb8dc78b #0 [ 207.324331][T12554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 207.324340][T12554] Call Trace: [ 207.324346][T12554] [ 207.324353][T12554] dump_stack_lvl+0x241/0x360 [ 207.324374][T12554] ? __pfx_dump_stack_lvl+0x10/0x10 [ 207.324388][T12554] ? __pfx__printk+0x10/0x10 [ 207.324410][T12554] ? fs_reclaim_acquire+0x93/0x130 [ 207.324431][T12554] ? __pfx___might_resched+0x10/0x10 [ 207.324453][T12554] should_fail_ex+0x40a/0x550 [ 207.324474][T12554] should_failslab+0xac/0x100 [ 207.324491][T12554] __kmalloc_noprof+0xdd/0x4c0 [ 207.324507][T12554] ? kstrtouint_from_user+0x128/0x190 [ 207.324526][T12554] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 207.324554][T12554] tomoyo_realpath_from_path+0xcf/0x5e0 [ 207.324594][T12554] tomoyo_path_number_perm+0x236/0x860 [ 207.324609][T12554] ? __lock_acquire+0x1397/0x2100 [ 207.324627][T12554] ? tomoyo_path_number_perm+0x206/0x860 [ 207.324648][T12554] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 207.324702][T12554] ? __fget_files+0x2a/0x410 [ 207.324719][T12554] ? __fget_files+0x2a/0x410 [ 207.324736][T12554] security_file_ioctl+0xc6/0x2a0 [ 207.324755][T12554] __se_sys_ioctl+0x46/0x170 [ 207.324772][T12554] do_syscall_64+0xf3/0x230 [ 207.324789][T12554] ? clear_bhb_loop+0x35/0x90 [ 207.324811][T12554] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.324830][T12554] RIP: 0033:0x7fbd27d8cde9 [ 207.324843][T12554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 207.324855][T12554] RSP: 002b:00007fbd28bff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 207.324873][T12554] RAX: ffffffffffffffda RBX: 00007fbd27fa5fa0 RCX: 00007fbd27d8cde9 [ 207.324884][T12554] RDX: 0000400000000280 RSI: 000000000000890b RDI: 0000000000000004 [ 207.324894][T12554] RBP: 00007fbd28bff090 R08: 0000000000000000 R09: 0000000000000000 [ 207.324904][T12554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 207.324914][T12554] R13: 0000000000000000 R14: 00007fbd27fa5fa0 R15: 00007ffc6654d278 [ 207.324941][T12554] [ 207.324948][T12554] ERROR: Out of memory at tomoyo_realpath_from_path. [ 207.400504][T12558] netlink: 240 bytes leftover after parsing attributes in process `syz.1.1983'. [ 207.570196][T12564] delete_channel: no stack [ 207.574166][ T6351] bridge_slave_1: left allmulticast mode [ 207.590330][ T6351] bridge_slave_1: left promiscuous mode [ 207.596190][ T6351] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.635384][ T6351] bridge_slave_0: left allmulticast mode [ 207.642782][ T6351] bridge_slave_0: left promiscuous mode [ 207.648615][ T6351] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.656924][T12565] netlink: 'syz.1.1983': attribute type 4 has an invalid length. [ 207.664980][T12565] netlink: 'syz.1.1983': attribute type 11 has an invalid length. [ 207.673717][T12565] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1983'. [ 208.231669][ T6351] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 208.245152][ T6351] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 208.256360][ T6351] bond0 (unregistering): Released all slaves [ 208.284377][T12583] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1989'. [ 208.295951][T12583] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1989'. [ 208.305574][T12583] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1989'. [ 208.407693][T12592] syzkaller0: entered promiscuous mode [ 208.413738][T12592] syzkaller0: entered allmulticast mode [ 208.508153][T12608] FAULT_INJECTION: forcing a failure. [ 208.508153][T12608] name failslab, interval 1, probability 0, space 0, times 0 [ 208.531708][T12608] CPU: 0 UID: 0 PID: 12608 Comm: syz.0.1996 Not tainted 6.14.0-rc1-syzkaller-00102-g9dfedb8dc78b #0 [ 208.531736][T12608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 208.531745][T12608] Call Trace: [ 208.531751][T12608] [ 208.531758][T12608] dump_stack_lvl+0x241/0x360 [ 208.531782][T12608] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.531800][T12608] ? __pfx__printk+0x10/0x10 [ 208.531826][T12608] ? fs_reclaim_acquire+0x93/0x130 [ 208.531848][T12608] ? __pfx___might_resched+0x10/0x10 [ 208.531865][T12608] ? dynamic_dname+0x141/0x1b0 [ 208.531888][T12608] should_fail_ex+0x40a/0x550 [ 208.531913][T12608] should_failslab+0xac/0x100 [ 208.531931][T12608] __kmalloc_noprof+0xdd/0x4c0 [ 208.531948][T12608] ? tomoyo_encode+0x26f/0x540 [ 208.531974][T12608] tomoyo_encode+0x26f/0x540 [ 208.531997][T12608] ? __pfx_sockfs_dname+0x10/0x10 [ 208.532020][T12608] tomoyo_realpath_from_path+0x59e/0x5e0 [ 208.532054][T12608] tomoyo_path_number_perm+0x236/0x860 [ 208.532073][T12608] ? __lock_acquire+0x1397/0x2100 [ 208.532097][T12608] ? tomoyo_path_number_perm+0x206/0x860 [ 208.532118][T12608] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 208.532177][T12608] ? __fget_files+0x2a/0x410 [ 208.532198][T12608] ? __fget_files+0x2a/0x410 [ 208.532220][T12608] security_file_ioctl+0xc6/0x2a0 [ 208.532241][T12608] __se_sys_ioctl+0x46/0x170 [ 208.532263][T12608] do_syscall_64+0xf3/0x230 [ 208.532285][T12608] ? clear_bhb_loop+0x35/0x90 [ 208.532309][T12608] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.532329][T12608] RIP: 0033:0x7fbd27d8cde9 [ 208.532345][T12608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.532359][T12608] RSP: 002b:00007fbd28bff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 208.532377][T12608] RAX: ffffffffffffffda RBX: 00007fbd27fa5fa0 RCX: 00007fbd27d8cde9 [ 208.532389][T12608] RDX: 0000400000000280 RSI: 000000000000890b RDI: 0000000000000004 [ 208.532400][T12608] RBP: 00007fbd28bff090 R08: 0000000000000000 R09: 0000000000000000 [ 208.532410][T12608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 208.532420][T12608] R13: 0000000000000000 R14: 00007fbd27fa5fa0 R15: 00007ffc6654d278 [ 208.532447][T12608] [ 208.533265][T12608] ERROR: Out of memory at tomoyo_realpath_from_path. [ 208.597269][T12610] xt_CT: You must specify a L4 protocol and not use inversions on it [ 208.929152][T12626] netlink: 'syz.1.2000': attribute type 39 has an invalid length. [ 208.958621][ T5840] Bluetooth: hci4: command tx timeout [ 210.680827][T12631] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2003'. [ 210.713594][T12631] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2003'. [ 210.742777][T12631] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2003'. [ 210.814837][T12639] netlink: 64138 bytes leftover after parsing attributes in process `syz.3.2003'. [ 210.963484][ T6351] hsr_slave_0: left promiscuous mode [ 210.972009][ T6351] hsr_slave_1: left promiscuous mode [ 210.977887][ T6351] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 211.000359][ T6351] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 211.013308][ T6351] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 211.030583][ T6351] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 211.037815][ T5840] Bluetooth: hci4: command tx timeout [ 211.090649][ T6351] veth1_macvtap: left promiscuous mode [ 211.096771][ T6351] veth0_macvtap: left promiscuous mode [ 211.102714][ T6351] veth1_vlan: left promiscuous mode [ 211.108322][ T6351] veth0_vlan: left promiscuous mode [ 211.154247][T12664] netlink: 'syz.0.2009': attribute type 8 has an invalid length. [ 211.722174][ T6351] team0 (unregistering): Port device team_slave_1 removed [ 211.777740][ T6351] team0 (unregistering): Port device team_slave_0 removed [ 211.847331][T12681] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2014'. [ 212.197804][T12540] chnl_net:caif_netlink_parms(): no params data found [ 212.514417][T12700] sctp: [Deprecated]: syz.2.2018 (pid 12700) Use of int in max_burst socket option. [ 212.514417][T12700] Use struct sctp_assoc_value instead [ 212.635784][T12540] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.648651][T12540] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.665828][T12540] bridge_slave_0: entered allmulticast mode [ 212.691242][T12540] bridge_slave_0: entered promiscuous mode [ 212.716658][T12709] __nla_validate_parse: 3 callbacks suppressed [ 212.716678][T12709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2018'. [ 212.734438][T12709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2018'. [ 212.744328][T12709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2018'. [ 212.754710][T12709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2018'. [ 212.764514][T12709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2018'. [ 212.777193][T12714] x_tables: duplicate underflow at hook 2 [ 212.786090][T12709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2018'. [ 212.806110][T12709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2018'. [ 212.815651][T12709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2018'. [ 212.829383][T12709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2018'. [ 212.840412][T12709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2018'. [ 212.856494][T12540] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.870335][T12540] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.877912][T12540] bridge_slave_1: entered allmulticast mode [ 212.890805][T12540] bridge_slave_1: entered promiscuous mode [ 212.936713][T12711] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 212.947490][T12711] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 212.948602][T12722] netlink: 'syz.3.2025': attribute type 1 has an invalid length. [ 212.956649][T12721] netlink: 'syz.3.2025': attribute type 1 has an invalid length. [ 212.972864][T12711] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 212.981816][T12711] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 212.992101][T12711] geneve3: entered promiscuous mode [ 212.997422][T12711] geneve3: entered allmulticast mode [ 213.005581][T12711] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 213.015676][T12711] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 213.025340][T12711] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 213.047871][T12711] netdevsim netdevsim0 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 213.114390][ T5840] Bluetooth: hci4: command tx timeout [ 213.172562][T12540] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 213.283839][T12540] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 213.354808][T12740] xt_bpf: check failed: parse error [ 213.429067][T12540] team0: Port device team_slave_0 added [ 213.452763][T12540] team0: Port device team_slave_1 added [ 213.531093][T12540] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 213.538166][T12540] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.564808][T12540] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 213.589747][T12540] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 213.610193][T12540] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.637230][T12540] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 213.709711][T12540] hsr_slave_0: entered promiscuous mode [ 213.718206][T12540] hsr_slave_1: entered promiscuous mode [ 213.740715][T12540] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 213.748327][T12540] Cannot create hsr debugfs directory [ 213.791885][T12761] sctp: [Deprecated]: syz.0.2037 (pid 12761) Use of struct sctp_assoc_value in delayed_ack socket option. [ 213.791885][T12761] Use struct sctp_sack_info instead [ 214.275578][T12540] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 214.290348][T12540] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 214.306791][T12540] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 214.322848][T12540] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 214.334785][T12783] xt_hashlimit: max too large, truncated to 1048576 [ 214.468202][T12540] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.521970][T12540] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.541013][ T6351] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.548180][ T6351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.607513][T11506] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.614710][T11506] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.765277][T12805] FAULT_INJECTION: forcing a failure. [ 214.765277][T12805] name failslab, interval 1, probability 0, space 0, times 0 [ 214.780349][T12805] CPU: 1 UID: 0 PID: 12805 Comm: syz.2.2052 Not tainted 6.14.0-rc1-syzkaller-00102-g9dfedb8dc78b #0 [ 214.780372][T12805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 214.780382][T12805] Call Trace: [ 214.780388][T12805] [ 214.780395][T12805] dump_stack_lvl+0x241/0x360 [ 214.780420][T12805] ? __pfx_dump_stack_lvl+0x10/0x10 [ 214.780436][T12805] ? __pfx__printk+0x10/0x10 [ 214.780460][T12805] ? __kmalloc_noprof+0xb5/0x4c0 [ 214.780477][T12805] ? __pfx___might_resched+0x10/0x10 [ 214.780498][T12805] should_fail_ex+0x40a/0x550 [ 214.780521][T12805] should_failslab+0xac/0x100 [ 214.780537][T12805] __kmalloc_noprof+0xdd/0x4c0 [ 214.780553][T12805] ? flow_rule_alloc+0x2f/0x2a0 [ 214.780580][T12805] flow_rule_alloc+0x2f/0x2a0 [ 214.780605][T12805] mall_replace_hw_filter+0x147/0xcf0 [ 214.780629][T12805] ? mark_lock+0x9a/0x360 [ 214.780660][T12805] ? __pfx_mall_replace_hw_filter+0x10/0x10 [ 214.780684][T12805] ? __asan_memset+0x23/0x50 [ 214.780704][T12805] ? tcf_exts_validate_ex+0x33b/0x530 [ 214.780727][T12805] ? __pfx_tcf_exts_validate_ex+0x10/0x10 [ 214.780772][T12805] mall_change+0x5e4/0x960 [ 214.780801][T12805] ? __pfx_mall_change+0x10/0x10 [ 214.780835][T12805] ? __pfx_mall_change+0x10/0x10 [ 214.780858][T12805] tc_new_tfilter+0x1112/0x1a70 [ 214.780902][T12805] ? __pfx_tc_new_tfilter+0x10/0x10 [ 214.780935][T12805] ? rcu_read_unlock+0x87/0xa0 [ 214.780969][T12805] ? __pfx_tc_new_tfilter+0x10/0x10 [ 214.780989][T12805] rtnetlink_rcv_msg+0x791/0xcf0 [ 214.781005][T12805] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 214.781029][T12805] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 214.781054][T12805] ? ref_tracker_free+0x643/0x7e0 [ 214.781080][T12805] netlink_rcv_skb+0x1e3/0x430 [ 214.781113][T12805] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 214.781134][T12805] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 214.781179][T12805] ? netlink_deliver_tap+0x2e/0x1b0 [ 214.781198][T12805] netlink_unicast+0x7f6/0x990 [ 214.781227][T12805] ? __pfx_netlink_unicast+0x10/0x10 [ 214.781246][T12805] ? __virt_addr_valid+0x45f/0x530 [ 214.781270][T12805] ? __phys_addr_symbol+0x2f/0x70 [ 214.781291][T12805] ? __check_object_size+0x47a/0x730 [ 214.781312][T12805] netlink_sendmsg+0x8e4/0xcb0 [ 214.781340][T12805] ? __pfx_netlink_sendmsg+0x10/0x10 [ 214.781360][T12805] ? aa_sock_msg_perm+0x91/0x160 [ 214.781387][T12805] ? __pfx_netlink_sendmsg+0x10/0x10 [ 214.781401][T12805] __sock_sendmsg+0x221/0x270 [ 214.781424][T12805] ____sys_sendmsg+0x52a/0x7e0 [ 214.781449][T12805] ? __pfx_____sys_sendmsg+0x10/0x10 [ 214.781463][T12805] ? __fget_files+0x2a/0x410 [ 214.781484][T12805] ? __fget_files+0x2a/0x410 [ 214.781508][T12805] __sys_sendmsg+0x269/0x350 [ 214.781527][T12805] ? __pfx___sys_sendmsg+0x10/0x10 [ 214.781556][T12805] ? do_sys_openat2+0x17a/0x1d0 [ 214.781601][T12805] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 214.781623][T12805] ? do_syscall_64+0x100/0x230 [ 214.781648][T12805] ? do_syscall_64+0xb6/0x230 [ 214.781670][T12805] do_syscall_64+0xf3/0x230 [ 214.781691][T12805] ? clear_bhb_loop+0x35/0x90 [ 214.781715][T12805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.781735][T12805] RIP: 0033:0x7fc1a398cde9 [ 214.781750][T12805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 214.781765][T12805] RSP: 002b:00007fc1a17f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 214.781783][T12805] RAX: ffffffffffffffda RBX: 00007fc1a3ba5fa0 RCX: 00007fc1a398cde9 [ 214.781795][T12805] RDX: 0000000000040854 RSI: 0000400000006040 RDI: 0000000000000004 [ 214.781806][T12805] RBP: 00007fc1a17f6090 R08: 0000000000000000 R09: 0000000000000000 [ 214.781816][T12805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 214.781826][T12805] R13: 0000000000000000 R14: 00007fc1a3ba5fa0 R15: 00007ffcbe370408 [ 214.781854][T12805] [ 215.193545][ T5840] Bluetooth: hci4: command tx timeout [ 215.266411][T12816] ªªªªªª: renamed from vlan0 (while UP) [ 215.328089][T12540] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 215.478159][T12834] netlink: 'syz.0.2056': attribute type 1 has an invalid length. [ 215.527054][T12834] netlink: 'syz.0.2056': attribute type 1 has an invalid length. [ 215.551316][T12834] netlink: 'syz.0.2056': attribute type 11 has an invalid length. [ 215.637388][T12540] veth0_vlan: entered promiscuous mode [ 215.664315][T12540] veth1_vlan: entered promiscuous mode [ 215.746022][T12540] veth0_macvtap: entered promiscuous mode [ 215.779567][T12540] veth1_macvtap: entered promiscuous mode [ 215.829095][T12540] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 215.857007][T12540] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 215.876165][T12540] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.889723][T12540] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 215.913837][T12540] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.937547][T12861] x_tables: duplicate underflow at hook 1 [ 215.944158][T12540] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.955941][T12540] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.982395][T12540] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.101506][T12869] FAULT_INJECTION: forcing a failure. [ 216.101506][T12869] name failslab, interval 1, probability 0, space 0, times 0 [ 216.120920][T12869] CPU: 0 UID: 0 PID: 12869 Comm: syz.1.2065 Not tainted 6.14.0-rc1-syzkaller-00102-g9dfedb8dc78b #0 [ 216.120949][T12869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 216.120959][T12869] Call Trace: [ 216.120965][T12869] [ 216.120972][T12869] dump_stack_lvl+0x241/0x360 [ 216.120998][T12869] ? __pfx_dump_stack_lvl+0x10/0x10 [ 216.121015][T12869] ? __pfx__printk+0x10/0x10 [ 216.121041][T12869] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 216.121061][T12869] ? __pfx___might_resched+0x10/0x10 [ 216.121085][T12869] should_fail_ex+0x40a/0x550 [ 216.121107][T12869] should_failslab+0xac/0x100 [ 216.121125][T12869] kmem_cache_alloc_node_noprof+0x77/0x380 [ 216.121142][T12869] ? __alloc_skb+0x1c3/0x440 [ 216.121175][T12869] __alloc_skb+0x1c3/0x440 [ 216.121202][T12869] ? __pfx___alloc_skb+0x10/0x10 [ 216.121228][T12869] ? netlink_ack_tlv_len+0x6e/0x200 [ 216.121253][T12869] netlink_ack+0x145/0xa50 [ 216.121290][T12869] netlink_rcv_skb+0x262/0x430 [ 216.121314][T12869] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 216.121335][T12869] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 216.121378][T12869] ? netlink_deliver_tap+0x2e/0x1b0 [ 216.121396][T12869] netlink_unicast+0x7f6/0x990 [ 216.121426][T12869] ? __pfx_netlink_unicast+0x10/0x10 [ 216.121446][T12869] ? __virt_addr_valid+0x45f/0x530 [ 216.121469][T12869] ? __phys_addr_symbol+0x2f/0x70 [ 216.121491][T12869] ? __check_object_size+0x47a/0x730 [ 216.121511][T12869] netlink_sendmsg+0x8e4/0xcb0 [ 216.121538][T12869] ? __pfx_netlink_sendmsg+0x10/0x10 [ 216.121558][T12869] ? aa_sock_msg_perm+0x91/0x160 [ 216.121584][T12869] ? __pfx_netlink_sendmsg+0x10/0x10 [ 216.121599][T12869] __sock_sendmsg+0x221/0x270 [ 216.121621][T12869] ____sys_sendmsg+0x52a/0x7e0 [ 216.121646][T12869] ? __pfx_____sys_sendmsg+0x10/0x10 [ 216.121660][T12869] ? __fget_files+0x2a/0x410 [ 216.121680][T12869] ? __fget_files+0x2a/0x410 [ 216.121705][T12869] __sys_sendmsg+0x269/0x350 [ 216.121725][T12869] ? __pfx___sys_sendmsg+0x10/0x10 [ 216.121751][T12869] ? do_sys_openat2+0x17a/0x1d0 [ 216.121803][T12869] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 216.121828][T12869] ? do_syscall_64+0x100/0x230 [ 216.121852][T12869] ? do_syscall_64+0xb6/0x230 [ 216.121876][T12869] do_syscall_64+0xf3/0x230 [ 216.121896][T12869] ? clear_bhb_loop+0x35/0x90 [ 216.121919][T12869] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.121940][T12869] RIP: 0033:0x7f415c78cde9 [ 216.121956][T12869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 216.121969][T12869] RSP: 002b:00007f415d5e5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 216.121988][T12869] RAX: ffffffffffffffda RBX: 00007f415c9a5fa0 RCX: 00007f415c78cde9 [ 216.122001][T12869] RDX: 0000000000040854 RSI: 0000400000006040 RDI: 0000000000000004 [ 216.122012][T12869] RBP: 00007f415d5e5090 R08: 0000000000000000 R09: 0000000000000000 [ 216.122022][T12869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 216.122032][T12869] R13: 0000000000000000 R14: 00007f415c9a5fa0 R15: 00007fffd4603f08 [ 216.122058][T12869] [ 216.172606][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 216.447620][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 216.537179][ T5976] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 216.567830][ T5976] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 216.878358][T12897] sctp: [Deprecated]: syz.2.2073 (pid 12897) Use of struct sctp_assoc_value in delayed_ack socket option. [ 216.878358][T12897] Use struct sctp_sack_info instead [ 217.368780][T12925] x_tables: duplicate underflow at hook 1 [ 217.394606][T12930] x_tables: duplicate underflow at hook 1 [ 217.910689][T12957] netlink: 'syz.0.2090': attribute type 1 has an invalid length. [ 217.918569][T12957] netlink: 'syz.0.2090': attribute type 1 has an invalid length. [ 218.128939][T12964] __nla_validate_parse: 51 callbacks suppressed [ 218.128957][T12964] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2092'. [ 218.287053][ T6358] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.433160][T12980] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2099'. [ 218.526749][ T6358] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.555612][ T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 218.567013][ T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 218.578298][ T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 218.605348][ T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 218.613239][ T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 218.622129][ T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 218.744296][ T6358] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.778610][T12989] netlink: 'syz.3.2102': attribute type 64 has an invalid length. [ 218.803229][T12989] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2102'. [ 220.663589][ T6358] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.720193][ T54] Bluetooth: hci4: command tx timeout [ 220.820874][T13014] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2110'. [ 220.945355][ T6358] bridge_slave_1: left allmulticast mode [ 220.974614][ T6358] bridge_slave_1: left promiscuous mode [ 220.984902][ T6358] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.993640][T13023] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.2112'. [ 221.007648][ T6358] bridge_slave_0: left allmulticast mode [ 221.019417][ T6358] bridge_slave_0: left promiscuous mode [ 221.030867][ T6358] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.144084][T13030] netlink: 'syz.3.2115': attribute type 1 has an invalid length. [ 221.180179][T13030] netlink: 'syz.3.2115': attribute type 1 has an invalid length. [ 221.242835][T13030] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2115'. [ 221.561765][ T6358] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 221.573126][ T6358] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 221.586081][ T6358] bond0 (unregistering): Released all slaves [ 221.686020][T13030] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.827910][T13048] sctp: [Deprecated]: syz.0.2120 (pid 13048) Use of int in maxseg socket option. [ 221.827910][T13048] Use struct sctp_assoc_value instead [ 221.876686][T13030] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.918477][T13050] syz_tun: entered allmulticast mode [ 221.928230][T13054] x_tables: (null)_tables: DNAT target: only valid in nat table, not syz0 [ 221.988042][T13030] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.009748][T13045] syz_tun: left allmulticast mode [ 222.017147][T13060] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2122'. [ 222.118669][T13030] netdevsim netdevsim3  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.364210][ T6358] hsr_slave_0: left promiscuous mode [ 222.374735][ T6358] hsr_slave_1: left promiscuous mode [ 222.381377][ T6358] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 222.388831][ T6358] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 222.398165][ T6358] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 222.405920][ T6358] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 222.425868][ T6358] veth1_macvtap: left promiscuous mode [ 222.433417][ T6358] veth0_macvtap: left promiscuous mode [ 222.439079][ T6358] veth1_vlan: left promiscuous mode [ 222.444598][ T6358] veth0_vlan: left promiscuous mode [ 222.520910][T13078] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2124'. [ 222.790274][ T54] Bluetooth: hci4: command tx timeout [ 222.877164][ T6358] team0 (unregistering): Port device team_slave_1 removed [ 222.921827][ T6358] team0 (unregistering): Port device team_slave_0 removed [ 223.324300][T13030] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.354681][T13030] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.365224][T13078] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 223.421562][T13030] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.443163][T13030] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.500904][T12982] chnl_net:caif_netlink_parms(): no params data found [ 223.520060][T13084] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2127'. [ 223.644430][T13092] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2129'. [ 223.734848][T13092] netlink: 43 bytes leftover after parsing attributes in process `syz.2.2129'. [ 223.757118][T13092] netlink: 'syz.2.2129': attribute type 5 has an invalid length. [ 223.765453][T13092] netlink: 43 bytes leftover after parsing attributes in process `syz.2.2129'. [ 223.777044][T13092] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2129'. [ 223.787008][T13092] netlink: 43 bytes leftover after parsing attributes in process `syz.2.2129'. [ 223.796708][T13092] netlink: 'syz.2.2129': attribute type 5 has an invalid length. [ 223.805360][T13107] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2131'. [ 223.805413][T13092] netlink: 43 bytes leftover after parsing attributes in process `syz.2.2129'. [ 223.826152][T13092] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2129'. [ 223.832212][T12982] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.842607][T13092] netlink: 43 bytes leftover after parsing attributes in process `syz.2.2129'. [ 223.852442][T13092] netlink: 'syz.2.2129': attribute type 5 has an invalid length. [ 223.865793][T13092] netlink: 'syz.2.2129': attribute type 5 has an invalid length. [ 223.867940][T12982] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.885756][T13092] netlink: 'syz.2.2129': attribute type 5 has an invalid length. [ 223.887084][T12982] bridge_slave_0: entered allmulticast mode [ 223.905621][T13092] netlink: 'syz.2.2129': attribute type 5 has an invalid length. [ 223.906860][T12982] bridge_slave_0: entered promiscuous mode [ 223.914373][T13092] netlink: 'syz.2.2129': attribute type 5 has an invalid length. [ 223.929547][T13092] netlink: 'syz.2.2129': attribute type 5 has an invalid length. [ 223.939529][T13092] netlink: 'syz.2.2129': attribute type 5 has an invalid length. [ 223.948705][T13092] netlink: 'syz.2.2129': attribute type 5 has an invalid length. [ 223.957478][T12982] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.966554][T12982] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.974601][T12982] bridge_slave_1: entered allmulticast mode [ 223.982593][T12982] bridge_slave_1: entered promiscuous mode [ 224.001768][T13092] netlink: 'syz.2.2129': attribute type 5 has an invalid length. [ 224.032336][T12982] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 224.046565][T12982] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 224.130908][T12982] team0: Port device team_slave_0 added [ 224.150845][T12982] team0: Port device team_slave_1 added [ 224.311073][T12982] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 224.318068][T12982] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 224.351820][T12982] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 224.382809][T12982] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 224.400156][T12982] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 224.435701][T12982] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 224.509692][T13134] x_tables: duplicate entry at hook 2 [ 224.614920][T13129] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 224.659680][T12982] hsr_slave_0: entered promiscuous mode [ 224.667340][T12982] hsr_slave_1: entered promiscuous mode [ 224.674146][T12982] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 224.682355][T12982] Cannot create hsr debugfs directory [ 224.870097][ T54] Bluetooth: hci4: command tx timeout [ 225.233439][T13176] IPVS: set_ctl: invalid protocol: 59 10.1.1.1:20002 [ 225.238479][T12982] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 225.298698][T12982] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 225.321165][T12982] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 225.345571][T12982] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 225.535273][T12982] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.594922][T12982] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.624858][ T6358] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.632089][ T6358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.660718][T13196] Set syz1 is full, maxelem 65536 reached [ 225.686851][ T6358] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.694078][ T6358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.916509][T13204] xt_HMARK: spi-set and port-set can't be combined [ 226.444558][T12982] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 226.837506][T13265] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled [ 226.940155][T12982] veth0_vlan: entered promiscuous mode [ 226.960701][ T54] Bluetooth: hci4: command tx timeout [ 226.962761][T12982] veth1_vlan: entered promiscuous mode [ 227.007602][T13271] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 227.084467][T12982] veth0_macvtap: entered promiscuous mode [ 227.114556][T12982] veth1_macvtap: entered promiscuous mode [ 227.163798][T12982] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 227.174471][T12982] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 227.185257][T12982] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.197256][T12982] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 227.245531][T12982] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.277825][T12982] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.313468][T12982] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.325370][T12982] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.495057][ T3884] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 227.554911][ T3884] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 227.600880][ T6358] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 227.609034][ T6358] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 227.838823][T12982] ------------[ cut here ]------------ [ 227.844859][T12982] refcount_t: underflow; use-after-free. [ 227.851105][T12982] WARNING: CPU: 0 PID: 12982 at lib/refcount.c:28 refcount_warn_saturate+0x15a/0x1d0 [ 227.860704][T12982] Modules linked in: [ 227.864618][T12982] CPU: 0 UID: 0 PID: 12982 Comm: syz-executor Not tainted 6.14.0-rc1-syzkaller-00102-g9dfedb8dc78b #0 [ 227.875653][T12982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 227.885818][T12982] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0 [ 227.892139][T12982] Code: 00 45 60 8c e8 17 4d 97 fc 90 0f 0b 90 90 eb 99 e8 9b a1 d6 fc c6 05 ff bc 1c 0b 01 90 48 c7 c7 60 45 60 8c e8 f7 4c 97 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 78 a1 d6 fc c6 05 d9 bc 1c 0b 01 90 [ 227.912156][T12982] RSP: 0018:ffffc9000575f7b8 EFLAGS: 00010246 [ 227.918267][T12982] RAX: 4d420602334cf900 RBX: ffff88801f341478 RCX: ffff88807b2fda00 [ 227.927123][T12982] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 227.935229][T12982] RBP: 0000000000000003 R08: ffffffff81800c22 R09: fffffbfff1cfa588 [ 227.943389][T12982] R10: dffffc0000000000 R11: fffffbfff1cfa588 R12: ffff88801f341460 [ 227.951523][T12982] R13: ffffffff862ad220 R14: 1ffff11003e6828c R15: ffff88801f341460 [ 227.959530][T12982] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 227.968792][T12982] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 227.975498][T12982] CR2: 000000110c2d0f15 CR3: 00000000272da000 CR4: 00000000003526f0 [ 227.983550][T12982] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 227.991850][T12982] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 227.999863][T12982] Call Trace: [ 228.003288][T12982] [ 228.006250][T12982] ? __warn+0x165/0x4d0 [ 228.010512][T12982] ? refcount_warn_saturate+0x15a/0x1d0 [ 228.016191][T12982] ? report_bug+0x2b3/0x500 [ 228.020861][T12982] ? refcount_warn_saturate+0x15a/0x1d0 [ 228.026458][T12982] ? handle_bug+0x60/0x90 [ 228.030912][T12982] ? exc_invalid_op+0x1a/0x50 [ 228.035616][T12982] ? asm_exc_invalid_op+0x1a/0x20 [ 228.040819][T12982] ? __pfx_klist_children_put+0x10/0x10 [ 228.046399][T12982] ? __warn_printk+0x292/0x360 [ 228.051255][T12982] ? refcount_warn_saturate+0x15a/0x1d0 [ 228.057075][T12982] ? refcount_warn_saturate+0x159/0x1d0 [ 228.062763][T12982] klist_dec_and_del+0x3ec/0x3f0 [ 228.067766][T12982] ? __pfx_klist_children_put+0x10/0x10 [ 228.073788][T12982] ? __pfx_klist_children_put+0x10/0x10 [ 228.079382][T12982] ? __pfx_klist_children_put+0x10/0x10 [ 228.085070][T12982] klist_remove+0x25e/0x480 [ 228.089606][T12982] ? __pfx_klist_remove+0x10/0x10 [ 228.094747][T12982] ? __pfx_kobject_move+0x10/0x10 [ 228.099825][T12982] ? get_device_parent+0x25d/0x410 [ 228.105055][T12982] device_move+0x1b4/0x710 [ 228.109523][T12982] ? kasan_quarantine_put+0xdc/0x230 [ 228.114926][T12982] hci_conn_del_sysfs+0xb5/0x170 [ 228.119890][T12982] hci_conn_del+0x8c4/0xc40 [ 228.124538][T12982] hci_conn_hash_flush+0x258/0x350 [ 228.129678][T12982] ? __pfx_hci_conn_hash_flush+0x10/0x10 [ 228.135406][T12982] ? _raw_spin_unlock_irq+0x2e/0x50 [ 228.140726][T12982] ? drain_workqueue+0x2d3/0x3a0 [ 228.145690][T12982] ? hci_inquiry_cache_flush+0x181/0x220 [ 228.151623][T12982] ? hci_discovery_set_state+0x57/0x180 [ 228.157190][T12982] hci_dev_close_sync+0xa42/0x11c0 [ 228.162395][T12982] hci_unregister_dev+0x20b/0x510 [ 228.167451][T12982] vhci_release+0x80/0xd0 [ 228.171935][T12982] ? __pfx_vhci_release+0x10/0x10 [ 228.176996][T12982] __fput+0x3e9/0x9f0 [ 228.181186][T12982] task_work_run+0x24f/0x310 [ 228.185822][T12982] ? __pfx_task_work_run+0x10/0x10 [ 228.191032][T12982] ? do_exit+0xa25/0x28e0 [ 228.195393][T12982] ? do_exit+0xa25/0x28e0 [ 228.199757][T12982] do_exit+0xa2a/0x28e0 [ 228.204017][T12982] ? __pfx_do_exit+0x10/0x10 [ 228.208629][T12982] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 228.214731][T12982] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 228.221244][T12982] ? _raw_spin_unlock_irq+0x23/0x50 [ 228.226462][T12982] ? lockdep_hardirqs_on+0x99/0x150 [ 228.231935][T12982] do_group_exit+0x207/0x2c0 [ 228.236550][T12982] __x64_sys_exit_group+0x3f/0x40 [ 228.241717][T12982] x64_sys_call+0x26a8/0x26b0 [ 228.246411][T12982] do_syscall_64+0xf3/0x230 [ 228.251037][T12982] ? clear_bhb_loop+0x35/0x90 [ 228.255758][T12982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.261784][T12982] RIP: 0033:0x7f5e6ff8cde9 [ 228.266215][T12982] Code: Unable to access opcode bytes at 0x7f5e6ff8cdbf. [ 228.273295][T12982] RSP: 002b:00007fff330f6f58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 228.281857][T12982] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5e6ff8cde9 [ 228.289866][T12982] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 228.297957][T12982] RBP: 00007f5e6ffed8d0 R08: 00007fff330f4cf7 R09: 0000000000000003 [ 228.306047][T12982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.314266][T12982] R13: 0000000000000003 R14: 00000000ffffffff R15: 00007fff330f7110 [ 228.322362][T12982] [ 228.325421][T12982] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 228.332715][T12982] CPU: 0 UID: 0 PID: 12982 Comm: syz-executor Not tainted 6.14.0-rc1-syzkaller-00102-g9dfedb8dc78b #0 [ 228.343736][T12982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 228.353786][T12982] Call Trace: [ 228.357146][T12982] [ 228.360091][T12982] dump_stack_lvl+0x241/0x360 [ 228.364767][T12982] ? __pfx_dump_stack_lvl+0x10/0x10 [ 228.369959][T12982] ? __pfx__printk+0x10/0x10 [ 228.374557][T12982] ? vscnprintf+0x5d/0x90 [ 228.378882][T12982] panic+0x349/0x880 [ 228.382784][T12982] ? __warn+0x174/0x4d0 [ 228.386940][T12982] ? __pfx_panic+0x10/0x10 [ 228.391629][T12982] __warn+0x344/0x4d0 [ 228.395604][T12982] ? refcount_warn_saturate+0x15a/0x1d0 [ 228.401143][T12982] report_bug+0x2b3/0x500 [ 228.405494][T12982] ? refcount_warn_saturate+0x15a/0x1d0 [ 228.411077][T12982] handle_bug+0x60/0x90 [ 228.415243][T12982] exc_invalid_op+0x1a/0x50 [ 228.419746][T12982] asm_exc_invalid_op+0x1a/0x20 [ 228.424680][T12982] RIP: 0010:refcount_warn_saturate+0x15a/0x1d0 [ 228.430834][T12982] Code: 00 45 60 8c e8 17 4d 97 fc 90 0f 0b 90 90 eb 99 e8 9b a1 d6 fc c6 05 ff bc 1c 0b 01 90 48 c7 c7 60 45 60 8c e8 f7 4c 97 fc 90 <0f> 0b 90 90 e9 76 ff ff ff e8 78 a1 d6 fc c6 05 d9 bc 1c 0b 01 90 [ 228.450451][T12982] RSP: 0018:ffffc9000575f7b8 EFLAGS: 00010246 [ 228.456520][T12982] RAX: 4d420602334cf900 RBX: ffff88801f341478 RCX: ffff88807b2fda00 [ 228.464483][T12982] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 228.472446][T12982] RBP: 0000000000000003 R08: ffffffff81800c22 R09: fffffbfff1cfa588 [ 228.480427][T12982] R10: dffffc0000000000 R11: fffffbfff1cfa588 R12: ffff88801f341460 [ 228.488433][T12982] R13: ffffffff862ad220 R14: 1ffff11003e6828c R15: ffff88801f341460 [ 228.496460][T12982] ? __pfx_klist_children_put+0x10/0x10 [ 228.502032][T12982] ? __warn_printk+0x292/0x360 [ 228.506813][T12982] ? refcount_warn_saturate+0x159/0x1d0 [ 228.512362][T12982] klist_dec_and_del+0x3ec/0x3f0 [ 228.517309][T12982] ? __pfx_klist_children_put+0x10/0x10 [ 228.522854][T12982] ? __pfx_klist_children_put+0x10/0x10 [ 228.528393][T12982] ? __pfx_klist_children_put+0x10/0x10 [ 228.533932][T12982] klist_remove+0x25e/0x480 [ 228.538525][T12982] ? __pfx_klist_remove+0x10/0x10 [ 228.543555][T12982] ? __pfx_kobject_move+0x10/0x10 [ 228.548578][T12982] ? get_device_parent+0x25d/0x410 [ 228.553704][T12982] device_move+0x1b4/0x710 [ 228.558129][T12982] ? kasan_quarantine_put+0xdc/0x230 [ 228.563423][T12982] hci_conn_del_sysfs+0xb5/0x170 [ 228.568366][T12982] hci_conn_del+0x8c4/0xc40 [ 228.572874][T12982] hci_conn_hash_flush+0x258/0x350 [ 228.577991][T12982] ? __pfx_hci_conn_hash_flush+0x10/0x10 [ 228.583633][T12982] ? _raw_spin_unlock_irq+0x2e/0x50 [ 228.588826][T12982] ? drain_workqueue+0x2d3/0x3a0 [ 228.593756][T12982] ? hci_inquiry_cache_flush+0x181/0x220 [ 228.599381][T12982] ? hci_discovery_set_state+0x57/0x180 [ 228.604924][T12982] hci_dev_close_sync+0xa42/0x11c0 [ 228.610035][T12982] hci_unregister_dev+0x20b/0x510 [ 228.615119][T12982] vhci_release+0x80/0xd0 [ 228.619441][T12982] ? __pfx_vhci_release+0x10/0x10 [ 228.624488][T12982] __fput+0x3e9/0x9f0 [ 228.628498][T12982] task_work_run+0x24f/0x310 [ 228.633110][T12982] ? __pfx_task_work_run+0x10/0x10 [ 228.638225][T12982] ? do_exit+0xa25/0x28e0 [ 228.642559][T12982] ? do_exit+0xa25/0x28e0 [ 228.646891][T12982] do_exit+0xa2a/0x28e0 [ 228.651049][T12982] ? __pfx_do_exit+0x10/0x10 [ 228.655721][T12982] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 228.661698][T12982] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 228.668023][T12982] ? _raw_spin_unlock_irq+0x23/0x50 [ 228.673297][T12982] ? lockdep_hardirqs_on+0x99/0x150 [ 228.678491][T12982] do_group_exit+0x207/0x2c0 [ 228.683094][T12982] __x64_sys_exit_group+0x3f/0x40 [ 228.688119][T12982] x64_sys_call+0x26a8/0x26b0 [ 228.692786][T12982] do_syscall_64+0xf3/0x230 [ 228.697285][T12982] ? clear_bhb_loop+0x35/0x90 [ 228.701959][T12982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.707852][T12982] RIP: 0033:0x7f5e6ff8cde9 [ 228.712257][T12982] Code: Unable to access opcode bytes at 0x7f5e6ff8cdbf. [ 228.719256][T12982] RSP: 002b:00007fff330f6f58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 228.727659][T12982] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5e6ff8cde9 [ 228.735627][T12982] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 228.743592][T12982] RBP: 00007f5e6ffed8d0 R08: 00007fff330f4cf7 R09: 0000000000000003 [ 228.751552][T12982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.759513][T12982] R13: 0000000000000003 R14: 00000000ffffffff R15: 00007fff330f7110 [ 228.767489][T12982] [ 228.770757][T12982] Kernel Offset: disabled [ 228.775254][T12982] Rebooting in 86400 seconds..