last executing test programs: 2m51.177231622s ago: executing program 2 (id=5107): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r1, 0x29, 0xd1, &(0x7f0000000000), 0x4) 2m51.051925861s ago: executing program 2 (id=5113): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000ac0)={@val={0x2000}, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x29, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x0, 0x28, 0x0, @opaque="999c66cad8028e6dba1956b1ce35921ff75f0d48773ebec6e78ce48cd6ee610a"}}}}}}, 0x4e) 2m50.834012499s ago: executing program 2 (id=5120): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) recvmsg$unix(r0, 0x0, 0x2002) socket$packet(0x11, 0x0, 0x300) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window, @mss, @window], 0x5) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0xc7) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0) connect$inet(r1, &(0x7f0000000080)={0x240, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) syz_init_net_socket$llc(0x1a, 0x2, 0x0) 2m50.658451167s ago: executing program 2 (id=5124): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xb, &(0x7f0000000c00)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'bridge0\x00', 0x0}) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) sendto$packet(r1, &(0x7f00000000c0)="3f03fe7f0300120006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) 2m50.448215861s ago: executing program 2 (id=5132): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000001700)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}]}], {0x14}}, 0x68}}, 0x0) 2m50.363519704s ago: executing program 2 (id=5135): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_DF={0x5}]}}}]}, 0x3c}}, 0x0) 2m47.811629605s ago: executing program 1 (id=5166): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socket$igmp(0x2, 0x3, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r1, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) 2m46.847445422s ago: executing program 1 (id=5169): r0 = socket$inet6(0xa, 0x3, 0x7) getsockopt$inet6_buf(r0, 0x29, 0x6, 0x0, &(0x7f00000000c0)) 2m46.647867688s ago: executing program 1 (id=5173): unshare(0x62040200) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000040)=ANY=[@ANYBLOB="66696c746572000000000000f7ff00000000000000000000000000000000000003"], 0x58) 2m46.065292788s ago: executing program 0 (id=5182): syz_emit_ethernet(0x2e, &(0x7f0000000000)={@random="83b6a82dcf49", @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x73, 0x0, @private, @multicast1}, {0x0, 0x0, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) socket$qrtr(0x2a, 0x2, 0x0) bind$qrtr(0xffffffffffffffff, 0x0, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) unshare(0x4000400) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$AUTOFS_IOC_EXPIRE_MULTI(0xffffffffffffffff, 0x40049366, 0x0) setsockopt$TIPC_MCAST_REPLICAST(0xffffffffffffffff, 0x10f, 0x86) bpf$ITER_CREATE(0x21, 0x0, 0x0) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)="fe", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1}}], 0x4000210, 0x2, 0x0) 2m44.140746499s ago: executing program 3 (id=5188): r0 = socket(0x10, 0x80003, 0x0) write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85) recvmsg$unix(r0, &(0x7f0000003580)={0x0, 0x0, &(0x7f0000003500)=[{&(0x7f00000011c0)=""/22, 0x16}, {&(0x7f00000035c0)=""/4098, 0x1002}, {&(0x7f0000002380)=""/145, 0x91}, {&(0x7f0000002440)=""/4096, 0x1000}], 0x4}, 0x0) 2m43.949382904s ago: executing program 3 (id=5189): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001b00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8927, &(0x7f0000001b40)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001bc0)={&(0x7f0000001b80)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x0) 2m43.487975661s ago: executing program 0 (id=5190): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socket$igmp(0x2, 0x3, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r1, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) 2m43.385488936s ago: executing program 3 (id=5192): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000200), 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000080)={[{0x2b, 'cpu'}]}, 0x5) 2m43.354271838s ago: executing program 3 (id=5193): socket$netlink(0x10, 0x3, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3) poll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f00000001c0), 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000003a80)={0x0, 0x1c, &(0x7f0000003980)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}]}, &(0x7f0000003ac0)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x6d, &(0x7f0000000080), &(0x7f00000000c0)=0x3930) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r8 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) r11 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r10}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r11, &(0x7f0000000000), &(0x7f0000000080)=@udp6}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d80)={{r11}, &(0x7f0000000d00), &(0x7f0000000d40)='%+9llu \x00'}, 0x20) bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000040)={r11, &(0x7f0000000380)}, 0x20) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x0}) r13 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000540)={0xb4, 0x0, 0x20, 0x70bd26, 0x0, {}, [{@pci={{0x8}, {0x11}}, {0xd}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5, 0x83, 0x1}}]}, 0xb4}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$NFT_BATCH(r13, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5021900000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r13, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x3}, @NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_SREG={0x8}, @NFTA_EXTHDR_TYPE={0x5}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x4a}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x4f}]}}}]}]}], {0x14}}, 0x90}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001ac0)=ANY=[@ANYBLOB="4c00000010000906fdffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="adffa888000000001c00128009000100766c616e000000000c000280060001000000000008000500", @ANYRES32=r7, @ANYBLOB='\b \n\x00', @ANYRES32=r12, @ANYBLOB], 0x4c}}, 0x0) 2m43.30392953s ago: executing program 0 (id=5194): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c0000003a000b00000000000200000004"], 0x2c}}, 0x0) 2m43.195364347s ago: executing program 0 (id=5195): sendmsg$RDMA_NLDEV_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="20000000021401000000000000000400080001"], 0x20}}, 0x0) 2m43.104685037s ago: executing program 0 (id=5196): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000140), 0x208e24b) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(crct10dif-generic)\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) sendfile(r3, r1, 0x0, 0x7ffff000) 2m42.424948729s ago: executing program 3 (id=5198): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x0, 0x0, 0x0) r1 = socket(0x15, 0x3, 0x5) r2 = socket(0x200000100000011, 0x803, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x10}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendto$packet(r2, &(0x7f0000000100)="4dcdc7d96a760000000600050000000000060000", 0x34, 0x0, &(0x7f0000000000)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="18020000e7ffffff0000000000000000850000005300000085000000230000009500000000000000a94be0c51261be6a99e5e06bb0a232d5e1f59f18f845f82e9a7cde9e8f1b547edf613a03f1737d951d7a617558b674e1c4fdfd771ebe7c33af3e4917be59ac67f0bbabcb8f41c23ba8d91633a8b9c70e804744dc081ac69cfea08e4e5a06f70c6792f2888d6fd95f202028070000003771bc3f325a6386a9d49e3c13b32461acf0be4b31638c29187d748841f439547bcdac15e52a4b6a2981eb4afadbbdf9157fa588f475c4cd2e44e2129dc6b93993909613e8d95f5610c067d9b97c524c210af077707d71e8512e"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc0, &(0x7f0000000140)=""/192}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r5, 0x0, 0xe, 0x0, &(0x7f0000000040)="5f8f9ca681265d6cd1b08e2b5ede", 0x0, 0xffbfffff, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)}, 0x50) r6 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f00000000c0)={0x0, @empty, @remote}, &(0x7f0000000100)=0xc) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'team0\x00', 0x0}) sendmsg$ETHTOOL_MSG_EEE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xfc, r7, 0x8, 0x70bd29, 0x25dfdbfd, {}, [@ETHTOOL_A_EEE_HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @ETHTOOL_A_EEE_TX_LPI_TIMER={0x8, 0x7, 0x7}, @ETHTOOL_A_EEE_HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}, @ETHTOOL_A_EEE_MODES_OURS={0x28, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x24, 0x3, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}]}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5, 0x6, 0x1}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5}]}, 0xfc}, 0x1, 0x0, 0x0, 0x1}, 0x858) bind$llc(r6, &(0x7f0000000040)={0x1a, 0x0, 0x20}, 0x10) 2m42.42021105s ago: executing program 1 (id=5199): getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x305}, 0x14}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendto$packet(0xffffffffffffffff, &(0x7f0000000080)="e7feeeb53d72", 0x6, 0x0, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(0xffffffffffffffff, &(0x7f0000000100)={@val={0xa}, @void, @eth={@broadcast, @remote, @val, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x0, 0x18, 0x0, @wg=@data}}}}}}, 0x46) recvmmsg(r2, &(0x7f00000005c0)=[{{0x0, 0xfffffffffffffea3, 0x0}}], 0x3ffffffffffff62, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r2) sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x24048050) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), r5) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r4, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000840)=ANY=[@ANYBLOB="00010000", @ANYRES16=r7, @ANYBLOB="000125bd7000fbdbdf250a0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000003ba0f2563edea96e0e0001006e657464657673696d0000000f0002006e657464657673696d3000000800030000000000080001007063690011000200303030303a30303a31302e30000000000800030002001e000e0001006e65746465877673696d0000000f0002006e657464757673696d30000008000300000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000300010000000e0001006e657464657673696d0000004f0002006e657464657673696d3000000800030000000000"], 0x100}, 0x1, 0x0, 0x0, 0x4080}, 0x80) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000400)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRES16=r6, @ANYBLOB="05000000000000000000060000000800", @ANYRES32=r8, @ANYBLOB="08000500020000008c879ebf6463558ab37a2b695d3de0f0ea40e4d12bed52146767c1c8e27fb75584ba43517aec67cd34b5162ec309745a6976b933b93791f8a39b8372837abce2237d6f7de038133a8078cdb7a8604cf2098d4d3039b88a8145292afc9cfedcd7f342137217b2000000008a35927dabe2fb08905ffca585e46daa7c327a783da9610b8d4d5b665442899d490114ea0abc0148c0c791f9eaa9dbcb93eb0cbc7ba19739"], 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x40, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_USE_MFP={0x8}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x2}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x40}}, 0x0) 2m42.177684234s ago: executing program 3 (id=5200): syz_emit_ethernet(0x2e, &(0x7f0000000000)={@random="83b6a82dcf49", @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x73, 0x0, @private, @multicast1}, {0x0, 0x0, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) socket$qrtr(0x2a, 0x2, 0x0) bind$qrtr(0xffffffffffffffff, 0x0, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) unshare(0x4000400) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$AUTOFS_IOC_EXPIRE_MULTI(0xffffffffffffffff, 0x40049366, 0x0) setsockopt$TIPC_MCAST_REPLICAST(0xffffffffffffffff, 0x10f, 0x86) bpf$ITER_CREATE(0x21, 0x0, 0x0) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)="fe", 0x1}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1}}], 0x4000210, 0x2, 0x0) 2m42.176790167s ago: executing program 0 (id=5201): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10) r1 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0xac, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xcb2}]}]}]}}]}, 0xac}}, 0x0) 2m42.152656632s ago: executing program 4 (id=5202): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x7, 0x0, &(0x7f0000000100)="e0b9547ed387db", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB='<\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r2, @ANYBLOB="0a00340002020202020200000400cc0004001e01090049"], 0x3c}}, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2000000011140100000700000000000008"], 0x20}}, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) socket$inet6_mptcp(0xa, 0x1, 0x106) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r5}, 0x10) r6 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8100000}, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x89e2, &(0x7f0000000900)={r3}) syz_genetlink_get_family_id$tipc(&(0x7f00000008c0), r7) write$binfmt_misc(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="15"], 0x6) r8 = socket$tipc(0x1e, 0x2, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000540)=0x14) r10 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000600)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0xb, [@func={0x4, 0x0, 0x0, 0xc, 0x3}, @ptr={0x5}]}, {0x0, [0x30, 0x2e, 0x61, 0x30, 0x30, 0x5f, 0x0, 0x61, 0x5f]}}, &(0x7f00000005c0)=""/26, 0x3b, 0x1a, 0x1, 0x2}, 0x20) r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000006c0)={0x1b, 0x0, 0x0, 0x3, 0x0, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xa, &(0x7f0000000340)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r8}}, @generic={0x65, 0x5, 0xe, 0xe8, 0xc67}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2}]}, &(0x7f00000001c0)='syzkaller\x00', 0x200, 0xef, &(0x7f00000003c0)=""/239, 0x40f00, 0x4b, '\x00', r9, 0x17, r10, 0x8, &(0x7f0000000640)={0x9, 0x3}, 0x8, 0x10, &(0x7f0000000680)={0x4, 0x0, 0x793, 0x4}, 0x10, 0x0, r5, 0x5, &(0x7f0000000740)=[r11, 0x1], &(0x7f0000000780)=[{0x0, 0x5}, {0x3, 0x4, 0xd, 0x2}, {0x2, 0x5, 0x3, 0x9ea30fa75653a0be}, {0x4, 0x1, 0xa, 0x7}, {0x5, 0x3, 0x9, 0x4}], 0x10, 0x7}, 0x90) getsockopt$TIPC_IMPORTANCE(r8, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000180)=0x4) 2m42.059079291s ago: executing program 4 (id=5203): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000003c0)="9f9087453b000000000000005285", 0xe) r1 = accept(r0, 0x0, 0x0) sendto$inet(r1, &(0x7f00000007c0)="ff7e9332da097e29e424f10eb1752c559982c7c77e6354bc8853886958e2867c0479c8511318e0f15e7d15eef0487648471f851d81eb05cbfd10e03f306e19704b4226cb2e504a4907a8f036ebfaae578d11ae560471623958cc1cf25fdc0f992b10f82a0db1b39e690337d8140500000000000000f044b004e9c687adaa355452f47150b98341f8e1dc92a4ce984130d0cb32b906fa2bf1ffe1f59435eb7903f730969c27afcd1ccf607597ccfd59be31ee9f5c90debeb386ab2b67d9cf13646b4553c50870327fda4b8054a9069158a51ea9c442c22ec371eef3aeddbff6e26159c0fbf281d5e7e5c5d524d2f227c62f90a3538a66bdfbd81e49fdeae4ef22a8dd59d7a073c0985823cb97d205be929697d5af66e0fd57f7b33e28abacc9aa86120fb6b4f8bc40b318fb05a6bb7b24bd118973fcadcffe7379fbe3689711", 0x13f, 0x20000814, 0x0, 0x0) 2m41.808763477s ago: executing program 4 (id=5204): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c0000003a000b00000000000200000004"], 0x2c}}, 0x0) 2m41.678031838s ago: executing program 4 (id=5205): sendmsg$RDMA_NLDEV_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="20000000021401000000000000000400080001"], 0x20}}, 0x0) 2m41.588559756s ago: executing program 4 (id=5206): setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wpan1\x00'}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x3c, r1, 0x8, 0x0, 0x0, {{0x2}, {@val={0x8}, @void}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x25a}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x16}]]}, 0x3c}}, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000140)="fb8ee7ab21c5861ec30de58854d6c74eef934d04b58d17e9bd14c74b61036b3c7c6cb604fb66e3c90b172089413f6510c08f6166336c06cb14ebdfdd239eb4f6115d79ac86d65af3fbbb33feb8dd1415203614cad4d1e5bdd1006cc4f5067850a29a9b612a6eedd895bb85556fa042"}, {&(0x7f00000004c0)="515913224aea6fd3706b9f7832f79de03f6add9b12ae83e630612c69ac60ffffb64403e754f712021b0e13f1878c83751ffcda9b8e25e9404ed744abc418a64cd10f03eb0de96713af3ac6025dfbe91073933bed5ad5b1366f595bf4aab312bdf5a43e72bb304414f366aae160168339a7a4ca8db7e2b1ccfa31133944cefb76b8204a3a6870f9fcde31ceba0c1da4c9971e6529e4fb8846042787cd79e2ca49667f3c5bf2cf4223560a2792075c4e924ffc"}, {&(0x7f0000000640)="e193f98d9cc961b36c4e56018800435d020abdb368dbed54d4b31d82e6232dc6c769a0b492f3d8125c62cf7ccf0813a2ef4fe5a099199e0d59bfa763e0864ae250ab95aa89b4f478253520758dcfa521dd558bf50e42157257375e8c5e5ade62d7840dd9905a5d827fa276c981461055b6e041a2e1689c3aa7190287d346d28cb5805e11ba1ed5190d995deaafff208d0083e3445536c7b38ca3267671f3a6db459389842e4cc01a8cc1edc07195"}, {&(0x7f0000000a40)="5bea04c3c7bbc3f23300813ae7006cd23b047fbc2b342d69f6efee5393a20681db99ac02c32509778ad53339da3b36d7e149419a4b74b87e24b82b363c4fa8f4b67976b3f025b78553fd07e8e7b38b4e7801b128ff575fe0cd6822d1de342a7490d2966fe9ee1be9505b8ef7b1ab5572cf76e06cfe13a87a0cae4afa926387604f6845ba01c7480eeb497a9e958f32"}], 0x26) getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, &(0x7f0000000280), &(0x7f00000000c0)=0x80) 2m37.264193538s ago: executing program 1 (id=5207): socket$netlink(0x10, 0x3, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3) poll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f00000001c0), 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000003a80)={0x0, 0x1c, &(0x7f0000003980)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}]}, &(0x7f0000003ac0)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x6d, &(0x7f0000000080), &(0x7f00000000c0)=0x3930) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r8 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) r11 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r10}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r11, &(0x7f0000000000), &(0x7f0000000080)=@udp6}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d80)={{r11}, &(0x7f0000000d00), &(0x7f0000000d40)='%+9llu \x00'}, 0x20) bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000040)={r11, &(0x7f0000000380)}, 0x20) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x0}) r13 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000540)={0x7c, 0x0, 0x20, 0x70bd26, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0xd}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$NFT_BATCH(r13, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5021900000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r13, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x3}, @NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_SREG={0x8}, @NFTA_EXTHDR_TYPE={0x5}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x4a}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x4f}]}}}]}]}], {0x14}}, 0x90}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001ac0)=ANY=[@ANYBLOB="4c00000010000906fdffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="adffa888000000001c00128009000100766c616e000000000c000280060001000000000008000500", @ANYRES32=r7, @ANYBLOB='\b \n\x00', @ANYRES32=r12, @ANYBLOB], 0x4c}}, 0x0) 2m5.097865166s ago: executing program 4 (id=5210): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x0, 0x0, 0x0) r1 = socket(0x15, 0x3, 0x5) r2 = socket(0x200000100000011, 0x803, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x10}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendto$packet(r2, &(0x7f0000000100)="4dcdc7d96a760000000600050000000000060000", 0x34, 0x0, &(0x7f0000000000)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="18020000e7ffffff0000000000000000850000005300000085000000230000009500000000000000a94be0c51261be6a99e5e06bb0a232d5e1f59f18f845f82e9a7cde9e8f1b547edf613a03f1737d951d7a617558b674e1c4fdfd771ebe7c33af3e4917be59ac67f0bbabcb8f41c23ba8d91633a8b9c70e804744dc081ac69cfea08e4e5a06f70c6792f2888d6fd95f202028070000003771bc3f325a6386a9d49e3c13b32461acf0be4b31638c29187d748841f439547bcdac15e52a4b6a2981eb4afadbbdf9157fa588f475c4cd2e44e2129dc6b93993909613e8d95f5610c067d9b97c524c210af077707d71e8512e"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc0, &(0x7f0000000140)=""/192}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r5, 0x0, 0xe, 0x0, &(0x7f0000000040)="5f8f9ca681265d6cd1b08e2b5ede", 0x0, 0xffbfffff, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000200)='K'}, 0x50) r6 = syz_init_net_socket$llc(0x1a, 0x0, 0x0) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f00000000c0)={0x0, @empty, @remote}, &(0x7f0000000100)=0xc) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'team0\x00', 0x0}) sendmsg$ETHTOOL_MSG_EEE_SET(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xfc, r7, 0x8, 0x70bd29, 0x25dfdbfd, {}, [@ETHTOOL_A_EEE_HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @ETHTOOL_A_EEE_TX_LPI_TIMER={0x8, 0x7, 0x7}, @ETHTOOL_A_EEE_HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}, @ETHTOOL_A_EEE_MODES_OURS={0x28, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x24, 0x3, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}]}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5, 0x6, 0x1}, @ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5}]}, 0xfc}, 0x1, 0x0, 0x0, 0x1}, 0x858) bind$llc(r6, &(0x7f0000000040)={0x1a, 0x0, 0x20}, 0x10) 0s ago: executing program 1 (id=5211): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000140), 0x208e24b) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(crct10dif-generic)\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) sendfile(r3, r1, 0x0, 0x7ffff000) kernel console output (not intermixed with test programs): 433.044057][T17424] Call Trace: [ 433.047836][T17424] [ 433.051109][T17424] dump_stack_lvl+0x241/0x360 [ 433.056083][T17424] ? __pfx_dump_stack_lvl+0x10/0x10 [ 433.061286][T17424] ? __pfx__printk+0x10/0x10 [ 433.065965][T17424] ? __pfx_lock_release+0x10/0x10 [ 433.071179][T17424] should_fail_ex+0x3b0/0x4e0 [ 433.075966][T17424] _copy_from_user+0x2f/0xe0 [ 433.080650][T17424] copy_msghdr_from_user+0xae/0x680 [ 433.085946][T17424] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 433.091772][T17424] __sys_sendmsg+0x23d/0x3a0 [ 433.096461][T17424] ? __pfx___sys_sendmsg+0x10/0x10 [ 433.102024][T17424] ? vfs_write+0x7c4/0xc90 [ 433.106568][T17424] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 433.112934][T17424] ? do_syscall_64+0x100/0x230 [ 433.117925][T17424] ? do_syscall_64+0xb6/0x230 [ 433.122871][T17424] do_syscall_64+0xf3/0x230 [ 433.127402][T17424] ? clear_bhb_loop+0x35/0x90 [ 433.132170][T17424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.138161][T17424] RIP: 0033:0x7f468f775bd9 [ 433.142576][T17424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 433.162533][T17424] RSP: 002b:00007f46904f0048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 433.171040][T17424] RAX: ffffffffffffffda RBX: 00007f468f903f60 RCX: 00007f468f775bd9 [ 433.179026][T17424] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 433.187002][T17424] RBP: 00007f46904f00a0 R08: 0000000000000000 R09: 0000000000000000 [ 433.194976][T17424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 433.203048][T17424] R13: 000000000000004d R14: 00007f468f903f60 R15: 00007ffdf1d2a5e8 [ 433.211042][T17424] [ 433.492271][T17432] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4000'. [ 434.526986][T17453] veth1_vlan: left promiscuous mode [ 434.557300][T17453] macvlan0: entered promiscuous mode [ 434.777077][T17462] netlink: 72 bytes leftover after parsing attributes in process `syz.4.4012'. [ 435.174802][T17474] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4015'. [ 435.216658][T17474] netlink: 96 bytes leftover after parsing attributes in process `syz.3.4015'. [ 436.256010][T17512] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4028'. [ 436.295066][T17512] netlink: 96 bytes leftover after parsing attributes in process `syz.0.4028'. [ 436.334428][T17514] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4030'. [ 436.369682][T17514] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4030'. [ 436.611350][T17524] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4033'. [ 436.812244][T17529] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4035'. [ 437.012116][T17534] syzkaller0: tun_chr_ioctl cmd 21731 [ 437.247946][T17538] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4037'. [ 437.965656][T17554] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 437.973036][T17554] IPv6: NLM_F_CREATE should be set when creating new route [ 440.312044][T17589] __nla_validate_parse: 3 callbacks suppressed [ 440.312064][T17589] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4054'. [ 440.337681][T17591] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4055'. [ 440.396051][T17592] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4055'. [ 440.448601][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.455155][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.487302][T17591] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 440.494671][T17591] IPv6: NLM_F_CREATE should be set when creating new route [ 440.987007][T17608] syzkaller0: tun_chr_ioctl cmd 21731 [ 441.750810][T17624] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4066'. [ 441.840839][T17624] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4066'. [ 441.916559][T17624] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 441.923928][T17624] IPv6: NLM_F_CREATE should be set when creating new route [ 441.952739][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 443.302704][T17661] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4079'. [ 443.406455][T17664] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4079'. [ 443.457641][T17661] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 443.465154][T17661] IPv6: NLM_F_CREATE should be set when creating new route [ 443.855900][T17678] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4088'. [ 443.897766][T17678] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4088'. [ 444.171425][T17697] FAULT_INJECTION: forcing a failure. [ 444.171425][T17697] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 444.193680][T17697] CPU: 0 PID: 17697 Comm: syz.4.4093 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 444.203896][T17697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 444.214086][T17697] Call Trace: [ 444.217575][T17697] [ 444.220530][T17697] dump_stack_lvl+0x241/0x360 [ 444.225247][T17697] ? __pfx_dump_stack_lvl+0x10/0x10 [ 444.230482][T17697] ? __pfx__printk+0x10/0x10 [ 444.235189][T17697] ? __pfx_lock_release+0x10/0x10 [ 444.240511][T17697] should_fail_ex+0x3b0/0x4e0 [ 444.245237][T17697] _copy_from_iter+0x1f6/0x1960 [ 444.250140][T17697] ? __virt_addr_valid+0x183/0x520 [ 444.255324][T17697] ? __pfx_lock_release+0x10/0x10 [ 444.260580][T17697] ? __alloc_skb+0x28f/0x440 [ 444.265304][T17697] ? __pfx__copy_from_iter+0x10/0x10 [ 444.270632][T17697] ? __virt_addr_valid+0x183/0x520 [ 444.275767][T17697] ? __virt_addr_valid+0x183/0x520 [ 444.280907][T17697] ? __virt_addr_valid+0x44e/0x520 [ 444.286046][T17697] ? __check_object_size+0x49c/0x900 [ 444.291368][T17697] netlink_sendmsg+0x743/0xcb0 [ 444.296800][T17697] ? __pfx_netlink_sendmsg+0x10/0x10 [ 444.302476][T17697] ? __import_iovec+0x536/0x820 [ 444.308142][T17697] ? aa_sock_msg_perm+0x91/0x160 [ 444.313336][T17697] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 444.318930][T17697] ? security_socket_sendmsg+0x87/0xb0 [ 444.324608][T17697] ? __pfx_netlink_sendmsg+0x10/0x10 [ 444.330012][T17697] __sock_sendmsg+0x221/0x270 [ 444.334732][T17697] ____sys_sendmsg+0x525/0x7d0 [ 444.339739][T17697] ? __pfx_____sys_sendmsg+0x10/0x10 [ 444.345067][T17697] __sys_sendmsg+0x2b0/0x3a0 [ 444.349696][T17697] ? __pfx___sys_sendmsg+0x10/0x10 [ 444.355183][T17697] ? vfs_write+0x7c4/0xc90 [ 444.359763][T17697] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 444.366322][T17697] ? do_syscall_64+0x100/0x230 [ 444.371154][T17697] ? do_syscall_64+0xb6/0x230 [ 444.375948][T17697] do_syscall_64+0xf3/0x230 [ 444.380844][T17697] ? clear_bhb_loop+0x35/0x90 [ 444.385742][T17697] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.392908][T17697] RIP: 0033:0x7fbcbbd75bd9 [ 444.397612][T17697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.418206][T17697] RSP: 002b:00007fbcbcbc6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 444.426923][T17697] RAX: ffffffffffffffda RBX: 00007fbcbbf03f60 RCX: 00007fbcbbd75bd9 [ 444.435310][T17697] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 444.443486][T17697] RBP: 00007fbcbcbc60a0 R08: 0000000000000000 R09: 0000000000000000 [ 444.451748][T17697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 444.459918][T17697] R13: 000000000000000b R14: 00007fbcbbf03f60 R15: 00007fff409a1778 [ 444.467934][T17697] [ 444.504897][T17699] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4094'. [ 444.553565][T17699] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 444.561102][T17699] IPv6: NLM_F_CREATE should be set when creating new route [ 445.865238][T17739] __nla_validate_parse: 3 callbacks suppressed [ 445.865260][T17739] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4107'. [ 445.949491][T17739] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4107'. [ 445.997202][T17739] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 446.005009][T17739] IPv6: NLM_F_CREATE should be set when creating new route [ 446.934518][T17759] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4113'. [ 446.968665][T17759] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4113'. [ 447.751040][T17776] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4120'. [ 447.817812][T17779] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4120'. [ 447.887741][T17776] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 447.895950][T17776] IPv6: NLM_F_CREATE should be set when creating new route [ 449.753291][T17814] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4132'. [ 449.804820][T17814] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 449.812350][T17814] IPv6: NLM_F_CREATE should be set when creating new route [ 451.107549][T17842] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4144'. [ 451.153387][T17844] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4143'. [ 451.226378][T17845] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4145'. [ 451.311192][T17847] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 451.319223][T17847] IPv6: NLM_F_CREATE should be set when creating new route [ 451.346603][T17844] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4143'. [ 451.395637][T17845] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4145'. [ 453.010445][T17885] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4156'. [ 453.095843][T17885] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 453.103216][T17885] IPv6: NLM_F_CREATE should be set when creating new route [ 453.840092][T17899] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4160'. [ 453.948645][T17899] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4160'. [ 454.957387][T17912] netlink: 156 bytes leftover after parsing attributes in process `syz.0.4164'. [ 454.995976][T17912] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4164'. [ 455.361162][T17921] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 455.368502][T17921] IPv6: NLM_F_CREATE should be set when creating new route [ 456.536589][T17955] __nla_validate_parse: 8 callbacks suppressed [ 456.536611][T17955] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4180'. [ 456.564502][T17955] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4180'. [ 456.697956][T17962] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4181'. [ 456.737685][T17963] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4182'. [ 456.819247][T17963] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 456.826607][T17963] IPv6: NLM_F_CREATE should be set when creating new route [ 457.177458][T17977] netlink: 'syz.1.4188': attribute type 5 has an invalid length. [ 458.358618][T17999] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4195'. [ 458.439464][T17999] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 458.446837][T17999] IPv6: NLM_F_CREATE should be set when creating new route [ 458.797180][T18028] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4205'. [ 458.895263][T18028] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4205'. [ 460.031642][T18054] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4213'. [ 460.109782][T18054] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4213'. [ 460.140286][T18054] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 460.147600][T18054] IPv6: NLM_F_CREATE should be set when creating new route [ 460.212160][T18056] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4214'. [ 460.410707][T18058] can: request_module (can-proto-3) failed. [ 463.149737][T18087] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4225'. [ 463.237615][T18087] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4225'. [ 463.269105][T18087] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 463.276613][T18087] IPv6: NLM_F_CREATE should be set when creating new route [ 465.057230][T18103] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4231'. [ 465.401771][T18111] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4235'. [ 465.425467][T18111] netlink: 96 bytes leftover after parsing attributes in process `syz.0.4235'. [ 465.496882][T18115] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4236'. [ 465.572336][T18118] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4236'. [ 465.621457][T18115] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 465.628961][T18115] IPv6: NLM_F_CREATE should be set when creating new route [ 465.690615][T18125] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4240'. [ 465.875589][T18131] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 465.911157][T18125] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4240'. [ 467.150567][T18150] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4248'. [ 467.433400][T18156] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 467.440950][T18156] IPv6: NLM_F_CREATE should be set when creating new route [ 468.235247][T18177] __nla_validate_parse: 4 callbacks suppressed [ 468.235270][T18177] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4259'. [ 468.486468][T18177] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4259'. [ 468.829894][T18188] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4263'. [ 468.842422][T18188] netlink: 96 bytes leftover after parsing attributes in process `syz.2.4263'. [ 469.771672][T18221] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4276'. [ 469.796464][T18221] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4276'. [ 470.137606][T18229] netlink: 168 bytes leftover after parsing attributes in process `syz.4.4280'. [ 470.516962][T18244] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4285'. [ 470.532760][T18244] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4285'. [ 470.803034][T18254] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4289'. [ 471.007662][T18264] netlink: 'syz.2.4294': attribute type 10 has an invalid length. [ 471.081770][T18264] team0: Port device syz_tun added [ 471.214025][T18271] netlink: 'syz.2.4294': attribute type 1 has an invalid length. [ 471.243805][T18271] netlink: 'syz.2.4294': attribute type 1 has an invalid length. [ 471.253343][T18271] netlink: 'syz.2.4294': attribute type 2 has an invalid length. [ 471.993680][T18293] vlan3: entered promiscuous mode [ 472.005764][T18293] team0: entered promiscuous mode [ 472.017245][T18293] team_slave_0: entered promiscuous mode [ 472.031791][T18293] team_slave_1: entered promiscuous mode [ 472.044398][T18293] syz_tun: entered promiscuous mode [ 472.065102][T18293] team0: left promiscuous mode [ 472.075131][T18293] team_slave_0: left promiscuous mode [ 472.092432][T18293] team_slave_1: left promiscuous mode [ 472.105002][T18293] syz_tun: left promiscuous mode [ 472.149104][T18295] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 472.588343][T18325] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 472.596495][T18325] IPv6: NLM_F_CREATE should be set when creating new route [ 473.279995][T18341] __nla_validate_parse: 10 callbacks suppressed [ 473.280015][T18341] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4323'. [ 473.316698][T18344] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4322'. [ 473.345196][T18344] netlink: 'syz.3.4322': attribute type 25 has an invalid length. [ 473.368779][T18344] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 473.378372][T18344] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 473.387596][T18344] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 473.396878][T18344] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 486.863257][T18362] FAULT_INJECTION: forcing a failure. [ 486.863257][T18362] name failslab, interval 1, probability 0, space 0, times 0 [ 486.888502][T18363] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4329'. [ 486.903418][T18362] CPU: 0 PID: 18362 Comm: syz.3.4330 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 486.913645][T18362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 486.923735][T18362] Call Trace: [ 486.927044][T18362] [ 486.929992][T18362] dump_stack_lvl+0x241/0x360 [ 486.934711][T18362] ? __pfx_dump_stack_lvl+0x10/0x10 [ 486.939956][T18362] ? __pfx__printk+0x10/0x10 [ 486.944766][T18362] ? __lock_acquire+0x1346/0x1fd0 [ 486.949829][T18362] should_fail_ex+0x3b0/0x4e0 [ 486.954552][T18362] ? __alloc_skb+0x1c3/0x440 [ 486.959184][T18362] should_failslab+0x9/0x20 [ 486.963730][T18362] kmem_cache_alloc_node_noprof+0x71/0x320 [ 486.969759][T18362] __alloc_skb+0x1c3/0x440 [ 486.974398][T18362] ? __pfx___alloc_skb+0x10/0x10 [ 486.979811][T18362] ? __mutex_trylock_common+0x183/0x2e0 [ 486.985932][T18362] netlink_dump+0x233/0xe50 [ 486.990525][T18362] ? rcu_is_watching+0x15/0xb0 [ 486.995826][T18362] ? trace_contention_end+0x3c/0x120 [ 487.002540][T18362] ? __pfx_netlink_dump+0x10/0x10 [ 487.007735][T18362] ? __pfx_lock_acquire+0x10/0x10 [ 487.013943][T18362] __netlink_dump_start+0x59d/0x780 [ 487.019996][T18362] rtnetlink_rcv_msg+0xda2/0x1180 [ 487.026928][T18362] ? __pfx_rtnl_dump_all+0x10/0x10 [ 487.032529][T18362] ? rtnetlink_rcv_msg+0x208/0x1180 [ 487.039358][T18362] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 487.046437][T18362] ? is_bpf_text_address+0x285/0x2a0 [ 487.052332][T18362] ? __pfx_validate_chain+0x10/0x10 [ 487.057711][T18362] ? __pfx_validate_chain+0x10/0x10 [ 487.063006][T18362] ? arch_stack_walk+0x16d/0x1b0 [ 487.068062][T18362] ? mark_lock+0x9a/0x350 [ 487.072387][T18362] ? __pfx_validate_chain+0x10/0x10 [ 487.077684][T18362] ? __lock_acquire+0x1346/0x1fd0 [ 487.082814][T18362] ? mark_lock+0x9a/0x350 [ 487.087144][T18362] ? __lock_acquire+0x1346/0x1fd0 [ 487.092173][T18362] ? __pfx_rtnl_dump_all+0x10/0x10 [ 487.097387][T18362] netlink_rcv_skb+0x1e3/0x430 [ 487.102247][T18362] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 487.107713][T18362] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 487.113018][T18362] ? netlink_deliver_tap+0x2e/0x1b0 [ 487.118218][T18362] netlink_unicast+0x7ea/0x980 [ 487.123079][T18362] ? __pfx_netlink_unicast+0x10/0x10 [ 487.128385][T18362] ? __virt_addr_valid+0x183/0x520 [ 487.134289][T18362] ? __check_object_size+0x49c/0x900 [ 487.139616][T18362] ? bpf_lsm_netlink_send+0x9/0x10 [ 487.144919][T18362] netlink_sendmsg+0x8db/0xcb0 [ 487.149797][T18362] ? __pfx_netlink_sendmsg+0x10/0x10 [ 487.155278][T18362] ? aa_sock_msg_perm+0x91/0x160 [ 487.160225][T18362] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 487.165679][T18362] ? security_socket_sendmsg+0x87/0xb0 [ 487.171460][T18362] ? __pfx_netlink_sendmsg+0x10/0x10 [ 487.177010][T18362] __sock_sendmsg+0x221/0x270 [ 487.181893][T18362] sock_write_iter+0x2dd/0x400 [ 487.186772][T18362] ? __pfx_sock_write_iter+0x10/0x10 [ 487.192105][T18362] ? bpf_lsm_file_permission+0x9/0x10 [ 487.197504][T18362] ? security_file_permission+0x7f/0xa0 [ 487.203111][T18362] vfs_write+0xa72/0xc90 [ 487.207400][T18362] ? __pfx_sock_write_iter+0x10/0x10 [ 487.212717][T18362] ? __pfx_vfs_write+0x10/0x10 [ 487.217600][T18362] ksys_write+0x1a0/0x2c0 [ 487.221970][T18362] ? __pfx_ksys_write+0x10/0x10 [ 487.226849][T18362] ? do_syscall_64+0x100/0x230 [ 487.231719][T18362] ? do_syscall_64+0xb6/0x230 [ 487.236412][T18362] do_syscall_64+0xf3/0x230 [ 487.241040][T18362] ? clear_bhb_loop+0x35/0x90 [ 487.246464][T18362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.252973][T18362] RIP: 0033:0x7ff688775bd9 [ 487.257504][T18362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 487.277234][T18362] RSP: 002b:00007ff689580048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 487.285940][T18362] RAX: ffffffffffffffda RBX: 00007ff688903f60 RCX: 00007ff688775bd9 [ 487.294080][T18362] RDX: 0000000000000024 RSI: 0000000020000000 RDI: 0000000000000003 [ 487.302404][T18362] RBP: 00007ff6895800a0 R08: 0000000000000000 R09: 0000000000000000 [ 487.310484][T18362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 487.318804][T18362] R13: 000000000000000b R14: 00007ff688903f60 R15: 00007ffe6f3dc488 [ 487.327666][T18362] [ 487.376936][T18363] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 487.384376][T18363] IPv6: NLM_F_CREATE should be set when creating new route [ 487.444983][T18369] erspan0: entered promiscuous mode [ 487.453620][T18369] bond0: entered promiscuous mode [ 487.460529][T18369] 0ª: entered promiscuous mode [ 487.465899][T18369] bond_slave_1: entered promiscuous mode [ 487.472489][T18369] bridge0: entered promiscuous mode [ 487.478730][T18369] macvlan0: entered promiscuous mode [ 487.485784][T18369] bond0: left promiscuous mode [ 487.491434][T18369] 0ª: left promiscuous mode [ 487.496806][T18369] bond_slave_1: left promiscuous mode [ 487.502676][T18369] bridge0: left promiscuous mode [ 487.520042][T18369] macvlan0: left promiscuous mode [ 487.548611][T18369] erspan0: left promiscuous mode [ 487.631471][T18382] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4333'. [ 487.747115][T18382] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4333'. [ 488.580442][T18418] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4344'. [ 488.653007][T18418] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 488.660395][T18418] IPv6: NLM_F_CREATE should be set when creating new route [ 489.048248][T18424] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4347'. [ 489.070040][T18424] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4347'. [ 489.102781][T18426] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4348'. [ 489.174019][T18429] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 489.181342][T18429] IPv6: NLM_F_CREATE should be set when creating new route [ 489.749415][T18444] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4356'. [ 490.259884][T18455] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4360'. [ 490.332071][T18455] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4360'. [ 490.884779][T18470] erspan0: entered promiscuous mode [ 490.927300][T18470] bond0: entered promiscuous mode [ 490.956982][T18470] 0ª: entered promiscuous mode [ 490.984588][T18470] bond_slave_1: entered promiscuous mode [ 490.994461][T18470] bridge0: entered promiscuous mode [ 491.016538][T18470] macvlan0: entered promiscuous mode [ 491.036717][T18470] bond0: left promiscuous mode [ 491.055011][T18470] 0ª: left promiscuous mode [ 491.067404][T18470] bond_slave_1: left promiscuous mode [ 491.095067][T18470] bridge0: left promiscuous mode [ 491.100605][T18470] macvlan0: left promiscuous mode [ 491.121628][T18470] erspan0: left promiscuous mode [ 491.810426][T18492] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 491.817956][T18492] IPv6: NLM_F_CREATE should be set when creating new route [ 492.735793][ T5097] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 492.748131][ T5097] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 492.757180][ T5097] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 492.765466][ T5097] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 492.777104][ T5097] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 492.784727][ T5097] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 493.381411][ T2856] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.579462][ T2856] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.616638][T18526] netlink: 'syz.2.4383': attribute type 4 has an invalid length. [ 493.781191][ T2856] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.900969][T18531] __nla_validate_parse: 3 callbacks suppressed [ 493.900988][T18531] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4386'. [ 493.970289][T18531] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4386'. [ 493.995799][ T2856] netdevsim netdevsim0 netdevsim0: left allmulticast mode [ 494.026586][ T2856] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 494.199618][ T2856] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 494.603292][T18512] chnl_net:caif_netlink_parms(): no params data found [ 494.786542][T18556] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4393'. [ 494.846416][ T5108] Bluetooth: hci2: command tx timeout [ 495.421804][ T2856] geneve1: left allmulticast mode [ 495.433719][ T2856] geneve1: left promiscuous mode [ 495.443195][ T2856] bridge0: port 3(geneve1) entered disabled state [ 495.465144][ T2856] bridge_slave_1: left allmulticast mode [ 495.474748][ T2856] bridge_slave_1: left promiscuous mode [ 495.485743][ T2856] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.508889][ T2856] bridge_slave_0: left allmulticast mode [ 495.538760][ T2856] bridge_slave_0: left promiscuous mode [ 495.545825][ T2856] bridge0: port 1(bridge_slave_0) entered disabled state [ 496.155371][ T2856] bridge17: left allmulticast mode [ 496.161110][ T2856] bridge17: left promiscuous mode [ 496.178452][ T2856] bridge18: left allmulticast mode [ 496.183629][ T2856] bridge18: left promiscuous mode [ 496.209980][ T2856] bridge21: left allmulticast mode [ 496.215264][ T2856] bridge21: left promiscuous mode [ 496.226826][ T2856] bridge22: left allmulticast mode [ 496.232120][ T2856] bridge22: left promiscuous mode [ 496.247829][ T2856] bridge30: left allmulticast mode [ 496.255502][ T2856] bridge30: left promiscuous mode [ 496.519738][ T2856] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 496.929506][ T5108] Bluetooth: hci2: command tx timeout [ 499.006435][ T5108] Bluetooth: hci2: command tx timeout [ 499.259872][ T2856] bond0 (unregistering): (slave 50ª): Releasing backup interface [ 499.271213][ T2856] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 499.282927][ T2856] bond0 (unregistering): (slave macvlan0): Releasing backup interface [ 499.293435][ T2856] bond0 (unregistering): Released all slaves [ 499.398502][ T2856] bond1 (unregistering): Released all slaves [ 499.527062][ T2856] bond2 (unregistering): Released all slaves [ 499.645651][ T2856] bond3 (unregistering): Released all slaves [ 499.932910][T18512] bridge0: port 1(bridge_slave_0) entered blocking state [ 499.950851][T18512] bridge0: port 1(bridge_slave_0) entered disabled state [ 499.969902][T18512] bridge_slave_0: entered allmulticast mode [ 499.977453][ T2856] IPVS: stopping backup sync thread 13195 ... [ 499.998100][T18512] bridge_slave_0: entered promiscuous mode [ 500.051429][T18584] erspan0: entered promiscuous mode [ 500.074919][T18584] bond0: entered promiscuous mode [ 500.109810][T18584] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 500.118044][T18584] Cannot create hsr debugfs directory [ 500.146557][T18584] hsr0: Slave B (bond0) is not up; please bring it up to get a fully working HSR network [ 500.173070][T18589] netlink: 1 bytes leftover after parsing attributes in process `syz.1.4400'. [ 500.201716][T18512] bridge0: port 2(bridge_slave_1) entered blocking state [ 500.225984][T18512] bridge0: port 2(bridge_slave_1) entered disabled state [ 500.244679][T18512] bridge_slave_1: entered allmulticast mode [ 500.265377][T18512] bridge_slave_1: entered promiscuous mode [ 500.288214][T18593] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4400'. [ 500.540064][T18582] bridge84: entered promiscuous mode [ 500.562101][T18582] bridge84: entered allmulticast mode [ 500.588082][T18582] team0: Port device bridge84 added [ 501.086586][ T5108] Bluetooth: hci2: command tx timeout [ 501.889170][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.895764][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.345746][T18624] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4405'. [ 503.396707][T18626] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4405'. [ 503.437024][T18627] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 503.444328][T18627] IPv6: NLM_F_CREATE should be set when creating new route [ 503.521733][T18512] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 503.679615][T18512] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 503.949054][ T2856] hsr_slave_0: left promiscuous mode [ 504.567289][ T2856] hsr_slave_1: left promiscuous mode [ 504.631845][ T2856] batman_adv: batadv0: Removing interface: team0 [ 504.657327][ T2856] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 504.674854][ T2856] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 504.697319][ T2856] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 504.720760][ T2856] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 505.006540][ T2856] veth1_macvtap: left promiscuous mode [ 505.023500][ T2856] veth0_macvtap: left promiscuous mode [ 505.032971][ T2856] veth1_vlan: left promiscuous mode [ 505.046485][ T2856] veth0_vlan: left promiscuous mode [ 506.429459][ T2856] team0 (unregistering): Port device team_slave_1 removed [ 506.893637][T18512] team0: Port device team_slave_0 added [ 506.928922][T18669] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4417'. [ 507.003425][T18670] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4417'. [ 507.029248][T18671] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 507.036700][T18671] IPv6: NLM_F_CREATE should be set when creating new route [ 507.068104][T18512] team0: Port device team_slave_1 added [ 507.386905][T18512] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 507.394017][T18512] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 507.469475][T18512] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 507.536735][T18512] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 507.546232][T18512] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 507.636517][T18512] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 508.709435][T18704] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4428'. [ 508.838364][T18512] hsr_slave_0: entered promiscuous mode [ 508.879264][T18512] hsr_slave_1: entered promiscuous mode [ 508.996746][T18709] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4429'. [ 509.038568][T18710] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4429'. [ 509.070328][T18713] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 509.077728][T18713] IPv6: NLM_F_CREATE should be set when creating new route [ 510.168167][T18739] FAULT_INJECTION: forcing a failure. [ 510.168167][T18739] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 510.224199][T18739] CPU: 0 PID: 18739 Comm: syz.2.4436 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 510.234686][T18739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 510.244886][T18739] Call Trace: [ 510.248246][T18739] [ 510.251286][T18739] dump_stack_lvl+0x241/0x360 [ 510.255998][T18739] ? __pfx_dump_stack_lvl+0x10/0x10 [ 510.261404][T18739] ? __pfx__printk+0x10/0x10 [ 510.266035][T18739] ? __pfx_lock_release+0x10/0x10 [ 510.271089][T18739] ? vfs_write+0x7c4/0xc90 [ 510.275604][T18739] should_fail_ex+0x3b0/0x4e0 [ 510.280331][T18739] _copy_from_user+0x2f/0xe0 [ 510.284956][T18739] get_timespec64+0x97/0x280 [ 510.289641][T18739] ? __pfx_get_timespec64+0x10/0x10 [ 510.294846][T18739] __x64_sys_recvmmsg+0x140/0x250 [ 510.299897][T18739] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 510.305465][T18739] ? do_syscall_64+0x100/0x230 [ 510.310254][T18739] ? do_syscall_64+0xb6/0x230 [ 510.314952][T18739] do_syscall_64+0xf3/0x230 [ 510.319469][T18739] ? clear_bhb_loop+0x35/0x90 [ 510.324183][T18739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.330162][T18739] RIP: 0033:0x7ff3aed75bd9 [ 510.334597][T18739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 510.354203][T18739] RSP: 002b:00007ff3afbe9048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 510.362723][T18739] RAX: ffffffffffffffda RBX: 00007ff3aef03f60 RCX: 00007ff3aed75bd9 [ 510.370708][T18739] RDX: 04000000000003b4 RSI: 00000000200037c0 RDI: 0000000000000004 [ 510.378765][T18739] RBP: 00007ff3afbe90a0 R08: 0000000020003700 R09: 0000000000000000 [ 510.386732][T18739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 510.394712][T18739] R13: 000000000000000b R14: 00007ff3aef03f60 R15: 00007ffe2e1bffd8 [ 510.402798][T18739] [ 510.416753][T18512] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 510.449883][T18512] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 510.498703][T18512] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 510.552230][T18512] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 510.589729][T18744] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4438'. [ 510.664867][T18744] dummy0: entered promiscuous mode [ 510.697063][T18744] macvtap1: entered promiscuous mode [ 510.720017][T18744] macvtap1: entered allmulticast mode [ 510.736610][T18744] dummy0: entered allmulticast mode [ 510.760164][T18745] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4438'. [ 510.871675][T18745] dummy0: left allmulticast mode [ 510.903484][T18745] dummy0: left promiscuous mode [ 511.087666][T18745] macvtap1: left promiscuous mode [ 511.092838][T18745] macvtap1: left allmulticast mode [ 511.368948][T18512] 8021q: adding VLAN 0 to HW filter on device bond0 [ 511.435436][T18512] 8021q: adding VLAN 0 to HW filter on device team0 [ 511.457566][T18756] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4441'. [ 511.518180][T18757] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4441'. [ 511.631067][T18756] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 511.638496][T18756] IPv6: NLM_F_CREATE should be set when creating new route [ 511.696831][ T786] bridge0: port 1(bridge_slave_0) entered blocking state [ 511.704287][ T786] bridge0: port 1(bridge_slave_0) entered forwarding state [ 511.768322][ T786] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.775499][ T786] bridge0: port 2(bridge_slave_1) entered forwarding state [ 512.320602][T18512] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 512.482771][T18512] veth0_vlan: entered promiscuous mode [ 512.537134][T18512] veth1_vlan: entered promiscuous mode [ 512.629770][T18512] veth0_macvtap: entered promiscuous mode [ 512.661995][T18512] veth1_macvtap: entered promiscuous mode [ 512.695254][T18512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 512.705988][T18512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.717239][T18512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 512.728773][T18512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.755135][T18512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 512.786334][T18512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.815771][T18512] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 512.848581][T18778] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4449'. [ 512.870300][T18512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 512.899207][T18512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.946290][T18512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 512.975316][T18512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.996941][T18512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 513.037465][T18512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 513.059089][T18512] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 513.072181][T18512] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 513.082368][T18512] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 513.093573][T18512] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 513.113982][T18512] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 513.128424][T18782] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4451'. [ 513.167527][T18783] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4451'. [ 513.198059][T18782] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 513.205416][T18782] IPv6: NLM_F_CREATE should be set when creating new route [ 513.416427][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 513.424414][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 513.528007][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 513.553764][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 513.806577][T18793] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4455'. [ 514.729863][T18799] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4457'. [ 514.874534][T18802] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4458'. [ 515.076880][T18812] FAULT_INJECTION: forcing a failure. [ 515.076880][T18812] name failslab, interval 1, probability 0, space 0, times 0 [ 515.153139][T18812] CPU: 0 PID: 18812 Comm: syz.2.4462 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 515.163352][T18812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 515.173519][T18812] Call Trace: [ 515.176824][T18812] [ 515.179856][T18812] dump_stack_lvl+0x241/0x360 [ 515.184743][T18812] ? __pfx_dump_stack_lvl+0x10/0x10 [ 515.190046][T18812] ? __pfx__printk+0x10/0x10 [ 515.194826][T18812] should_fail_ex+0x3b0/0x4e0 [ 515.199694][T18812] ? rtnl_newlink+0xf2/0x20a0 [ 515.204365][T18812] should_failslab+0x9/0x20 [ 515.208867][T18812] kmalloc_trace_noprof+0x6c/0x2c0 [ 515.213989][T18812] ? __pfx_rtnl_newlink+0x10/0x10 [ 515.219099][T18812] rtnl_newlink+0xf2/0x20a0 [ 515.223605][T18812] ? __kernel_text_address+0xd/0x40 [ 515.228821][T18812] ? __mutex_trylock_common+0x183/0x2e0 [ 515.234381][T18812] ? __pfx___might_resched+0x10/0x10 [ 515.239716][T18812] ? __pfx_rtnl_newlink+0x10/0x10 [ 515.244746][T18812] ? __pfx___mutex_trylock_common+0x10/0x10 [ 515.250658][T18812] ? rcu_is_watching+0x15/0xb0 [ 515.255422][T18812] ? trace_contention_end+0x3c/0x120 [ 515.260708][T18812] ? __mutex_lock+0x2ef/0xd70 [ 515.265512][T18812] ? rcu_read_unlock+0x87/0xa0 [ 515.270835][T18812] ? rtnetlink_rcv_msg+0x842/0x1180 [ 515.276058][T18812] ? __pfx_lock_release+0x10/0x10 [ 515.281439][T18812] ? __pfx___mutex_lock+0x10/0x10 [ 515.287019][T18812] ? __pfx_rtnl_newlink+0x10/0x10 [ 515.292083][T18812] rtnetlink_rcv_msg+0x89b/0x1180 [ 515.298339][T18812] ? rtnetlink_rcv_msg+0x208/0x1180 [ 515.303573][T18812] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 515.309053][T18812] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 515.315150][T18812] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 515.321501][T18812] ? __local_bh_enable_ip+0x168/0x200 [ 515.326900][T18812] ? lockdep_hardirqs_on+0x99/0x150 [ 515.332149][T18812] ? __local_bh_enable_ip+0x168/0x200 [ 515.337528][T18812] ? dev_hard_start_xmit+0x773/0x7e0 [ 515.342839][T18812] ? __dev_queue_xmit+0x2d2/0x3d30 [ 515.347945][T18812] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 515.353678][T18812] ? __dev_queue_xmit+0x2d2/0x3d30 [ 515.359151][T18812] ? __dev_queue_xmit+0x16c9/0x3d30 [ 515.364538][T18812] ? __dev_queue_xmit+0x2d2/0x3d30 [ 515.369673][T18812] ? ref_tracker_free+0x643/0x7e0 [ 515.374725][T18812] netlink_rcv_skb+0x1e3/0x430 [ 515.379604][T18812] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 515.385117][T18812] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 515.390435][T18812] ? netlink_deliver_tap+0x2e/0x1b0 [ 515.395728][T18812] netlink_unicast+0x7ea/0x980 [ 515.400623][T18812] ? __pfx_netlink_unicast+0x10/0x10 [ 515.405901][T18812] ? __virt_addr_valid+0x183/0x520 [ 515.411021][T18812] ? __check_object_size+0x49c/0x900 [ 515.416421][T18812] ? bpf_lsm_netlink_send+0x9/0x10 [ 515.421566][T18812] netlink_sendmsg+0x8db/0xcb0 [ 515.426359][T18812] ? __pfx_netlink_sendmsg+0x10/0x10 [ 515.431688][T18812] ? __import_iovec+0x536/0x820 [ 515.436537][T18812] ? aa_sock_msg_perm+0x91/0x160 [ 515.441478][T18812] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 515.446765][T18812] ? security_socket_sendmsg+0x87/0xb0 [ 515.452299][T18812] ? __pfx_netlink_sendmsg+0x10/0x10 [ 515.457672][T18812] __sock_sendmsg+0x221/0x270 [ 515.462352][T18812] ____sys_sendmsg+0x525/0x7d0 [ 515.467210][T18812] ? __pfx_____sys_sendmsg+0x10/0x10 [ 515.472505][T18812] __sys_sendmsg+0x2b0/0x3a0 [ 515.477109][T18812] ? __pfx___sys_sendmsg+0x10/0x10 [ 515.482220][T18812] ? vfs_write+0x7c4/0xc90 [ 515.486663][T18812] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 515.492989][T18812] ? do_syscall_64+0x100/0x230 [ 515.497759][T18812] ? do_syscall_64+0xb6/0x230 [ 515.502454][T18812] do_syscall_64+0xf3/0x230 [ 515.506962][T18812] ? clear_bhb_loop+0x35/0x90 [ 515.511676][T18812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 515.517656][T18812] RIP: 0033:0x7ff3aed75bd9 [ 515.522156][T18812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 515.542116][T18812] RSP: 002b:00007ff3afbe9048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 515.550679][T18812] RAX: ffffffffffffffda RBX: 00007ff3aef03f60 RCX: 00007ff3aed75bd9 [ 515.558656][T18812] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 515.566725][T18812] RBP: 00007ff3afbe90a0 R08: 0000000000000000 R09: 0000000000000000 [ 515.574789][T18812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 515.582778][T18812] R13: 000000000000000b R14: 00007ff3aef03f60 R15: 00007ffe2e1bffd8 [ 515.590958][T18812] [ 515.647633][T18813] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4463'. [ 515.705131][T18816] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4463'. [ 515.729317][T18817] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4464'. [ 515.769718][T18819] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4465'. [ 515.790564][T18813] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 515.797967][T18813] IPv6: NLM_F_CREATE should be set when creating new route [ 515.849665][T18817] vlan2: entered promiscuous mode [ 515.876307][T18817] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 515.891228][T18817] vlan2: entered allmulticast mode [ 515.906345][T18817] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 517.117238][T18855] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 517.124553][T18855] IPv6: NLM_F_CREATE should be set when creating new route [ 518.545164][T18883] __nla_validate_parse: 11 callbacks suppressed [ 518.545187][T18883] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4488'. [ 518.624789][T18887] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4488'. [ 518.679148][T18883] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 518.686494][T18883] IPv6: NLM_F_CREATE should be set when creating new route [ 518.787615][T18891] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4491'. [ 518.817124][T18891] tipc: Enabling of bearer rejected, failed to enable media [ 519.178306][T18901] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4495'. [ 519.216215][T18901] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4495'. [ 519.466844][T18908] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4497'. [ 519.594447][T18908] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4497'. [ 520.397100][T18923] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4501'. [ 520.426687][T18922] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4502'. [ 520.498687][T18925] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4502'. [ 520.543501][T18922] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 520.550873][T18922] IPv6: NLM_F_CREATE should be set when creating new route [ 521.244802][T18954] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 521.252297][T18954] IPv6: NLM_F_CREATE should be set when creating new route [ 522.288410][T18984] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 522.295875][T18984] IPv6: NLM_F_CREATE should be set when creating new route [ 523.649829][T19011] __nla_validate_parse: 18 callbacks suppressed [ 523.649851][T19011] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4538'. [ 523.726971][T19011] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4538'. [ 523.756893][T19012] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 523.764223][T19012] IPv6: NLM_F_CREATE should be set when creating new route [ 523.949865][T19016] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4539'. [ 524.001438][T19016] IPVS: set_ctl: invalid protocol: 8 100.1.1.2:20003 [ 524.764023][T19033] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4546'. [ 524.803603][T19033] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4546'. [ 525.390112][T19043] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4550'. [ 525.420448][T19044] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4549'. [ 525.469457][T19043] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 525.477208][T19043] IPv6: NLM_F_CREATE should be set when creating new route [ 525.540545][T19044] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4549'. [ 525.611860][T19044] vlan3: entered promiscuous mode [ 525.631028][T19044] netdevsim netdevsim2 netdevsim2: entered promiscuous mode [ 525.656524][T19044] vlan3: entered allmulticast mode [ 525.672770][T19044] netdevsim netdevsim2 netdevsim2: entered allmulticast mode [ 525.703115][T19052] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 525.761820][T19052] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 526.164794][T19063] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4557'. [ 526.207611][T19063] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4557'. [ 526.631256][T19074] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 526.638627][T19074] IPv6: NLM_F_CREATE should be set when creating new route [ 526.994003][T19089] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 529.042559][T19103] __nla_validate_parse: 3 callbacks suppressed [ 529.042584][T19103] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4569'. [ 529.091980][T19103] netlink: 96 bytes leftover after parsing attributes in process `syz.4.4569'. [ 529.267228][T19111] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4574'. [ 529.329201][T19111] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 529.336562][T19111] IPv6: NLM_F_CREATE should be set when creating new route [ 530.074786][ T5097] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 530.101367][ T5097] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 530.136255][ T5097] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 530.154189][ T5097] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 530.172597][ T5097] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 530.182731][ T5097] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 530.448711][T14697] team0: Port device syz_tun removed [ 530.478632][T19130] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4580'. [ 530.518026][T19133] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4580'. [ 530.659257][ T2932] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.820942][ T2932] netdevsim netdevsim2 netdevsim2: left allmulticast mode [ 530.839303][ T2932] netdevsim netdevsim2 netdevsim2: left promiscuous mode [ 531.665243][ T2932] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.809381][ T2932] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.917089][ T2932] netdevsim netdevsim2 netdevsim0: left allmulticast mode [ 531.938645][ T2932] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 532.034072][ T2932] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 532.060615][T19160] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4589'. [ 532.287091][ T5097] Bluetooth: hci1: command tx timeout [ 532.327518][T19166] macvlan0: left promiscuous mode [ 532.332859][T19166] netlink: 'syz.4.4591': attribute type 2 has an invalid length. [ 532.405173][T19128] chnl_net:caif_netlink_parms(): no params data found [ 532.478421][T19170] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4592'. [ 532.528324][ T2932] bridge_slave_1: left allmulticast mode [ 532.536344][ T2932] bridge_slave_1: left promiscuous mode [ 532.542168][ T2932] bridge0: port 2(bridge_slave_1) entered disabled state [ 532.572691][ T2932] bridge_slave_0: left allmulticast mode [ 532.596309][ T2932] bridge_slave_0: left promiscuous mode [ 532.608258][ T2932] bridge0: port 1(bridge_slave_0) entered disabled state [ 534.366622][ T5097] Bluetooth: hci1: command tx timeout [ 535.144398][ T2932] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 535.174673][ T2932] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 535.199431][ T2932] bond0 (unregistering): Released all slaves [ 535.241326][T19179] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4594'. [ 535.261357][T19177] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4592'. [ 535.272862][T19181] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 535.280604][T19181] IPv6: NLM_F_CREATE should be set when creating new route [ 535.425873][T19190] netlink: zone id is out of range [ 535.467159][T19190] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4596'. [ 535.763116][T19128] bridge0: port 1(bridge_slave_0) entered blocking state [ 535.776341][T19128] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.803181][T19128] bridge_slave_0: entered allmulticast mode [ 535.818536][T19128] bridge_slave_0: entered promiscuous mode [ 535.837922][T19128] bridge0: port 2(bridge_slave_1) entered blocking state [ 535.845092][T19128] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.876422][T19128] bridge_slave_1: entered allmulticast mode [ 535.899666][T19128] bridge_slave_1: entered promiscuous mode [ 536.109864][T19219] FAULT_INJECTION: forcing a failure. [ 536.109864][T19219] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 536.123728][T19219] CPU: 1 PID: 19219 Comm: syz.4.4605 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 536.133916][T19219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 536.144445][T19219] Call Trace: [ 536.147828][T19219] [ 536.150788][T19219] dump_stack_lvl+0x241/0x360 [ 536.155622][T19219] ? __pfx_dump_stack_lvl+0x10/0x10 [ 536.160932][T19219] ? __pfx__printk+0x10/0x10 [ 536.165547][T19219] ? __pfx_lock_release+0x10/0x10 [ 536.170614][T19219] should_fail_ex+0x3b0/0x4e0 [ 536.175403][T19219] _copy_from_user+0x2f/0xe0 [ 536.180019][T19219] copy_msghdr_from_user+0xae/0x680 [ 536.185271][T19219] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 536.191135][T19219] __sys_sendmsg+0x23d/0x3a0 [ 536.195751][T19219] ? __pfx___sys_sendmsg+0x10/0x10 [ 536.200880][T19219] ? vfs_write+0x7c4/0xc90 [ 536.205429][T19219] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 536.211792][T19219] ? do_syscall_64+0x100/0x230 [ 536.216673][T19219] ? do_syscall_64+0xb6/0x230 [ 536.221373][T19219] do_syscall_64+0xf3/0x230 [ 536.225902][T19219] ? clear_bhb_loop+0x35/0x90 [ 536.230604][T19219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.236502][T19219] RIP: 0033:0x7fbcbbd75bd9 [ 536.241187][T19219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 536.260963][T19219] RSP: 002b:00007fbcbcbc6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 536.269382][T19219] RAX: ffffffffffffffda RBX: 00007fbcbbf03f60 RCX: 00007fbcbbd75bd9 [ 536.277698][T19219] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005 [ 536.285785][T19219] RBP: 00007fbcbcbc60a0 R08: 0000000000000000 R09: 0000000000000000 [ 536.294889][T19219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 536.303288][T19219] R13: 000000000000000b R14: 00007fbcbbf03f60 R15: 00007fff409a1778 [ 536.311617][T19219] [ 536.354105][ T2932] hsr_slave_0: left promiscuous mode [ 536.393009][ T2932] hsr_slave_1: left promiscuous mode [ 536.409604][ T2932] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 536.436961][ T2932] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 536.445857][ T2932] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 536.453844][ T5097] Bluetooth: hci1: command tx timeout [ 536.494692][ T2932] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 536.576735][ T2932] veth1_macvtap: left promiscuous mode [ 536.595460][ T2932] veth0_macvtap: left allmulticast mode [ 536.603543][ T2932] veth0_macvtap: left promiscuous mode [ 536.619785][ T2932] veth1_vlan: left promiscuous mode [ 536.626940][ T2932] veth0_vlan: left promiscuous mode [ 537.754752][ T2932] team0 (unregistering): Port device team_slave_1 removed [ 537.815838][ T2932] team0 (unregistering): Port device team_slave_0 removed [ 537.965504][ T4836] IPVS: starting estimator thread 0... [ 537.980041][T19246] IPVS: rr: TCP 172.20.20.170:0 - no destination available [ 538.066513][T19248] IPVS: using max 22 ests per chain, 52800 per kthread [ 538.423382][T19128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 538.441549][T19128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 538.527864][ T5097] Bluetooth: hci1: command tx timeout [ 538.608644][T19255] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4614'. [ 538.634927][T19128] team0: Port device team_slave_0 added [ 538.695509][T19128] team0: Port device team_slave_1 added [ 538.817352][T19128] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 538.830102][T19128] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 538.861307][T19128] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 538.892128][T19128] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 538.902805][T19128] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 538.930440][T19128] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 539.898451][T19278] netlink: 'syz.3.4624': attribute type 29 has an invalid length. [ 539.941658][T19278] netlink: 'syz.3.4624': attribute type 29 has an invalid length. [ 539.965565][T19128] hsr_slave_0: entered promiscuous mode [ 539.991482][T19128] hsr_slave_1: entered promiscuous mode [ 540.011375][T19128] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 540.027713][T19128] Cannot create hsr debugfs directory [ 540.040127][T19287] netlink: 'syz.3.4624': attribute type 29 has an invalid length. [ 540.214548][T19293] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4628'. [ 540.375594][T19295] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4629'. [ 540.429122][T19299] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 540.436483][T19299] IPv6: NLM_F_CREATE should be set when creating new route [ 540.457652][T19297] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4630'. [ 541.026392][T19327] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4638'. [ 541.124421][T19128] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 541.179816][T19128] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 541.248291][T19128] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 541.289160][T19128] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 541.515349][T19128] 8021q: adding VLAN 0 to HW filter on device bond0 [ 541.571551][T19128] 8021q: adding VLAN 0 to HW filter on device team0 [ 541.603979][ T5145] bridge0: port 1(bridge_slave_0) entered blocking state [ 541.611874][ T5145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 541.667681][ T5145] bridge0: port 2(bridge_slave_1) entered blocking state [ 541.675014][ T5145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 541.799521][T19128] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 542.188909][T19367] netlink: 83992 bytes leftover after parsing attributes in process `syz.4.4648'. [ 542.214320][T19128] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 542.380795][T19128] veth0_vlan: entered promiscuous mode [ 542.427948][T19128] veth1_vlan: entered promiscuous mode [ 542.544566][T19128] veth0_macvtap: entered promiscuous mode [ 542.575518][T19128] veth1_macvtap: entered promiscuous mode [ 542.638424][T19128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.670654][T19128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.707604][T19128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.726738][T19128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.747733][T19128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 542.765414][T19128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.795557][T19128] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 542.857448][T19128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.899430][T19128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.922288][T19128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 542.955161][T19128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 542.977810][T19128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 543.001618][T19128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 543.027775][T19128] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 543.071319][T19128] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.108362][T19128] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.133738][T19128] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.153001][T19128] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 543.422740][ T2794] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 543.450449][ T2794] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 543.530649][ T2932] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 543.556354][ T2932] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 543.695531][T19398] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4658'. [ 543.837642][T19398] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4658'. [ 544.169906][T19413] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4661'. [ 544.260541][T19414] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4661'. [ 545.932915][T19431] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4667'. [ 546.023855][T19434] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 546.031393][T19434] IPv6: NLM_F_CREATE should be set when creating new route [ 546.342644][T19444] netlink: 'syz.1.4669': attribute type 21 has an invalid length. [ 546.386506][T19444] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4669'. [ 546.447945][T19439] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4669'. [ 546.476761][T19439] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4669'. [ 546.526259][T19452] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4672'. [ 546.641572][T19454] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4672'. [ 546.681521][T19455] netlink: 83992 bytes leftover after parsing attributes in process `syz.3.4670'. [ 548.242231][T19469] FAULT_INJECTION: forcing a failure. [ 548.242231][T19469] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 548.291356][T19469] CPU: 1 PID: 19469 Comm: syz.3.4677 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 548.301744][T19469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 548.312005][T19469] Call Trace: [ 548.314774][T19471] IPVS: Error joining to the multicast group [ 548.315314][T19469] [ 548.315328][T19469] dump_stack_lvl+0x241/0x360 [ 548.329205][T19469] ? __pfx_dump_stack_lvl+0x10/0x10 [ 548.334459][T19469] ? __pfx__printk+0x10/0x10 [ 548.339117][T19469] ? __pfx_lock_release+0x10/0x10 [ 548.344162][T19469] ? vfs_write+0x7c4/0xc90 [ 548.348631][T19469] should_fail_ex+0x3b0/0x4e0 [ 548.353352][T19469] _copy_from_user+0x2f/0xe0 [ 548.358051][T19469] get_timespec64+0x97/0x280 [ 548.362696][T19469] ? __pfx_get_timespec64+0x10/0x10 [ 548.368198][T19469] __x64_sys_recvmmsg+0x140/0x250 [ 548.373273][T19469] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 548.378961][T19469] ? do_syscall_64+0x100/0x230 [ 548.383752][T19469] ? do_syscall_64+0xb6/0x230 [ 548.388461][T19469] do_syscall_64+0xf3/0x230 [ 548.393075][T19469] ? clear_bhb_loop+0x35/0x90 [ 548.397790][T19469] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.403799][T19469] RIP: 0033:0x7ff688775bd9 [ 548.408239][T19469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 548.427870][T19469] RSP: 002b:00007ff689580048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 548.436487][T19469] RAX: ffffffffffffffda RBX: 00007ff688903f60 RCX: 00007ff688775bd9 [ 548.444663][T19469] RDX: 04000000000003b4 RSI: 00000000200037c0 RDI: 0000000000000003 [ 548.452748][T19469] RBP: 00007ff6895800a0 R08: 0000000020003700 R09: 0000000000000000 [ 548.460747][T19469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 548.468830][T19469] R13: 000000000000000b R14: 00007ff688903f60 R15: 00007ffe6f3dc488 [ 548.477024][T19469] [ 548.884250][T19487] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4683'. [ 549.038205][T19489] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4683'. [ 549.803188][T19513] IPVS: Error joining to the multicast group [ 550.287304][T19532] netlink: 'syz.4.4695': attribute type 21 has an invalid length. [ 550.307332][T19532] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4695'. [ 551.061816][T19550] __nla_validate_parse: 2 callbacks suppressed [ 551.061836][T19550] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4703'. [ 551.264240][ T5108] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 551.280076][ T5108] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 551.289780][ T5108] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 551.316761][ T5108] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 551.328759][ T5108] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 551.336648][ T5108] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 551.584804][ T2794] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.735664][ T2794] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.868828][ T2794] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 552.049878][ T2794] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 552.114890][T19558] IPVS: Error joining to the multicast group [ 552.223056][T19554] chnl_net:caif_netlink_parms(): no params data found [ 552.317013][T19563] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4705'. [ 552.627566][ T2794] bridge_slave_1: left allmulticast mode [ 552.643682][ T2794] bridge_slave_1: left promiscuous mode [ 552.664215][ T2794] bridge0: port 2(bridge_slave_1) entered disabled state [ 552.705982][ T2794] bridge_slave_0: left allmulticast mode [ 552.725906][ T2794] bridge_slave_0: left promiscuous mode [ 552.747411][ T2794] bridge0: port 1(bridge_slave_0) entered disabled state [ 553.406322][ T5097] Bluetooth: hci1: command tx timeout [ 553.781137][ T2794] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 553.808138][ T2794] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 553.849748][ T2794] bond0 (unregistering): Released all slaves [ 553.896933][T19554] bridge0: port 1(bridge_slave_0) entered blocking state [ 553.904844][T19554] bridge0: port 1(bridge_slave_0) entered disabled state [ 553.947725][T19554] bridge_slave_0: entered allmulticast mode [ 553.967987][T19554] bridge_slave_0: entered promiscuous mode [ 554.033489][T19554] bridge0: port 2(bridge_slave_1) entered blocking state [ 554.059017][T19554] bridge0: port 2(bridge_slave_1) entered disabled state [ 554.076420][T19554] bridge_slave_1: entered allmulticast mode [ 554.090127][T19554] bridge_slave_1: entered promiscuous mode [ 554.297912][T19554] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 554.519775][T19554] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 554.684457][ T2794] hsr_slave_0: left promiscuous mode [ 554.751177][ T2794] hsr_slave_1: left promiscuous mode [ 554.806713][ T2794] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 554.827512][ T2794] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 554.867480][ T2794] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 554.875464][ T2794] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 554.967288][ T2794] veth1_macvtap: left promiscuous mode [ 554.979635][ T2794] veth0_macvtap: left promiscuous mode [ 554.992343][ T2794] veth1_vlan: left promiscuous mode [ 555.004749][ T2794] veth0_vlan: left promiscuous mode [ 555.486240][ T5097] Bluetooth: hci1: command tx timeout [ 556.663237][ T2794] team0 (unregistering): Port device team_slave_1 removed [ 556.867958][T19605] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4717'. [ 556.875990][ T2794] team0 (unregistering): Port device team_slave_0 removed [ 556.897647][T19605] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4717'. [ 557.567235][ T5097] Bluetooth: hci1: command tx timeout [ 557.880731][T19554] team0: Port device team_slave_0 added [ 557.897829][T19596] IPVS: Error joining to the multicast group [ 557.909007][T19607] netlink: 'syz.0.4717': attribute type 21 has an invalid length. [ 557.927705][T19607] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4717'. [ 557.953415][T19614] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4719'. [ 558.023374][T19554] team0: Port device team_slave_1 added [ 558.154948][T19554] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 558.172738][T19554] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 558.215452][T19554] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 558.278299][T19554] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 558.305440][T19554] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 558.337551][T19554] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 558.434538][T19628] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4724'. [ 558.491171][T19554] hsr_slave_0: entered promiscuous mode [ 558.510421][T19554] hsr_slave_1: entered promiscuous mode [ 558.529144][T19554] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 558.544205][T19554] Cannot create hsr debugfs directory [ 558.553105][T19629] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 558.560606][T19629] IPv6: NLM_F_CREATE should be set when creating new route [ 559.349892][T19649] netlink: 'syz.3.4730': attribute type 1 has an invalid length. [ 559.388919][T19649] 8021q: adding VLAN 0 to HW filter on device bond2 [ 559.410252][T19652] bond2: (slave ip6gretap1): making interface the new active one [ 559.431146][T19652] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 559.536764][T19554] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 559.554374][T19554] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 559.589237][T19554] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 559.639052][T19554] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 559.647261][ T5097] Bluetooth: hci1: command tx timeout [ 559.694680][T19654] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4731'. [ 560.012279][T19554] 8021q: adding VLAN 0 to HW filter on device bond0 [ 560.088678][T19554] 8021q: adding VLAN 0 to HW filter on device team0 [ 560.121966][T14917] bridge0: port 1(bridge_slave_0) entered blocking state [ 560.129249][T14917] bridge0: port 1(bridge_slave_0) entered forwarding state [ 560.193695][T14917] bridge0: port 2(bridge_slave_1) entered blocking state [ 560.200893][T14917] bridge0: port 2(bridge_slave_1) entered forwarding state [ 560.230552][T19676] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4741'. [ 560.508367][T19687] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 560.798548][T19699] netlink: 'syz.4.4744': attribute type 21 has an invalid length. [ 560.826907][T19699] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4744'. [ 560.878210][T19699] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4744'. [ 560.913638][T19692] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4744'. [ 560.949020][T19554] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 561.103056][T19554] veth0_vlan: entered promiscuous mode [ 561.153139][T19554] veth1_vlan: entered promiscuous mode [ 561.289597][T19554] veth0_macvtap: entered promiscuous mode [ 561.324343][T19554] veth1_macvtap: entered promiscuous mode [ 561.391167][T19554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 561.421765][T19554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 561.446802][T19554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 561.463294][T19554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 561.473992][T19554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 561.485540][T19554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 561.500887][T19554] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 561.540381][T19554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 561.582187][T19554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 561.593469][T19554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 561.605717][T19554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 561.628308][T19554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 561.639579][T19554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 561.677683][T19554] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 561.716927][T19554] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.745192][T19554] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.746809][T19725] netlink: 'syz.0.4758': attribute type 29 has an invalid length. [ 561.764589][T19554] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.784870][T19554] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.836397][T19725] netlink: 'syz.0.4758': attribute type 29 has an invalid length. [ 561.871209][T19728] netlink: 'syz.0.4758': attribute type 29 has an invalid length. [ 561.890432][T19729] netlink: 'syz.0.4758': attribute type 29 has an invalid length. [ 562.102624][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 562.137587][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 562.194392][ T2794] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 562.215735][ T2794] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 562.482737][T19747] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4702'. [ 562.555610][T19747] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4702'. [ 562.581404][T19747] vlan2: entered promiscuous mode [ 562.596012][T19747] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 562.603814][T19747] vlan2: entered allmulticast mode [ 562.621468][T19747] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 563.329560][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.336944][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.498159][T19773] netlink: 'syz.3.4777': attribute type 3 has an invalid length. [ 563.642806][T19777] virt_wifi0: mtu less than device minimum [ 563.773648][T19787] netlink: 'syz.4.4785': attribute type 1 has an invalid length. [ 563.797735][T19783] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 563.835457][T19786] netlink: 'syz.2.4784': attribute type 1 has an invalid length. [ 564.455045][ T5108] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 564.470996][ T5108] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 564.480066][ T5108] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 564.491764][ T5108] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 564.500222][ T5108] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 564.508886][ T5108] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 564.580590][T19816] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048) [ 564.631478][T19818] FAULT_INJECTION: forcing a failure. [ 564.631478][T19818] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 564.660198][T19818] CPU: 1 PID: 19818 Comm: syz.1.4797 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 564.670617][T19818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 564.680708][T19818] Call Trace: [ 564.684184][T19818] [ 564.687138][T19818] dump_stack_lvl+0x241/0x360 [ 564.691947][T19818] ? __pfx_dump_stack_lvl+0x10/0x10 [ 564.697221][T19818] ? __pfx__printk+0x10/0x10 [ 564.702111][T19818] ? __pfx_lock_release+0x10/0x10 [ 564.707254][T19818] should_fail_ex+0x3b0/0x4e0 [ 564.712124][T19818] _copy_from_user+0x2f/0xe0 [ 564.716750][T19818] copy_msghdr_from_user+0xae/0x680 [ 564.722084][T19818] ? __pfx___might_resched+0x10/0x10 [ 564.727814][T19818] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 564.733724][T19818] ? __might_fault+0xaa/0x120 [ 564.738694][T19818] do_recvmmsg+0x40f/0xae0 [ 564.743146][T19818] ? __pfx_lock_release+0x10/0x10 [ 564.748259][T19818] ? __pfx_do_recvmmsg+0x10/0x10 [ 564.753571][T19818] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 564.759491][T19818] ? ksys_write+0x23e/0x2c0 [ 564.764084][T19818] ? __pfx_lock_release+0x10/0x10 [ 564.769495][T19818] ? vfs_write+0x7c4/0xc90 [ 564.774034][T19818] ? __mutex_unlock_slowpath+0x21d/0x750 [ 564.779677][T19818] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 564.786020][T19818] __x64_sys_recvmmsg+0x199/0x250 [ 564.791057][T19818] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 564.796610][T19818] do_syscall_64+0xf3/0x230 [ 564.801119][T19818] ? clear_bhb_loop+0x35/0x90 [ 564.805796][T19818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 564.811686][T19818] RIP: 0033:0x7fef51575bd9 [ 564.816096][T19818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 564.835792][T19818] RSP: 002b:00007fef523c5048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 564.844199][T19818] RAX: ffffffffffffffda RBX: 00007fef51703f60 RCX: 00007fef51575bd9 [ 564.852162][T19818] RDX: 0400000000000284 RSI: 0000000020000040 RDI: 0000000000000003 [ 564.860123][T19818] RBP: 00007fef523c50a0 R08: 0000000000000000 R09: 0000000000000000 [ 564.868087][T19818] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 564.876050][T19818] R13: 000000000000004d R14: 00007fef51703f60 R15: 00007fffc15df208 [ 564.884030][T19818] [ 564.951143][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 565.004933][T19821] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4798'. [ 565.046554][T19823] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 565.053935][T19823] IPv6: NLM_F_CREATE should be set when creating new route [ 565.231047][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 565.275926][T19840] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4802'. [ 565.329802][T19844] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 565.337512][T19844] IPv6: NLM_F_CREATE should be set when creating new route [ 565.357651][T19845] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4804'. [ 565.429850][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 565.631087][ T11] netdevsim netdevsim0 netdevsim0: left allmulticast mode [ 565.637173][T19855] FAULT_INJECTION: forcing a failure. [ 565.637173][T19855] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 565.651961][ T11] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 565.701458][T19855] CPU: 1 PID: 19855 Comm: syz.3.4808 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 565.711932][T19855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 565.722012][T19855] Call Trace: [ 565.725313][T19855] [ 565.728258][T19855] dump_stack_lvl+0x241/0x360 [ 565.732974][T19855] ? __pfx_dump_stack_lvl+0x10/0x10 [ 565.738210][T19855] ? __pfx__printk+0x10/0x10 [ 565.742841][T19855] ? snprintf+0xda/0x120 [ 565.747111][T19855] should_fail_ex+0x3b0/0x4e0 [ 565.751822][T19855] _copy_to_user+0x2f/0xb0 [ 565.756356][T19855] simple_read_from_buffer+0xca/0x150 [ 565.761777][T19855] proc_fail_nth_read+0x1e9/0x250 [ 565.766829][T19855] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 565.772399][T19855] ? rw_verify_area+0x520/0x6b0 [ 565.777285][T19855] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 565.782938][T19855] vfs_read+0x204/0xbc0 [ 565.787122][T19855] ? __pfx_lock_release+0x10/0x10 [ 565.792263][T19855] ? __pfx_vfs_read+0x10/0x10 [ 565.796960][T19855] ? __fget_files+0x29/0x470 [ 565.801582][T19855] ? __fget_files+0x3f6/0x470 [ 565.806384][T19855] ksys_read+0x1a0/0x2c0 [ 565.810661][T19855] ? __pfx_ksys_read+0x10/0x10 [ 565.815443][T19855] ? do_syscall_64+0x100/0x230 [ 565.820324][T19855] ? do_syscall_64+0xb6/0x230 [ 565.825030][T19855] do_syscall_64+0xf3/0x230 [ 565.829592][T19855] ? clear_bhb_loop+0x35/0x90 [ 565.834307][T19855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.840231][T19855] RIP: 0033:0x7ff6887746bc [ 565.844677][T19855] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 565.864303][T19855] RSP: 002b:00007ff689580040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 565.872743][T19855] RAX: ffffffffffffffda RBX: 00007ff688903f60 RCX: 00007ff6887746bc [ 565.880739][T19855] RDX: 000000000000000f RSI: 00007ff6895800b0 RDI: 0000000000000006 [ 565.888736][T19855] RBP: 00007ff6895800a0 R08: 0000000000000000 R09: 0000000000000000 [ 565.896731][T19855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 565.904722][T19855] R13: 000000000000000b R14: 00007ff688903f60 R15: 00007ffe6f3dc488 [ 565.912736][T19855] [ 565.943785][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 566.322010][T19811] chnl_net:caif_netlink_parms(): no params data found [ 566.354339][ T11] bridge_slave_1: left allmulticast mode [ 566.371856][ T11] bridge_slave_1: left promiscuous mode [ 566.382149][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 566.418321][ T11] bridge_slave_0: left allmulticast mode [ 566.433134][ T11] bridge_slave_0: left promiscuous mode [ 566.439466][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 566.527794][ T5097] Bluetooth: hci2: command tx timeout [ 567.218283][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 567.242131][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 567.270938][ T11] bond0 (unregistering): Released all slaves [ 567.318230][T19877] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4814'. [ 567.355898][T19883] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4814'. [ 568.004506][ T11] hsr_slave_0: left promiscuous mode [ 568.028635][ T11] hsr_slave_1: left promiscuous mode [ 568.041287][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 568.061261][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 568.094050][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 568.106377][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 568.183792][ T11] veth1_macvtap: left promiscuous mode [ 568.196628][ T11] veth0_macvtap: left promiscuous mode [ 568.212634][ T11] veth1_vlan: left promiscuous mode [ 568.234490][ T11] veth0_vlan: left promiscuous mode [ 568.606919][ T5097] Bluetooth: hci2: command tx timeout [ 569.304809][T19939] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4832'. [ 569.612060][ T11] team0 (unregistering): Port device team_slave_1 removed [ 569.667470][ T11] team0 (unregistering): Port device team_slave_0 removed [ 570.144567][T19811] bridge0: port 1(bridge_slave_0) entered blocking state [ 570.164494][T19811] bridge0: port 1(bridge_slave_0) entered disabled state [ 570.172686][T19811] bridge_slave_0: entered allmulticast mode [ 570.181176][T19811] bridge_slave_0: entered promiscuous mode [ 570.189136][T19923] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4828'. [ 570.212965][T19928] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4828'. [ 570.223616][T19934] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4831'. [ 570.308834][T19941] team0: Port device team_slave_0 removed [ 570.332716][T19811] bridge0: port 2(bridge_slave_1) entered blocking state [ 570.355143][T19811] bridge0: port 2(bridge_slave_1) entered disabled state [ 570.397445][T19811] bridge_slave_1: entered allmulticast mode [ 570.408694][T19811] bridge_slave_1: entered promiscuous mode [ 570.539863][T19953] ip6tnl3: entered promiscuous mode [ 570.560968][T19953] ip6tnl3: entered allmulticast mode [ 570.593053][T19811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 570.673281][T19811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 570.692859][ T5097] Bluetooth: hci2: command tx timeout [ 570.842972][T19811] team0: Port device team_slave_0 added [ 570.887546][T19811] team0: Port device team_slave_1 added [ 570.917814][T19972] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4840'. [ 570.984059][T19811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 571.016754][T19811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 571.055704][T19811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 571.083082][T19811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 571.095393][ T11] IPVS: stop unused estimator thread 0... [ 571.124475][T19811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 571.185103][T19811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 571.338288][T19811] hsr_slave_0: entered promiscuous mode [ 571.345556][T19811] hsr_slave_1: entered promiscuous mode [ 571.364652][T19988] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4845'. [ 571.711183][T19998] FAULT_INJECTION: forcing a failure. [ 571.711183][T19998] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 571.752663][T19998] CPU: 1 PID: 19998 Comm: syz.3.4849 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 571.762883][T19998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 571.773394][T19998] Call Trace: [ 571.776689][T19998] [ 571.779642][T19998] dump_stack_lvl+0x241/0x360 [ 571.784351][T19998] ? __pfx_dump_stack_lvl+0x10/0x10 [ 571.789576][T19998] ? __pfx__printk+0x10/0x10 [ 571.794192][T19998] ? __pfx_lock_release+0x10/0x10 [ 571.799239][T19998] should_fail_ex+0x3b0/0x4e0 [ 571.803951][T19998] _copy_from_iter+0x1f6/0x1960 [ 571.808836][T19998] ? __virt_addr_valid+0x183/0x520 [ 571.814041][T19998] ? __pfx_lock_release+0x10/0x10 [ 571.819067][T19998] ? __pfx__copy_from_iter+0x10/0x10 [ 571.824348][T19998] ? __virt_addr_valid+0x183/0x520 [ 571.829453][T19998] ? __virt_addr_valid+0x183/0x520 [ 571.834555][T19998] ? __virt_addr_valid+0x44e/0x520 [ 571.839664][T19998] ? __check_object_size+0x49c/0x900 [ 571.844981][T19998] netlink_sendmsg+0x743/0xcb0 [ 571.849927][T19998] ? __pfx_netlink_sendmsg+0x10/0x10 [ 571.855215][T19998] ? __import_iovec+0x536/0x820 [ 571.860060][T19998] ? aa_sock_msg_perm+0x91/0x160 [ 571.865007][T19998] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 571.870284][T19998] ? security_socket_sendmsg+0x87/0xb0 [ 571.875916][T19998] ? __pfx_netlink_sendmsg+0x10/0x10 [ 571.881244][T19998] __sock_sendmsg+0x221/0x270 [ 571.885922][T19998] ____sys_sendmsg+0x525/0x7d0 [ 571.890872][T19998] ? __pfx_____sys_sendmsg+0x10/0x10 [ 571.896248][T19998] __sys_sendmsg+0x2b0/0x3a0 [ 571.900835][T19998] ? __pfx___sys_sendmsg+0x10/0x10 [ 571.905938][T19998] ? vfs_write+0x7c4/0xc90 [ 571.910384][T19998] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 571.916711][T19998] ? do_syscall_64+0x100/0x230 [ 571.921475][T19998] ? do_syscall_64+0xb6/0x230 [ 571.926153][T19998] do_syscall_64+0xf3/0x230 [ 571.930677][T19998] ? clear_bhb_loop+0x35/0x90 [ 571.935355][T19998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.941249][T19998] RIP: 0033:0x7ff688775bd9 [ 571.945661][T19998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 571.965366][T19998] RSP: 002b:00007ff689580048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 571.974043][T19998] RAX: ffffffffffffffda RBX: 00007ff688903f60 RCX: 00007ff688775bd9 [ 571.982010][T19998] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 571.989977][T19998] RBP: 00007ff6895800a0 R08: 0000000000000000 R09: 0000000000000000 [ 571.998036][T19998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 572.006008][T19998] R13: 000000000000000b R14: 00007ff688903f60 R15: 00007ffe6f3dc488 [ 572.014005][T19998] [ 572.348351][T20009] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4853'. [ 572.555200][T19811] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 572.580626][T19811] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 572.597147][T19811] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 572.617293][T19811] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 572.704896][T20022] FAULT_INJECTION: forcing a failure. [ 572.704896][T20022] name failslab, interval 1, probability 0, space 0, times 0 [ 572.740988][T20022] CPU: 0 PID: 20022 Comm: syz.1.4857 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 572.751332][T20022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 572.761689][T20022] Call Trace: [ 572.764989][T20022] [ 572.766576][ T5097] Bluetooth: hci2: command tx timeout [ 572.767919][T20022] dump_stack_lvl+0x241/0x360 [ 572.767956][T20022] ? __pfx_dump_stack_lvl+0x10/0x10 [ 572.783184][T20022] ? __pfx__printk+0x10/0x10 [ 572.787809][T20022] ? __pfx___might_resched+0x10/0x10 [ 572.793135][T20022] should_fail_ex+0x3b0/0x4e0 [ 572.797860][T20022] ? skb_clone+0x20c/0x390 [ 572.802292][T20022] should_failslab+0x9/0x20 [ 572.806830][T20022] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 572.812245][T20022] skb_clone+0x20c/0x390 [ 572.816612][T20022] nfnetlink_rcv+0x575/0x2a80 [ 572.821315][T20022] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 572.827654][T20022] ? __local_bh_enable_ip+0x168/0x200 [ 572.833057][T20022] ? __local_bh_enable_ip+0x168/0x200 [ 572.838477][T20022] ? __dev_queue_xmit+0x2d2/0x3d30 [ 572.843610][T20022] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 572.849373][T20022] ? __dev_queue_xmit+0x2d2/0x3d30 [ 572.854524][T20022] ? __dev_queue_xmit+0x16c9/0x3d30 [ 572.858955][T19811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 572.859741][T20022] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 572.871464][T20022] ? __dev_queue_xmit+0x2d2/0x3d30 [ 572.876642][T20022] ? ref_tracker_free+0x643/0x7e0 [ 572.881697][T20022] ? __asan_memcpy+0x40/0x70 [ 572.890656][T20022] ? __pfx_ref_tracker_free+0x10/0x10 [ 572.896080][T20022] ? netlink_deliver_tap+0x2e/0x1b0 [ 572.901308][T20022] ? skb_clone+0x240/0x390 [ 572.905843][T20022] ? __pfx_lock_release+0x10/0x10 [ 572.907201][T19811] 8021q: adding VLAN 0 to HW filter on device team0 [ 572.910870][T20022] ? __netlink_deliver_tap+0x77e/0x7c0 [ 572.910912][T20022] ? netlink_deliver_tap+0x2e/0x1b0 [ 572.928436][T20022] netlink_unicast+0x7ea/0x980 [ 572.933244][T20022] ? __pfx_netlink_unicast+0x10/0x10 [ 572.938732][T20022] ? __virt_addr_valid+0x183/0x520 [ 572.943881][T20022] ? __check_object_size+0x49c/0x900 [ 572.945135][T14915] bridge0: port 1(bridge_slave_0) entered blocking state [ 572.949183][T20022] ? bpf_lsm_netlink_send+0x9/0x10 [ 572.949220][T20022] netlink_sendmsg+0x8db/0xcb0 [ 572.949254][T20022] ? __pfx_netlink_sendmsg+0x10/0x10 [ 572.956410][T14915] bridge0: port 1(bridge_slave_0) entered forwarding state [ 572.961368][T20022] ? __import_iovec+0x536/0x820 [ 572.983809][T20022] ? aa_sock_msg_perm+0x91/0x160 [ 572.988783][T20022] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 572.994092][T20022] ? security_socket_sendmsg+0x87/0xb0 [ 572.999584][T20022] ? __pfx_netlink_sendmsg+0x10/0x10 [ 573.004909][T20022] __sock_sendmsg+0x221/0x270 [ 573.009630][T20022] ____sys_sendmsg+0x525/0x7d0 [ 573.012014][T14915] bridge0: port 2(bridge_slave_1) entered blocking state [ 573.014411][T20022] ? __pfx_____sys_sendmsg+0x10/0x10 [ 573.014454][T20022] __sys_sendmsg+0x2b0/0x3a0 [ 573.021604][T14915] bridge0: port 2(bridge_slave_1) entered forwarding state [ 573.026732][T20022] ? __pfx___sys_sendmsg+0x10/0x10 [ 573.026757][T20022] ? vfs_write+0x7c4/0xc90 [ 573.048209][T20022] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 573.054563][T20022] ? do_syscall_64+0x100/0x230 [ 573.059362][T20022] ? do_syscall_64+0xb6/0x230 [ 573.064073][T20022] do_syscall_64+0xf3/0x230 [ 573.068605][T20022] ? clear_bhb_loop+0x35/0x90 [ 573.073315][T20022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.079865][T20022] RIP: 0033:0x7fef51575bd9 [ 573.084314][T20022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 573.104566][T20022] RSP: 002b:00007fef523c5048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 573.113023][T20022] RAX: ffffffffffffffda RBX: 00007fef51703f60 RCX: 00007fef51575bd9 [ 573.121036][T20022] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 573.129047][T20022] RBP: 00007fef523c50a0 R08: 0000000000000000 R09: 0000000000000000 [ 573.137134][T20022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 573.145129][T20022] R13: 000000000000004d R14: 00007fef51703f60 R15: 00007fffc15df208 [ 573.153145][T20022] [ 573.369693][T20037] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4861'. [ 573.608324][T20048] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4862'. [ 573.694526][T19811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 573.851754][T19811] veth0_vlan: entered promiscuous mode [ 573.889973][T20055] FAULT_INJECTION: forcing a failure. [ 573.889973][T20055] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 573.905925][T19811] veth1_vlan: entered promiscuous mode [ 573.947261][T20055] CPU: 0 PID: 20055 Comm: syz.1.4867 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 573.957564][T20055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 573.967757][T20055] Call Trace: [ 573.971061][T20055] [ 573.974022][T20055] dump_stack_lvl+0x241/0x360 [ 573.979538][T20055] ? __pfx_dump_stack_lvl+0x10/0x10 [ 573.985507][T20055] ? __pfx__printk+0x10/0x10 [ 573.990602][T20055] ? __pfx_lock_release+0x10/0x10 [ 573.996075][T20055] should_fail_ex+0x3b0/0x4e0 [ 574.001733][T20055] _copy_from_iter+0x1f6/0x1960 [ 574.006807][T20055] ? __virt_addr_valid+0x183/0x520 [ 574.011976][T20055] ? skb_set_owner_w+0x238/0x3e0 [ 574.017231][T20055] ? __pfx_lock_release+0x10/0x10 [ 574.022909][T20055] ? __pfx__copy_from_iter+0x10/0x10 [ 574.029483][T20055] ? __virt_addr_valid+0x183/0x520 [ 574.034722][T20055] ? __virt_addr_valid+0x183/0x520 [ 574.039857][T20055] ? __virt_addr_valid+0x44e/0x520 [ 574.044972][T20055] ? __phys_addr_symbol+0x2f/0x70 [ 574.049998][T20055] ? __check_object_size+0x49c/0x900 [ 574.055280][T20055] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 574.060999][T20055] skb_copy_datagram_from_iter+0xf3/0x6c0 [ 574.066811][T20055] ? skb_put+0x114/0x1f0 [ 574.071138][T20055] packet_sendmsg+0x3edd/0x6150 [ 574.076005][T20055] ? __pfx___might_resched+0x10/0x10 [ 574.081299][T20055] ? aa_sk_perm+0x967/0xab0 [ 574.085803][T20055] ? __pfx_packet_sendmsg+0x10/0x10 [ 574.091006][T20055] ? __fget_files+0x29/0x470 [ 574.095626][T20055] ? aa_sock_msg_perm+0x91/0x160 [ 574.100611][T20055] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 574.105890][T20055] ? security_socket_sendmsg+0x87/0xb0 [ 574.111526][T20055] ? __pfx_packet_sendmsg+0x10/0x10 [ 574.116844][T20055] __sock_sendmsg+0x221/0x270 [ 574.121699][T20055] __sys_sendto+0x3a4/0x4f0 [ 574.126814][T20055] ? __pfx___sys_sendto+0x10/0x10 [ 574.131973][T20055] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 574.138037][T20055] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 574.144366][T20055] __x64_sys_sendto+0xde/0x100 [ 574.149129][T20055] do_syscall_64+0xf3/0x230 [ 574.153645][T20055] ? clear_bhb_loop+0x35/0x90 [ 574.158325][T20055] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 574.164213][T20055] RIP: 0033:0x7fef51575bd9 [ 574.168619][T20055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 574.188217][T20055] RSP: 002b:00007fef523c5048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 574.196715][T20055] RAX: ffffffffffffffda RBX: 00007fef51703f60 RCX: 00007fef51575bd9 [ 574.204679][T20055] RDX: 000000000000000e RSI: 0000000020000040 RDI: 0000000000000003 [ 574.212657][T20055] RBP: 00007fef523c50a0 R08: 0000000020000200 R09: 0000000000000014 [ 574.220726][T20055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 574.228781][T20055] R13: 000000000000004d R14: 00007fef51703f60 R15: 00007fffc15df208 [ 574.236762][T20055] [ 574.270432][T19811] veth0_macvtap: entered promiscuous mode [ 574.312197][T20058] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4868'. [ 574.370780][T19811] veth1_macvtap: entered promiscuous mode [ 574.431853][T20058] mac80211_hwsim hwsim35 : renamed from wlan1 (while UP) [ 574.493786][T19811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 574.520278][T19811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 574.531377][T19811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 574.542396][T19811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 574.552766][T19811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 574.577473][T19811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 574.596865][T19811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 574.610847][T20062] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4870'. [ 574.718466][T19811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 574.748750][T19811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 574.771261][T19811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 574.782992][T19811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 574.795267][T19811] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 574.806702][T19811] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 574.842402][T19811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 574.887108][T19811] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 574.909418][T19811] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 574.928736][T19811] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 574.949033][T19811] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 575.028237][T20075] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4874'. [ 575.041731][T20075] nbd: nbd0 already in use [ 575.190265][ T2932] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 575.225351][ T2932] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 575.366186][ T2794] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 575.407365][ T2794] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 575.507085][T20092] netlink: 56 bytes leftover after parsing attributes in process `syz.1.4878'. [ 575.599162][T20098] tipc: Started in network mode [ 575.604103][T20098] tipc: Node identity 3a20300a74797065, cluster identity 4711 [ 575.646487][T20098] tipc: Enabling of bearer rejected, failed to enable media [ 575.818042][T20103] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4881'. [ 575.846288][T20104] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4881'. [ 575.895077][T20106] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4882'. [ 576.210904][T20113] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 577.256019][T20158] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4901'. [ 577.275967][T20159] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4899'. [ 578.275479][T20190] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4907'. [ 579.438107][T20212] netlink: 'syz.0.4914': attribute type 16 has an invalid length. [ 579.466408][T20212] __nla_validate_parse: 2 callbacks suppressed [ 579.466429][T20212] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4914'. [ 579.796337][T20222] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4917'. [ 579.831332][T20222] netlink: 'syz.0.4917': attribute type 3 has an invalid length. [ 579.845247][T20227] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4918'. [ 580.363248][T20245] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4923'. [ 580.718966][T20252] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4926'. [ 581.867086][T20284] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4938'. [ 581.892686][T20287] netlink: 56 bytes leftover after parsing attributes in process `syz.1.4937'. [ 582.310740][T20292] x_tables: duplicate underflow at hook 2 [ 582.430618][T20297] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4940'. [ 582.776275][T20307] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4944'. [ 582.841001][T20307] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4944'. [ 583.561435][T20323] batadv2: entered allmulticast mode [ 584.027370][T20352] FAULT_INJECTION: forcing a failure. [ 584.027370][T20352] name failslab, interval 1, probability 0, space 0, times 0 [ 584.060756][T20352] CPU: 1 PID: 20352 Comm: syz.0.4958 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 584.071065][T20352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 584.081325][T20352] Call Trace: [ 584.084632][T20352] [ 584.087592][T20352] dump_stack_lvl+0x241/0x360 [ 584.092317][T20352] ? __pfx_dump_stack_lvl+0x10/0x10 [ 584.097556][T20352] ? __pfx__printk+0x10/0x10 [ 584.102198][T20352] should_fail_ex+0x3b0/0x4e0 [ 584.107091][T20352] ? __alloc_skb+0x1c3/0x440 [ 584.111738][T20352] should_failslab+0x9/0x20 [ 584.116269][T20352] kmem_cache_alloc_node_noprof+0x71/0x320 [ 584.122149][T20352] __alloc_skb+0x1c3/0x440 [ 584.126600][T20352] ? __pfx___might_resched+0x10/0x10 [ 584.131922][T20352] ? __pfx___alloc_skb+0x10/0x10 [ 584.137062][T20352] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 584.143161][T20352] ? security_socket_getpeersec_dgram+0x88/0xb0 [ 584.149436][T20352] netlink_sendmsg+0x631/0xcb0 [ 584.154431][T20352] ? __pfx_netlink_sendmsg+0x10/0x10 [ 584.159758][T20352] ? __import_iovec+0x536/0x820 [ 584.164651][T20352] ? aa_sock_msg_perm+0x91/0x160 [ 584.169721][T20352] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 584.175027][T20352] ? security_socket_sendmsg+0x87/0xb0 [ 584.180580][T20352] ? __pfx_netlink_sendmsg+0x10/0x10 [ 584.186043][T20352] __sock_sendmsg+0x221/0x270 [ 584.190815][T20352] ____sys_sendmsg+0x525/0x7d0 [ 584.195681][T20352] ? __pfx_____sys_sendmsg+0x10/0x10 [ 584.200967][T20352] ? __might_fault+0xaa/0x120 [ 584.205677][T20352] __sys_sendmmsg+0x3b2/0x740 [ 584.210382][T20352] ? __pfx___sys_sendmmsg+0x10/0x10 [ 584.215875][T20352] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 584.221953][T20352] ? ksys_write+0x23e/0x2c0 [ 584.226458][T20352] ? __pfx_lock_release+0x10/0x10 [ 584.231708][T20352] ? vfs_write+0x7c4/0xc90 [ 584.236152][T20352] ? __mutex_unlock_slowpath+0x21d/0x750 [ 584.241798][T20352] ? __pfx_vfs_write+0x10/0x10 [ 584.246839][T20352] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 584.252907][T20352] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 584.259235][T20352] ? do_syscall_64+0x100/0x230 [ 584.264176][T20352] __x64_sys_sendmmsg+0xa0/0xb0 [ 584.269032][T20352] do_syscall_64+0xf3/0x230 [ 584.273707][T20352] ? clear_bhb_loop+0x35/0x90 [ 584.278500][T20352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.284399][T20352] RIP: 0033:0x7fd95f975bd9 [ 584.288816][T20352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 584.308785][T20352] RSP: 002b:00007fd960700048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 584.317373][T20352] RAX: ffffffffffffffda RBX: 00007fd95fb03f60 RCX: 00007fd95f975bd9 [ 584.325450][T20352] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000005 [ 584.333423][T20352] RBP: 00007fd9607000a0 R08: 0000000000000000 R09: 0000000000000000 [ 584.341389][T20352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 584.349368][T20352] R13: 000000000000000b R14: 00007fd95fb03f60 R15: 00007fffe87a07f8 [ 584.357434][T20352] [ 584.576848][T20369] xt_TCPMSS: Only works on TCP SYN packets [ 584.598557][T20369] __nla_validate_parse: 2 callbacks suppressed [ 584.598577][T20369] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4961'. [ 584.626019][T20371] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4962'. [ 584.680968][T20371] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4962'. [ 584.891775][T20375] batadv1: entered allmulticast mode [ 585.790986][T20402] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 586.127932][T20413] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4975'. [ 586.556323][T20420] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4978'. [ 586.811353][T20426] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4980'. [ 586.907578][T20426] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4980'. [ 586.956822][T20426] vlan2: entered promiscuous mode [ 586.966499][T20426] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 586.984362][T20426] vlan2: entered allmulticast mode [ 586.994338][T20426] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 587.202590][T20433] netlink: 'syz.2.4982': attribute type 1 has an invalid length. [ 587.245088][T20433] netlink: 244 bytes leftover after parsing attributes in process `syz.2.4982'. [ 587.628778][T20441] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 588.155979][T20465] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4991'. [ 589.047940][T20473] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4993'. [ 589.418160][T20478] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 590.730932][T20527] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 590.933639][T20537] FAULT_INJECTION: forcing a failure. [ 590.933639][T20537] name failslab, interval 1, probability 0, space 0, times 0 [ 590.992116][T20537] CPU: 0 PID: 20537 Comm: syz.2.5012 Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 591.002694][T20537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 591.014089][T20537] Call Trace: [ 591.017482][T20537] [ 591.020428][T20537] dump_stack_lvl+0x241/0x360 [ 591.025140][T20537] ? __pfx_dump_stack_lvl+0x10/0x10 [ 591.030374][T20537] ? __pfx__printk+0x10/0x10 [ 591.035084][T20537] ? ref_tracker_alloc+0x332/0x490 [ 591.040230][T20537] should_fail_ex+0x3b0/0x4e0 [ 591.044938][T20537] ? skb_clone+0x20c/0x390 [ 591.049472][T20537] should_failslab+0x9/0x20 [ 591.054030][T20537] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 591.059536][T20537] skb_clone+0x20c/0x390 [ 591.063907][T20537] __netlink_deliver_tap+0x3cc/0x7c0 [ 591.069321][T20537] ? netlink_deliver_tap+0x2e/0x1b0 [ 591.074637][T20537] netlink_deliver_tap+0x19d/0x1b0 [ 591.079809][T20537] netlink_unicast+0x7b8/0x980 [ 591.084619][T20537] ? __pfx_netlink_unicast+0x10/0x10 [ 591.089924][T20537] ? __virt_addr_valid+0x183/0x520 [ 591.095069][T20537] ? __check_object_size+0x49c/0x900 [ 591.100393][T20537] ? bpf_lsm_netlink_send+0x9/0x10 [ 591.105548][T20537] netlink_sendmsg+0x8db/0xcb0 [ 591.110360][T20537] ? __pfx_netlink_sendmsg+0x10/0x10 [ 591.115678][T20537] ? __import_iovec+0x536/0x820 [ 591.120724][T20537] ? aa_sock_msg_perm+0x91/0x160 [ 591.125695][T20537] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 591.131003][T20537] ? security_socket_sendmsg+0x87/0xb0 [ 591.136492][T20537] ? __pfx_netlink_sendmsg+0x10/0x10 [ 591.141926][T20537] __sock_sendmsg+0x221/0x270 [ 591.146727][T20537] ____sys_sendmsg+0x525/0x7d0 [ 591.152257][T20537] ? __pfx_____sys_sendmsg+0x10/0x10 [ 591.158282][T20537] __sys_sendmsg+0x2b0/0x3a0 [ 591.163001][T20537] ? __pfx___sys_sendmsg+0x10/0x10 [ 591.168372][T20537] ? vfs_write+0x7c4/0xc90 [ 591.172944][T20537] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 591.179385][T20537] ? do_syscall_64+0x100/0x230 [ 591.184201][T20537] ? do_syscall_64+0xb6/0x230 [ 591.189361][T20537] do_syscall_64+0xf3/0x230 [ 591.194012][T20537] ? clear_bhb_loop+0x35/0x90 [ 591.199015][T20537] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.205003][T20537] RIP: 0033:0x7f5067375bd9 [ 591.209970][T20537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 591.230735][T20537] RSP: 002b:00007f50680ca048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 591.240574][T20537] RAX: ffffffffffffffda RBX: 00007f5067503f60 RCX: 00007f5067375bd9 [ 591.248662][T20537] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 591.257370][T20537] RBP: 00007f50680ca0a0 R08: 0000000000000000 R09: 0000000000000000 [ 591.265378][T20537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 591.273477][T20537] R13: 000000000000000b R14: 00007f5067503f60 R15: 00007fff1f05bfd8 [ 591.282721][T20537] [ 591.357620][T20551] __nla_validate_parse: 4 callbacks suppressed [ 591.357642][T20551] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5016'. [ 591.378570][T20553] x_tables: unsorted entry at hook 1 [ 591.490507][T20558] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5020'. [ 591.546907][T20560] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5016'. [ 591.698487][T20569] dccp_invalid_packet: P.Data Offset(0) too small [ 592.626538][T20593] syz.4.5030 (20593) used obsolete PPPIOCDETACH ioctl [ 593.377725][T20627] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5037'. [ 593.509440][T20627] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5037'. [ 593.627156][T20639] netlink: 'syz.2.5041': attribute type 1 has an invalid length. [ 593.654453][T20639] netlink: 112860 bytes leftover after parsing attributes in process `syz.2.5041'. [ 593.674506][T20639] netlink: 'syz.2.5041': attribute type 1 has an invalid length. [ 593.788222][T20644] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5042'. [ 594.211190][T20655] netlink: 'syz.0.5045': attribute type 14 has an invalid length. [ 595.070449][T20698] ieee802154 phy0 wpan0: encryption failed: -22 [ 595.210265][T20708] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5068'. [ 595.829496][T20735] netlink: 84 bytes leftover after parsing attributes in process `syz.2.5081'. [ 595.844929][T20736] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 595.980614][T20746] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5079'. [ 596.830820][T20802] __nla_validate_parse: 2 callbacks suppressed [ 596.830842][T20802] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5100'. [ 596.874076][T20802] geneve2: entered promiscuous mode [ 596.900317][T20804] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5102'. [ 596.942606][T20806] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5101'. [ 597.217736][T20825] bridge: RTM_NEWNEIGH with unconfigured vlan 65 on bridge_slave_0 [ 597.305902][T20832] netlink: 188 bytes leftover after parsing attributes in process `syz.1.5115'. [ 597.410016][T20835] netlink: 188 bytes leftover after parsing attributes in process `syz.4.5117'. [ 597.506216][T20844] erspan0: left promiscuous mode [ 597.535618][T20844] bond0: left promiscuous mode [ 597.859726][T20868] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5133'. [ 597.972716][T20878] netlink: 'syz.1.5138': attribute type 33 has an invalid length. [ 598.018171][T20878] netlink: 152 bytes leftover after parsing attributes in process `syz.1.5138'. [ 598.140806][T20884] tipc: Started in network mode [ 598.145996][T20884] tipc: Node identity ac14140f, cluster identity 4711 [ 598.204275][T20884] tipc: Enabled bearer , priority 10 [ 598.417706][T20893] bridge0: port 2(bridge_slave_1) entered disabled state [ 598.425166][T20893] bridge0: port 1(bridge_slave_0) entered disabled state [ 598.509647][T20893] bond0: (slave bridge0): Releasing backup interface [ 598.559122][T20893] team0: Device bridge0 is already an upper device of the team interface [ 598.616419][ T5108] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 598.629502][ T5108] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 598.640803][ T5108] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 598.667459][ T5108] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 598.697731][ T5108] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 598.705326][ T5108] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 598.822647][ T2794] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.093722][ T2794] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.215828][T20918] tipc: Enabling of bearer rejected, already enabled [ 599.308279][ T2794] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.328374][ T786] tipc: Node number set to 2886997007 [ 599.478016][ T2794] netdevsim netdevsim2 netdevsim0: left allmulticast mode [ 599.489775][ T2794] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 599.545177][ T2794] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 599.627101][T20927] geneve2: entered promiscuous mode [ 599.635772][T20927] geneve2: entered allmulticast mode [ 599.982842][T20935] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5161'. [ 600.021672][ T2794] bridge_slave_1: left allmulticast mode [ 600.063038][ T2794] bridge_slave_1: left promiscuous mode [ 600.081883][ T2794] bridge0: port 2(bridge_slave_1) entered disabled state [ 600.165154][ T2794] bridge_slave_0: left allmulticast mode [ 600.172374][ T2794] bridge_slave_0: left promiscuous mode [ 600.189345][ T2794] bridge0: port 1(bridge_slave_0) entered disabled state [ 600.766537][ T5097] Bluetooth: hci1: command tx timeout [ 601.226794][ T2794] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 601.250494][ T2794] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 601.263666][ T2794] bond0 (unregistering): Released all slaves [ 601.283328][T20899] chnl_net:caif_netlink_parms(): no params data found [ 601.312314][T20951] tipc: Enabled bearer , priority 10 [ 601.378277][ T2794] tipc: Left network mode [ 601.540847][T20960] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5171'. [ 601.758499][T20977] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 601.822039][T20899] bridge0: port 1(bridge_slave_0) entered blocking state [ 601.840036][T20899] bridge0: port 1(bridge_slave_0) entered disabled state [ 601.863863][T20899] bridge_slave_0: entered allmulticast mode [ 601.872273][T20899] bridge_slave_0: entered promiscuous mode [ 601.893415][T20980] tipc: Started in network mode [ 601.906504][T20980] tipc: Node identity ac14140f, cluster identity 4711 [ 601.914186][T20980] tipc: Enabled bearer , priority 10 [ 601.991921][T20899] bridge0: port 2(bridge_slave_1) entered blocking state [ 602.006711][T20899] bridge0: port 2(bridge_slave_1) entered disabled state [ 602.023583][T20899] bridge_slave_1: entered allmulticast mode [ 602.033454][T20899] bridge_slave_1: entered promiscuous mode [ 602.048152][T20982] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5180'. [ 602.067684][T20982] A link change request failed with some changes committed already. Interface wg0 may have been left with an inconsistent configuration, please check. [ 602.107611][ T2794] hsr_slave_0: left promiscuous mode [ 602.135603][ T2794] hsr_slave_1: left promiscuous mode [ 602.146793][ T2794] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 602.154456][ T2794] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 602.181636][ T2794] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 602.206378][ T2794] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 602.266418][ T2794] veth1_macvtap: left promiscuous mode [ 602.272055][ T2794] veth0_macvtap: left promiscuous mode [ 602.286896][ T2794] veth1_vlan: left promiscuous mode [ 602.293303][ T2794] veth0_vlan: left promiscuous mode [ 602.429305][ T5177] tipc: Node number set to 1314472047 [ 602.847650][ T5097] Bluetooth: hci1: command tx timeout [ 602.906360][ T5177] tipc: Node number set to 2886997007 [ 603.712320][ T2794] team0 (unregistering): Port device team_slave_1 removed [ 603.824016][ T2794] team0 (unregistering): Port device team_slave_0 removed [ 604.822543][T20899] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 604.880155][T21011] tipc: Enabling of bearer rejected, already enabled [ 604.911712][T20899] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 604.927236][ T5097] Bluetooth: hci1: command tx timeout [ 604.959538][T21018] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5194'. [ 605.099775][T21019] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5193'. [ 605.151438][T20899] team0: Port device team_slave_0 added [ 605.186582][T21019] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5193'. [ 605.224020][T20899] team0: Port device team_slave_1 added [ 605.372410][T20899] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 605.383772][T20899] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 605.411407][T20899] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 605.442479][T20899] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 605.462309][T20899] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 605.494886][T20899] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 605.579190][T20899] hsr_slave_0: entered promiscuous mode [ 605.600048][T20899] hsr_slave_1: entered promiscuous mode [ 605.618502][T20899] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 605.636510][T20899] Cannot create hsr debugfs directory [ 606.399587][ C1] hrtimer: interrupt took 11813003 ns [ 606.425571][T21054] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5204'. [ 607.236840][ T5097] Bluetooth: hci1: command tx timeout [ 611.383978][T21061] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5207'. [ 616.144803][T21065] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5207'. [ 627.686077][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 627.692883][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 664.462178][ T5097] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 664.618524][T20899] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 664.696950][T21077] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 664.707335][T21083] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 664.718933][T21077] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 664.730671][T21083] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 664.741041][T21077] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 664.751649][T21083] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 664.759265][T21077] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 664.768625][T21083] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 664.776585][T21077] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 664.784846][T21083] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 664.792263][T21077] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 664.799735][T21083] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 664.807421][T21077] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 677.558752][T21072] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 677.578536][T20899] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 695.698079][T21077] Bluetooth: hci7: command tx timeout [ 695.704269][T21077] Bluetooth: hci6: command tx timeout [ 717.090876][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 717.097231][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 717.109223][T21083] Bluetooth: hci6: command tx timeout [ 717.114748][T21083] Bluetooth: hci7: command tx timeout [ 741.605543][T21077] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 741.614539][T21077] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 742.108780][T21077] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 742.176183][T21085] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 742.468249][T21077] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 742.748181][T21097] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 742.767138][T21097] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 767.900224][ T5097] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 767.906813][T21097] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 767.913841][ T5108] Bluetooth: hci2: Opcode 0x1009 failed: -110 [ 767.920493][T21077] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 767.946738][T21100] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 767.967438][T21092] Bluetooth: hci3: Opcode 0x0c03 failed: -4 [ 767.973723][T21089] Bluetooth: hci2: Opcode 0x0c03 failed: -4 [ 767.980472][T21098] Bluetooth: hci4: Opcode 0x0c03 failed: -4 [ 768.025715][T21097] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 768.051011][T21097] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 768.226514][T21097] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 768.513258][T21097] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 768.521276][T21097] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 768.537989][T21097] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 797.554205][ T19] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 1-.... } 5548 jiffies s: 42417 root: 0x2/. [ 797.625987][ T19] rcu: blocking rcu_node structures (internal RCU debug): [ 797.633365][ T19] Sending NMI from CPU 0 to CPUs 1: [ 797.638634][ C1] NMI backtrace for cpu 1 [ 797.638649][ C1] CPU: 1 PID: 21087 Comm: syz-executor Not tainted 6.10.0-rc6-syzkaller-00170-g0913ec336a6c #0 [ 797.638671][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 797.638683][ C1] RIP: 0010:timerqueue_add+0x260/0x290 [ 797.638710][ C1] Code: 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 d4 dd 7c f6 4c 89 3b 4d 85 ff 0f 95 c3 4c 89 ff 4c 89 e6 e8 70 68 ff ff <89> d8 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 [ 797.638732][ C1] RSP: 0018:ffffc90000a18a40 EFLAGS: 00000082 [ 797.638749][ C1] RAX: 1ffff1100b290868 RBX: ffff8880b952c901 RCX: dffffc0000000000 [ 797.638766][ C1] RDX: 0000000000000000 RSI: ffff8880b952c9d0 RDI: ffff888059484340 [ 797.638780][ C1] RBP: 1ffff1100b290868 R08: ffff888059484357 R09: 0000000000000000 [ 797.638794][ C1] R10: ffff888059484340 R11: ffffed100b29086b R12: ffff8880b952c9d0 [ 797.638810][ C1] R13: ffff8880b952c9d0 R14: 0000000000000000 R15: ffff888059484340 [ 797.638824][ C1] FS: 0000555570e4f500(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 797.638842][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 797.638856][ C1] CR2: 00007f9993104000 CR3: 000000001aaaa000 CR4: 00000000003506f0 [ 797.638873][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 797.638885][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 797.638898][ C1] Call Trace: [ 797.638906][ C1] [ 797.638915][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 797.638936][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 797.638959][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 797.638977][ C1] ? nmi_handle+0x2a/0x5a0 [ 797.639012][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 797.639034][ C1] ? nmi_handle+0x14f/0x5a0 [ 797.639059][ C1] ? nmi_handle+0x2a/0x5a0 [ 797.639086][ C1] ? timerqueue_add+0x260/0x290 [ 797.639103][ C1] ? default_do_nmi+0x63/0x160 [ 797.639124][ C1] ? exc_nmi+0x123/0x1f0 [ 797.639143][ C1] ? end_repeat_nmi+0xf/0x53 [ 797.639175][ C1] ? timerqueue_add+0x260/0x290 [ 797.639194][ C1] ? timerqueue_add+0x260/0x290 [ 797.639213][ C1] ? timerqueue_add+0x260/0x290 [ 797.639232][ C1] [ 797.639238][ C1] [ 797.639246][ C1] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 797.639276][ C1] enqueue_hrtimer+0x1b2/0x3c0 [ 797.639303][ C1] __hrtimer_run_queues+0x6cb/0xd50 [ 797.639328][ C1] ? ktime_get_update_offsets_now+0x3c/0x250 [ 797.639358][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 797.639389][ C1] hrtimer_interrupt+0x396/0x990 [ 797.639428][ C1] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 797.639457][ C1] sysvec_apic_timer_interrupt+0x52/0xc0 [ 797.639480][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 797.639506][ C1] RIP: 0010:handle_softirqs+0x1df/0x970 [ 797.639526][ C1] Code: 89 7c 24 70 0f b7 db 48 c7 c7 40 b0 c9 8b e8 a8 02 2c 0a 65 66 c7 05 56 d2 a9 7e 00 00 e8 f9 88 43 00 fb 49 c7 c4 c0 a0 00 8e ff ff ff ff 0f bc c3 41 89 c7 41 ff c7 0f 84 e6 03 00 00 89 5c [ 797.639542][ C1] RSP: 0018:ffffc90000a18e40 EFLAGS: 00000286 [ 797.639558][ C1] RAX: 4df495705d481900 RBX: 0000000000000386 RCX: ffffffff9479f603 [ 797.639572][ C1] RDX: dffffc0000000000 RSI: ffffffff8bcabb40 RDI: ffffffff8c1fe940 [ 797.639587][ C1] RBP: ffffc90000a18f50 R08: ffffffff8fad49ef R09: 1ffffffff1f5a93d [ 797.639602][ C1] R10: dffffc0000000000 R11: fffffbfff1f5a93e R12: ffffffff8e00a0c0 [ 797.639617][ C1] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff920001431dc [ 797.639642][ C1] ? ktime_get+0x9b/0xb0 [ 797.639668][ C1] ? __irq_exit_rcu+0xf4/0x1c0 [ 797.639689][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 797.639711][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 797.639743][ C1] __irq_exit_rcu+0xf4/0x1c0 [ 797.639762][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 797.639786][ C1] irq_exit_rcu+0x9/0x30 [ 797.639803][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 797.639826][ C1] [ 797.639833][ C1] [ 797.639840][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 797.639866][ C1] RIP: 0010:__sanitizer_cov_trace_cmp8+0x35/0x90 [ 797.639888][ C1] Code: 0c 25 c0 d4 03 00 65 8b 05 a0 aa 6d 7e a9 00 01 ff 00 74 10 a9 00 01 00 00 74 57 83 b9 1c 16 00 00 00 74 4e 8b 81 f8 15 00 00 <83> f8 03 75 43 48 8b 91 00 16 00 00 44 8b 89 fc 15 00 00 49 c1 e1 [ 797.639904][ C1] RSP: 0018:ffffc90003857338 EFLAGS: 00000246 [ 797.639919][ C1] RAX: 0000000000000000 RBX: ffffffff81000000 RCX: ffff888064d09e00 [ 797.639933][ C1] RDX: ffffc900038574b5 RSI: ffffffff8bc00000 RDI: ffffffff81376ee2 [ 797.639948][ C1] RBP: ffffffff81376ee2 R08: ffffffff8140f1df R09: ffffffff8141095f [ 797.639963][ C1] R10: 0000000000000003 R11: ffff888064d09e00 R12: ffffc90003857480 [ 797.639976][ C1] R13: ffffc900038574d0 R14: ffffffff8bc00000 R15: ffffffff81376ee3 [ 797.639992][ C1] ? arch_stack_walk+0x103/0x1b0 [ 797.640018][ C1] ? arch_stack_walk+0x102/0x1b0 [ 797.640043][ C1] ? 0xffffffff81000000 [ 797.640058][ C1] ? unwind_next_frame+0x196f/0x2a00 [ 797.640081][ C1] ? unwind_next_frame+0x1ef/0x2a00 [ 797.640105][ C1] ? arch_stack_walk+0x102/0x1b0 [ 797.640133][ C1] ? arch_stack_walk+0x103/0x1b0 [ 797.640158][ C1] unwind_next_frame+0x1ef/0x2a00 [ 797.640188][ C1] ? arch_stack_walk+0x103/0x1b0 [ 797.640218][ C1] __unwind_start+0x641/0x7c0 [ 797.640244][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 797.640273][ C1] arch_stack_walk+0x103/0x1b0 [ 797.640302][ C1] ? arch_stack_walk+0x103/0x1b0 [ 797.640331][ C1] stack_trace_save+0x118/0x1d0 [ 797.640358][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 797.640392][ C1] save_stack+0xfb/0x1f0 [ 797.640419][ C1] ? __pfx_save_stack+0x10/0x10 [ 797.640457][ C1] __set_page_owner+0x92/0x800 [ 797.640485][ C1] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 797.640508][ C1] ? __pfx_lock_release+0x10/0x10 [ 797.640528][ C1] ? __pfx___set_page_owner+0x10/0x10 [ 797.640552][ C1] ? do_raw_spin_trylock+0xc8/0x1f0 [ 797.640583][ C1] post_alloc_hook+0x1f3/0x230 [ 797.640608][ C1] get_page_from_freelist+0x2e4c/0x2f10 [ 797.640644][ C1] ? __alloc_pages_noprof+0x166/0x6c0 [ 797.640674][ C1] ? alloc_pages_bulk_noprof+0x729/0xd40 [ 797.640706][ C1] ? prepare_alloc_pages+0x369/0x5d0 [ 797.640744][ C1] __alloc_pages_noprof+0x256/0x6c0 [ 797.640772][ C1] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 797.640810][ C1] alloc_pages_mpol_noprof+0x3e8/0x680 [ 797.640839][ C1] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 797.640863][ C1] ? rcu_is_watching+0x15/0xb0 [ 797.640884][ C1] ? trace_kmalloc+0x1f/0xd0 [ 797.640908][ C1] ? __vmalloc_node_range_noprof+0x5dd/0x1460 [ 797.640928][ C1] ? alloc_pages_noprof+0xef/0x170 [ 797.640955][ C1] __vmalloc_node_range_noprof+0x971/0x1460 [ 797.640993][ C1] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 797.641020][ C1] vmalloc_user_noprof+0x74/0x80 [ 797.641040][ C1] ? kcov_ioctl+0x59/0x640 [ 797.641060][ C1] kcov_ioctl+0x59/0x640 [ 797.641080][ C1] ? bpf_lsm_file_ioctl+0x9/0x10 [ 797.641100][ C1] ? security_file_ioctl+0x87/0xb0 [ 797.641123][ C1] ? __pfx_kcov_ioctl+0x10/0x10 [ 797.641144][ C1] __se_sys_ioctl+0xfc/0x170 [ 797.641167][ C1] do_syscall_64+0xf3/0x230 [ 797.641193][ C1] ? clear_bhb_loop+0x35/0x90 [ 797.641220][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 797.641245][ C1] RIP: 0033:0x7f9992f757db [ 797.641261][ C1] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 797.641277][ C1] RSP: 002b:00007fff387253d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 797.641296][ C1] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f9992f757db [ 797.641311][ C1] RDX: 0000000000040000 RSI: ffffffff80086301 RDI: 00000000000000d9 [ 797.641324][ C1] RBP: 00007f99931040d0 R08: 00000000000000d8 R09: 0000000000000000 [ 797.641338][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c [ 797.641350][ C1] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000009 [ 797.641372][ C1] [ 798.465320][T21097] Bluetooth: hci0: command tx timeout