last executing test programs: 7.248525608s ago: executing program 3 (id=3796): r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r0) sendmsg$TIPC_CMD_GET_REMOTE_MNG(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r1, 0x1f, 0x70bd2d, 0x25dfdbfe, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x11) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r2, 0x0) 6.984366952s ago: executing program 3 (id=3804): r0 = socket(0x28, 0x5, 0x0) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) (async) r2 = socket(0x10, 0x803, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@getchain={0x24, 0x66, 0x0, 0x0, 0x2000}, 0x24}}, 0x0) (async) getsockname$packet(r2, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x48, 0x10, 0x401, 0x0, 0x1, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @mcast2}]}}}]}, 0x48}}, 0x0) r5 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r5, &(0x7f00000000c0)={0x28, 0x0, 0x7ffffffe}, 0x10) (async) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x100, 0xac}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x3}, @IFLA_IPTUN_FWMARK={0x8, 0x14, 0x8}, @IFLA_IPTUN_FLOWINFO={0x8, 0x7, 0x10000}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090) (async) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f00000001c0)={@empty, @dev={0xfe, 0x80, '\x00', 0x1a}, @mcast1, 0xf, 0x332, 0x80, 0x500, 0x176, 0x20000, r4}) listen(r1, 0x4) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) syz_emit_ethernet(0xdc, &(0x7f00000004c0)={@multicast, @empty, @void, {@ipv4={0x800, @dccp={{0x17, 0x4, 0x3, 0x9, 0xce, 0x64, 0x0, 0xe2, 0x21, 0x0, @dev={0xac, 0x14, 0x14, 0x1d}, @broadcast, {[@rr={0x7, 0x17, 0x61, [@initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, @loopback, @loopback]}, @noop, @end, @timestamp_addr={0x44, 0x24, 0x4b, 0x1, 0x9, [{@multicast2, 0x7}, {@private=0xa010101, 0x9d}, {@empty, 0x400}, {@local, 0xfffffff0}]}, @ssrr={0x89, 0xb, 0x41, [@loopback, @dev={0xac, 0x14, 0x14, 0x3f}]}]}}, {{0x4e24, 0x4e21, 0x4, 0x1, 0xf, 0x0, 0x0, 0xa, 0x6, "98510e", 0xd, "51b374"}, "f6aaecc377421de87e2fe0dda797195b28c0acbab50609eecb5bce6bf6b326b6d5762e690adff6c388b9f76a3944b347554cf1801359f3588ecfbcef837e5b0363d8060b7e05eca5b409bde7ce8ed0255e5552cc080a7f72c94bf5aea42f53d81e29"}}}}}, 0x0) (async) sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_MAX_RATE={0x13, 0x2}, @TCA_FQ_FLOW_PLIMIT]}}]}, 0x48}}, 0x0) connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) (async, rerun: 32) close(r1) (async, rerun: 32) sendmmsg(r0, &(0x7f0000000100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0xf, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x6}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) 6.719026113s ago: executing program 3 (id=3810): r0 = socket$inet6(0xa, 0x806, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r0, 0x3) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r2 = accept4(r0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$batadv(0x0, r2) sendmmsg(r2, &(0x7f000000b700)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="dbdfb372978fee66cfa80aec6fb1f11733da04c913f5f2aca67044568b941e34c785601b17af6038590dd66774cdca7eb8b8", 0x32}, {0x0}], 0x2, &(0x7f0000000300)=[{0x88, 0x0, 0x7c6f, "e751bb09aba91898f5d7462fdc0c129d01c78db9f0c65b97eeaa38d411a40c51cbb0aa6c561c8c9a88cc3be70143c4164a6c43a2f3e476c28086c93742d99bd23f1a54633ba8ff54a983f295206718f2b97dd277a09f838aa8f3e8adec11bb2f33365777feb663f5aaa83749711a3b689cb5"}, {0x38, 0x102, 0x3, "bf76ad3e21905eef60672006cbc92a6a369a0b19f3c467d8df1bdd193f559e9f6fbbf919"}, {0x38, 0x84, 0x8001, "74e7882bdbd9f5f6227fa2ec10d97b8de6ab6ca7e7eeac98c1f989d7c35f3ec2c94a380b"}, {0xb0, 0x10e, 0x8, "02a46ba65df459a52feaf2efd23cd9f6505cc59797b957817833a9cd6cb0c68a512edef1c58aaf4342a94b6012bc202fa344ea97259468d9fe6279efffa42d130b0db53c272a4d6200e7c7c62ed064b928f08c9291bf5c9c7044b89e6619e90a1ec1043068d8aa462b34181dc255c141b417e5ec94a31ddddc0f9f2755f1da52a33ce7fd9c57644b56dd08e76b5ebc802ebec862b3596d84d14c"}, {0x110, 0x108, 0x101, "69e1347af9ea12a95cba8d06e65088471fcd1d929d8ac0d9d53dab75846e486fd4e59c3233ec6cf8036a59546cfd68b569a09386748c21788d9d1cee9e0ed65653e04deaee0a9b237e62d1f5d1400e6149455bc5a15f27e887b67f5568b77615f3b6516a996bcff8b658879208a61dcf7cd7eca636e205379661b88b4e0e20c480b0a35e6f2a6de242cdb31bfe4ae9184376799d97bf03b086998e7ecb1e84fd6cbee636fd533fded9aa906abd3b62690253f23bdc4882d1133294dcd9e56407bdcf6c11868dcbbcda3c0a5c14f750bdb383e8815b658c00e1d2514874665f7bf5d9e788b9b7c04ac821827f49fa9b9e1ef20446a4647e5a08f454"}, {0xf8, 0x1, 0x7fff, "89cecf85879d92ef9168ad83285e70ac932f26f2cfe08223c8627430583b9cde695dc7d2cbdc9c6101eda65d3dd2b67715ecec174565282d9becc118913dd881cc21c5e78e08da77720b6fd9bc79e62979fefd87906c7e7f30f2a835bc2cc166f2b2b221b5ef73d06ada5a8e318576850f4e54f7f64d01c093321bfb5984129491f3f4852c72d739fc9e76a6c6dd11177ebcbd5b9ac66bf1d106f00e3b962097c70fc45c58c90329ba5fde00681406704b78dc4efb101b30bb0e313de42aaf845cc7638e5a73709fbc88360216def23d92462c6be94dda820000f52c34e26d21ac3085173bdf99"}, {0x100, 0x109, 0x7, "5ed32e37bb7024e8011fd9cc0dd234e21430e5e1d2f494101b7b5ca8c5cfacd194ed918ab7066b99d794e19c4621c56ed4e43ed7bc742640a63e83d080908db9bb0004bac979f4c54d438465243e1433961aabe0a719829a1fbe0d1fdd3eda156aa71fb5674fd6e05440e9d3a68c9086348b046de0f5c69ffd0f3bd347ed9a3b2f5d27a52437e3a44f778dc21ef26f8979a7a864f3b6b72934c5a16fe6a68a222e10e2243a482e8dddeb6095d1793595e18db32cdbd5cc3b1761b5af9bbd091e7d8e1ac40f40191c70b14999d3e4ff26a3ff6e56a22eeaad93fad873c730e61bbd7fefdd689434206c2c947240"}], 0x4b0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000002a40)=[{0x10, 0x10d, 0x3229}, {0x10, 0x114, 0xfffffff9}], 0x20}}, {{&(0x7f0000003d80)=@nl=@proc={0x10, 0x0, 0x25dfdbfb, 0x200}, 0x80, &(0x7f0000003ec0)=[{&(0x7f0000003e00)}, {0x0}], 0x2}}, {{0x0, 0x0, &(0x7f00000045c0)=[{0x0}, {&(0x7f00000044c0)}], 0x2, &(0x7f0000004600)=[{0x10, 0x113, 0x401}, {0x10, 0x84, 0x3}, {0x10, 0x115, 0xfffffffc}, {0x10, 0xff, 0x8}, {0x20, 0x10c, 0xcd8d, "904415f1ae05bfcf24ab2c4e14"}], 0x60}}, {{&(0x7f000000a480)=@nfc_llcp={0x27, 0x0, 0x0, 0x1, 0x2, 0xe, "565360cf22fef73165fa90554679045d791747dee5f1784c4a0863dc3baa5bf7edf8f438f92431c75a1f360559f6cf2b00ce2e60a0b341e90a2d6542de7b7f", 0x36}, 0x80, 0x0, 0x0, &(0x7f000000a680)=ANY=[], 0x1050}}], 0x6, 0x800) 6.544365455s ago: executing program 3 (id=3814): getpeername$packet(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="5c0000000206010100000000000000000000000005000400000000000900020073797a31000000000500010007000000050005000000000014000780080011400000000005001500030000000d"], 0x5c}}, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0x20, &(0x7f00000004c0)={&(0x7f00000003c0)=""/226, 0xe2, 0x0, &(0x7f0000000340)=""/63, 0x3f}}, 0x10) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0xc, &(0x7f0000000540)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x9c}, @ldst={0x1, 0x2, 0x2, 0x3, 0x2, 0xffffffffffffffa1, 0x8}, @ldst={0x3, 0x3, 0x0, 0x861998bb95aa6082, 0x6, 0x10e, 0x8}, @tail_call, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}], &(0x7f00000005c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000600)={0x9, 0x1}, 0x8, 0x10, &(0x7f0000000640)={0x4, 0x4, 0x4, 0x9}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000680)=[0x1, 0x1, 0x1, 0x1, r0], &(0x7f00000006c0)=[{0x3, 0x1, 0xd, 0x9}, {0x0, 0x4, 0x4, 0xc}], 0x10, 0x0, @void, @value}, 0x94) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x4d, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4, 0x4, 0x0, @void, @value, @void, @value}, 0x50) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0xf, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1, 0x0, @void, @value, @void, @value}, 0x50) r6 = epoll_create1(0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x15, 0x8, 0x2, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, r7, &(0x7f0000000040)={0x40000010}) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0xa, 0xa, &(0x7f0000000080)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @alu={0x7, 0x1, 0x6, 0x6, 0x8, 0x30, 0xfffffffffffffff0}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x3}, @call={0x85, 0x0, 0x0, 0xab}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x8}, @ldst={0x2, 0x3, 0x6, 0xa, 0xb, 0x40, 0xffffffffffffffff}, @exit], &(0x7f0000000100)='GPL\x00', 0x47f, 0x32, &(0x7f0000000140)=""/50, 0x41100, 0x4a, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x8, 0x5}, 0x8, 0x10, &(0x7f0000000240)={0x5, 0xd, 0xfa, 0xd}, 0x10, r2, r3, 0x1, &(0x7f00000008c0)=[r4, r5, 0xffffffffffffffff, 0x1, r7], &(0x7f0000000900)=[{0x3, 0x1, 0x7, 0x2}], 0x10, 0x7, @void, @value}, 0x94) write$tun(r0, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0xfffc, {[@window={0xa, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) openat$tun(0xffffffffffffff9c, &(0x7f0000000a00), 0x2, 0x0) 6.293793586s ago: executing program 3 (id=3819): socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r0) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000000)={'veth0_to_hsr\x00', {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2}}}) sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000080)={&(0x7f0000000440)={0x21c, r1, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xa}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x400}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5d5c}, @TIPC_NLA_PUBL_UPPER={0x6, 0x3, 0x2}]}, @TIPC_NLA_NODE={0x30, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x25, 0x3, "7ee7fbce4be5e1a042ce2e23a14634c72ba0f260c3c36f16fb11f43cd3b437cf75"}]}, @TIPC_NLA_LINK={0xd4, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x81}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2bf}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xce4}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffff3f}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfec6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x64}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x82}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe04}]}]}, @TIPC_NLA_SOCK={0x74, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5966}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xfffffc00}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_CON={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffffffd}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xc}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_NODE={0x0, 0x2, 0x7f}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xd119}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x401}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x709a}]}]}, @TIPC_NLA_LINK={0x50, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xd02}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_BEARER={0x4}]}, 0x21c}, 0x1, 0x0, 0x0, 0x4015}, 0x1) (async) sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000080)={&(0x7f0000000440)={0x21c, r1, 0x2, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xa}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x400}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5d5c}, @TIPC_NLA_PUBL_UPPER={0x6, 0x3, 0x2}]}, @TIPC_NLA_NODE={0x30, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x25, 0x3, "7ee7fbce4be5e1a042ce2e23a14634c72ba0f260c3c36f16fb11f43cd3b437cf75"}]}, @TIPC_NLA_LINK={0xd4, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x81}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2bf}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xce4}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffff3f}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfec6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x64}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x82}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe04}]}]}, @TIPC_NLA_SOCK={0x74, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5966}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xfffffc00}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_CON={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffffffd}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xc}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_NODE={0x0, 0x2, 0x7f}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xd119}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x401}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x709a}]}]}, @TIPC_NLA_LINK={0x50, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xd02}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_BEARER={0x4}]}, 0x21c}, 0x1, 0x0, 0x0, 0x4015}, 0x1) socket$nl_route(0x10, 0x3, 0x0) (async) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) (async) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x3c, r4, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x2}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}]}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x29}]}, 0x3c}}, 0x0) ioctl$BTRFS_IOC_QGROUP_LIMIT(r0, 0x8030942b, &(0x7f0000000840)={0x3ff, {0x20, 0x9, 0x8, 0x3, 0xda}}) sendmsg$nl_generic(r0, &(0x7f0000000800)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000700)={0xa4, 0x3a, 0x400, 0x70bd26, 0x25dfdbfe, {0x4}, [@nested={0x8, 0x13, 0x0, 0x1, [@nested={0x4, 0x12b}]}, @generic="e3b1befa75a260b9a345a88f8fa87158c0d653742611169d76c2827ba30e19a63ae1b583d5aa2cb33c6f22e60e4b29db495f4b3aea7c30cb7aa7a583b85a1d86dd608a719e9433515b935d9b3457821ff7dbd92a58d17cc127f9ea7828501247a6a90dd3d69bd915cabfb603e30faa801cba942fd3e3a228c3b5f1a35d92c4a9d8bc101348d5311e"]}, 0xa4}, 0x1, 0x0, 0x0, 0x4}, 0x40000c0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x58, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000680)={&(0x7f0000000180), 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xd4, r4, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_WOL_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}]}, @ETHTOOL_A_WOL_SOPASS={0x33, 0x3, "9273c99dbcdfa2665e1b583fab5a529fb47339b702e97c3a2f723fe5a3197ab37dd0c4d218cdc3cf9f34d2fc3ef15b"}, @ETHTOOL_A_WOL_MODES={0x64, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_VALUE={0x5a, 0x4, "04ead5c3fe6e36c389695f913052809e25312b1abe76ea405763fd359a94d390237d3191e56b0e3a66f6885ddfd952ecd0561740afd23630882a534f3b0357e69c0e8eb7d36ab9cb456fa0821b802bad765b80a078d1"}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x240048d1}, 0x40000801) 5.94443179s ago: executing program 3 (id=3822): socket(0x2, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000140)={0xffffffffffffffff}) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r2, &(0x7f0000000080), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000480)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r2, &(0x7f00000002c0)={&(0x7f0000000000)={0x1d, r3}, 0x10, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRES32=r2], 0x48}}, 0x0) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2}}, 0x2e) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002bbd7000fedbdf2505000000080009000200000008000c00aa0a0000060001000000a60208000b0001000000"], 0x34}, 0x1, 0x0, 0x0, 0x20008100}, 0x0) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x1, 0x6, 0x3c, 0x65, 0x0, 0xc, 0x6, 0x0, @loopback, @dev={0xac, 0x14, 0x14, 0x3e}}, @name_distributor={{0x28, 0x0, 0x0, 0x0, 0x0, 0xa, 0xb, 0x2, 0x3, 0x0, 0x0, 0x2, 0x3, 0x3, 0x4e21, 0x4e23, 0x4, 0x1}}}}}}, 0x0) bind$bt_hci(r8, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r9, 0x400448ca, 0x0) syz_emit_ethernet(0x1de, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb88a833008100010086dd6000000001a03afffe800000000000000000000000000000ff0200000000000000000000000000018f0090780008000000000000000000000000000000010000000000000000000000000000000100000000000000000000000000000000fc020000000000000000000000000001fc010000000000000000000000000001fc010000000000000000000000000000fe8000000000000000000000000000aafe80000000000000000000000000003eff0200000000000000000000000000010104000009000000008000000100000004010007fe88000000000000000000000000010100000000000000000000ffffac14143afc020000000000000000000000000001fc020000000000000000000000000000fe8000000000000000000000000000bb000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffac1414bb0700000000020005fc020000000000000000000000000001fc000000000000000000000000000001fe80000000000000000000000000000ffe8000000000000000000000000000aaff010000000000000000000000000001fe880000000000000000000000000101bad4000004000000"], 0x0) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x4c, r10, 0x8, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0xc0000000, 0x63}}}}, [@NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_FRAME={0x1e, 0x33, @disassoc={{{0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, {0xe}, @broadcast, @broadcast, @initial, {0x6, 0xffd}}, 0x37, @void}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x4) bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000006b11a40000000000c6000000000000009502fcff00000000"], &(0x7f00000006c0)='syzkaller\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 2.2455863s ago: executing program 0 (id=3873): mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) bind$bt_rfcomm(r0, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0xf}, 0xa) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0xf}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 2.100713802s ago: executing program 0 (id=3876): syz_emit_ethernet(0x47, &(0x7f00000001c0)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x39, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @empty}, {0x0, 0x0, 0x25, 0x0, @wg=@data={0x4, 0x0, 0x0, "fe3eb5131fc196743c50bf4605"}}}}}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x300, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x20040040) syz_init_net_socket$x25(0x9, 0x5, 0x0) 1.98552654s ago: executing program 0 (id=3878): openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000380)=ANY=[@ANYRES32=r0, @ANYBLOB], 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0x4, 0x6, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001c40)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000001000000850000008600000018", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4) sendmsg$unix(r4, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000440)) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="020300030e000000000700000000000004000900a0000000e9255bb992464e73a02159d3720df19f7a1dfec30000000003000600000000000200000000000000000000000000000002000100000000fffffffb1600000000030005000000000002"], 0x70}, 0x1, 0x7}, 0x0) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0xe, @in={0x2, 0x0, @multicast1=0xe0000009}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x50}}, 0x0) 1.812744022s ago: executing program 0 (id=3881): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2}, [@jmp={0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback=r0, 0x31, 0x0, 0x3a, &(0x7f0000000000)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0}, 0x40) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000280)={0x9}, 0x8) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000240)={0x8, 0x0}, 0x8) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)={@cgroup, 0xffffffffffffffff, 0x2c, 0x2030, 0x0, @void, @void, @value=r2, @void, r1}, 0x20) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x54, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x0}]}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x54}}, 0x0) write$bt_hci(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="4c00010002"], 0x8) 1.576643065s ago: executing program 0 (id=3883): r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0) writev(r0, &(0x7f0000000340)=[{&(0x7f00000000c0)="27e4c54ea14dee4e27a0cfc5fa8f66d02d6681ca48ac91e1de68dfc878e747f28ea18c290b121e6cece2e03cb9f9d6c374060cb7d2e5670cc44e4fa07d75e2ed3faa482ffd6338438c706e9da625e3632b4570a123e5f20fc6d703fb9f8c774ae45aa8b912908015e9ab0bb53d15753695c107bbe8f15b16eb6508f9c25e118dba09acdd48acf6720218f52138d34befd48531926dfea294b9f69c691296b0c753f22398edd8a2b3205358c29a0b1cc004a9e0fedd4d733a019450a1617080", 0xbf}, {&(0x7f0000000180)="56a6f52ac1ba75168650efe6a5ce9e72089369fec9d240e3826a2754328f445415981a205106d0ff49c2a21ddc523be4df1c29671297e771ea8ca68596680d1b84911a37d0805f36", 0x48}, {&(0x7f0000000200)="d57acea0cfc1a4bfc1", 0x9}, {&(0x7f0000000240)="9ea5bd12f82010835612695317596181f521012e6a80270b93e8c786fc8503eb9a8f63412545e5e02048780bb9f361e2cf0fce4f54678cfbd9432230beda92146dc56800c9e5b03eeeac2ec3d96d98127179acfcdf21d5cd328a4db13b02a116c563d29b4c67a5abdbd39402489dda5e0465283ba9a863367649125e60a6fd65b66b5b52b99423864602801f14665c7418bb5995bbda05fd462822310ba86dae1baf58f95fcdac43175d7e2e152677de7461d2035b758b1fb0b751b72de183931098d72df1db9fbb1a490e145e998621a1c381fa87ad3b77b40b4fd904de2a9ad31ff77d6746", 0xe6}], 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=@ipv4_newrule={0x2c, 0x20, 0x1, 0x0, 0x0, {}, [@FRA_GENERIC_POLICY=@FRA_L3MDEV={0x5, 0x13, 0x1}, @FRA_GENERIC_POLICY=@FRA_TABLE={0x8, 0xf, 0x94}]}, 0x2c}}, 0x0) 1.326510357s ago: executing program 1 (id=3886): r0 = socket$inet_smc(0x2b, 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_freezer_state(r1, &(0x7f0000000140), 0x2, 0x0) write$cgroup_freezer_state(r2, &(0x7f0000000040)='FROZEN\x00', 0x7) write$cgroup_freezer_state(r2, &(0x7f0000001940)='THAWED\x00', 0x7) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f00000005c0)={'filter\x00', 0x2, [{}, {}]}, 0x48) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) getsockopt$inet_tcp_buf(r0, 0x6, 0x1c, &(0x7f0000000100)=""/107, &(0x7f0000000180)=0x6b) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000a40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x44, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x4}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "78908e58f594009c4558c0c631"}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x94}, 0x0) 1.326116815s ago: executing program 0 (id=3887): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) sendto(r1, 0x0, 0x0, 0x0, &(0x7f0000000100)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) close(0x3) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f00000000c0)={0x1d, r3, 0x0, {0x0, 0xf0}, 0xfe}, 0x18) connect$can_j1939(r2, &(0x7f0000000080)={0x1d, r3, 0x0, {0x0, 0xf0}, 0xfe}, 0x18) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) writev(r0, &(0x7f0000000500)=[{&(0x7f0000000640)="10cb34", 0x3}], 0x1) 1.244561739s ago: executing program 4 (id=3889): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x6, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000080000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10) pipe(&(0x7f0000001f40)={0xffffffffffffffff}) ppoll(&(0x7f0000002000)=[{r2, 0x400}], 0x1, 0x0, 0x0, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000380)={'bond0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x80000, {0x0, 0x0, 0x0, r5, {0x0, 0xffed}, {0xf, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8021}, 0x4008000) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, r2, 0x8, '\x00', r5, 0xffffffffffffffff, 0x5, 0x4, 0x3, 0x0, @void, @value, @void, @value}, 0x50) 1.128620802s ago: executing program 1 (id=3890): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="28000000100001040300000000000000000017f7f372c11aaa431582c4ece02698b5f4d2dc7440e0f893566b2db18eb7ad169a1bab1a3249eca80172bf273e62112a6c96f25ef7f10c905273cbd9644a60ef174201434529aa980ecc8a4ba034906099f96d98a9153b4d576aa33a8b21e9e53bf0ea134a803ebc0d73077f328b91814933ec9adddda81f4f48c3b38ee34304c99fc7e9b19a8147164bf69fed181501a4c318c94eb66cf8b9d60cacef1ba8680599f506a101b6470cd181698beb753cf11e77b4374252ff77015d734e93fe87de273319cdb3fd46f96b9a3148d4a0b20a0c74125705b0", @ANYRES32=0x0, @ANYBLOB="00010000000000000500270001000000"], 0x28}}, 0x54) (async) r1 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000000000), 0x4) (async) sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f0000000080)=[{&(0x7f0000001040)="7f4ba13c5a27118dc920", 0xa}], 0x1}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000) 844.565936ms ago: executing program 2 (id=3893): sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000000306"], 0x14}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x2, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x1, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000180)={'wg1\x00', &(0x7f0000000080)=@ethtool_rxnfc={0x2a, 0x0, 0x0, {0x0, @tcp_ip6_spec={@mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x0, @remote}, @ah_ip4_spec={@initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, @random="438d39bb7145"}}}}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r5 = socket$nl_route(0x10, 0x3, 0x0) write$tun(r0, &(0x7f0000000240)={@val={0x0, 0x19}, @val={0x0, 0x4, 0x100, 0x5, 0xc23, 0x6}, @arp=@ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x8, @broadcast, @local, @local, @mcast1}}, 0x42) sendmsg$nl_route(r5, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@ipmr_delroute={0x30, 0x19, 0x1, 0x0, 0x0, {0x80, 0x20, 0x0, 0x0, 0x0, 0x11, 0xfe, 0x6}, [@RTA_MULTIPATH={0x5, 0x9, {0xc15}}, @RTA_PREFSRC={0x8, 0x7, @multicast2}, @RTA_ENCAP_TYPE, @RTA_ENCAP={0x0, 0x16, 0x0, 0x1, @LWTUNNEL_IP_DST={0x0, 0x2, @private=0xa010102}}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000d4}, 0x0) setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pimreg0\x00', 0x2}) writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e900232b8db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052343f", 0x35}, {&(0x7f0000000200)="c67f0d7df9", 0x28}], 0x2) 844.112091ms ago: executing program 1 (id=3894): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="5c0000000206010100000000000000000000000005000400000000000900020073797a31000000000500010007000000050005000000000014000780080011400000000005001500030000000d"], 0x5c}}, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d, 0x1c}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0xfffc, {[@window={0xa, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) 722.293399ms ago: executing program 2 (id=3895): r0 = socket$inet(0x2, 0x3, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f00000000c0)=""/24, &(0x7f0000000340)=0x18) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="20000004000000070000000000000000000000009315e02323f4a2d784560fbc6bbcd14c22694b5eeed9c4194b465deeee6ca61a1d2b7012f6149cb2efdfba1cb36c895ef654e0d7f71ee881be0d0f9edf1c06f43cc9352a3468a8a3734f220208e2af067ae42df353d0b5158c485a5a51ffe004780c8e1c13ce789801aed23b1dda2fc2272fc791e0bf997771e8b31e54b9c025921a707c163328d36cc56bde174023bee3f36e931ada0aa57375494c9d9261b82a6e3a29e811a527aaa4b7886116952f2252b57ec60afc0919c0e92a1b1f6fa1b544fde62d5add8d1c76eab080de6bcdabc3bc1f6fc5771d49c9b85e9f8c26fb6a0211848902214c49c7ef45b20f982ed73674", @ANYRES32=0x0, @ANYBLOB="0800010001000000"], 0x20}}, 0x20000010) 686.899185ms ago: executing program 1 (id=3896): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x40, 0x10, 0x49920d862a921d1b, 0x0, 0x25dfdbff, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}]}}}, @IFLA_MTU={0x8, 0x4, 0xfff}]}, 0x40}}, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000000)) 552.691177ms ago: executing program 1 (id=3897): r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000000940)=[{{&(0x7f00000004c0)={0xa, 0x4e1d, 0x0, @mcast2}, 0x1c, 0x0}}, {{&(0x7f00000007c0)={0xa, 0x4e24, 0x0, @mcast1, 0xfffffffe}, 0x1c, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\x00\x00\x00\x00\x00)\x00'], 0x28}}], 0x2, 0x0) 551.322117ms ago: executing program 2 (id=3898): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f0000000540)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d75a3d0000b1100000000000000000000000000000000c4ff0200000000000000000000000000014f1c4e20"], 0xd6) 23.712173ms ago: executing program 1 (id=3899): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000200)={'batadv_slave_1\x00', &(0x7f00000003c0)=@ethtool_per_queue_op={0x4b, 0xf, [0x4, 0x7, 0x80, 0x100, 0x7a5, 0x7, 0x1, 0x9, 0x1, 0x7, 0x8, 0x7, 0x35d, 0x0, 0x34b8, 0x1, 0x0, 0x3, 0x40, 0x0, 0x6, 0x3, 0x9, 0x0, 0x6, 0xce, 0xa, 0x4, 0x14, 0x7, 0x200, 0x400, 0x1, 0x0, 0x4, 0x1, 0xb83b, 0x328, 0x3, 0x2, 0x3, 0x4, 0xa67d, 0xe94d, 0x80, 0xeee, 0x5, 0x7e, 0x40, 0x8, 0x6, 0x4, 0x45, 0x7, 0x6, 0x86, 0x3b4, 0x9, 0x101, 0x10001, 0x5, 0x8, 0x1ff, 0x9, 0x6, 0x101, 0x3ff, 0x6, 0x3, 0x1e71, 0x5, 0xd2, 0x800, 0xf, 0x2, 0xb8941c00, 0x10000, 0x8, 0x8, 0x10000, 0xd, 0x2, 0x3, 0x2, 0xb9, 0x0, 0xfffffffb, 0xf51, 0x8, 0x0, 0x9, 0x9, 0x9, 0x4, 0x3, 0x1, 0xfffffff8, 0xffffff50, 0xd48, 0x1, 0x2, 0x9daa, 0x0, 0x5, 0x10, 0x400, 0x6, 0x6, 0x7, 0xba, 0x0, 0x3c3, 0x20000000, 0x3, 0x8, 0x0, 0x8c, 0xfff, 0x7fff, 0x1, 0x7, 0x6, 0x1, 0x8, 0x81, 0x7, 0x1, 0x4], "7ccb4c276c8e451b1d02df4e0e407e5ea3ffd284c80b9a750725daebd0823fd7f652f36bc11a80ba41bfeb637baa50944c9484b1fb7b17865d114ebc3fc23b1a076bc1bbe52b312081d44a1fc752c36f585e5606ae4b4b71f5ba2dc7e76808e97d4243cdc17e912d7bf9550071026d781179bd62e7c0fabf81289d684d9603051db650514f6deffc9a1c9e797ffb5f52d2422418c37ba3887b1974680d8fc0a8d19db105f271cf0777d95a975e9933b43ed7355c23c07be852cdca34d60a699777140ffbd6805516022b3434c2cd36"}}) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x41071, 0xffffffffffffffff, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, &(0x7f00000000c0)={@local, @empty=0xe0000300, 0x1, "8a79348df081496d0420922f45a71c1daa8b610468cd140526c41efcd3a4a422", 0x10001, 0x1, 0x7e}, 0x3c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000001a80)=0x5, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r3, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0xfd}, {{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000040)=""/188, 0xbc}, {&(0x7f0000000540)=""/245, 0xf5}, {&(0x7f0000000440)=""/84, 0x54}, {&(0x7f0000002fc0)=""/4083, 0xff3}, {&(0x7f0000000640)=""/62, 0x3e}, {&(0x7f00000006c0)=""/229, 0xe5}], 0x6}, 0x80000000}], 0x4, 0x20, 0x0) bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x41}}, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@ipv4_newaddr={0x11, 0x14, 0xca1}, 0x18}}, 0x0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r6, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f0000000040)={0xfff7, 0x81, 0x0, 0xe, 0x6, 0x4, 0x0, 0x2041, 0x0}, &(0x7f0000000080)=0x20) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000140)={r7, 0x0, 0x30}, &(0x7f0000000180)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f00000000c0)=0x10) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r6, 0x84, 0x78, &(0x7f00000001c0)=r8, 0x4) 23.09143ms ago: executing program 2 (id=3900): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xe, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="180200000000010000000000000000008500000054000000850000000800000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="240000003b0007010000000000000000037c0000040000000c000180cd4f"], 0x24}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x13, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000073010a000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000000)=0xd, 0xfffffffffffffee8) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r2 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_int(r2, 0x29, 0x3, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="660a0000000000006111770000000000850000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = getpid() ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f00000000c0)=r3) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) r5 = socket(0x2, 0x80805, 0x0) sendmmsg(r5, &(0x7f00000001c0)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @remote}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000080)=']', 0x1}], 0x1}}, {{0x0, 0x40, 0x0, 0x0, &(0x7f0000000180)=[{0x10, 0x84, 0x1}], 0x10}}], 0x2, 0x0) sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)={0x4c, 0x12, 0x400, 0x0, 0x0, {0x0, 0x6, 0x0, 0x0, {0x4e23, 0x0, [], [0x1, 0xfffffffd, 0x10000], 0x0, [0x0, 0x7fff]}, 0x7}}, 0x4c}, 0x1, 0x0, 0x0, 0x20044190}, 0x40010) 22.890007ms ago: executing program 2 (id=3901): r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000007bc0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f0000009240)={0x0, 0x0, &(0x7f0000009200)={&(0x7f0000000140)=ANY=[@ANYBLOB="18400000", @ANYRES16=r2, @ANYBLOB="010000000000000000000b00000008000300", @ANYRES32=r1, @ANYBLOB="10005080080008800400010004000600"], 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 22.103214ms ago: executing program 4 (id=3902): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r1 = syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff) (rerun: 64) sendmsg$GTP_CMD_DELPDP(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x24, r1, 0x1, 0x0, 0x0, {0x3}, [@GTPA_VERSION={0x8}, @GTPA_LINK={0x8}]}, 0x24}}, 0x0) (async) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180), 0xffffffffffffffff) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0) close(r3) ioctl$SIOCSIFHWADDR(r3, 0x8b1a, &(0x7f0000000000)={'virt_wifi0\x00', @random="0200002000"}) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@bloom_filter={0x1e, 0x1d6, 0x6, 0x2, 0x62003, 0xffffffffffffffff, 0xfff, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x0, 0xf, @void, @value, @void, @value}, 0x50) r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000480)={0x0, 0x6, 0x10}, 0xc) (async) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x81, 0x0, 0x1, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x3, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x4, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x53e66154}, [@exit]}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x29, &(0x7f0000000340)=""/41, 0x41100, 0x9, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f0000000380)={0x0, 0x1}, 0x8, 0x10, &(0x7f00000003c0)={0x0, 0xb, 0x9, 0x6}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000540)=[r4, r5, r6, r0], &(0x7f0000000580)=[{0x1, 0x5, 0x4, 0x3}, {0x1, 0x3, 0x1, 0x17}, {0x4, 0x4, 0xf, 0x1}, {0x0, 0x2, 0x9, 0xb}], 0x10, 0x72, @void, @value}, 0x94) (async) sendmsg$TIPC_CMD_SHOW_PORTS(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r2, 0x400, 0x70bd2b, 0x25dfdbfd}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x20008801) r7 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) (async) r9 = socket$can_j1939(0x1d, 0x2, 0x7) r10 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB="28000000320009000000000000000000010000000c00018f0600020005470000080002003b371ff9b5b79d55bd58005dcf9be0ea4783d94ee81f01b713cd0794301822579194967a6d5de3d242d244f46162d64ec74d277e1af31ec6bafe17469996e54f209430e7261049ffbb2ec86b762ff10d5b9b82c740", @ANYRES32, @ANYBLOB], 0x28}}, 0x0) bind$can_j1939(r7, &(0x7f0000000140)={0x1d, r8, 0x1, {0x1, 0xff, 0x1}, 0xfd}, 0x18) (async) r11 = socket$inet(0xa, 0x801, 0x84) connect$inet(r11, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) (async, rerun: 64) listen(r11, 0xffffffff) (async, rerun: 64) r12 = accept4(r11, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r12, 0x84, 0x22, &(0x7f0000000000)={0x1ff, 0x4, 0x2, 0x2}, &(0x7f0000000040)=0x10) bind$can_j1939(r9, &(0x7f0000000080)={0x1d, r8, 0x1, {0x1, 0xff, 0x4}, 0xff}, 0x18) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cg2oup\x80'}, 0x30) (async) r13 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r14 = openat$cgroup_procs(r13, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) pread64(r14, &(0x7f0000000740)=""/4096, 0x1000, 0x7) (async) bind$can_j1939(r9, &(0x7f0000000040)={0x1d, r8, 0x0, {0x0, 0x1}}, 0x18) 21.095011ms ago: executing program 2 (id=3903): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000ff000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={r0, 0xe0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8, &(0x7f0000001b00)}}, 0x10) (async, rerun: 64) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) (rerun: 64) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x25, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1}}}, 0x90) 19.138106ms ago: executing program 4 (id=3904): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r3 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r3, &(0x7f00000027c0)=[{{&(0x7f00000002c0)={0xa, 0x4e20, 0x0, @mcast2, 0x42}, 0x1c, 0x0}}], 0x1, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={0x2c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}]]}, 0x2c}}, 0x0) 16.612619ms ago: executing program 4 (id=3905): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x5c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x3c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @mcast1}}, @IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0xfffffffffffffff9}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 15.204748ms ago: executing program 4 (id=3906): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="5c0000000206010100000000000000000000000005000400000000000900020073797a31000000000500010007000000050005000000000014000780080011400000000005001500030000000d"], 0x5c}}, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d, 0x28}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0xfffc, {[@window={0xa, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) 0s ago: executing program 4 (id=3907): syz_emit_ethernet(0xf1, &(0x7f0000001580)={@random="cc75f225835e", @local, @void, {@mpls_mc={0x8848, {[], @llc={@snap={0xaa, 0xaa, "c232", "db7a8b", 0x88a8, "0b3b10056fe04239513792e84848acd4d1a67d4e354594f75a7e8b00f24fea8028982d684d532e9e69683775d0e774651e47dc790c8d697abe2b349ecf8c714e73f6633a56b1faf7a740a30385e134c8f4ed0a485a22ef1eacd0424efa75ba0ea34b5da43d9623eefca8a9d07316f9f641b6b2fe594f70351f3fe30878c155a3bb6e07e8221d3a596f7b718f0545d98acd7fc3597201af2818288afa95a11ea4c9093cf618751066be3c847085de8dab6092438472464721a20c6ae2937f7c46b50fc0e239edbec2f686ea147a4a244c09c368b599998f95c23b"}}}}}}, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0x1, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0xfffffe69, 0x0, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x4, 0x0, @void, @value, @void, @value}, 0x50) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000012c0)={'syztnl2\x00', &(0x7f0000001240)={'syztnl2\x00', 0x0, 0x29, 0x8, 0x6, 0x80000000, 0x59, @local, @mcast2, 0x7, 0x40, 0xbf0, 0xf}}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000013c0)={0x6, 0x8, &(0x7f0000000140)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @map_fd={0x18, 0xa, 0x1, 0x0, r1}, @exit], &(0x7f0000000180)='syzkaller\x00', 0xfffffeff, 0x1000, &(0x7f0000000240)=""/4096, 0x40f00, 0x0, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000001300)={0x3, 0x2}, 0x8, 0x10, &(0x7f0000001340)={0x2, 0x9, 0x36, 0x9}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001380)=[{0x3, 0x2, 0xe, 0x4}], 0x10, 0x9, @void, @value}, 0x94) 0s ago: executing program 4 (id=3908): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000b2673527e5d88e090000000000"], 0x48) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000a40)=ANY=[@ANYBLOB="6001000010000100000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb0000fff720000001000000003b000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="64010102000000000000000000000000000000006c000000ac1414bb00000000000000000000000000000000000000000000008000000000000000000000000000000000000000000300000000000000000000000000000004000000000000e3ff000000000000000000000000000000040000000000000000000040000000000000000000000000000000ba9b55090000000000fcffffff0000000002000001000000000000000008001f0004000000480003006465666c6174650000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000008001f0003000000150008"], 0x160}}, 0x4810) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000680)=0x0, &(0x7f00000006c0)=0x4) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0x4e24, @empty}, {0x2, 0x4e21, @rand_addr=0x64010100}, {0x2, 0x4e23, @broadcast}, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}) r4 = socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x100010, r4, 0xb2b4000) r5 = socket(0x2, 0x3, 0xff) sendto$inet(r5, &(0x7f00000002c0)="b401fcc8311bb80200000000000000c34b7d7494", 0x14, 0x0, &(0x7f0000000040)={0x2, 0x0, @dev}, 0x10) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r6, &(0x7f0000000040)="05000000010000", 0x7) r7 = socket(0x1, 0x803, 0x0) socket(0x15, 0x5, 0x0) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r8, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{}, 0x0, &(0x7f0000000140)=r9}, 0x20) write$bt_hci(r8, &(0x7f0000000140)=ANY=[], 0xc) ioctl$BTRFS_IOC_RESIZE(r3, 0x50009403, &(0x7f0000002000)=ANY=[@ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00', @ANYRESDEC=0x0, @ANYBLOB="7fdbd9b1c2c96c33e9a372f0213a000030303030303030303030303030303032353770"]) recvmmsg(r7, &(0x7f0000004ec0)=[{{0x0, 0x0, 0x0}, 0x401}], 0x1, 0x40012140, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4000, 0x8, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x3}, 0x1c) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r10 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl(r10, 0x8b2c, &(0x7f0000000040)) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="600000001000110f0000000000dcdf2500000000", @ANYRES32=0x0, @ANYBLOB="0401000000000000300012802cfe0100766c616e00000000200002800c00020013000000159b00000008000500"/60, @ANYRES32=r11, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2, @ANYBLOB], 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r12 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r12) kernel console output (not intermixed with test programs): xc_page_fault+0x590/0x8b0 [ 258.376610][T13839] __x64_sys_sendto+0xde/0x100 [ 258.376640][T13839] do_syscall_64+0xf3/0x230 [ 258.376665][T13839] ? clear_bhb_loop+0x35/0x90 [ 258.376694][T13839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.376717][T13839] RIP: 0033:0x7f054398effc [ 258.376733][T13839] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 258.376749][T13839] RSP: 002b:00007f05447a3ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 258.376768][T13839] RAX: ffffffffffffffda RBX: 00007f05447a3fc0 RCX: 00007f054398effc [ 258.376781][T13839] RDX: 0000000000000020 RSI: 00007f05447a4010 RDI: 0000000000000009 [ 258.376793][T13839] RBP: 0000000000000000 R08: 00007f05447a3f14 R09: 000000000000000c [ 258.376804][T13839] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000009 [ 258.376814][T13839] R13: 00007f05447a3f68 R14: 00007f05447a4010 R15: 0000000000000000 [ 258.376841][T13839] [ 258.824028][T13861] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2547'. [ 259.312794][T13886] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2554'. [ 259.620876][T13895] FAULT_INJECTION: forcing a failure. [ 259.620876][T13895] name failslab, interval 1, probability 0, space 0, times 0 [ 259.664385][T13895] CPU: 0 UID: 0 PID: 13895 Comm: syz.0.2556 Not tainted 6.14.0-rc5-syzkaller-00181-g2409fa66e29a #0 [ 259.664411][T13895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 259.664423][T13895] Call Trace: [ 259.664429][T13895] [ 259.664436][T13895] dump_stack_lvl+0x241/0x360 [ 259.664464][T13895] ? __pfx_dump_stack_lvl+0x10/0x10 [ 259.664484][T13895] ? __pfx__printk+0x10/0x10 [ 259.664507][T13895] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 259.664535][T13895] ? __pfx___might_resched+0x10/0x10 [ 259.664557][T13895] ? __local_bh_enable_ip+0x168/0x200 [ 259.664578][T13895] ? dev_hard_start_xmit+0x768/0x7d0 [ 259.664599][T13895] should_fail_ex+0x40a/0x550 [ 259.664629][T13895] should_failslab+0xac/0x100 [ 259.664654][T13895] kmem_cache_alloc_node_noprof+0x77/0x380 [ 259.664679][T13895] ? __alloc_skb+0x1c3/0x440 [ 259.664709][T13895] __alloc_skb+0x1c3/0x440 [ 259.664740][T13895] ? __pfx___alloc_skb+0x10/0x10 [ 259.664771][T13895] ? netlink_ack_tlv_len+0x6e/0x200 [ 259.664793][T13895] netlink_ack+0x145/0xa60 [ 259.664820][T13895] ? sock_diag_rcv_msg+0x15f/0x5f0 [ 259.664843][T13895] netlink_rcv_skb+0x294/0x480 [ 259.664862][T13895] ? __pfx_sock_diag_rcv_msg+0x10/0x10 [ 259.664883][T13895] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 259.664923][T13895] ? netlink_deliver_tap+0x2e/0x1b0 [ 259.664945][T13895] netlink_unicast+0x7f6/0x990 [ 259.664980][T13895] ? __pfx_netlink_unicast+0x10/0x10 [ 259.665006][T13895] ? __virt_addr_valid+0x45f/0x530 [ 259.665024][T13895] ? __phys_addr_symbol+0x2f/0x70 [ 259.665040][T13895] ? __check_object_size+0x47a/0x730 [ 259.665074][T13895] netlink_sendmsg+0x8de/0xcb0 [ 259.665105][T13895] ? __pfx_netlink_sendmsg+0x10/0x10 [ 259.665129][T13895] ? aa_sock_msg_perm+0x91/0x160 [ 259.665161][T13895] ? __pfx_netlink_sendmsg+0x10/0x10 [ 259.665179][T13895] __sock_sendmsg+0x221/0x270 [ 259.665204][T13895] __sys_sendto+0x363/0x4c0 [ 259.665236][T13895] ? __pfx___sys_sendto+0x10/0x10 [ 259.665285][T13895] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 259.665315][T13895] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 259.665343][T13895] ? exc_page_fault+0x590/0x8b0 [ 259.665369][T13895] __x64_sys_sendto+0xde/0x100 [ 259.665399][T13895] do_syscall_64+0xf3/0x230 [ 259.665424][T13895] ? clear_bhb_loop+0x35/0x90 [ 259.665452][T13895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.665476][T13895] RIP: 0033:0x7f3ee358effc [ 259.665491][T13895] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 259.665507][T13895] RSP: 002b:00007f3ee42ffec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 259.665526][T13895] RAX: ffffffffffffffda RBX: 00007f3ee42fffc0 RCX: 00007f3ee358effc [ 259.665539][T13895] RDX: 0000000000000020 RSI: 00007f3ee4300010 RDI: 0000000000000009 [ 259.665550][T13895] RBP: 0000000000000000 R08: 00007f3ee42fff14 R09: 000000000000000c [ 259.665561][T13895] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000009 [ 259.665571][T13895] R13: 00007f3ee42fff68 R14: 00007f3ee4300010 R15: 0000000000000000 [ 259.665598][T13895] [ 260.128814][T13909] wg1 speed is unknown, defaulting to 1000 [ 260.783619][T13940] : entered promiscuous mode [ 260.987373][T13950] dccp_close: ABORT with 660 bytes unread [ 261.002089][T13954] ipvlan0: entered promiscuous mode [ 261.019172][T13954] ipvlan0: entered allmulticast mode [ 261.024494][T13954] veth0_vlan: entered allmulticast mode [ 261.123524][T13954] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2571'. [ 261.164914][T13954] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2571'. [ 261.439051][T13971] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2577'. [ 261.483329][T13975] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2577'. [ 261.493537][T13972] FAULT_INJECTION: forcing a failure. [ 261.493537][T13972] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 261.564675][T13972] CPU: 0 UID: 0 PID: 13972 Comm: syz.0.2578 Not tainted 6.14.0-rc5-syzkaller-00181-g2409fa66e29a #0 [ 261.564700][T13972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 261.564711][T13972] Call Trace: [ 261.564718][T13972] [ 261.564725][T13972] dump_stack_lvl+0x241/0x360 [ 261.564752][T13972] ? __pfx_dump_stack_lvl+0x10/0x10 [ 261.564773][T13972] ? __pfx__printk+0x10/0x10 [ 261.564792][T13972] ? __pfx_lock_release+0x10/0x10 [ 261.564828][T13972] should_fail_ex+0x40a/0x550 [ 261.564859][T13972] _copy_from_user+0x2d/0xb0 [ 261.564883][T13972] __sys_bpf+0x1be/0x820 [ 261.564910][T13972] ? __pfx___sys_bpf+0x10/0x10 [ 261.564946][T13972] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 261.564976][T13972] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 261.565004][T13972] ? do_syscall_64+0x100/0x230 [ 261.565043][T13972] __x64_sys_bpf+0x7c/0x90 [ 261.565067][T13972] do_syscall_64+0xf3/0x230 [ 261.565092][T13972] ? clear_bhb_loop+0x35/0x90 [ 261.565121][T13972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.565145][T13972] RIP: 0033:0x7f3ee358d169 [ 261.565161][T13972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 261.565176][T13972] RSP: 002b:00007f3ee4301038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 261.565195][T13972] RAX: ffffffffffffffda RBX: 00007f3ee37a5fa0 RCX: 00007f3ee358d169 [ 261.565209][T13972] RDX: 0000000000000020 RSI: 0000400000000500 RDI: 0000000000000002 [ 261.565221][T13972] RBP: 00007f3ee4301090 R08: 0000000000000000 R09: 0000000000000000 [ 261.565232][T13972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 261.565242][T13972] R13: 0000000000000000 R14: 00007f3ee37a5fa0 R15: 00007ffd92c68968 [ 261.565268][T13972] [ 261.882372][T13990] netlink: 3648 bytes leftover after parsing attributes in process `syz.1.2582'. [ 261.897725][T13990] netlink: 3648 bytes leftover after parsing attributes in process `syz.1.2582'. [ 261.989257][T13996] xt_bpf: check failed: parse error [ 262.190474][T14007] netlink: 'syz.2.2588': attribute type 1 has an invalid length. [ 262.263240][T13986] wg1 speed is unknown, defaulting to 1000 [ 262.349228][T14015] FAULT_INJECTION: forcing a failure. [ 262.349228][T14015] name failslab, interval 1, probability 0, space 0, times 0 [ 262.366538][T14015] CPU: 1 UID: 0 PID: 14015 Comm: syz.3.2591 Not tainted 6.14.0-rc5-syzkaller-00181-g2409fa66e29a #0 [ 262.366563][T14015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 262.366575][T14015] Call Trace: [ 262.366581][T14015] [ 262.366589][T14015] dump_stack_lvl+0x241/0x360 [ 262.366616][T14015] ? __pfx_dump_stack_lvl+0x10/0x10 [ 262.366636][T14015] ? __pfx__printk+0x10/0x10 [ 262.366656][T14015] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 262.366684][T14015] ? __pfx___might_resched+0x10/0x10 [ 262.366706][T14015] ? aa_label_sk_perm+0x4f3/0x6c0 [ 262.366735][T14015] should_fail_ex+0x40a/0x550 [ 262.366766][T14015] should_failslab+0xac/0x100 [ 262.366791][T14015] kmem_cache_alloc_node_noprof+0x77/0x380 [ 262.366817][T14015] ? __alloc_skb+0x1c3/0x440 [ 262.366846][T14015] __alloc_skb+0x1c3/0x440 [ 262.366878][T14015] ? __pfx___alloc_skb+0x10/0x10 [ 262.366913][T14015] netlink_sendmsg+0x634/0xcb0 [ 262.366944][T14015] ? __pfx_netlink_sendmsg+0x10/0x10 [ 262.366968][T14015] ? aa_sock_msg_perm+0x91/0x160 [ 262.367000][T14015] ? __pfx_netlink_sendmsg+0x10/0x10 [ 262.367018][T14015] __sock_sendmsg+0x221/0x270 [ 262.367043][T14015] ____sys_sendmsg+0x53a/0x860 [ 262.367068][T14015] ? __pfx_____sys_sendmsg+0x10/0x10 [ 262.367083][T14015] ? __fget_files+0x2a/0x410 [ 262.367118][T14015] ? __fget_files+0x2a/0x410 [ 262.367152][T14015] __sys_sendmsg+0x269/0x350 [ 262.367174][T14015] ? __pfx___sys_sendmsg+0x10/0x10 [ 262.367203][T14015] ? do_sys_openat2+0x17a/0x1d0 [ 262.367252][T14015] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 262.367281][T14015] ? do_syscall_64+0x100/0x230 [ 262.367310][T14015] ? do_syscall_64+0xb6/0x230 [ 262.367337][T14015] do_syscall_64+0xf3/0x230 [ 262.367362][T14015] ? clear_bhb_loop+0x35/0x90 [ 262.367390][T14015] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.367414][T14015] RIP: 0033:0x7f496ab8d169 [ 262.367430][T14015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.367444][T14015] RSP: 002b:00007f496b9bc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 262.367464][T14015] RAX: ffffffffffffffda RBX: 00007f496ada5fa0 RCX: 00007f496ab8d169 [ 262.367477][T14015] RDX: 0000000000000810 RSI: 00004000000000c0 RDI: 0000000000000004 [ 262.367489][T14015] RBP: 00007f496b9bc090 R08: 0000000000000000 R09: 0000000000000000 [ 262.367500][T14015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 262.367510][T14015] R13: 0000000000000000 R14: 00007f496ada5fa0 R15: 00007ffd1c253b18 [ 262.367536][T14015] [ 262.758468][T14024] FAULT_INJECTION: forcing a failure. [ 262.758468][T14024] name failslab, interval 1, probability 0, space 0, times 0 [ 262.776724][T14022] ip6t_srh: unknown srh invflags 5F00 [ 262.790684][T14024] CPU: 0 UID: 0 PID: 14024 Comm: syz.1.2592 Not tainted 6.14.0-rc5-syzkaller-00181-g2409fa66e29a #0 [ 262.790708][T14024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 262.790720][T14024] Call Trace: [ 262.790726][T14024] [ 262.790734][T14024] dump_stack_lvl+0x241/0x360 [ 262.790762][T14024] ? __pfx_dump_stack_lvl+0x10/0x10 [ 262.790782][T14024] ? __pfx__printk+0x10/0x10 [ 262.790812][T14024] should_fail_ex+0x40a/0x550 [ 262.790843][T14024] should_failslab+0xac/0x100 [ 262.790868][T14024] ? skb_clone+0x20c/0x390 [ 262.790885][T14024] kmem_cache_alloc_noprof+0x70/0x380 [ 262.790915][T14024] skb_clone+0x20c/0x390 [ 262.790937][T14024] __netlink_deliver_tap+0x3c4/0x7f0 [ 262.790966][T14024] ? netlink_deliver_tap+0x2e/0x1b0 [ 262.790985][T14024] netlink_deliver_tap+0x19d/0x1b0 [ 262.791005][T14024] netlink_unicast+0x7c4/0x990 [ 262.791041][T14024] ? __pfx_netlink_unicast+0x10/0x10 [ 262.791071][T14024] ? __virt_addr_valid+0x45f/0x530 [ 262.791096][T14024] ? __phys_addr_symbol+0x2f/0x70 [ 262.791112][T14024] ? __check_object_size+0x47a/0x730 [ 262.791139][T14024] netlink_sendmsg+0x8de/0xcb0 [ 262.791171][T14024] ? __pfx_netlink_sendmsg+0x10/0x10 [ 262.791195][T14024] ? aa_sock_msg_perm+0x91/0x160 [ 262.791228][T14024] ? __pfx_netlink_sendmsg+0x10/0x10 [ 262.791246][T14024] __sock_sendmsg+0x221/0x270 [ 262.791272][T14024] ____sys_sendmsg+0x53a/0x860 [ 262.791297][T14024] ? __pfx_____sys_sendmsg+0x10/0x10 [ 262.791313][T14024] ? __fget_files+0x2a/0x410 [ 262.791341][T14024] ? __fget_files+0x2a/0x410 [ 262.791375][T14024] __sys_sendmsg+0x269/0x350 [ 262.791398][T14024] ? __pfx___sys_sendmsg+0x10/0x10 [ 262.791428][T14024] ? do_sys_openat2+0x17a/0x1d0 [ 262.791476][T14024] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 262.791506][T14024] ? do_syscall_64+0x100/0x230 [ 262.791534][T14024] ? do_syscall_64+0xb6/0x230 [ 262.791562][T14024] do_syscall_64+0xf3/0x230 [ 262.791587][T14024] ? clear_bhb_loop+0x35/0x90 [ 262.791616][T14024] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.791639][T14024] RIP: 0033:0x7fc2db98d169 [ 262.791655][T14024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.791670][T14024] RSP: 002b:00007fc2dc7e1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 262.791690][T14024] RAX: ffffffffffffffda RBX: 00007fc2dbba6080 RCX: 00007fc2db98d169 [ 262.791702][T14024] RDX: 0000000000000000 RSI: 0000400000000080 RDI: 0000000000000003 [ 262.791714][T14024] RBP: 00007fc2dc7e1090 R08: 0000000000000000 R09: 0000000000000000 [ 262.791725][T14024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 262.791735][T14024] R13: 0000000000000000 R14: 00007fc2dbba6080 R15: 00007ffdee077a68 [ 262.791763][T14024] [ 264.242074][T14072] wg1 speed is unknown, defaulting to 1000 [ 264.428415][T14096] FAULT_INJECTION: forcing a failure. [ 264.428415][T14096] name failslab, interval 1, probability 0, space 0, times 0 [ 264.483606][T14096] CPU: 0 UID: 0 PID: 14096 Comm: syz.4.2612 Not tainted 6.14.0-rc5-syzkaller-00181-g2409fa66e29a #0 [ 264.483634][T14096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 264.483646][T14096] Call Trace: [ 264.483652][T14096] [ 264.483661][T14096] dump_stack_lvl+0x241/0x360 [ 264.483689][T14096] ? __pfx_dump_stack_lvl+0x10/0x10 [ 264.483711][T14096] ? __pfx__printk+0x10/0x10 [ 264.483732][T14096] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 264.483761][T14096] ? __pfx___might_resched+0x10/0x10 [ 264.483792][T14096] should_fail_ex+0x40a/0x550 [ 264.483825][T14096] should_failslab+0xac/0x100 [ 264.483852][T14096] kmem_cache_alloc_node_noprof+0x77/0x380 [ 264.483890][T14096] ? __alloc_skb+0x1c3/0x440 [ 264.483920][T14096] __alloc_skb+0x1c3/0x440 [ 264.483951][T14096] ? __pfx___alloc_skb+0x10/0x10 [ 264.483982][T14096] ? __pfx_rtnl_dellink+0x10/0x10 [ 264.484008][T14096] ? netlink_ack_tlv_len+0x6e/0x200 [ 264.484030][T14096] netlink_ack+0x145/0xa60 [ 264.484046][T14096] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 264.484074][T14096] ? ref_tracker_free+0x643/0x7e0 [ 264.484109][T14096] netlink_rcv_skb+0x294/0x480 [ 264.484129][T14096] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 264.484153][T14096] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 264.484192][T14096] ? netlink_deliver_tap+0x2e/0x1b0 [ 264.484214][T14096] netlink_unicast+0x7f6/0x990 [ 264.484250][T14096] ? __pfx_netlink_unicast+0x10/0x10 [ 264.484277][T14096] ? __virt_addr_valid+0x45f/0x530 [ 264.484295][T14096] ? __phys_addr_symbol+0x2f/0x70 [ 264.484311][T14096] ? __check_object_size+0x47a/0x730 [ 264.484339][T14096] netlink_sendmsg+0x8de/0xcb0 [ 264.484370][T14096] ? __pfx_netlink_sendmsg+0x10/0x10 [ 264.484394][T14096] ? aa_sock_msg_perm+0x91/0x160 [ 264.484426][T14096] ? __pfx_netlink_sendmsg+0x10/0x10 [ 264.484444][T14096] __sock_sendmsg+0x221/0x270 [ 264.484470][T14096] ____sys_sendmsg+0x53a/0x860 [ 264.484500][T14096] ? __pfx_____sys_sendmsg+0x10/0x10 [ 264.484515][T14096] ? __fget_files+0x2a/0x410 [ 264.484544][T14096] ? __fget_files+0x2a/0x410 [ 264.484576][T14096] __sys_sendmsg+0x269/0x350 [ 264.484597][T14096] ? __pfx___sys_sendmsg+0x10/0x10 [ 264.484626][T14096] ? do_sys_openat2+0x17a/0x1d0 [ 264.484675][T14096] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 264.484703][T14096] ? do_syscall_64+0x100/0x230 [ 264.484731][T14096] ? do_syscall_64+0xb6/0x230 [ 264.484758][T14096] do_syscall_64+0xf3/0x230 [ 264.484782][T14096] ? clear_bhb_loop+0x35/0x90 [ 264.484811][T14096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.484835][T14096] RIP: 0033:0x7f054398d169 [ 264.484850][T14096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 264.484864][T14096] RSP: 002b:00007f0544784038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 264.484884][T14096] RAX: ffffffffffffffda RBX: 00007f0543ba6080 RCX: 00007f054398d169 [ 264.484914][T14096] RDX: 0000000000000000 RSI: 0000400000000080 RDI: 0000000000000003 [ 264.484926][T14096] RBP: 00007f0544784090 R08: 0000000000000000 R09: 0000000000000000 [ 264.484937][T14096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 264.484948][T14096] R13: 0000000000000000 R14: 00007f0543ba6080 R15: 00007ffe303a6aa8 [ 264.485002][T14096] [ 265.017589][T14080] wg1 speed is unknown, defaulting to 1000 [ 265.093572][ T29] audit: type=1107 audit(1741909986.741:3): pid=14107 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='Ù ' [ 265.332744][T14119] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.2623'. [ 265.343996][T14120] FAULT_INJECTION: forcing a failure. [ 265.343996][T14120] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 265.352847][T14119] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2623'. [ 265.399839][T14120] CPU: 1 UID: 0 PID: 14120 Comm: syz.4.2622 Not tainted 6.14.0-rc5-syzkaller-00181-g2409fa66e29a #0 [ 265.399867][T14120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 265.399880][T14120] Call Trace: [ 265.399887][T14120] [ 265.399896][T14120] dump_stack_lvl+0x241/0x360 [ 265.399927][T14120] ? __pfx_dump_stack_lvl+0x10/0x10 [ 265.399951][T14120] ? __pfx__printk+0x10/0x10 [ 265.399973][T14120] ? __pfx_lock_release+0x10/0x10 [ 265.400013][T14120] should_fail_ex+0x40a/0x550 [ 265.400049][T14120] _copy_from_iter+0x1df/0x1c40 [ 265.400073][T14120] ? __virt_addr_valid+0x183/0x530 [ 265.400094][T14120] ? __pfx_lock_release+0x10/0x10 [ 265.400132][T14120] ? __alloc_skb+0x28f/0x440 [ 265.400161][T14120] ? __pfx__copy_from_iter+0x10/0x10 [ 265.400187][T14120] ? __virt_addr_valid+0x183/0x530 [ 265.400205][T14120] ? __virt_addr_valid+0x183/0x530 [ 265.400223][T14120] ? __virt_addr_valid+0x45f/0x530 [ 265.400242][T14120] ? __phys_addr_symbol+0x2f/0x70 [ 265.400260][T14120] ? __check_object_size+0x47a/0x730 [ 265.400293][T14120] netlink_sendmsg+0x742/0xcb0 [ 265.400329][T14120] ? __pfx_netlink_sendmsg+0x10/0x10 [ 265.400357][T14120] ? aa_sock_msg_perm+0x91/0x160 [ 265.400392][T14120] ? __pfx_netlink_sendmsg+0x10/0x10 [ 265.400413][T14120] __sock_sendmsg+0x221/0x270 [ 265.400442][T14120] ____sys_sendmsg+0x53a/0x860 [ 265.400471][T14120] ? __pfx_____sys_sendmsg+0x10/0x10 [ 265.400489][T14120] ? __fget_files+0x2a/0x410 [ 265.400521][T14120] ? __fget_files+0x2a/0x410 [ 265.400559][T14120] __sys_sendmsg+0x269/0x350 [ 265.400584][T14120] ? __pfx___sys_sendmsg+0x10/0x10 [ 265.400617][T14120] ? do_sys_openat2+0x17a/0x1d0 [ 265.400679][T14120] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 265.400712][T14120] ? do_syscall_64+0x100/0x230 [ 265.400744][T14120] ? do_syscall_64+0xb6/0x230 [ 265.400774][T14120] do_syscall_64+0xf3/0x230 [ 265.400802][T14120] ? clear_bhb_loop+0x35/0x90 [ 265.400834][T14120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.400861][T14120] RIP: 0033:0x7f054398d169 [ 265.400879][T14120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.400896][T14120] RSP: 002b:00007f05447a5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 265.400918][T14120] RAX: ffffffffffffffda RBX: 00007f0543ba5fa0 RCX: 00007f054398d169 [ 265.400933][T14120] RDX: 0000000000000810 RSI: 00004000000000c0 RDI: 0000000000000004 [ 265.400946][T14120] RBP: 00007f05447a5090 R08: 0000000000000000 R09: 0000000000000000 [ 265.400958][T14120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 265.400970][T14120] R13: 0000000000000000 R14: 00007f0543ba5fa0 R15: 00007ffe303a6aa8 [ 265.400999][T14120] [ 266.595578][T14162] FAULT_INJECTION: forcing a failure. [ 266.595578][T14162] name failslab, interval 1, probability 0, space 0, times 0 [ 266.643832][T14162] CPU: 1 UID: 0 PID: 14162 Comm: syz.0.2636 Not tainted 6.14.0-rc5-syzkaller-00181-g2409fa66e29a #0 [ 266.643858][T14162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 266.643869][T14162] Call Trace: [ 266.643876][T14162] [ 266.643883][T14162] dump_stack_lvl+0x241/0x360 [ 266.643910][T14162] ? __pfx_dump_stack_lvl+0x10/0x10 [ 266.643930][T14162] ? __pfx__printk+0x10/0x10 [ 266.643950][T14162] ? __kmalloc_noprof+0xb5/0x4c0 [ 266.643976][T14162] ? __pfx___might_resched+0x10/0x10 [ 266.643998][T14162] ? aa_get_newest_label+0xff/0x6f0 [ 266.644030][T14162] should_fail_ex+0x40a/0x550 [ 266.644061][T14162] should_failslab+0xac/0x100 [ 266.644086][T14162] __kmalloc_noprof+0xdd/0x4c0 [ 266.644110][T14162] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 266.644136][T14162] ? apparmor_capable+0x13b/0x1b0 [ 266.644160][T14162] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 266.644192][T14162] genl_rcv_msg+0x80b/0xec0 [ 266.644225][T14162] ? __pfx_genl_rcv_msg+0x10/0x10 [ 266.644278][T14162] ? __pfx_lock_acquire+0x10/0x10 [ 266.644305][T14162] ? __pfx_ieee802154_llsec_add_devkey+0x10/0x10 [ 266.644335][T14162] ? __pfx___might_resched+0x10/0x10 [ 266.644368][T14162] netlink_rcv_skb+0x206/0x480 [ 266.644388][T14162] ? __pfx_genl_rcv_msg+0x10/0x10 [ 266.644415][T14162] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 266.644463][T14162] genl_rcv+0x28/0x40 [ 266.644486][T14162] netlink_unicast+0x7f6/0x990 [ 266.644527][T14162] ? __pfx_netlink_unicast+0x10/0x10 [ 266.644553][T14162] ? __virt_addr_valid+0x45f/0x530 [ 266.644572][T14162] ? __phys_addr_symbol+0x2f/0x70 [ 266.644597][T14162] ? __check_object_size+0x47a/0x730 [ 266.644625][T14162] netlink_sendmsg+0x8de/0xcb0 [ 266.644657][T14162] ? __pfx_netlink_sendmsg+0x10/0x10 [ 266.644680][T14162] ? aa_sock_msg_perm+0x91/0x160 [ 266.644711][T14162] ? __pfx_netlink_sendmsg+0x10/0x10 [ 266.644729][T14162] __sock_sendmsg+0x221/0x270 [ 266.644754][T14162] ____sys_sendmsg+0x53a/0x860 [ 266.644779][T14162] ? __pfx_____sys_sendmsg+0x10/0x10 [ 266.644794][T14162] ? __fget_files+0x2a/0x410 [ 266.644821][T14162] ? __fget_files+0x2a/0x410 [ 266.644854][T14162] __sys_sendmsg+0x269/0x350 [ 266.644877][T14162] ? __pfx___sys_sendmsg+0x10/0x10 [ 266.644908][T14162] ? do_sys_openat2+0x17a/0x1d0 [ 266.644958][T14162] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 266.644986][T14162] ? do_syscall_64+0x100/0x230 [ 266.645014][T14162] ? do_syscall_64+0xb6/0x230 [ 266.645040][T14162] do_syscall_64+0xf3/0x230 [ 266.645065][T14162] ? clear_bhb_loop+0x35/0x90 [ 266.645094][T14162] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.645118][T14162] RIP: 0033:0x7f3ee358d169 [ 266.645134][T14162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.645149][T14162] RSP: 002b:00007f3ee4301038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 266.645168][T14162] RAX: ffffffffffffffda RBX: 00007f3ee37a5fa0 RCX: 00007f3ee358d169 [ 266.645181][T14162] RDX: 0000000000000810 RSI: 00004000000000c0 RDI: 0000000000000004 [ 266.645193][T14162] RBP: 00007f3ee4301090 R08: 0000000000000000 R09: 0000000000000000 [ 266.645203][T14162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 266.645214][T14162] R13: 0000000000000000 R14: 00007f3ee37a5fa0 R15: 00007ffd92c68968 [ 266.645241][T14162] [ 267.354907][T14176] netlink: 'syz.4.2644': attribute type 5 has an invalid length. [ 267.371436][T14176] netlink: 140 bytes leftover after parsing attributes in process `syz.4.2644'. [ 267.745309][T14198] FAULT_INJECTION: forcing a failure. [ 267.745309][T14198] name failslab, interval 1, probability 0, space 0, times 0 [ 267.767923][T14198] CPU: 0 UID: 0 PID: 14198 Comm: syz.1.2651 Not tainted 6.14.0-rc5-syzkaller-00181-g2409fa66e29a #0 [ 267.767947][T14198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 267.767959][T14198] Call Trace: [ 267.767965][T14198] [ 267.767972][T14198] dump_stack_lvl+0x241/0x360 [ 267.767999][T14198] ? __pfx_dump_stack_lvl+0x10/0x10 [ 267.768020][T14198] ? __pfx__printk+0x10/0x10 [ 267.768040][T14198] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 267.768067][T14198] ? __pfx___might_resched+0x10/0x10 [ 267.768096][T14198] should_fail_ex+0x40a/0x550 [ 267.768127][T14198] should_failslab+0xac/0x100 [ 267.768152][T14198] kmem_cache_alloc_node_noprof+0x77/0x380 [ 267.768178][T14198] ? __alloc_skb+0x1c3/0x440 [ 267.768209][T14198] __alloc_skb+0x1c3/0x440 [ 267.768240][T14198] ? __pfx___alloc_skb+0x10/0x10 [ 267.768272][T14198] ? netlink_ack_tlv_len+0x6e/0x200 [ 267.768294][T14198] netlink_ack+0x145/0xa60 [ 267.768310][T14198] ? __pfx_lock_acquire+0x10/0x10 [ 267.768337][T14198] ? __pfx_ieee802154_llsec_add_devkey+0x10/0x10 [ 267.768367][T14198] ? __pfx___might_resched+0x10/0x10 [ 267.768400][T14198] netlink_rcv_skb+0x294/0x480 [ 267.768420][T14198] ? __pfx_genl_rcv_msg+0x10/0x10 [ 267.768447][T14198] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 267.768493][T14198] genl_rcv+0x28/0x40 [ 267.768515][T14198] netlink_unicast+0x7f6/0x990 [ 267.768550][T14198] ? __pfx_netlink_unicast+0x10/0x10 [ 267.768575][T14198] ? __virt_addr_valid+0x45f/0x530 [ 267.768593][T14198] ? __phys_addr_symbol+0x2f/0x70 [ 267.768609][T14198] ? __check_object_size+0x47a/0x730 [ 267.768636][T14198] netlink_sendmsg+0x8de/0xcb0 [ 267.768665][T14198] ? __pfx_netlink_sendmsg+0x10/0x10 [ 267.768689][T14198] ? aa_sock_msg_perm+0x91/0x160 [ 267.768720][T14198] ? __pfx_netlink_sendmsg+0x10/0x10 [ 267.768745][T14198] __sock_sendmsg+0x221/0x270 [ 267.768770][T14198] ____sys_sendmsg+0x53a/0x860 [ 267.768796][T14198] ? __pfx_____sys_sendmsg+0x10/0x10 [ 267.768810][T14198] ? __fget_files+0x2a/0x410 [ 267.768839][T14198] ? __fget_files+0x2a/0x410 [ 267.768872][T14198] __sys_sendmsg+0x269/0x350 [ 267.768895][T14198] ? __pfx___sys_sendmsg+0x10/0x10 [ 267.768924][T14198] ? do_sys_openat2+0x17a/0x1d0 [ 267.768973][T14198] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 267.769002][T14198] ? do_syscall_64+0x100/0x230 [ 267.769029][T14198] ? do_syscall_64+0xb6/0x230 [ 267.769057][T14198] do_syscall_64+0xf3/0x230 [ 267.769081][T14198] ? clear_bhb_loop+0x35/0x90 [ 267.769109][T14198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.769132][T14198] RIP: 0033:0x7fc2db98d169 [ 267.769148][T14198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 267.769162][T14198] RSP: 002b:00007fc2dc802038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 267.769181][T14198] RAX: ffffffffffffffda RBX: 00007fc2dbba5fa0 RCX: 00007fc2db98d169 [ 267.769194][T14198] RDX: 0000000000000810 RSI: 00004000000000c0 RDI: 0000000000000004 [ 267.769206][T14198] RBP: 00007fc2dc802090 R08: 0000000000000000 R09: 0000000000000000 [ 267.769217][T14198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 267.769227][T14198] R13: 0000000000000000 R14: 00007fc2dbba5fa0 R15: 00007ffdee077a68 [ 267.769252][T14198] [ 268.259985][T14220] FAULT_INJECTION: forcing a failure. [ 268.259985][T14220] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 268.275870][T14220] CPU: 1 UID: 0 PID: 14220 Comm: syz.4.2658 Not tainted 6.14.0-rc5-syzkaller-00181-g2409fa66e29a #0 [ 268.275895][T14220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 268.275906][T14220] Call Trace: [ 268.275913][T14220] [ 268.275920][T14220] dump_stack_lvl+0x241/0x360 [ 268.275950][T14220] ? __pfx_dump_stack_lvl+0x10/0x10 [ 268.275970][T14220] ? __pfx__printk+0x10/0x10 [ 268.275990][T14220] ? __pfx_lock_release+0x10/0x10 [ 268.276026][T14220] should_fail_ex+0x40a/0x550 [ 268.276056][T14220] _copy_from_user+0x2d/0xb0 [ 268.276082][T14220] kvmemdup_bpfptr_noprof+0x7d/0xf0 [ 268.276101][T14220] map_update_elem+0x4d0/0x6f0 [ 268.276135][T14220] __sys_bpf+0x773/0x820 [ 268.276162][T14220] ? __pfx___sys_bpf+0x10/0x10 [ 268.276198][T14220] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 268.276228][T14220] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 268.276257][T14220] ? do_syscall_64+0x100/0x230 [ 268.276286][T14220] __x64_sys_bpf+0x7c/0x90 [ 268.276310][T14220] do_syscall_64+0xf3/0x230 [ 268.276335][T14220] ? clear_bhb_loop+0x35/0x90 [ 268.276364][T14220] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.276387][T14220] RIP: 0033:0x7f054398d169 [ 268.276403][T14220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 268.276418][T14220] RSP: 002b:00007f05447a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 268.276436][T14220] RAX: ffffffffffffffda RBX: 00007f0543ba5fa0 RCX: 00007f054398d169 [ 268.276449][T14220] RDX: 0000000000000020 RSI: 0000400000000500 RDI: 0000000000000002 [ 268.276460][T14220] RBP: 00007f05447a5090 R08: 0000000000000000 R09: 0000000000000000 [ 268.276479][T14220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 268.276489][T14220] R13: 0000000000000000 R14: 00007f0543ba5fa0 R15: 00007ffe303a6aa8 [ 268.276515][T14220] [ 268.595376][T14226] netlink: 'syz.1.2662': attribute type 24 has an invalid length. [ 268.610620][T14226] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2662'. [ 268.663656][T14235] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2661'. [ 269.197069][T14255] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2670'. [ 269.273165][T14252] wg1 speed is unknown, defaulting to 1000 [ 269.643211][T14286] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 269.694195][T14286] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 269.878990][T14252] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2669'. [ 270.007937][T14252] netlink: 'syz.4.2669': attribute type 1 has an invalid length. [ 271.530404][T14304] batadv1: entered allmulticast mode [ 271.964819][T14339] netlink: 'syz.0.2694': attribute type 3 has an invalid length. [ 272.164030][T14354] netlink: 'syz.0.2694': attribute type 10 has an invalid length. [ 272.226845][T14358] netlink: 'syz.2.2697': attribute type 1 has an invalid length. [ 272.240740][T14359] netlink: 'syz.0.2694': attribute type 10 has an invalid length. [ 272.262489][T14358] netlink: 'syz.2.2697': attribute type 1 has an invalid length. [ 272.273383][T14359] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2694'. [ 272.511797][T14369] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2702'. [ 272.559594][T14369] netlink: 'syz.0.2702': attribute type 7 has an invalid length. [ 272.580653][T14369] netlink: 'syz.0.2702': attribute type 8 has an invalid length. [ 272.589661][T14369] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2702'. [ 272.715538][T14378] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2705'. [ 273.059986][T14397] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2713'. [ 273.338561][T14412] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2720'. [ 273.650846][T14430] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2728'. [ 273.676206][T14427] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2726'. [ 274.331802][T14472] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2741'. [ 274.574048][T14488] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2745'. [ 274.644049][T14495] ax25_connect(): syz.2.2746 uses autobind, please contact jreuter@yaina.de [ 274.898683][T14505] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2751'. [ 275.137637][T14522] tipc: Enabled bearer , priority 10 [ 275.558968][T14544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.571973][T14544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.612236][T14544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.636132][T14544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.660434][T14544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.683815][T14544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.693625][T14544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.717128][T14544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.747111][T14544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.784737][T14544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 276.130063][T14582] gtp2: entered promiscuous mode [ 276.172000][T14582] gtp2: entered allmulticast mode [ 277.391758][T14657] FAULT_INJECTION: forcing a failure. [ 277.391758][T14657] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 277.446139][T14657] CPU: 0 UID: 0 PID: 14657 Comm: syz.3.2790 Not tainted 6.14.0-rc5-syzkaller-00181-g2409fa66e29a #0 [ 277.446166][T14657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 277.446179][T14657] Call Trace: [ 277.446186][T14657] [ 277.446194][T14657] dump_stack_lvl+0x241/0x360 [ 277.446223][T14657] ? __pfx_dump_stack_lvl+0x10/0x10 [ 277.446244][T14657] ? __pfx__printk+0x10/0x10 [ 277.446266][T14657] ? __pfx_lock_release+0x10/0x10 [ 277.446296][T14657] ? validate_chain+0x11e/0x5920 [ 277.446322][T14657] should_fail_ex+0x40a/0x550 [ 277.446364][T14657] _copy_from_iter+0x1df/0x1c40 [ 277.446387][T14657] ? __pfx_validate_chain+0x10/0x10 [ 277.446415][T14657] ? __pfx__copy_from_iter+0x10/0x10 [ 277.446449][T14657] tun_get_user+0x25f/0x48a0 [ 277.446472][T14657] ? __pfx_lock_release+0x10/0x10 [ 277.446506][T14657] ? __lock_acquire+0x1397/0x2100 [ 277.446538][T14657] ? __pfx_tun_get_user+0x10/0x10 [ 277.446574][T14657] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 277.446604][T14657] ? tun_get+0x1e/0x2f0 [ 277.446622][T14657] ? __pfx_lock_release+0x10/0x10 [ 277.446662][T14657] ? tun_get+0x1e/0x2f0 [ 277.446679][T14657] ? tun_get+0x27d/0x2f0 [ 277.446699][T14657] tun_chr_write_iter+0x10d/0x1f0 [ 277.446721][T14657] vfs_write+0xacf/0xd10 [ 277.446744][T14657] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 277.446764][T14657] ? __pfx_vfs_write+0x10/0x10 [ 277.446780][T14657] ? do_sys_openat2+0x17a/0x1d0 [ 277.446815][T14657] ? __fget_files+0x2a/0x410 [ 277.446844][T14657] ? __fget_files+0x2a/0x410 [ 277.446877][T14657] ksys_write+0x18f/0x2b0 [ 277.446898][T14657] ? __pfx_ksys_write+0x10/0x10 [ 277.446917][T14657] ? do_syscall_64+0x100/0x230 [ 277.446945][T14657] ? do_syscall_64+0xb6/0x230 [ 277.446973][T14657] do_syscall_64+0xf3/0x230 [ 277.446998][T14657] ? clear_bhb_loop+0x35/0x90 [ 277.447028][T14657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.447052][T14657] RIP: 0033:0x7f496ab8d169 [ 277.447068][T14657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 277.447084][T14657] RSP: 002b:00007f496b9bc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 277.447104][T14657] RAX: ffffffffffffffda RBX: 00007f496ada5fa0 RCX: 00007f496ab8d169 [ 277.447116][T14657] RDX: 000000000000004e RSI: 0000400000000280 RDI: 0000000000000003 [ 277.447127][T14657] RBP: 00007f496b9bc090 R08: 0000000000000000 R09: 0000000000000000 [ 277.447138][T14657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 277.447149][T14657] R13: 0000000000000000 R14: 00007f496ada5fa0 R15: 00007ffd1c253b18 [ 277.447178][T14657] [ 277.985218][T14683] netlink: 'syz.2.2795': attribute type 29 has an invalid length. [ 278.001823][T14684] (unnamed net_device) (uninitialized): option fail_over_mac: invalid value (8) [ 278.212896][T14698] netlink: 'syz.0.2799': attribute type 1 has an invalid length. [ 278.220827][T14698] netlink: 'syz.0.2799': attribute type 3 has an invalid length. [ 278.228847][T14698] __nla_validate_parse: 4 callbacks suppressed [ 278.228860][T14698] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2799'. [ 278.261289][T14698] NCSI netlink: No device for ifindex 131080 [ 278.291947][T14700] netlink: 'syz.1.2800': attribute type 10 has an invalid length. [ 278.307000][T14701] IPVS: set_ctl: invalid protocol: 58 224.0.0.2:20000 [ 278.328918][T14701] xt_CT: You must specify a L4 protocol and not use inversions on it [ 278.390784][T14711] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2801'. [ 278.676805][T14727] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2807'. [ 278.698283][ T3182] IPVS: starting estimator thread 0... [ 278.755374][T14733] FAULT_INJECTION: forcing a failure. [ 278.755374][T14733] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 278.771536][T14733] CPU: 0 UID: 0 PID: 14733 Comm: syz.4.2808 Not tainted 6.14.0-rc5-syzkaller-00181-g2409fa66e29a #0 [ 278.771562][T14733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 278.771574][T14733] Call Trace: [ 278.771581][T14733] [ 278.771589][T14733] dump_stack_lvl+0x241/0x360 [ 278.771616][T14733] ? __pfx_dump_stack_lvl+0x10/0x10 [ 278.771637][T14733] ? __pfx__printk+0x10/0x10 [ 278.771658][T14733] ? __pfx_lock_release+0x10/0x10 [ 278.771688][T14733] ? validate_chain+0x11e/0x5920 [ 278.771712][T14733] should_fail_ex+0x40a/0x550 [ 278.771743][T14733] _copy_from_iter+0x1df/0x1c40 [ 278.771767][T14733] ? __pfx_validate_chain+0x10/0x10 [ 278.771796][T14733] ? __pfx__copy_from_iter+0x10/0x10 [ 278.771832][T14733] tun_get_user+0x43f/0x48a0 [ 278.771866][T14733] ? __lock_acquire+0x1397/0x2100 [ 278.771901][T14733] ? __pfx_tun_get_user+0x10/0x10 [ 278.771938][T14733] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 278.771974][T14733] ? tun_get+0x1e/0x2f0 [ 278.771992][T14733] ? __pfx_lock_release+0x10/0x10 [ 278.772033][T14733] ? tun_get+0x1e/0x2f0 [ 278.772052][T14733] ? tun_get+0x27d/0x2f0 [ 278.772072][T14733] tun_chr_write_iter+0x10d/0x1f0 [ 278.772095][T14733] vfs_write+0xacf/0xd10 [ 278.772118][T14733] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 278.772139][T14733] ? __pfx_vfs_write+0x10/0x10 [ 278.772156][T14733] ? do_sys_openat2+0x17a/0x1d0 [ 278.772185][T14733] ? __fget_files+0x2a/0x410 [ 278.772214][T14733] ? __fget_files+0x2a/0x410 [ 278.772249][T14733] ksys_write+0x18f/0x2b0 [ 278.772269][T14733] ? __pfx_ksys_write+0x10/0x10 [ 278.772290][T14733] ? do_syscall_64+0x100/0x230 [ 278.772318][T14733] ? do_syscall_64+0xb6/0x230 [ 278.772346][T14733] do_syscall_64+0xf3/0x230 [ 278.772371][T14733] ? clear_bhb_loop+0x35/0x90 [ 278.772401][T14733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.772429][T14733] RIP: 0033:0x7f054398d169 [ 278.772445][T14733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 278.772460][T14733] RSP: 002b:00007f05447a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 278.772479][T14733] RAX: ffffffffffffffda RBX: 00007f0543ba5fa0 RCX: 00007f054398d169 [ 278.772492][T14733] RDX: 000000000000004e RSI: 0000400000000280 RDI: 0000000000000003 [ 278.772503][T14733] RBP: 00007f05447a5090 R08: 0000000000000000 R09: 0000000000000000 [ 278.772514][T14733] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 278.772524][T14733] R13: 0000000000000000 R14: 00007f0543ba5fa0 R15: 00007ffe303a6aa8 [ 278.772551][T14733] [ 279.027913][T14730] IPVS: using max 22 ests per chain, 52800 per kthread [ 279.308977][T14753] sctp: [Deprecated]: syz.4.2812 (pid 14753) Use of struct sctp_assoc_value in delayed_ack socket option. [ 279.308977][T14753] Use struct sctp_sack_info instead [ 279.445219][T14760] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2817'. [ 279.531213][T14766] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2819'. [ 279.804088][T14783] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2824'. [ 279.818402][T14783] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2824'. [ 279.843788][T14783] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 279.852561][T14783] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 279.860942][T14783] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 279.869211][T14783] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 280.162342][T14798] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2830'. [ 280.331984][T14803] netlink: 176 bytes leftover after parsing attributes in process `syz.4.2833'. [ 280.360028][T14803] netlink: 176 bytes leftover after parsing attributes in process `syz.4.2833'. [ 280.411527][T14781] wg1 speed is unknown, defaulting to 1000 [ 280.521986][ C1] vcan0: j1939_tp_rxtimer: 0xffff888012087400: rx timeout, send abort [ 280.926642][T14827] x_tables: duplicate underflow at hook 3 [ 281.031382][ C1] vcan0: j1939_tp_rxtimer: 0xffff888012087400: abort rx timeout. Force session deactivation [ 281.124448][T14832] veth5: entered allmulticast mode [ 281.946002][T14871] netlink: 'syz.1.2859': attribute type 10 has an invalid length. [ 282.413463][T14876] wg1 speed is unknown, defaulting to 1000 [ 283.525083][T14946] FAULT_INJECTION: forcing a failure. [ 283.525083][T14946] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 283.571202][T14946] CPU: 1 UID: 0 PID: 14946 Comm: syz.3.2883 Not tainted 6.14.0-rc5-syzkaller-00181-g2409fa66e29a #0 [ 283.571227][T14946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 283.571239][T14946] Call Trace: [ 283.571246][T14946] [ 283.571254][T14946] dump_stack_lvl+0x241/0x360 [ 283.571281][T14946] ? __pfx_dump_stack_lvl+0x10/0x10 [ 283.571301][T14946] ? __pfx__printk+0x10/0x10 [ 283.571321][T14946] ? __pfx_lock_release+0x10/0x10 [ 283.571373][T14946] should_fail_ex+0x40a/0x550 [ 283.571403][T14946] _copy_from_user+0x2d/0xb0 [ 283.571428][T14946] move_addr_to_kernel+0x82/0x150 [ 283.571452][T14946] copy_msghdr_from_user+0x43e/0x680 [ 283.571481][T14946] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 283.571502][T14946] ? __fget_files+0x2a/0x410 [ 283.571530][T14946] ? __fget_files+0x2a/0x410 [ 283.571562][T14946] __sys_sendmmsg+0x32b/0x720 [ 283.571591][T14946] ? __pfx___sys_sendmmsg+0x10/0x10 [ 283.571619][T14946] ? __pfx_lock_release+0x10/0x10 [ 283.571645][T14946] ? kstrtouint_from_user+0x128/0x190 [ 283.571686][T14946] ? ksys_write+0x22a/0x2b0 [ 283.571704][T14946] ? __pfx_lock_release+0x10/0x10 [ 283.571736][T14946] ? sb_end_write+0xe9/0x1c0 [ 283.571760][T14946] ? vfs_write+0x7fa/0xd10 [ 283.571780][T14946] ? __mutex_unlock_slowpath+0x227/0x800 [ 283.571831][T14946] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 283.571861][T14946] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 283.571890][T14946] ? do_syscall_64+0x100/0x230 [ 283.571918][T14946] __x64_sys_sendmmsg+0xa0/0xb0 [ 283.571938][T14946] do_syscall_64+0xf3/0x230 [ 283.571962][T14946] ? clear_bhb_loop+0x35/0x90 [ 283.571990][T14946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 283.572013][T14946] RIP: 0033:0x7f496ab8d169 [ 283.572028][T14946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 283.572043][T14946] RSP: 002b:00007f496b9bc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 283.572062][T14946] RAX: ffffffffffffffda RBX: 00007f496ada5fa0 RCX: 00007f496ab8d169 [ 283.572074][T14946] RDX: 0000000000000001 RSI: 00004000000017c0 RDI: 0000000000000003 [ 283.572085][T14946] RBP: 00007f496b9bc090 R08: 0000000000000000 R09: 0000000000000000 [ 283.572096][T14946] R10: 0000000004040880 R11: 0000000000000246 R12: 0000000000000001 [ 283.572107][T14946] R13: 0000000000000000 R14: 00007f496ada5fa0 R15: 00007ffd1c253b18 [ 283.572133][T14946] [ 283.586037][T14950] netlink: 'syz.1.2885': attribute type 29 has an invalid length. [ 283.758348][T14956] __nla_validate_parse: 13 callbacks suppressed [ 283.758368][T14956] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2885'. [ 283.794863][T14954] netlink: 'syz.1.2885': attribute type 29 has an invalid length. [ 283.867862][ T5147] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 283.877779][ T5147] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 283.890984][ T5147] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 283.914785][ T5147] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 283.922443][ T5147] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 283.929968][ T5147] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 283.965117][T14950] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2885'. [ 283.975216][T14960] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2887'. [ 284.001994][T14950] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2885'. [ 284.027735][T14960] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2887'. [ 284.300011][T14951] wg1 speed is unknown, defaulting to 1000 [ 284.900432][T14991] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2894'. [ 284.999512][T15002] xt_CT: You must specify a L4 protocol and not use inversions on it [ 285.049006][ T3572] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.102480][T14951] chnl_net:caif_netlink_parms(): no params data found [ 285.232909][T15018] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 285.236680][ T3572] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.358847][ T3572] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.453126][ T3572] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.467187][T15035] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2903'. [ 285.500239][T14951] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.507533][T14951] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.522406][T14951] bridge_slave_0: entered allmulticast mode [ 285.530223][T14951] bridge_slave_0: entered promiscuous mode [ 285.546185][T14951] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.553467][T14951] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.561043][T14951] bridge_slave_1: entered allmulticast mode [ 285.571170][T14951] bridge_slave_1: entered promiscuous mode [ 285.608495][T14951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 285.628780][T14951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 285.743927][T14951] team0: Port device team_slave_0 added [ 285.954814][ T3572] erspan0 (unregistering): left promiscuous mode [ 285.975352][ T3572] gretap0 (unregistering): left promiscuous mode [ 286.066905][ T5842] Bluetooth: hci3: command tx timeout [ 286.251661][ T3572] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 286.268799][ T3572] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 286.278772][T15057] netlink: 'syz.4.2912': attribute type 1 has an invalid length. [ 286.290371][ T3572] bond0 (unregistering): Released all slaves [ 286.309991][T14951] team0: Port device team_slave_1 added [ 286.337643][T15053] tc_dump_action: action bad kind [ 286.492739][T14951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 286.506114][T14951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 286.551124][T14951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 286.579804][T15070] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2916'. [ 286.582522][T14951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 286.610659][T14951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 286.688875][T14951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 286.769235][T15081] xt_CT: No such helper "pptp" [ 287.002693][T14951] hsr_slave_0: entered promiscuous mode [ 287.029156][T14951] hsr_slave_1: entered promiscuous mode [ 287.045747][T14951] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 287.086771][T14951] Cannot create hsr debugfs directory [ 287.148879][T15112] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2922'. [ 287.185874][T15112] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2922'. [ 287.521970][T15097] wg1 speed is unknown, defaulting to 1000 [ 288.144912][ T5842] Bluetooth: hci3: command tx timeout [ 288.281070][T15145] net_ratelimit: 40 callbacks suppressed [ 288.281091][T15145] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 288.296264][ T3572] hsr_slave_0: left promiscuous mode [ 288.312341][ T3572] batman_adv: batadv0: Interface deactivated: dummy0 [ 288.321758][ T3572] batman_adv: batadv0: Removing interface: dummy0 [ 288.344904][ T3572] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 288.367729][ T3572] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 288.413733][ T3572] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 288.498008][ T3572] hsr_slave_1: left allmulticast mode [ 288.516082][ T3572] hsr_slave_1: left promiscuous mode [ 288.521622][ T3572] veth1_macvtap: left promiscuous mode [ 288.547763][ T3572] veth0_macvtap: left promiscuous mode [ 289.507390][T15186] sch_fq: defrate 0 ignored. [ 289.524412][T15186] IPVS: length: 123 != 8 [ 289.646131][T14951] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 289.692509][T15192] batadv0: entered promiscuous mode [ 289.702669][T15192] macsec1: entered promiscuous mode [ 289.708637][T15192] macsec1: entered allmulticast mode [ 289.718334][T15192] batadv0: entered allmulticast mode [ 289.734267][T14951] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 289.768610][T14951] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 289.798753][T15202] __nla_validate_parse: 1 callbacks suppressed [ 289.798768][T15202] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2940'. [ 289.837120][T15202] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2940'. [ 289.850585][T15206] netlink: 'syz.1.2942': attribute type 10 has an invalid length. [ 289.870163][T15202] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2940'. [ 289.874685][T15206] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2942'. [ 289.901495][T14951] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 289.915243][ T3572] IPVS: stop unused estimator thread 0... [ 289.962183][T15206] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 290.182074][T14951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 290.224658][ T5842] Bluetooth: hci3: command tx timeout [ 290.236138][T15219] netlink: 'syz.2.2946': attribute type 4 has an invalid length. [ 290.277565][T14951] 8021q: adding VLAN 0 to HW filter on device team0 [ 290.407967][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.415142][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 290.461995][T15234] IPVS: length: 136 != 8 [ 290.521438][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.528624][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 290.808155][T15253] netlink: 160 bytes leftover after parsing attributes in process `syz.4.2955'. [ 291.007978][T15263] SET target dimension over the limit! [ 291.057542][T14951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 291.088382][T15263] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2957'. [ 291.124412][T15263] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2957'. [ 291.166729][T14951] veth0_vlan: entered promiscuous mode [ 291.232660][T14951] veth1_vlan: entered promiscuous mode [ 291.300100][T14951] veth0_macvtap: entered promiscuous mode [ 291.330107][T14951] veth1_macvtap: entered promiscuous mode [ 291.483677][T14951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 291.573913][T14951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 291.612954][T14951] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.643432][T14951] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.674362][T14951] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.691436][T14951] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.739535][T15296] batadv_slave_1: default FDB implementation only supports local addresses [ 291.904994][T15306] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 291.910922][ T1160] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 291.952340][T15306] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 291.964429][ T1160] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 292.071633][ T1160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 292.103157][ T1160] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 292.304958][ T5842] Bluetooth: hci3: command tx timeout [ 292.335628][T15323] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2970'. [ 292.589812][T15334] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2973'. [ 293.019430][T15346] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2977'. [ 293.208638][T15358] netlink: 'syz.0.2980': attribute type 10 has an invalid length. [ 293.331935][T15358] team0: Port device netdevsim0 added [ 293.411902][T15367] xt_cgroup: invalid path, errno=-2 [ 293.480570][ T3572] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.588525][ T5147] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 293.609874][ T5147] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 293.630002][ T5147] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 293.647976][ T5147] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 293.663347][ T5147] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 293.672543][ T5147] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 293.740236][ T3572] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.839420][T15346] wg1 speed is unknown, defaulting to 1000 [ 293.982547][ T3572] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.047527][T15397] bridge_slave_1: left allmulticast mode [ 294.053200][T15397] bridge_slave_1: left promiscuous mode [ 294.079376][T15397] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.115866][T15397] bridge_slave_0: left allmulticast mode [ 294.141908][T15397] bridge_slave_0: left promiscuous mode [ 294.152171][T15397] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.354191][ T3572] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.700009][T15375] wg1 speed is unknown, defaulting to 1000 [ 295.744923][ T5842] Bluetooth: hci4: command tx timeout [ 295.842837][ T3572] bond0 (unregistering): (slave bond1): Releasing backup interface [ 295.851614][ T3572] bond0 (unregistering): Released all slaves [ 295.943495][ T3572] bond1 (unregistering): Released all slaves [ 295.954261][ T3572] bond2 (unregistering): Released all slaves [ 296.207153][ T3572] tipc: Disabling bearer [ 296.218830][T15465] __nla_validate_parse: 6 callbacks suppressed [ 296.218847][T15465] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2999'. [ 296.241954][ T3572] tipc: Disabling bearer [ 296.251657][ T3572] tipc: Left network mode [ 296.268822][T15463] sctp: [Deprecated]: syz.0.3001 (pid 15463) Use of int in maxseg socket option. [ 296.268822][T15463] Use struct sctp_assoc_value instead [ 296.684689][T15491] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3004'. [ 296.743211][T15375] chnl_net:caif_netlink_parms(): no params data found [ 296.802792][T15499] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3005'. [ 296.840593][T15499] bond0: entered promiscuous mode [ 296.846107][T15499] 8021q: adding VLAN 0 to HW filter on device bond0 [ 297.006208][T15507] netlink: 'syz.0.3006': attribute type 32 has an invalid length. [ 297.062798][T15507] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3006'. [ 297.120528][T15507] (unnamed net_device) (uninitialized): option coupled_control: invalid value (52) [ 297.165502][T15515] lo: entered promiscuous mode [ 297.170371][T15515] netlink: 'syz.2.3007': attribute type 2 has an invalid length. [ 297.214832][T15515] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 297.230363][T15509] netlink: 'syz.2.3007': attribute type 2 has an invalid length. [ 297.242016][T15509] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 297.303499][T15518] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3008'. [ 297.390261][T15511] netlink: 'syz.1.3008': attribute type 64 has an invalid length. [ 297.398406][T15511] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3008'. [ 297.512519][ T3572] hsr_slave_0: left promiscuous mode [ 297.556573][ T3572] hsr_slave_1: left promiscuous mode [ 297.591641][ T3572] macsec0: left allmulticast mode [ 297.602079][ T3572] veth1_macvtap: left allmulticast mode [ 297.609999][ T3572] veth1_macvtap: left promiscuous mode [ 297.622005][ T3572] veth0_macvtap: left promiscuous mode [ 297.632844][ T3572] veth1_vlan: left promiscuous mode [ 297.653815][ T3572] veth0_vlan: left promiscuous mode [ 297.730667][T15536] sctp: [Deprecated]: syz.2.3012 (pid 15536) Use of int in maxseg socket option. [ 297.730667][T15536] Use struct sctp_assoc_value instead [ 297.824569][ T5842] Bluetooth: hci4: command tx timeout [ 297.891467][T15548] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3013'. [ 297.978526][T15553] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3015'. [ 298.553875][T15375] bridge0: port 1(bridge_slave_0) entered blocking state [ 298.563636][T15375] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.571520][T15375] bridge_slave_0: entered allmulticast mode [ 298.578448][T15375] bridge_slave_0: entered promiscuous mode [ 298.589364][T15375] bridge0: port 2(bridge_slave_1) entered blocking state [ 298.603436][T15375] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.611182][T15375] bridge_slave_1: entered allmulticast mode [ 298.618510][T15375] bridge_slave_1: entered promiscuous mode [ 298.742562][T15564] netlink: 'syz.1.3017': attribute type 1 has an invalid length. [ 298.751275][T15564] netlink: 196 bytes leftover after parsing attributes in process `syz.1.3017'. [ 298.763034][T15567] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3016'. [ 298.765180][T15564] netlink: 'syz.1.3017': attribute type 1 has an invalid length. [ 299.243764][T15574] bond0 (unregistering): Released all slaves [ 299.277637][T15375] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 299.303678][T15375] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 299.430724][T15375] team0: Port device team_slave_0 added [ 299.458703][T15375] team0: Port device team_slave_1 added [ 299.538653][T15375] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 299.554554][T15375] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 299.624564][T15375] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 299.646250][T15603] 0ªî{X¹¦: renamed from gretap0 (while UP) [ 299.656154][T15603] 0ªî{X¹¦: entered allmulticast mode [ 299.670445][T15603] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 299.714959][T15596] 0ªî{X¹¦: left allmulticast mode [ 299.761773][T15598] gre1: entered promiscuous mode [ 299.784111][T15598] gre1: entered allmulticast mode [ 299.815208][T15375] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 299.829013][T15375] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 299.872197][T15375] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 299.904586][ T5842] Bluetooth: hci4: command tx timeout [ 299.984159][T15592] wg1 speed is unknown, defaulting to 1000 [ 300.161058][T15375] hsr_slave_0: entered promiscuous mode [ 300.193572][T15375] hsr_slave_1: entered promiscuous mode [ 300.245213][T15375] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 300.252805][T15375] Cannot create hsr debugfs directory [ 300.277689][T15628] netlink: 'syz.1.3030': attribute type 10 has an invalid length. [ 300.485550][ T3003] tipc: Subscription rejected, illegal request [ 301.340404][T15679] __nla_validate_parse: 6 callbacks suppressed [ 301.340424][T15679] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3044'. [ 301.512869][T15375] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 301.535708][T15689] xt_ipcomp: unknown flags B [ 301.555950][T15375] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 301.591409][T15375] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 301.613383][T15375] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 301.674701][T15694] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3046'. [ 301.847597][T15703] netlink: 96 bytes leftover after parsing attributes in process `syz.4.3048'. [ 301.878651][T15703] 8021q: VLANs not supported on ip6_vti0 [ 301.897656][T15375] 8021q: adding VLAN 0 to HW filter on device bond0 [ 301.967520][T15375] 8021q: adding VLAN 0 to HW filter on device team0 [ 301.994638][ T5842] Bluetooth: hci4: command tx timeout [ 302.027970][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 302.035102][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 302.102900][T15713] tipc: Enabling of bearer rejected, failed to enable media [ 302.221781][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 302.230047][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 302.332870][T15710] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3050'. [ 302.460377][T15744] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3055'. [ 302.485433][T15745] netlink: 228 bytes leftover after parsing attributes in process `syz.4.3056'. [ 302.551092][T15745] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3056'. [ 302.761498][T15375] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 302.828813][T15375] veth0_vlan: entered promiscuous mode [ 302.878096][T15375] veth1_vlan: entered promiscuous mode [ 302.968693][T15375] veth0_macvtap: entered promiscuous mode [ 302.985360][T15375] veth1_macvtap: entered promiscuous mode [ 303.009496][T15771] netlink: 'syz.0.3060': attribute type 4 has an invalid length. [ 303.037579][T15375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 303.060333][T15375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.090893][T15375] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 303.162817][T15375] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 303.222245][T15375] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 303.245513][T15375] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 303.291082][T15375] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 303.324694][T15375] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 303.340582][T15375] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 303.359491][T15375] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 303.586078][ T3003] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 303.593926][ T3003] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 303.681161][ T2919] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 303.694447][ T2919] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 303.815546][T15817] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x2 [ 303.822119][T15817] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x2 [ 304.525175][T15849] IPVS: sync thread started: state = MASTER, mcast_ifn = vcan0, syncid = 2, id = 0 [ 304.604827][T15841] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3068'. [ 304.904836][T15855] xt_l2tp: v2 doesn't support IP mode [ 304.972076][T15860] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3074'. [ 305.008071][T15862] netlink: 'syz.1.3076': attribute type 29 has an invalid length. [ 305.032712][T15863] netlink: 'syz.1.3076': attribute type 29 has an invalid length. [ 305.131222][ T5147] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 305.148704][ T5147] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 305.157450][ T5147] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 305.174762][ T5147] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 305.183290][ T5147] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 305.191675][ T5147] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 305.314473][T15867] wg1 speed is unknown, defaulting to 1000 [ 305.438328][T15881] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3082'. [ 305.678097][T15875] wg1 speed is unknown, defaulting to 1000 [ 305.947401][T15896] C: renamed from lo (while UP) [ 305.956082][T15896] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 306.093735][T15867] chnl_net:caif_netlink_parms(): no params data found [ 306.386827][T15921] __nla_validate_parse: 5 callbacks suppressed [ 306.386845][T15921] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3094'. [ 306.597450][T15925] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3096'. [ 306.617273][T15925] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3096'. [ 306.634031][T15867] bridge0: port 1(bridge_slave_0) entered blocking state [ 306.650718][T15867] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.658357][T15867] bridge_slave_0: entered allmulticast mode [ 306.667670][T15867] bridge_slave_0: entered promiscuous mode [ 306.721427][T15867] bridge0: port 2(bridge_slave_1) entered blocking state [ 306.750826][T15867] bridge0: port 2(bridge_slave_1) entered disabled state [ 306.774857][T15867] bridge_slave_1: entered allmulticast mode [ 306.781845][T15867] bridge_slave_1: entered promiscuous mode [ 306.857759][T15867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 306.890553][T15938] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3099'. [ 306.896351][T15867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 307.127519][T15867] team0: Port device team_slave_0 added [ 307.133999][T15946] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3104'. [ 307.147224][T15867] team0: Port device team_slave_1 added [ 307.216963][T15867] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 307.231788][T15867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.259994][T15867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 307.271681][ T5842] Bluetooth: hci2: command tx timeout [ 307.306970][T15867] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 307.313914][T15867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.341433][T15867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 307.401397][T15953] sit0: entered promiscuous mode [ 307.428047][T15953] netlink: 'syz.0.3107': attribute type 1 has an invalid length. [ 307.534327][T15953] netlink: 1 bytes leftover after parsing attributes in process `syz.0.3107'. [ 307.612124][T15964] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3108'. [ 307.628933][T15953] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3107'. [ 307.632227][T15867] hsr_slave_0: entered promiscuous mode [ 307.651728][T15867] hsr_slave_1: entered promiscuous mode [ 307.659129][T15867] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 307.670470][T15867] Cannot create hsr debugfs directory [ 307.986590][T15867] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 308.000014][T15867] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.074953][T15867] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 308.102305][T15867] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.205197][T15867] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 308.215255][T15867] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.273135][T15867] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 308.286100][T15867] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.446523][T15999] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3120'. [ 308.523203][T15867] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 308.560304][T15867] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 308.611003][T16006] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3121'. [ 308.620927][T15867] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 308.652330][T15867] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 308.818789][T15867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 308.842789][T16019] Bluetooth: hci0: Opcode 0x0401 failed: -22 [ 308.868025][T15867] 8021q: adding VLAN 0 to HW filter on device team0 [ 308.900738][ T3572] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.907879][ T3572] bridge0: port 1(bridge_slave_0) entered forwarding state [ 308.978535][ T3003] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.985672][ T3003] bridge0: port 2(bridge_slave_1) entered forwarding state [ 309.344767][ T5842] Bluetooth: hci2: command tx timeout [ 309.390243][T15867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 309.467252][T15867] veth0_vlan: entered promiscuous mode [ 309.490847][T15867] veth1_vlan: entered promiscuous mode [ 309.552649][T15867] veth0_macvtap: entered promiscuous mode [ 309.572314][T15867] veth1_macvtap: entered promiscuous mode [ 309.609277][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 309.640112][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.661319][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 309.680311][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.703023][T15867] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 309.732262][T16066] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 309.785461][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 309.817380][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.828889][T15867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 309.840901][T15867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.852188][T15867] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 309.889175][T15867] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.900177][T15867] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.924799][T15867] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.933515][T15867] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.064116][ T3572] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 310.082703][ T3572] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 310.143152][ T1160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 310.161227][ T1160] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 310.865097][ T5842] Bluetooth: hci0: command tx timeout [ 310.950154][T16127] bridge0: the hash_elasticity option has been deprecated and is always 16 [ 311.095678][T16132] tipc: Enabling of bearer rejected, failed to enable media [ 311.146779][ T5147] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 311.167762][ T5147] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 311.177748][ T5147] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 311.189106][ T5147] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 311.201016][ T5147] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 311.208538][ T5147] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 311.359048][T16145] IPVS: set_ctl: invalid protocol: 108 172.30.0.4:20002 [ 311.434693][ T5842] Bluetooth: hci2: command tx timeout [ 311.612149][ T2919] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.644295][T16156] __nla_validate_parse: 6 callbacks suppressed [ 311.644310][T16156] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3163'. [ 311.685265][T16136] wg1 speed is unknown, defaulting to 1000 [ 311.704254][ T2919] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.865495][ T2919] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.992174][T16172] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3168'. [ 312.107689][ T2919] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.162048][T16183] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3171'. [ 312.472166][ T8] wg1 speed is unknown, defaulting to 1000 [ 312.812002][T16219] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3177'. [ 312.836932][T16219] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 312.936933][T16222] netlink: 'syz.1.3178': attribute type 1 has an invalid length. [ 313.149875][ T2919] bond1 (unregistering): Released all slaves [ 313.246783][ T2919] bond2 (unregistering): Released all slaves [ 313.274877][ T5842] Bluetooth: hci5: command tx timeout [ 313.344261][ T2919] bond0 (unregistering): Released all slaves [ 313.357300][ T2919] bond3 (unregistering): Released all slaves [ 313.370466][ T2919] bond4 (unregistering): Released all slaves [ 313.388340][ T8] wg1 speed is unknown, defaulting to 1000 [ 313.514635][ T5842] Bluetooth: hci2: command tx timeout [ 313.538392][T16136] chnl_net:caif_netlink_parms(): no params data found [ 313.677872][T16237] set match dimension is over the limit! [ 314.220797][T16136] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.265417][T16136] bridge0: port 1(bridge_slave_0) entered disabled state [ 314.285863][T16136] bridge_slave_0: entered allmulticast mode [ 314.292626][T16136] bridge_slave_0: entered promiscuous mode [ 314.346218][T16136] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.354276][T16136] bridge0: port 2(bridge_slave_1) entered disabled state [ 314.386968][T16136] bridge_slave_1: entered allmulticast mode [ 314.397060][T16136] bridge_slave_1: entered promiscuous mode [ 314.425189][T16276] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 314.563773][T16289] netlink: 'syz.0.3192': attribute type 178 has an invalid length. [ 314.612227][T16136] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 314.671339][T16136] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 314.694304][T16293] Cannot find map_set index 0 as target [ 314.868771][T16302] netlink: 14 bytes leftover after parsing attributes in process `syz.1.3196'. [ 314.950089][ T2919] hsr_slave_0: left promiscuous mode [ 314.983951][ T2919] hsr_slave_1: left promiscuous mode [ 315.008289][ T2919] veth1_macvtap: left promiscuous mode [ 315.013884][ T2919] veth1_vlan: left promiscuous mode [ 315.021111][ T2919] veth0_vlan: left promiscuous mode [ 315.345634][ T5842] Bluetooth: hci5: command tx timeout [ 315.609883][ T12] smc: removing ib device syz0 [ 315.772139][T16136] team0: Port device team_slave_0 added [ 315.801061][T16136] team0: Port device team_slave_1 added [ 315.983221][T16322] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3202'. [ 316.025424][T16327] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3203'. [ 316.045013][T16322] gretap0: entered allmulticast mode [ 316.103204][T16322] batman_adv: batadv0: Adding interface: gretap0 [ 316.115152][T16322] batman_adv: batadv0: The MTU of interface gretap0 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 316.167621][T16322] batman_adv: batadv0: Not using interface gretap0 (retrying later): interface not active [ 316.345676][T16338] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3205'. [ 316.406229][T16334] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3205'. [ 316.440368][T16334] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3205'. [ 316.542556][T16136] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 316.573081][T16136] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 316.622893][T16136] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 316.719280][T16136] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 316.739044][T16136] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 316.813852][T16136] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 317.129123][T16136] hsr_slave_0: entered promiscuous mode [ 317.158471][T16136] hsr_slave_1: entered promiscuous mode [ 317.191869][T16136] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 317.223103][T16136] Cannot create hsr debugfs directory [ 317.234293][T16375] __nla_validate_parse: 1 callbacks suppressed [ 317.234308][T16375] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3211'. [ 317.268603][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 317.272897][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.311874][T16378] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3211'. [ 317.427562][ T5842] Bluetooth: hci5: command tx timeout [ 317.664173][T16391] tipc: Enabling of bearer rejected, failed to enable media [ 317.703177][T16397] netlink: 168 bytes leftover after parsing attributes in process `syz.1.3216'. [ 317.853970][ T2919] IPVS: stop unused estimator thread 0... [ 317.882829][T16401] netlink: 'syz.3.3220': attribute type 21 has an invalid length. [ 317.934619][T16401] IPv6: NLM_F_CREATE should be specified when creating new route [ 317.977852][T16401] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 317.985142][T16401] IPv6: NLM_F_CREATE should be set when creating new route [ 317.992383][T16401] IPv6: NLM_F_CREATE should be set when creating new route [ 317.999647][T16401] IPv6: NLM_F_CREATE should be set when creating new route [ 318.619630][T16136] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 318.650249][T16136] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 318.682150][T16136] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 318.707845][T16136] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 318.891749][T16136] 8021q: adding VLAN 0 to HW filter on device bond0 [ 318.901672][T16449] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3230'. [ 318.942847][T16136] 8021q: adding VLAN 0 to HW filter on device team0 [ 318.971846][T16449] hsr0: entered allmulticast mode [ 318.978247][T16453] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3231'. [ 318.987801][T16449] hsr_slave_0: entered allmulticast mode [ 318.993470][T16449] hsr_slave_1: entered allmulticast mode [ 319.000622][T16453] netlink: 80 bytes leftover after parsing attributes in process `syz.1.3231'. [ 319.031219][T16458] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3230'. [ 319.042691][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 319.049830][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 319.237693][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 319.244837][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 319.504774][ T5842] Bluetooth: hci5: command tx timeout [ 319.626507][T16483] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3239'. [ 319.654921][T16488] netlink: 'syz.3.3240': attribute type 1 has an invalid length. [ 319.682838][T16488] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3240'. [ 319.888531][T16503] netlink: 5560 bytes leftover after parsing attributes in process `syz.0.3243'. [ 319.911453][T16136] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 320.002807][T16494] netlink: 'syz.3.3240': attribute type 1 has an invalid length. [ 320.403379][T16136] veth0_vlan: entered promiscuous mode [ 320.551703][T16532] netlink: 'syz.0.3250': attribute type 21 has an invalid length. [ 320.603643][T16136] veth1_vlan: entered promiscuous mode [ 320.660554][T16136] veth0_macvtap: entered promiscuous mode [ 320.702435][T16136] veth1_macvtap: entered promiscuous mode [ 320.765514][T16136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.802257][T16136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.816278][T16136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.827253][T16136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.863792][T16136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.880357][T16136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.902545][T16136] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 320.919659][T16543] tc_dump_action: action bad kind [ 320.936639][T16136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 320.964530][T16136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.004763][T16136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 321.044594][T16136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.073531][T16136] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 321.104461][T16136] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.125825][T16136] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 321.167805][T16136] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.210238][T16136] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.239933][T16136] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.248866][T16136] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.548527][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 321.576206][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 321.590496][T16572] dccp_close: ABORT with 143 bytes unread [ 321.850484][ T1160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 321.893917][ T1160] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 321.983956][T16599] Unsupported ieee802154 address type: 0 [ 322.044219][T16606] netlink: 'syz.1.3266': attribute type 1 has an invalid length. [ 322.095032][T16606] syz.1.3266: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 322.157564][T16606] CPU: 1 UID: 0 PID: 16606 Comm: syz.1.3266 Not tainted 6.14.0-rc5-syzkaller-00181-g2409fa66e29a #0 [ 322.157591][T16606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 322.157603][T16606] Call Trace: [ 322.157611][T16606] [ 322.157620][T16606] dump_stack_lvl+0x241/0x360 [ 322.157648][T16606] ? __pfx_dump_stack_lvl+0x10/0x10 [ 322.157667][T16606] ? __pfx__printk+0x10/0x10 [ 322.157690][T16606] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 322.157715][T16606] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 322.157759][T16606] warn_alloc+0x278/0x410 [ 322.157793][T16606] ? __vmalloc_node_range_noprof+0x106/0x1380 [ 322.157824][T16606] ? __pfx_warn_alloc+0x10/0x10 [ 322.157843][T16606] ? kasan_save_track+0x3f/0x80 [ 322.157868][T16606] ? __kasan_kmalloc+0x98/0xb0 [ 322.157890][T16606] ? xsk_setsockopt+0x4aa/0x810 [ 322.157907][T16606] ? do_sock_setsockopt+0x3af/0x720 [ 322.157936][T16606] ? __x64_sys_setsockopt+0x1ee/0x280 [ 322.157963][T16606] ? do_syscall_64+0xf3/0x230 [ 322.157987][T16606] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.158019][T16606] __vmalloc_node_range_noprof+0x126/0x1380 [ 322.158076][T16606] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 322.158110][T16606] ? __kasan_kmalloc+0x98/0xb0 [ 322.158136][T16606] vmalloc_user_noprof+0x74/0x80 [ 322.158154][T16606] ? xskq_create+0xb6/0x170 [ 322.158172][T16606] xskq_create+0xb6/0x170 [ 322.158195][T16606] xsk_init_queue+0xa1/0x100 [ 322.158216][T16606] xsk_setsockopt+0x4aa/0x810 [ 322.158237][T16606] ? __pfx_xsk_setsockopt+0x10/0x10 [ 322.158255][T16606] ? __pfx_aa_sk_perm+0x10/0x10 [ 322.158281][T16606] ? aa_sock_opt_perm+0x79/0x120 [ 322.158311][T16606] ? __pfx_xsk_setsockopt+0x10/0x10 [ 322.158327][T16606] do_sock_setsockopt+0x3af/0x720 [ 322.158360][T16606] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 322.158393][T16606] ? __fget_files+0x395/0x410 [ 322.158418][T16606] ? __fget_files+0x2a/0x410 [ 322.158451][T16606] __x64_sys_setsockopt+0x1ee/0x280 [ 322.158487][T16606] do_syscall_64+0xf3/0x230 [ 322.158512][T16606] ? clear_bhb_loop+0x35/0x90 [ 322.158541][T16606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.158565][T16606] RIP: 0033:0x7fc2db98d169 [ 322.158581][T16606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.158596][T16606] RSP: 002b:00007fc2dc7e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 322.158631][T16606] RAX: ffffffffffffffda RBX: 00007fc2dbba6080 RCX: 00007fc2db98d169 [ 322.158644][T16606] RDX: 0000000000000006 RSI: 000000000000011b RDI: 000000000000000b [ 322.158656][T16606] RBP: 00007fc2dba0e2a0 R08: 0000000000000004 R09: 0000000000000000 [ 322.158668][T16606] R10: 0000400000000000 R11: 0000000000000246 R12: 0000000000000000 [ 322.158679][T16606] R13: 0000000000000000 R14: 00007fc2dbba6080 R15: 00007ffdee077a68 [ 322.158708][T16606] [ 322.158725][T16606] Mem-Info: [ 322.490043][T16606] active_anon:5408 inactive_anon:0 isolated_anon:0 [ 322.490043][T16606] active_file:1660 inactive_file:38408 isolated_file:0 [ 322.490043][T16606] unevictable:768 dirty:71 writeback:0 [ 322.490043][T16606] slab_reclaimable:10853 slab_unreclaimable:107781 [ 322.490043][T16606] mapped:30023 shmem:1442 pagetables:921 [ 322.490043][T16606] sec_pagetables:0 bounce:0 [ 322.490043][T16606] kernel_misc_reclaimable:0 [ 322.490043][T16606] free:1334785 free_pcp:607 free_cma:0 [ 322.516775][T16624] Cannot find set identified by id 0 to match [ 322.555593][T16606] Node 0 active_anon:21732kB inactive_anon:0kB active_file:6640kB inactive_file:153556kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120092kB dirty:284kB writeback:0kB shmem:4232kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11536kB pagetables:3684kB sec_pagetables:0kB all_unreclaimable? no [ 322.641637][T16606] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 322.784466][T16606] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 322.795027][T16638] __nla_validate_parse: 6 callbacks suppressed [ 322.795044][T16638] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3273'. [ 322.840035][T16606] lowmem_reserve[]: 0 2490 2490 0 0 [ 322.930724][T16641] 8021q: adding VLAN 0 to HW filter on device bond0 [ 322.935345][T16606] Node 0 DMA32 free:1412956kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:21992kB inactive_anon:0kB active_file:6640kB inactive_file:153244kB unevictable:1536kB writepending:284kB present:3129332kB managed:2549852kB mlocked:0kB bounce:0kB free_pcp:2792kB local_pcp:952kB free_cma:0kB [ 323.003586][T16606] lowmem_reserve[]: 0 0 0 0 0 [ 323.012594][T16606] Node 0 Normal free:4kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:312kB unevictable:0kB writepending:0kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 323.061317][T16606] lowmem_reserve[]: 0 0 0 0 0 [ 323.109026][T16606] Node 1 Normal free:3909672kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 323.181747][T16606] lowmem_reserve[]: 0 0 0 0 0 [ 323.193026][T16653] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3278'. [ 323.193028][T16652] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3278'. [ 323.193847][T16606] Node 0 [ 323.210819][T16658] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3280'. [ 323.226509][T16658] netlink: 2 bytes leftover after parsing attributes in process `syz.0.3280'. [ 323.240111][T16652] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3278'. [ 323.254369][T16606] DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 323.273168][T16606] Node 0 DMA32: 246*4kB (UE) 276*8kB (UE) 185*16kB (UM) 177*32kB (ME) 68*64kB (UME) 50*128kB (UME) 29*256kB (UM) 21*512kB (UM) 6*1024kB (UM) 4*2048kB (M) 331*4096kB (ME) = 1410856kB [ 323.352652][T16606] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 323.412404][T16666] openvswitch: netlink: nsh attr 0 has unexpected len 188 expected 0 [ 323.421268][T16606] Node 1 Normal: 234*4kB (U) 66*8kB (UME) 41*16kB (UME) 225*32kB (UME) 93*64kB (UME) 19*128kB (UME) 13*256kB (UME) 7*512kB (UM) 4*1024kB (UME) 3*2048kB (UE) 946*4096kB (M) = 3909672kB [ 323.444614][T16666] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 323.494194][T16606] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 323.525437][T16606] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 323.548630][T16606] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 323.592603][T16606] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 323.632703][T16606] 41511 total pagecache pages [ 323.648929][T16606] 0 pages in swap cache [ 323.657999][T16606] Free swap = 124996kB [ 323.662195][T16606] Total swap = 124996kB [ 323.679313][T16606] 2097051 pages RAM [ 323.683147][T16606] 0 pages HighMem/MovableOnly [ 323.704803][T16606] 427866 pages reserved [ 323.709122][T16606] 0 pages cma reserved [ 323.798140][ C1] vcan0: j1939_tp_rxtimer: 0xffff888062de5800: rx timeout, send abort [ 324.306466][ C1] vcan0: j1939_tp_rxtimer: 0xffff888062de5800: abort rx timeout. Force session deactivation [ 324.319122][T16704] netlink: 'syz.0.3289': attribute type 4 has an invalid length. [ 324.415451][T16705] netlink: 'syz.0.3289': attribute type 4 has an invalid length. [ 324.606466][ T5147] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 324.631255][ T5147] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 324.642486][ T5147] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 324.653995][ T5147] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 324.671585][ T5147] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 324.691778][ T5147] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 324.805240][T16715] netlink: 'syz.4.3293': attribute type 21 has an invalid length. [ 324.914686][ T1160] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.081203][ T1160] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.163136][T16741] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 325.340263][ T1160] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.404342][T16750] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3298'. [ 325.519393][ T1160] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.084828][T16718] chnl_net:caif_netlink_parms(): no params data found [ 326.610576][ T1160] erspan0 (unregistering): left promiscuous mode [ 326.667250][ T1160] dvmrp0 (unregistering): left allmulticast mode [ 326.784749][ T5842] Bluetooth: hci0: command tx timeout [ 327.179683][ T1160] bond1 (unregistering): Released all slaves [ 327.206488][T16794] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3308'. [ 327.238378][T16816] pim6reg: entered allmulticast mode [ 327.243994][T16818] pim6reg: left allmulticast mode [ 327.318932][T16820] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3313'. [ 327.363389][T16836] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3314'. [ 327.396052][T16836] netlink: 'syz.2.3314': attribute type 3 has an invalid length. [ 327.754922][T16718] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.762049][T16718] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.805957][T16718] bridge_slave_0: entered allmulticast mode [ 327.833188][T16718] bridge_slave_0: entered promiscuous mode [ 328.048959][T16718] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.074687][T16718] bridge0: port 2(bridge_slave_1) entered disabled state [ 328.081879][T16718] bridge_slave_1: entered allmulticast mode [ 328.112359][T16718] bridge_slave_1: entered promiscuous mode [ 328.125216][T16877] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3322'. [ 328.308716][T16718] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 328.533862][T16718] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 328.755023][ T1160] hsr_slave_0: left promiscuous mode [ 328.805567][ T1160] hsr_slave_1: left promiscuous mode [ 328.850277][ T1160] veth0_macvtap: left promiscuous mode [ 328.855975][ T1160] veth1_vlan: left promiscuous mode [ 328.861439][ T1160] veth0_vlan: left promiscuous mode [ 328.867057][ T5842] Bluetooth: hci0: command tx timeout [ 329.703514][T16718] team0: Port device team_slave_0 added [ 329.713532][T16909] netlink: 'syz.3.3328': attribute type 21 has an invalid length. [ 329.808138][T16718] team0: Port device team_slave_1 added [ 329.968035][T16718] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 329.997139][T16718] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 330.134821][T16718] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 330.172868][T16718] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 330.201009][T16718] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 330.302317][T16718] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 330.769905][T16968] team0 (unregistering): Port device team_slave_0 removed [ 330.808285][T16968] team0 (unregistering): Port device team_slave_1 removed [ 330.864860][T16718] hsr_slave_0: entered promiscuous mode [ 330.871483][T16718] hsr_slave_1: entered promiscuous mode [ 330.919980][T16977] tipc: Started in network mode [ 330.939951][T16977] tipc: Node identity , cluster identity 4711 [ 330.954844][ T5842] Bluetooth: hci0: command tx timeout [ 330.961076][T16977] tipc: Failed to set node id, please configure manually [ 330.970591][T16977] tipc: Enabling of bearer rejected, failed to enable media [ 331.018795][T16983] netlink: 108 bytes leftover after parsing attributes in process `syz.3.3345'. [ 331.073144][ T1160] IPVS: stop unused estimator thread 0... [ 331.226053][T16981] 8021q: adding VLAN 0 to HW filter on device bond0 [ 331.339067][T16995] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3349'. [ 331.767358][T17020] netlink: 'syz.3.3357': attribute type 32 has an invalid length. [ 331.786344][T17020] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3357'. [ 331.830499][T17020] (unnamed net_device) (uninitialized): option coupled_control: invalid value (52) [ 332.356337][T16718] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 332.409112][T16718] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 332.421541][T17045] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3365'. [ 332.447953][T17049] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3367'. [ 332.458162][T17049] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3367'. [ 332.471024][T16718] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 332.488328][T16718] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 332.511166][T17049] 8021q: VLANs not supported on tunl0 [ 332.708632][T16718] 8021q: adding VLAN 0 to HW filter on device bond0 [ 332.843275][T16718] 8021q: adding VLAN 0 to HW filter on device team0 [ 332.879588][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.886724][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.940773][ T2919] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.947898][ T2919] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.988371][T17075] netlink: 'syz.0.3374': attribute type 3 has an invalid length. [ 333.024770][ T5842] Bluetooth: hci0: command tx timeout [ 333.122948][T17079] ksmbd: Unknown IPC event: 4, ignore. [ 333.358157][T17092] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3378'. [ 333.691998][T16718] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 333.708232][T17113] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3381'. [ 333.837724][T17121] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3383'. [ 334.074339][T16718] veth0_vlan: entered promiscuous mode [ 334.134270][T17134] netlink: 1264 bytes leftover after parsing attributes in process `syz.0.3384'. [ 334.147912][T16718] veth1_vlan: entered promiscuous mode [ 334.345235][T16718] veth0_macvtap: entered promiscuous mode [ 334.457244][T16718] veth1_macvtap: entered promiscuous mode [ 334.556235][T16718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 334.577274][T16718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.594617][T16718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 334.617128][T16718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.651916][T16718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 334.669837][T16718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.680924][T16718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 334.698160][T16718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.711490][T16718] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 334.827051][T16718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 334.866471][T16718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.904638][T16718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 334.924592][T16718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.956145][T16718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 334.966942][T16718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.978358][T16718] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 334.989430][T16718] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.002313][T16718] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 335.044448][T16718] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.053948][T17178] IPVS: set_ctl: invalid protocol: 11612 172.20.20.187:20001 [ 335.076899][T16718] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.110420][T16718] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.120893][T16718] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.197707][T17184] netlink: 'syz.2.3401': attribute type 1 has an invalid length. [ 335.320440][ T2972] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.344694][ T2972] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.408628][ T2972] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.421689][ T2972] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.546858][T17199] syzkaller0: entered allmulticast mode [ 335.605513][T17198] syzkaller0: left allmulticast mode [ 335.646216][T17204] openvswitch: netlink: Key type 261 is out of range max 32 [ 335.943767][T17222] netlink: 108 bytes leftover after parsing attributes in process `syz.4.3415'. [ 335.949501][T17223] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3414'. [ 336.205763][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807e974c00: rx timeout, send abort [ 336.352202][T17253] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3422'. [ 336.395902][T17253] netlink: 'syz.1.3422': attribute type 30 has an invalid length. [ 336.427710][T17253] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 336.436554][T17253] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 336.445337][T17253] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 336.454039][T17253] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 336.585438][T17263] netlink: 'syz.2.3428': attribute type 1 has an invalid length. [ 336.603391][T17263] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3428'. [ 336.714071][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807e974c00: abort rx timeout. Force session deactivation [ 336.982052][T17287] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3435'. [ 337.122651][T17299] netlink: 165 bytes leftover after parsing attributes in process `syz.0.3442'. [ 338.471447][T17383] wlan0: mtu less than device minimum [ 338.490745][ C0] vcan0: j1939_tp_rxtimer: 0xffff888030737c00: rx timeout, send abort [ 338.595739][T17387] IPVS: Unknown mcast interface: vcan0 [ 338.615257][T17387] __nla_validate_parse: 3 callbacks suppressed [ 338.615273][T17387] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3476'. [ 338.643035][T17387] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3476'. [ 338.674926][T17390] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3476'. [ 338.822035][T17399] netlink: 'syz.3.3480': attribute type 1 has an invalid length. [ 338.832620][T17399] netlink: 'syz.3.3480': attribute type 11 has an invalid length. [ 338.840677][T17399] netlink: 220 bytes leftover after parsing attributes in process `syz.3.3480'. [ 338.999017][ C0] vcan0: j1939_tp_rxtimer: 0xffff888030737c00: abort rx timeout. Force session deactivation [ 339.420676][T17422] netlink: 5 bytes leftover after parsing attributes in process `syz.2.3485'. [ 339.445880][T17422] 0ªÃøÂFNð¡: renamed from bond_slave_0 (while UP) [ 339.491854][T17422] 0ªÃøÂFNð¡: entered allmulticast mode [ 339.540326][T17422] x_tables: arp_tables: MARK.2 target: invalid size 8 (kernel) != (user) 0 [ 339.560317][T17429] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.567625][T17429] bridge0: port 1(bridge_slave_0) entered forwarding state [ 340.155523][T17462] sctp: [Deprecated]: syz.0.3497 (pid 17462) Use of struct sctp_assoc_value in delayed_ack socket option. [ 340.155523][T17462] Use struct sctp_sack_info instead [ 340.215214][T17462] vcan0: tx drop: invalid da for name 0x0000000000000002 [ 340.252027][T17470] FAULT_INJECTION: forcing a failure. [ 340.252027][T17470] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 340.263877][T17462] vcan0: tx drop: invalid da for name 0x0000000000000002 [ 340.328464][T17470] CPU: 0 UID: 0 PID: 17470 Comm: syz.2.3498 Not tainted 6.14.0-rc5-syzkaller-00181-g2409fa66e29a #0 [ 340.328491][T17470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 340.328503][T17470] Call Trace: [ 340.328511][T17470] [ 340.328519][T17470] dump_stack_lvl+0x241/0x360 [ 340.328548][T17470] ? __pfx_dump_stack_lvl+0x10/0x10 [ 340.328576][T17470] ? __pfx__printk+0x10/0x10 [ 340.328601][T17470] ? snprintf+0xda/0x120 [ 340.328625][T17470] should_fail_ex+0x40a/0x550 [ 340.328659][T17470] _copy_to_user+0x31/0xb0 [ 340.328686][T17470] simple_read_from_buffer+0xca/0x150 [ 340.328714][T17470] proc_fail_nth_read+0x1e9/0x250 [ 340.328743][T17470] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 340.328774][T17470] ? rw_verify_area+0x243/0x630 [ 340.328792][T17470] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 340.328820][T17470] vfs_read+0x1f8/0xb40 [ 340.328840][T17470] ? fdget_pos+0x254/0x320 [ 340.328869][T17470] ? __pfx___mutex_lock+0x10/0x10 [ 340.328897][T17470] ? __pfx_vfs_read+0x10/0x10 [ 340.328913][T17470] ? do_sys_openat2+0x17a/0x1d0 [ 340.328943][T17470] ? __fget_files+0x2a/0x410 [ 340.328971][T17470] ? __fget_files+0x395/0x410 [ 340.328997][T17470] ? __fget_files+0x2a/0x410 [ 340.329032][T17470] ksys_read+0x18f/0x2b0 [ 340.329054][T17470] ? __pfx_ksys_read+0x10/0x10 [ 340.329074][T17470] ? do_syscall_64+0x100/0x230 [ 340.329104][T17470] ? do_syscall_64+0xb6/0x230 [ 340.329133][T17470] do_syscall_64+0xf3/0x230 [ 340.329159][T17470] ? clear_bhb_loop+0x35/0x90 [ 340.329201][T17470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.329226][T17470] RIP: 0033:0x7f4fced8bb7c [ 340.329242][T17470] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 340.329256][T17470] RSP: 002b:00007f4fcfc00030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 340.329276][T17470] RAX: ffffffffffffffda RBX: 00007f4fcefa6080 RCX: 00007f4fced8bb7c [ 340.329289][T17470] RDX: 000000000000000f RSI: 00007f4fcfc000a0 RDI: 0000000000000004 [ 340.329300][T17470] RBP: 00007f4fcfc00090 R08: 0000000000000000 R09: 0000000000000000 [ 340.329311][T17470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 340.329321][T17470] R13: 0000000000000000 R14: 00007f4fcefa6080 R15: 00007fffc53fc5b8 [ 340.329348][T17470] [ 341.005346][T17499] netlink: 'syz.0.3506': attribute type 21 has an invalid length. [ 341.013207][T17499] netlink: 156 bytes leftover after parsing attributes in process `syz.0.3506'. [ 341.288977][T17524] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 341.295212][T17521] netlink: 'syz.2.3511': attribute type 1 has an invalid length. [ 341.357277][T17521] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 341.651549][T17541] ip6gre1: entered allmulticast mode [ 341.756117][T17554] netlink: 'syz.2.3520': attribute type 2 has an invalid length. [ 341.817216][T17554] netlink: 188 bytes leftover after parsing attributes in process `syz.2.3520'. [ 342.044946][T17576] bridge0: port 2(bridge_slave_1) entered disabled state [ 342.054115][T17576] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.270593][T17576] 8021q: adding VLAN 0 to HW filter on device bond0 [ 342.289427][T17576] team0: Port device bond0 added [ 342.296283][T17576] bridge0: port 3(team0) entered blocking state [ 342.326159][T17576] bridge0: port 3(team0) entered disabled state [ 342.332636][T17576] team0: entered allmulticast mode [ 342.341162][T17576] team_slave_0: entered allmulticast mode [ 342.369558][T17576] team_slave_1: entered allmulticast mode [ 342.383506][T17576] bond0: entered allmulticast mode [ 342.412464][T17576] bond_slave_1: entered allmulticast mode [ 342.435861][T17576] team0: entered promiscuous mode [ 342.461290][T17576] team_slave_0: entered promiscuous mode [ 342.467390][T17576] team_slave_1: entered promiscuous mode [ 342.473982][T17576] bond0: entered promiscuous mode [ 342.479621][T17576] 0ªÃøÂFNð¡: entered promiscuous mode [ 342.485372][T17576] bond_slave_1: entered promiscuous mode [ 342.561409][ C0] vcan0: j1939_tp_rxtimer: 0xffff888012518c00: rx timeout, send abort [ 343.069687][ C0] vcan0: j1939_tp_rxtimer: 0xffff888012518c00: abort rx timeout. Force session deactivation [ 343.131345][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804f178000: rx timeout, send abort [ 343.141679][T17632] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3539'. [ 343.170376][T17633] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3539'. [ 343.228941][T17641] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3540'. [ 343.574746][T17662] netlink: 'syz.1.3548': attribute type 1 has an invalid length. [ 343.639634][ C1] vcan0: j1939_tp_rxtimer: 0xffff88804f178000: abort rx timeout. Force session deactivation [ 344.070671][T17687] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 344.114953][T17687] __nla_validate_parse: 1 callbacks suppressed [ 344.114970][T17687] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3554'. [ 344.134726][T17687] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3554'. [ 344.439402][T17701] netlink: 'syz.3.3558': attribute type 21 has an invalid length. [ 344.452037][T17701] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3558'. [ 344.462509][T17701] netlink: 'syz.3.3558': attribute type 21 has an invalid length. [ 344.470603][T17701] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3558'. [ 344.481747][T17701] netlink: 'syz.3.3558': attribute type 21 has an invalid length. [ 344.489919][T17701] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3558'. [ 344.499328][T17701] netlink: 'syz.3.3558': attribute type 21 has an invalid length. [ 344.512670][T17701] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3558'. [ 344.629560][T17711] delete_channel: no stack [ 344.700782][T17717] IPVS: Error joining to the multicast group [ 345.301549][T17752] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.3568'. [ 345.317752][T17752] netlink: get zone limit has 8 unknown bytes [ 345.607232][T17761] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3571'. [ 345.650734][T17761] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3571'. [ 345.695076][T17761] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3571'. [ 345.804553][T17761] nbd0: detected capacity change from 0 to 256 [ 346.510343][ T5842] block nbd0: Receive control failed (result -104) [ 347.781999][T17851] openvswitch: netlink: Flow key attr not present in new flow. [ 348.136743][T17867] dccp_close: ABORT with 51 bytes unread [ 348.617776][T17902] netlink: 'syz.4.3610': attribute type 39 has an invalid length. [ 349.006611][T17910] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 349.393367][T17930] __nla_validate_parse: 11 callbacks suppressed [ 349.393386][T17930] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3616'. [ 349.453761][T17938] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3619'. [ 349.478330][T17937] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3619'. [ 349.764675][T17960] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3622'. [ 349.857526][T17960] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3622'. [ 349.885820][T17960] bridge_slave_1: left allmulticast mode [ 349.895830][T17960] bridge_slave_1: left promiscuous mode [ 349.901704][T17960] bridge0: port 2(bridge_slave_1) entered disabled state [ 349.915432][T17960] bridge_slave_0: left allmulticast mode [ 349.921102][T17960] bridge_slave_0: left promiscuous mode [ 349.928035][T17960] bridge0: port 1(bridge_slave_0) entered disabled state [ 351.119483][T18044] dccp_close: ABORT with 50 bytes unread [ 351.247409][T18057] x_tables: duplicate entry at hook 3 [ 351.465610][T18067] netlink: 'syz.1.3652': attribute type 1 has an invalid length. [ 351.490888][T18078] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3653'. [ 351.494564][T18067] netlink: 228 bytes leftover after parsing attributes in process `syz.1.3652'. [ 351.521746][T18067] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3652'. [ 351.821220][T18087] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 351.844663][ T8] IPVS: starting estimator thread 0... [ 351.936312][T18094] IPVS: using max 21 ests per chain, 50400 per kthread [ 352.149369][T18116] openvswitch: netlink: Port -1 exceeds max allowable 65535 [ 352.309685][T18125] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3665'. [ 352.410425][T18125] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3665'. [ 352.693266][T18149] openvswitch: netlink: IPv4 tun info is not correct [ 352.882681][T18159] xt_CT: No such helper "netbios-ns" [ 353.430233][T18200] openvswitch: netlink: Message has 8 unknown bytes. [ 354.642324][T18271] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 354.671633][T18271] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 354.717011][T18278] netlink: 'syz.0.3709': attribute type 21 has an invalid length. [ 354.727598][T18271] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 354.754895][T18278] IPv6: NLM_F_CREATE should be specified when creating new route [ 354.770526][T18278] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 354.777813][T18278] IPv6: NLM_F_CREATE should be set when creating new route [ 354.785103][T18278] IPv6: NLM_F_CREATE should be set when creating new route [ 354.792327][T18278] IPv6: NLM_F_CREATE should be set when creating new route [ 354.824663][T18271] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 354.851399][T18271] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 354.904842][T18271] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 354.934097][T18271] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 354.955889][T18271] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 354.970324][T18271] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 355.026062][T18271] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 355.052960][T18271] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 355.311576][T18313] __nla_validate_parse: 8 callbacks suppressed [ 355.311595][T18313] netlink: 268 bytes leftover after parsing attributes in process `syz.4.3716'. [ 355.633181][T18330] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3721'. [ 355.658707][T18330] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3721'. [ 355.679245][T18330] netlink: 'syz.1.3721': attribute type 1 has an invalid length. [ 355.699200][T18330] netlink: 10 bytes leftover after parsing attributes in process `syz.1.3721'. [ 355.733110][T18330] block nbd1: Unsupported socket: shutdown callout must be supported. [ 356.061168][T18351] set match dimension is over the limit! [ 356.197483][T18362] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3729'. [ 356.212024][T18362] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3729'. [ 356.223586][T18362] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3729'. [ 356.235679][T18362] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3729'. [ 356.256723][T18362] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3729'. [ 356.266049][T18362] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3729'. [ 356.916003][T18351] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 357.213967][T18413] tipc: Started in network mode [ 357.230569][T18413] tipc: Node identity , cluster identity 4711 [ 357.255767][T18413] tipc: Failed to set node id, please configure manually [ 357.291082][T18413] tipc: Enabling of bearer rejected, failed to enable media [ 357.679616][T18432] netlink: 'syz.3.3749': attribute type 6 has an invalid length. [ 358.255332][T18462] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 358.326176][T18469] geneve2: entered promiscuous mode [ 358.332516][T18469] geneve2: entered allmulticast mode [ 358.487934][T18483] Bluetooth: MGMT ver 1.23 [ 358.966608][T18513] netlink: zone id is out of range [ 358.971777][T18513] netlink: zone id is out of range [ 359.011440][T18513] netlink: zone id is out of range [ 359.016989][T18513] netlink: zone id is out of range [ 359.164452][T18521] bond1: entered promiscuous mode [ 359.170057][T18521] 8021q: adding VLAN 0 to HW filter on device bond1 [ 359.353504][T18538] bridge_slave_0: default FDB implementation only supports local addresses [ 359.496025][T18542] netlink: 'syz.3.3785': attribute type 5 has an invalid length. [ 359.727196][T18561] netlink: 'syz.1.3791': attribute type 1 has an invalid length. [ 360.545899][T18616] __nla_validate_parse: 71 callbacks suppressed [ 360.545917][T18616] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3811'. [ 360.911829][T18634] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3817'. [ 360.921265][T18635] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3816'. [ 360.947234][T18635] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3816'. [ 360.965273][T18639] sctp: [Deprecated]: syz.1.3818 (pid 18639) Use of int in max_burst socket option. [ 360.965273][T18639] Use struct sctp_assoc_value instead [ 360.991229][T18635] netlink: 'syz.2.3816': attribute type 7 has an invalid length. [ 361.007012][T18639] sctp: [Deprecated]: syz.1.3818 (pid 18639) Use of struct sctp_assoc_value in delayed_ack socket option. [ 361.007012][T18639] Use struct sctp_sack_info instead [ 361.832506][T18685] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3830'. [ 361.893093][T18692] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3831'. [ 361.979979][T18694] netlink: 'syz.2.3831': attribute type 39 has an invalid length. [ 362.118454][T18700] netlink: 'syz.4.3833': attribute type 3 has an invalid length. [ 362.132308][T18700] netlink: 'syz.4.3833': attribute type 1 has an invalid length. [ 362.233405][T18709] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3834'. [ 362.442246][T18719] xt_CT: You must specify a L4 protocol and not use inversions on it [ 362.742392][T18734] xt_hashlimit: max too large, truncated to 1048576 [ 362.895713][T18742] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3844'. [ 363.064999][T18747] netlink: 232 bytes leftover after parsing attributes in process `syz.0.3846'. [ 363.679234][T18772] netlink: 'syz.2.3856': attribute type 1 has an invalid length. [ 363.757317][T18772] bond1: entered promiscuous mode [ 363.782468][T18772] 8021q: adding VLAN 0 to HW filter on device bond1 [ 363.835181][T18776] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 363.884836][T18785] netlink: 5692 bytes leftover after parsing attributes in process `syz.0.3859'. [ 364.083058][T18792] netlink: 'syz.1.3862': attribute type 64 has an invalid length. [ 364.283314][T18795] dccp_close: ABORT with 50 bytes unread [ 364.564724][T18805] netlink: 'syz.0.3868': attribute type 2 has an invalid length. [ 364.572461][T18805] netlink: 'syz.0.3868': attribute type 9 has an invalid length. [ 364.607629][T18805] netlink: 'syz.0.3868': attribute type 2 has an invalid length. [ 364.641544][T18805] netlink: 'syz.0.3868': attribute type 9 has an invalid length. [ 364.666046][T18805] netlink: 'syz.0.3868': attribute type 2 has an invalid length. [ 364.694206][T18805] netlink: 'syz.0.3868': attribute type 9 has an invalid length. [ 364.709936][T18805] netlink: 'syz.0.3868': attribute type 2 has an invalid length. [ 364.717852][T18805] netlink: 'syz.0.3868': attribute type 9 has an invalid length. [ 364.945639][T18820] IPv6: Can't replace route, no match found [ 365.822419][T18854] __nla_validate_parse: 73 callbacks suppressed [ 365.822437][T18854] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3885'. [ 366.063780][T18869] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3890'. [ 366.108163][T18871] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3890'. [ 366.144606][T18871] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3890'. [ 367.145191][ C1] vcan0: j1939_tp_rxtimer: 0xffff88801205c000: rx timeout, send abort [ 367.237537][T18918] ================================================================== [ 367.245633][T18918] BUG: KASAN: slab-use-after-free in cmd_complete_rsp+0x67/0x180 [ 367.253360][T18918] Read of size 8 at addr ffff888024c9bc40 by task syz.4.3908/18918 [ 367.261243][T18918] [ 367.263565][T18918] CPU: 0 UID: 0 PID: 18918 Comm: syz.4.3908 Not tainted 6.14.0-rc5-syzkaller-00181-g2409fa66e29a #0 [ 367.263581][T18918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 367.263592][T18918] Call Trace: [ 367.263599][T18918] [ 367.263605][T18918] dump_stack_lvl+0x241/0x360 [ 367.263624][T18918] ? __pfx_dump_stack_lvl+0x10/0x10 [ 367.263638][T18918] ? __pfx__printk+0x10/0x10 [ 367.263651][T18918] ? _printk+0xd5/0x120 [ 367.263668][T18918] ? __virt_addr_valid+0x183/0x530 [ 367.263686][T18918] ? __virt_addr_valid+0x183/0x530 [ 367.263704][T18918] print_report+0x16e/0x5b0 [ 367.263727][T18918] ? __virt_addr_valid+0x183/0x530 [ 367.263744][T18918] ? __virt_addr_valid+0x183/0x530 [ 367.263755][T18918] ? __virt_addr_valid+0x45f/0x530 [ 367.263767][T18918] ? __phys_addr+0xba/0x170 [ 367.263796][T18918] ? cmd_complete_rsp+0x67/0x180 [ 367.263815][T18918] kasan_report+0x143/0x180 [ 367.263833][T18918] ? cmd_complete_rsp+0x67/0x180 [ 367.263854][T18918] cmd_complete_rsp+0x67/0x180 [ 367.263873][T18918] mgmt_pending_foreach+0xd1/0x130 [ 367.263892][T18918] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 367.263912][T18918] mgmt_index_removed+0x133/0x390 [ 367.263932][T18918] ? __pfx_mgmt_index_removed+0x10/0x10 [ 367.263952][T18918] ? apparmor_capable+0x13b/0x1b0 [ 367.263970][T18918] ? _raw_read_unlock+0x28/0x50 [ 367.263987][T18918] hci_sock_bind+0xd70/0x12d0 [ 367.264010][T18918] ? __pfx_hci_sock_bind+0x10/0x10 [ 367.264028][T18918] ? __might_fault+0xc6/0x120 [ 367.264044][T18918] __sys_bind+0x1e4/0x290 [ 367.264064][T18918] ? __pfx___sys_bind+0x10/0x10 [ 367.264086][T18918] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 367.264109][T18918] ? do_syscall_64+0x100/0x230 [ 367.264130][T18918] __x64_sys_bind+0x7a/0x90 [ 367.264149][T18918] do_syscall_64+0xf3/0x230 [ 367.264168][T18918] ? clear_bhb_loop+0x35/0x90 [ 367.264189][T18918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.264213][T18918] RIP: 0033:0x7fc32658d169 [ 367.264225][T18918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 367.264237][T18918] RSP: 002b:00007fc327398038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 367.264252][T18918] RAX: ffffffffffffffda RBX: 00007fc3267a5fa0 RCX: 00007fc32658d169 [ 367.264263][T18918] RDX: 0000000000000006 RSI: 0000400000000040 RDI: 000000000000000c [ 367.264273][T18918] RBP: 00007fc32660e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 367.264282][T18918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 367.264291][T18918] R13: 0000000000000000 R14: 00007fc3267a5fa0 R15: 00007ffe0ed06438 [ 367.264306][T18918] [ 367.264311][T18918] [ 367.299273][T18919] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3908'. [ 367.301152][T18918] Allocated by task 18918: [ 367.301165][T18918] kasan_save_track+0x3f/0x80 [ 367.305944][T18919] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3908'. [ 367.309880][T18918] __kasan_kmalloc+0x98/0xb0 [ 367.309905][T18918] __kmalloc_cache_noprof+0x243/0x390 [ 367.562485][T18918] mgmt_pending_new+0x65/0x250 [ 367.567256][T18918] mgmt_pending_add+0x36/0x120 [ 367.572020][T18918] set_powered+0x3cd/0x5e0 [ 367.576431][T18918] hci_mgmt_cmd+0xa1f/0xf10 [ 367.580930][T18918] hci_sock_sendmsg+0x7b8/0x11c0 [ 367.585866][T18918] __sock_sendmsg+0x221/0x270 [ 367.590538][T18918] sock_write_iter+0x2d7/0x3f0 [ 367.595299][T18918] vfs_write+0xacf/0xd10 [ 367.599534][T18918] ksys_write+0x18f/0x2b0 [ 367.603853][T18918] do_syscall_64+0xf3/0x230 [ 367.608352][T18918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.614241][T18918] [ 367.616557][T18918] Freed by task 18663: [ 367.620611][T18918] kasan_save_track+0x3f/0x80 [ 367.625280][T18918] kasan_save_free_info+0x40/0x50 [ 367.630301][T18918] __kasan_slab_free+0x59/0x70 [ 367.635057][T18918] kfree+0x196/0x430 [ 367.638946][T18918] settings_rsp+0x2bc/0x390 [ 367.643444][T18918] mgmt_pending_foreach+0xd1/0x130 [ 367.648554][T18918] __mgmt_power_off+0x102/0x440 [ 367.653403][T18918] hci_dev_close_sync+0x6ff/0x1260 [ 367.653591][ C1] vcan0: j1939_tp_rxtimer: 0xffff88801205c000: abort rx timeout. Force session deactivation [ 367.658506][T18918] hci_dev_close+0x112/0x210 [ 367.658540][T18918] sock_do_ioctl+0x158/0x460 [ 367.658560][T18918] sock_ioctl+0x626/0x8e0 [ 367.682096][T18918] __se_sys_ioctl+0xf5/0x170 [ 367.686689][T18918] do_syscall_64+0xf3/0x230 [ 367.691193][T18918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.697086][T18918] [ 367.699402][T18918] The buggy address belongs to the object at ffff888024c9bc00 [ 367.699402][T18918] which belongs to the cache kmalloc-96 of size 96 [ 367.713277][T18918] The buggy address is located 64 bytes inside of [ 367.713277][T18918] freed 96-byte region [ffff888024c9bc00, ffff888024c9bc60) [ 367.726896][T18918] [ 367.729215][T18918] The buggy address belongs to the physical page: [ 367.735613][T18918] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24c9b [ 367.744376][T18918] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 367.751825][T18918] page_type: f5(slab) [ 367.755800][T18918] raw: 00fff00000000000 ffff88801b041280 ffffea00016a6700 dead000000000003 [ 367.764378][T18918] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 367.772947][T18918] page dumped because: kasan: bad access detected [ 367.779350][T18918] page_owner tracks the page as allocated [ 367.785069][T18918] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 52, tgid 52 (kworker/u8:3), ts 9350665395, free_ts 8519316839 [ 367.803852][T18918] post_alloc_hook+0x1f4/0x240 [ 367.808621][T18918] get_page_from_freelist+0x365c/0x37a0 [ 367.814162][T18918] __alloc_frozen_pages_noprof+0x292/0x710 [ 367.819958][T18918] alloc_pages_mpol+0x311/0x660 [ 367.824802][T18918] allocate_slab+0x8f/0x3a0 [ 367.829297][T18918] ___slab_alloc+0xc27/0x14a0 [ 367.833979][T18918] __slab_alloc+0x58/0xa0 [ 367.838310][T18918] __kmalloc_cache_noprof+0x27b/0x390 [ 367.843678][T18918] blk_mq_init_allocated_queue+0x120/0x14c0 [ 367.849576][T18918] blk_mq_alloc_queue+0x198/0x290 [ 367.854687][T18918] scsi_alloc_sdev+0x76c/0xb80 [ 367.859471][T18918] scsi_probe_and_add_lun+0x1d2/0x4b30 [ 367.864924][T18918] __scsi_scan_target+0x205/0x1080 [ 367.870026][T18918] scsi_scan_host_selected+0x37e/0x690 [ 367.875489][T18918] do_scan_async+0x138/0x7a0 [ 367.880074][T18918] async_run_entry_fn+0xa8/0x420 [ 367.885015][T18918] page last free pid 25 tgid 25 stack trace: [ 367.890982][T18918] free_frozen_pages+0xe0d/0x10e0 [ 367.896011][T18918] vfree+0x1c3/0x360 [ 367.899910][T18918] delayed_vfree_work+0x56/0x80 [ 367.904753][T18918] process_scheduled_works+0xabe/0x18e0 [ 367.910299][T18918] worker_thread+0x870/0xd30 [ 367.914885][T18918] kthread+0x7a9/0x920 [ 367.918953][T18918] ret_from_fork+0x4b/0x80 [ 367.923367][T18918] ret_from_fork_asm+0x1a/0x30 [ 367.928129][T18918] [ 367.930443][T18918] Memory state around the buggy address: [ 367.936077][T18918] ffff888024c9bb00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 367.944129][T18918] ffff888024c9bb80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 367.952182][T18918] >ffff888024c9bc00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 367.960232][T18918] ^ [ 367.966372][T18918] ffff888024c9bc80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 367.974422][T18918] ffff888024c9bd00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 367.982470][T18918] ================================================================== [ 368.023255][T18918] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 368.030481][T18918] CPU: 1 UID: 0 PID: 18918 Comm: syz.4.3908 Not tainted 6.14.0-rc5-syzkaller-00181-g2409fa66e29a #0 [ 368.041234][T18918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 368.051282][T18918] Call Trace: [ 368.054555][T18918] [ 368.057478][T18918] dump_stack_lvl+0x241/0x360 [ 368.062161][T18918] ? __pfx_dump_stack_lvl+0x10/0x10 [ 368.067355][T18918] ? __pfx__printk+0x10/0x10 [ 368.071937][T18918] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 368.077922][T18918] ? vscnprintf+0x5d/0x90 [ 368.082247][T18918] panic+0x349/0x880 [ 368.086133][T18918] ? check_panic_on_warn+0x21/0xb0 [ 368.091241][T18918] ? __pfx_panic+0x10/0x10 [ 368.095654][T18918] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 368.101627][T18918] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 368.107970][T18918] check_panic_on_warn+0x86/0xb0 [ 368.112910][T18918] ? cmd_complete_rsp+0x67/0x180 [ 368.117846][T18918] end_report+0x77/0x160 [ 368.122084][T18918] kasan_report+0x154/0x180 [ 368.126584][T18918] ? cmd_complete_rsp+0x67/0x180 [ 368.131522][T18918] cmd_complete_rsp+0x67/0x180 [ 368.136287][T18918] mgmt_pending_foreach+0xd1/0x130 [ 368.141397][T18918] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 368.146779][T18918] mgmt_index_removed+0x133/0x390 [ 368.151804][T18918] ? __pfx_mgmt_index_removed+0x10/0x10 [ 368.157353][T18918] ? apparmor_capable+0x13b/0x1b0 [ 368.162373][T18918] ? _raw_read_unlock+0x28/0x50 [ 368.167222][T18918] hci_sock_bind+0xd70/0x12d0 [ 368.171905][T18918] ? __pfx_hci_sock_bind+0x10/0x10 [ 368.177016][T18918] ? __might_fault+0xc6/0x120 [ 368.181690][T18918] __sys_bind+0x1e4/0x290 [ 368.186020][T18918] ? __pfx___sys_bind+0x10/0x10 [ 368.190870][T18918] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 368.197195][T18918] ? do_syscall_64+0x100/0x230 [ 368.201958][T18918] __x64_sys_bind+0x7a/0x90 [ 368.206460][T18918] do_syscall_64+0xf3/0x230 [ 368.210961][T18918] ? clear_bhb_loop+0x35/0x90 [ 368.215638][T18918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.221531][T18918] RIP: 0033:0x7fc32658d169 [ 368.225940][T18918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 368.245543][T18918] RSP: 002b:00007fc327398038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 368.253951][T18918] RAX: ffffffffffffffda RBX: 00007fc3267a5fa0 RCX: 00007fc32658d169 [ 368.261932][T18918] RDX: 0000000000000006 RSI: 0000400000000040 RDI: 000000000000000c [ 368.269898][T18918] RBP: 00007fc32660e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 368.277863][T18918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 368.285831][T18918] R13: 0000000000000000 R14: 00007fc3267a5fa0 R15: 00007ffe0ed06438 [ 368.293800][T18918] [ 368.297117][T18918] Kernel Offset: disabled [ 368.301438][T18918] Rebooting in 86400 seconds..