last executing test programs: 2.171453617s ago: executing program 3 (id=2292): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0xcf}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERY_USE_IFADDR={0x5}, @IFLA_BR_MCAST_QUERIER={0x5}]}}}]}, 0x44}}, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x5, @mcast2, 0x5}, 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r2 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r2, 0x0) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="08b30000000000007311410074fffffff000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) write$cgroup_int(r4, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x12, 0xffffffffffffffff, 0x0) r5 = socket(0x1d, 0x2, 0x6) getsockopt$nfc_llcp(r5, 0x6a, 0x3, 0x0, 0x20000071) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_REMOVE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="0100000000020000000004000000fede01387970081281ba22a1042759561b10cb6c4ba037339ab49a0af55a6374d36c044107c52c4a7bdf3cefe58ede027396b35293dc24343e4dc3cb698854a94dda8d690769bb9c84713ad2e27136b7209192abb5efcedfcfc97d123eb7a58302e0234284c62dae791af8ee9c117a63fc126c24d17b26d88057af585605b745a549e3361acb8953370c020078d4e25b60ee8b15e8a0455b72cb897c8151e18dfa"], 0x14}, 0x1, 0xfcffffff00000000}, 0x0) 1.664339136s ago: executing program 1 (id=2302): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b18, &(0x7f0000000000)={'wlan1\x00'}) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) 1.356055261s ago: executing program 1 (id=2307): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001f40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r2}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r3, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdc8}, 0x0) 1.355692881s ago: executing program 4 (id=2308): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kmem_cache_free\x00', r0}, 0x10) syz_emit_ethernet(0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd609fbbb000006c00fc010000000000000000000000000000fe8000000000000000000000000000aa"], 0x0) 1.32743227s ago: executing program 2 (id=2310): r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0xb) recvmmsg(r0, &(0x7f00000006c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40002041, 0x0) 1.220270233s ago: executing program 4 (id=2311): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18"], 0x0}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={0x0, r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_LABEL={0x8, 0xb, 0x1, 0x0, 0x80}]}}}]}, 0x3c}}, 0x0) 1.219871024s ago: executing program 3 (id=2312): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r0, &(0x7f0000000140)={&(0x7f0000000080)={0xa, 0x4e22, 0x80000, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000002900000004000000000000000000000018"], 0x30}, 0x0) 1.20450285s ago: executing program 1 (id=2314): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) 1.189555355s ago: executing program 2 (id=2315): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x4, 0x4, &(0x7f00000002c0)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x8}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x4b6fc9adb42d8f29}, 0x2a) 1.084235884s ago: executing program 4 (id=2316): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r1}, @NHA_ID={0x8, 0x1, 0x2}]}, 0x28}}, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r3}, @NHA_ID={0x8, 0x1, 0x2}]}, 0x28}}, 0x0) r4 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r5}, @NHA_ID={0x8, 0x1, 0x2}]}, 0x28}}, 0x0) r6 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r7}, @NHA_ID={0x8, 0x1, 0x2}]}, 0x28}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_OIF={0x8}, @NHA_ID={0x8, 0x1, 0x2}]}, 0x28}}, 0x0) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_OIF={0x8}, @NHA_ID={0x8, 0x1, 0x2}]}, 0x28}}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@ipv6_newnexthop={0x28, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r9}, @NHA_ID={0x8, 0x1, 0x2}]}, 0x28}}, 0x0) r10 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000040)={'sit0\x00'}) r11 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r11, 0x6, 0x3, &(0x7f0000000040)=0xb6, 0x4) connect$bt_l2cap(r11, &(0x7f0000000000)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 1.08398084s ago: executing program 1 (id=2317): r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e23, 0x0, @empty}, 0x1c) listen(r0, 0x400000001ffffffd) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000540)="86", 0x1}], 0x1}}], 0x1, 0x0) recvfrom$llc(r2, 0x0, 0x0, 0x0, 0x0, 0x0) 1.083490739s ago: executing program 3 (id=2318): bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000040)="fb6bba8839fe8bc048c0cdafd1f8a9918bc4055eaaeb6db4ee9bcb25b1811d", 0x1f}], 0x1}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x6, 0x7, 0x8}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000005c0), 0x6, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000080000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r2}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 1.030834075s ago: executing program 2 (id=2320): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) close(r0) 956.217555ms ago: executing program 1 (id=2321): socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r4}, 0x10) sendmsg$tipc(r1, &(0x7f0000000fc0)={0x0, 0x0, 0x0}, 0x0) 864.319662ms ago: executing program 3 (id=2322): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000016000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)=""/262, 0x106}], 0x1}, 0x0) sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0x1}], 0x1}, 0x0) 863.905302ms ago: executing program 0 (id=2323): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x4, 0x4}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000200000000000000000818110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 863.411505ms ago: executing program 1 (id=2324): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) recvmsg$unix(r3, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) write$cgroup_subtree(r4, &(0x7f0000000540)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce8102032900fe08000e40000200875a65969ff57b00000000000000000000000000ac1414aa"], 0xfdef) openat$cgroup(r4, &(0x7f0000000040)='syz1\x00', 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r6}, &(0x7f0000000040), &(0x7f0000000140)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r5}, 0x10) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r7}, 0x10) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r8, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000040)={'bridge_slave_0\x00', @random="4f33e363a4b1"}) 825.630662ms ago: executing program 2 (id=2325): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000072000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x8, 0x60000000}, 0x1e) 809.47577ms ago: executing program 0 (id=2326): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) write$cgroup_subtree(r0, 0x0, 0x1e) r1 = socket$packet(0x11, 0x2, 0x300) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(r1, 0x891a, &(0x7f0000001200)={'bridge0\x00', {0x2, 0x0, @broadcast}}) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000080)) socket(0x2, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) 704.121168ms ago: executing program 3 (id=2327): ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'batadv_slave_1\x00'}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x3, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000018530000030000000000000000413742777fc7cc63"], &(0x7f00000000c0)='GPL\x00', 0x7, 0x83, &(0x7f0000000100)=""/131}, 0x90) socket$inet6_udplite(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040), 0x4) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000540)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x60, 0x2, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x6}, [@IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_encap(r1, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) setsockopt$inet_udp_int(r1, 0x11, 0x68, &(0x7f0000000080)=0x1, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f00000002c0)=ANY=[], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000100)={'ip6tnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast2, @loopback={0xff00000000000000}}}) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syz_tun\x00'}) syz_genetlink_get_family_id$team(&(0x7f0000000040), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x5, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="61128c030000000061138c8800000000bf30000000000000150000000009240b2d03010000000000950000a7000000006916700000000000bf67000000000000b5070000fcff0304670600001f000000370300000ef90060bf050000000000007e650000000000006507f9ff01000000470700004c0000005f75000000000000bf54000000000000070400000400f9fead4301000000000095000000000000000500000000000000950000000000000032ed3c5be9529914953170d2d7ffffff8ecf264e9981db7d04df3244c7bd7e7e7f2f1754558f2278af6d71c19a5e12814cb1d8a5d4601d15871637b65f8903dc8700a0b9bdb7dd399700d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fc9de56c9d8a814261bd81762bab839dfa66810b5b40d893ea8fe0185473d51b546c087431d770000000767c955cfa1f6ab689fde4de5f832c8b664e73b99b6c2e0ab330e1c7feada70600000000000000b7010001000000009af619e3cca4d19e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d9fee0000000000000000c8fb735fd552bdc206004aeb0743eb3dc819b6cf5c8a0700000000000000a13d0045fb3cdaffa673a6bb55d8c85f21dce44aba5387e35350481aedac065b5031e56723888fb126a163f16fb2ad9bc1172bec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f11294b4800a045ea11b3566bf3a649878e582f2af97787f696649a462e7ee4bcf89cbf2f0800000000000000b2c4acb07a10d6732f54beb40000040000000000000000000000000200f674629709e7e78f4ddc211bc304f0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46e4e827f3477523dcfa17690884f8d2001e03a651bb96589a7eab010e861bbd0000000000000000c5904c647802cf86f1b4c3005f33d83f84e98a72fbbecd106425563d80bd0d0d703f37ca153f601ae899a53f6715a0080034b0c94cce69945205480a55c22fe394ac000000000000000000040000000000437d57defb79ea6a58b83eeed729a2f95e6a1fc3857fb51b324be00000000000000090867f7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b413bbdfb5351defc6e34a961f3593920411e112c9df23a29c072d3460eb37beb5bbc04600c64acad9a04ffe62875177b51d2f0c6d7194c26789d2bec2d0846831455b8fcd03beaeca2c1335d8a49a92f9d2bef5f485c4fff4cf710b7d00000000000000009d47d564a838bdf8901a719431a9b0ef918ec0ec79037cb61df16379e3bf2a8100000007e8512e21080315e62559e8dd67dae85177d899d9e078f80585837f0e943b8820b19c75d243a78d8c2093c59cbc4c55f1578cff737502ea2d8d0b9dc946dcb38692dcc8db84834cc7726429cb20603b5338184f9856eeaec437fc3446b6c5ffe5db28aa802e37d3c4f259d616307d8aa46ca094049c0ddc1caaed5485b4ff030000182620bcba2316f9e6df0c8647f6ff0000000000000000386096e4a4ff86042f0b42027ff933d2dfe2d5baffacc9dc2411302a185ea454af5839be28b7d040c1fe1ce0fd63fa7f32b8ab6cd6a8b8bf1b693e4ffeca635d84c376b03a58677dd9f8c2a6fa126c7dad3f9e939c92d63ab1cf2fbea26a60b951914aba5c0696cc64e66b9b0f2c4444f8c391c0d9b647a3be4885a055ce3879a91fb62ca97e6526286c14c80b6dc981c5ae6ebf0778ea01a3a44e01ab79bcddbb83266a1ce1a1dea83ebb89d07b4d05aa09ad2904040e7784e96cd66b04204d47b1c66d5a84e7c3de1d1062fd8a23d1b402003c177e76dbca599691164ade323ad4a17abe99975cba748bc2379eed5a83dc94947eb18976db6ca6d35bfb65a3d8b5129d5263b66dbae6c2baa9bbec017646569fa99537aa453f3e6b2acebeddb6c32a87455f351efcd8385100f33d6b0c3195e229bd30260941825ba884d7db07e1212033409e62d7154cc68a7ee910e393470cdb781817f85373a647fd1b626035b666f224a66c0e47e15c6b836b324318507501a0f4b2cc9153167fd839a483615cbc2ad1a7d1528f01bf91b950a9bcd7d06491e1a355e476365f653d2d94ba898ab8d64d70bdb364ef3adb5ba1e4d9d5002da76ccec5d5184e912aaf5a945ae062e670fafb8cf0afee51c851546bb38c5ef303000000000000002ecdc2b82059750f019a418e3e8d20b6bf768a7db1f8472713452553149a4634418de7eda7b2e682271c6e62f5dfaabba46560dfa410e1f334a5f60791b275368469ddc42f7712bff1689f2ffbf5268cc0572e23afd4c402b154ae94c1f65d7d4a79272945287c79b4b70183d2cde66c7225106a064a1800d777372b2b43326821d5c1c78fda699c7484f3e5fc8bbce6fb3039569646b0de22c431d90c12d48e314d8a5ef4db14a110da070000002c4f7bd7f36f814ed92197fe3eb0843c2681c609231825b8a27ba301142cec8a6fd85965f83ff4dd40296e5fb5678d93d0daee45c43bdb9bde9c1d1c988b909fdf78cfda5da3dc28792b10fb8f3f22ece745c074f86f471489337a9a8d9ad7f310aa50c983b490f561bc420289b6aa0fc3f43f8a4548aa9c723ce466287760f919afbb94b0410ff06071de3aa1c199f407347af666713096a422fbc70671ac08f9256ab0079c101a724136352af2895899effda7bcd127ba98521eb4b04b2a821935ee3b216190e21fb059f9519c4804283d2ce09977842ff7309ad2c4d8f0420dfc8cdb1b37ad52985a88ca4cdc1e37715362a59f7c9c7df793d69f974399859e622ec3a1bab735a1aa489fe50619fe399eddaf92f67755cb54824685444a58731ee166ae65412709b853a5df7ce44220fc188c00291843d66e69da3744f39f5f6113fbe390b22cdbefb90ca2a51b1ff21f384e7bf076825aadaf02da77eeefb8875d630b7575e661b90eb6cd98674c92f179b2675b1f6c86712846ddae87bb3a3887b56292356270e85888c25a1c8ae958906ef6b71e1b800107da1c5608fe05d2f4265a5300000000000000007c737c911c049ae7dc9d77edecaf9685c53ac264e9f02ffcf0318af80c99ea2020b1e1f47cfdd6097c49b5f4bb92bb9133df719f35d4bf730784f1caa8e4e16f4eeb535c059a700d57e4d6c83c4a35a6ef44f135657d3d41856235253326d937125b6f23af7eb95bac231b84c6935a3a6d24d18f7e379db2fd5e76d5ad0d5b4a6c155e8759eb0e7b39ef433861158bd496ecafb3d1c50294e43d5895df1a2de536f5d85e0a000049277bc09533ceead6812fdfb5ef59b15069ea0df6a3eee0484c848fe4e6e7461ffc3917e4e07d250d9459ebea5fd4e26fc04eb38e70597fcb693cb2f7506f5f50b9f73a25bb83b6c71240e5d725ff567d9745a3ba5462524648a93360fb2b9feb1401e30996e1e7d14bb8db59880cde130af0a6a0e6152a6e3a8a684cabf379d4aa33c896bca694ce0180000000000000041caca10fe3ce74f1b8156d8155a4e11d2f35674dff1aa5e749deffffffffb946192820d223f4f0a1a7a2be83872662477884d65af42bcac801d0c667fba32e16ead8f076eed944d5998bca285c25349c6f26485902316c156eee9dcaa64f8a889abb1a890b23c7de6b2b0a6128545efc3ee8e60ea8eafa617ec3f0bfb1e23c4f75bc2a649a886bf4d5378c58259fddea066f1d70df9633af91752bf41a0d4d0929c34472a6f7110de1420800000000000000ca07ba65ce67dd46909ed693d71a5de47fe26a4eb2f4d514029b11f3f0c3ccb2403db497a55d23c25003ba864cdaf6e732f74e11d1a58e89f60267e60d79f467b181d636c9300420b30760bf861195eeb74275e9c4ed71f0e9fda02bdbf8aaa3e23a6d22dd423541b6acdd386a686bc8b128f724567d4c4908391b979a1c7102f5be7ed9db7a36ecfc3b9e0ab0eedde34700000000bec5fbefb008005888ce01eb816f2873e4c59facc7be45b2ab04b1456da413e3f7cf345d6fed0bff0800f8c3018bd0ea78ed54c8b684c797390bf5cad492bff0d97e553e42aba229446354cb4f5825915eccc911e7deee66873c20ffd06e63c27b8a12d757210a43870a0ef4ba3bad01c492d792c1535aeff946f3415912b5abbff35d1cd17c842175357a4bc758b4a943e06a7569fa1e1e4e017e43e8e47914d1000000000000000000000000000cd6b36d72dbc0d8000000c95d5ccace09e52960dbdf13b62f586b47ade41458b77834a573687780117829310ece7950fabcb63c63e18b207cbe936ee9a9a37879d42c66c2a72dfef46013ada19eb8d7e9f35267d0b72d591d0c2f92e2e667eed068310056ec5682b4c2bd946e657f2d9bce51da84f1e3b7d073265f352481b81703e0ecb59f70daf545215151b2b01b2bba1545de5d785ce281000000000000000000000000000000af9637ac06897446708dda1bd7b91be06c3f66def98618eb55bd5652d2ae6036402d69db587e87d04b6e4b1c86328adfcc7a22d77e8db6b1024f6bf7aec85a7f4241fb6b326acae3d9a4f4a0e8b723c43aae4f909f40d7167d1afde58812163d292666cf967e16c25889683658fdc86c820246d4009b3c4e8db0fe57735fb577b9f8e9d5fd9843615ec7c7affa29c04a7e8ea439d4938710039a55da15142ed876e581b4760b3483367fd96f0531ea7f3c6bb4193a76ea6b805b45a74365c15f41b8b542f21a83cae1aff4a858d551b95a2ba77fc8a1109f11e7b18d6f825587bb986e13ff37f111329feb2a09ebc54f1ee1ccd056ff9ec0ff0ce1c1ec5bfab4119a452eef335c0fe2b6bfcd635ef5979352de3801bdba7c145cdfb3ab07b45f13b8f45772c9f9c8285bbe14605879e4ddd78bfb6aa3444b7b3ef1713c58d3d348ea764370002f393e10ec3cf3ef1ab0aa1cab9596fe467c7288893172cd97691a0f1d68ca0449f05902fb7f46f7d0e0d36a68abb3f075358cdb701eac9c3f7f19ab13a83314309861dfaa256ccb4400ffc2568b900be14d9e06b138daf2b41c38abba3b1b2de2f3a660af382b7bc0c1318c5cbdec02646f3e28d8eef763aac4a7fd39c15950764734b8d641e4d642e44c4e6b83d1c3dda34d7cda18c652a5d8d9b406d4df8554e2a5611023766c53e9b478d374112165480e887c923ff0a33551d8f270481230ef34d9168806d43278c977b77148371bd02ee1bcfd278a579be8cc6dc58f6e1f8ee7118ae792c30d4f76546a630f7859fd315513722a1b871d311dc28f40d15b7c631b81e58a6bf8891875fe21e8ebcf2925c2fb2b32dc8a0b1b5c7f806ba81a31b1eec700225a14ff8dc83b484ab80849558a0ffc1ab62b2a4545dbfee4d93ed5de4ffe4469ed88df341dc69ab8b1da80bc47cd127c9e1378020cf5d362819e42350f293dd305b4801932d9e07fc647628a8a84958319874295b3cab523b2f43704845d5785c6b3025fadd8442ab42ebfc3bc45efcf24396f1c2ce50ba96430f8feaa1f8bcd8635a4ce00209a8ebabfdf6f1b5129c0e2a40ba4d1b5e3d6249ee8fa5d2d77351b6fba38756dea4e35c8573eda42eac89b4c50b85346b5ede0ff4dca6a70b38177eb5cb8b8437bb533f6ea1de29e1f1fda88e3afe92482af05ed713dd00aa6a5f8381b5d421909462ac33dee4095afcc67a926e50d2cbe1507195b73f624349b132e7b6b339f9a41fad97f3b70e5808eb177c9e7cb154554644e960f29c5d56fd83d8530a6afc8924dcf01e4ef07e7d16bcef404af5ee3b7767dfbd45f0eee2b583d0159b45cca60a930f37d995b02701d2991761cab642165ed3e52961b7c612991c11028bd1d45ea3106018692facfa14996d3d26d5642566c2f592f67975ce3840131275ce29ed116b6f6eeae34aeae334250e7ae4e25e98cc63b4104fdc79ac676a3c11fd6e9a67dc134802d41c4b01a47e3ad5b6ecd6f4a05bf55c1756535374b7bc9e010966a1415a1e50b2fcb20f3d972d9d7a9f0baf841be4f514eb35c9edaac4b3ca7bfab8a53945d035019cf3321c9144961780413dbb21b89c01fe020bcbaa7fe6b4697b196cf7ac3aa014c48259f5b22b45b2ae023d6052644fa51fc0671d6c4e012607a2df05b6f444903ab3251bdd8d2c98adf9f77de7edbc9631b0e7283a5ce1130d99ae5697ce3ea41e3ba5394883c9899384208cba558d69afdc574cbf05a45ed56d07a41f75c55603561f0e8d54670a53e4b8162729bc34ab66babf31d2e86af5a72553ec045466678427ca42eb49b58c5e58980b73451029b88118d730cce2a48b5d6b9caa2c8fb7178ff90196bd1091568a70d1b7ac47585f6180767a2534401aaf0cda644a4c978b972e0bf7b156aa5d80aa1c3d70c0bcd25ab61122349dd78bc28c3e169adea7ac95e09b6a160204ac772f810193cecf495a9836e082b60626316c02dba83abb792422079947b0d887b87f4cd6bd7c82b00000000000000008207fc649dab3ec0be72d68e61c19c1943664bf9088981b19ebbd3f212a471c6b01d28c1f5a0e5d9e0b762f7cebc056ae8fdeb4448ecb291b08684de1ff1c209448223e3979469b18ea13d5d88532f5a45ae4a86d21bde29b472d65e77d5412dae907ffaca95182316d15dbf12b7d77dcf2154376ab3900ba7d8f026e8a566372cdae696cdec4baa7efcbfc3d250638ee391aa3ab3cdd0a3fc42b674e1943bd0a3e1d103fe00b8788dc5b8ba1602bbfd7ca2bf58c60790eddb10cfca9938e2cafc"], &(0x7f0000001580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4a}, 0x90) 703.556564ms ago: executing program 2 (id=2328): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000003c0)={0x0, 0x371, &(0x7f0000000380)={&(0x7f0000000040)={0x20, r1, 0x301, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}, 0x1, 0x3000000}, 0x0) 604.597659ms ago: executing program 2 (id=2329): r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=@newtaction={0xd8, 0x30, 0xffff, 0x0, 0x0, {}, [{0xc4, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x54, 0x2, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}, @TCA_GACT_PROB={0xc, 0x3, {0xfa665a81a6d02b4d}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xd8}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$rxrpc(0x21, 0x2, 0x0) socket$rxrpc(0x21, 0x2, 0x2) socket(0x0, 0x0, 0x0) socket$inet6(0xa, 0x6, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b70200"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) unshare(0x2000400) getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000040)=0xffffffffffffff45) bind$alg(r0, &(0x7f0000001800)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5, 0x10}, @union={0x0, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x0, 0x1, 0x20000000}]}]}}, 0x0, 0x42}, 0x20) r4 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9c000000", @ANYRES16=0x0, @ANYBLOB="000000000000000000004a0000000e34475b38657464657673696d0000000f0002006e657464657673696d3000006500a80004a187dfaa0fa877357fd5b65b30fa2ba3e89a604dba8c25906886efc7b685c2875e9a47e4c776155946bb563712f564c719c205aa78764f842f100ed54ccb9ad58c6d9b3b1cdec668e5fdcdc3bc5273459437bd9f6e420d81a9a0ced4528a54335838a8000000"], 0xfffffdef}}, 0x0) 401.191368ms ago: executing program 0 (id=2330): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB, @ANYRES32], 0x1c}}, 0x0) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_freezer_state(r2, 0x0, 0x2, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000300), 0x12) write$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_type(r4, &(0x7f00000001c0), 0x2, 0x0) write$cgroup_type(r5, &(0x7f0000000280), 0x9) r6 = openat$cgroup_procs(r4, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f0000000c40), 0x12) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_ro(r7, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r8, &(0x7f0000000200)=0x1, 0x12) openat$cgroup_procs(r3, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r8, &(0x7f0000000180), 0x12) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) recvmmsg(r0, &(0x7f00000001c0), 0x0, 0x40012040, &(0x7f0000000200)={0x0, 0x989680}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00'}) sendmsg$MPTCP_PM_CMD_ANNOUNCE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYRES32, @ANYBLOB="01000000000007000000000000003c0000000080"], 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x4884) 352.222479ms ago: executing program 3 (id=2331): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(0x0, r0) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)={0x24, r1, 0x409, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0x8, 0x8, 0x0, 0x1, [{0x4}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x24}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_dccp(0xa, 0x6, 0x0) bind$inet6(r2, &(0x7f0000000400)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @loopback}, 0x62) 260.788843ms ago: executing program 0 (id=2332): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x20, 0x28, 0x1, 0x0, 0x0, "", [@nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x20}], 0x1}, 0x0) 197.314665ms ago: executing program 4 (id=2333): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000080)=ANY=[@ANYRES16, @ANYRES32=0x0, @ANYRES16=r0], 0x20}, 0x1, 0xc00000000000000}, 0x0) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="4c00030007"], 0xd) 144.46775ms ago: executing program 0 (id=2334): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000deab44f4850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r1, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001940)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01dfffffff0000000000210000000c000180080001"], 0x20}}, 0x0) 121.898181ms ago: executing program 4 (id=2335): mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8923, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) 103.397299ms ago: executing program 0 (id=2336): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) bind$xdp(r0, &(0x7f0000000400)={0x2c, 0x0, r2}, 0x10) sendmsg$inet(r0, &(0x7f0000001000)={0x0, 0x0, 0x0}, 0x8851) 0s ago: executing program 4 (id=2337): ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000400)={0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0xc}}, &(0x7f0000000480)='GPL\x00'}, 0x90) ioctl$BTRFS_IOC_INO_LOOKUP(0xffffffffffffffff, 0xd0009412, &(0x7f0000000b00)={r0, 0x4}) ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) socket$igmp(0x2, 0x3, 0x2) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000a80)={{0x2, 0x0, @empty}, {0x0, @link_local}, 0x4a, {}, 'lo\x00'}) r2 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_FILTER(r2, 0x6b, 0x1, 0x0, 0x0) gettid() bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000006000000040000000000000e0300000000000000000000000000000d03000000000000000000000204000000000000000000000b020000000000000061"], 0x0, 0x52}, 0x20) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @broadcast}, @timestamp_reply={0x11}}}}}, 0x0) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, r3, 0xb15, 0x400000, 0x0, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x3}]}, 0x1c}}, 0x0) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$pppl2tp(0x18, 0x1, 0x1) r6 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r5, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r6, 0x1, 0x0, 0x0, 0x0, {0xa, 0xfffe, 0x0, @local}}}, 0x32) connect$pppl2tp(r4, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26) getsockopt$bt_BT_SECURITY(r4, 0x111, 0xe, 0x0, 0x20001f00) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000300)={'wlan0\x00'}) sendto$packet(0xffffffffffffffff, &(0x7f0000000580)="1645d4a902c7bc97671b7bc49886bc2e1bfe2cd224b4594d7b59abc977e2c827aa507832cee3ecb6f98a0cc871ffbb5df30b9084b494fdc011c58d5e3a040c93a5d85bc2ac99893d829bc930a64dd07e0fdb6378843f036e906568238784be315536f2630e875d0cf0d7fec35acf883d708f02ea081979f4dece6b46ae67fea47fde2223a9ab4aa04f419ec58a2b798b0c47d9b7cf0321efd00701eb0df3327789b55b415259f5494d6fffcb65b0bd2fb25a0736eae18b957ab0efeecca3d118605aa54c643368866d5782b806feaf10ebc432c6f273a18db6cb1a7e96604e9ba64035cb8678ebbb06c4f43af48b93e76c45ecb18e8ab70badcf", 0xfa, 0x20018000, &(0x7f0000000740)={0x11, 0x7, 0x0, 0x1, 0x4, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}}, 0x14) r8 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r8, 0x8922, &(0x7f0000000040)={'bond0\x00', 0xff}) kernel console output (not intermixed with test programs): 03f60 R15: 00007ffdc34d9168 [ 125.936743][ T7159] [ 126.017418][ T7165] netlink: 4 bytes leftover after parsing attributes in process `syz.2.690'. [ 126.057174][ T7165] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check. [ 126.179402][ T5101] Bluetooth: hci1: command tx timeout [ 126.323425][ T7182] validate_nla: 4 callbacks suppressed [ 126.323447][ T7182] netlink: 'syz.0.698': attribute type 10 has an invalid length. [ 126.337953][ T7182] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 126.360738][ T7182] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 126.370631][ T7184] netlink: 116 bytes leftover after parsing attributes in process `syz.4.697'. [ 126.673704][ T6897] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 126.721965][ T6897] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 126.743315][ T6897] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 126.764903][ T6897] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 127.015617][ T7217] xt_connbytes: Forcing CT accounting to be enabled [ 127.025299][ T6897] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.027705][ T7217] xt_bpf: check failed: parse error [ 127.043870][ T7219] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 127.052821][ T7219] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 127.074449][ T7219] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 127.167363][ T6897] 8021q: adding VLAN 0 to HW filter on device team0 [ 127.199974][ T5146] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.207277][ T5146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.210956][ T7223] netlink: 4 bytes leftover after parsing attributes in process `syz.3.715'. [ 127.256688][ T5146] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.263957][ T5146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.295918][ T7231] team0: entered promiscuous mode [ 127.304767][ T7231] team_slave_0: entered promiscuous mode [ 127.314333][ T7231] team_slave_1: entered promiscuous mode [ 127.407071][ T7223] team_slave_0: entered allmulticast mode [ 127.448627][ T7223] team0: Port device team_slave_0 removed [ 127.507423][ T7222] team0: left promiscuous mode [ 127.527560][ T7222] team_slave_1: left promiscuous mode [ 127.660967][ T7245] netlink: 12 bytes leftover after parsing attributes in process `syz.0.722'. [ 127.744544][ T7252] netlink: 4 bytes leftover after parsing attributes in process `syz.4.724'. [ 127.769771][ T7251] netlink: 4 bytes leftover after parsing attributes in process `syz.4.724'. [ 127.803737][ T7252] netlink: 12 bytes leftover after parsing attributes in process `syz.4.724'. [ 127.875775][ T7251] netlink: 32 bytes leftover after parsing attributes in process `syz.4.724'. [ 127.961389][ T7264] netlink: 'syz.4.727': attribute type 29 has an invalid length. [ 127.961654][ T7263] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd [ 127.969771][ T7264] netlink: 'syz.4.727': attribute type 29 has an invalid length. [ 128.044064][ T7267] vxcan1: tx address claim with dest, not broadcast [ 128.133008][ T6897] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 128.307090][ T7278] FAULT_INJECTION: forcing a failure. [ 128.307090][ T7278] name failslab, interval 1, probability 0, space 0, times 0 [ 128.336676][ T6897] veth0_vlan: entered promiscuous mode [ 128.342761][ T7278] CPU: 1 PID: 7278 Comm: syz.2.734 Not tainted 6.10.0-rc6-syzkaller-01261-ge0ee68a8bef9 #0 [ 128.352795][ T7278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 128.362888][ T7278] Call Trace: [ 128.366208][ T7278] [ 128.369176][ T7278] dump_stack_lvl+0x241/0x360 [ 128.373901][ T7278] ? __pfx_dump_stack_lvl+0x10/0x10 [ 128.379139][ T7278] ? __pfx__printk+0x10/0x10 [ 128.383789][ T7278] should_fail_ex+0x3b0/0x4e0 [ 128.388541][ T7278] ? __alloc_skb+0x1c3/0x440 [ 128.393177][ T7278] should_failslab+0x9/0x20 [ 128.397724][ T7278] kmem_cache_alloc_node_noprof+0x71/0x320 [ 128.403584][ T7278] __alloc_skb+0x1c3/0x440 [ 128.408056][ T7278] ? __pfx___alloc_skb+0x10/0x10 [ 128.413048][ T7278] alloc_skb_with_frags+0xc3/0x770 [ 128.418222][ T7278] sock_alloc_send_pskb+0x91a/0xa60 [ 128.423586][ T7278] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 128.429384][ T7278] ? do_raw_spin_unlock+0x13c/0x8b0 [ 128.434652][ T7278] unix_dgram_sendmsg+0x6d3/0x1f80 [ 128.439820][ T7278] ? aa_sk_perm+0x967/0xab0 [ 128.444386][ T7278] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 128.450057][ T7278] ? iovec_from_user+0x61/0x240 [ 128.454956][ T7278] ? aa_sock_msg_perm+0x91/0x160 [ 128.459944][ T7278] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 128.465245][ T7278] ? security_socket_sendmsg+0x87/0xb0 [ 128.470723][ T7278] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 128.476276][ T7278] __sock_sendmsg+0x221/0x270 [ 128.480969][ T7278] ____sys_sendmsg+0x525/0x7d0 [ 128.486109][ T7278] ? __pfx_____sys_sendmsg+0x10/0x10 [ 128.491789][ T7278] ? __might_fault+0xaa/0x120 [ 128.496500][ T7278] __sys_sendmmsg+0x3b2/0x740 [ 128.501208][ T7278] ? __pfx___sys_sendmmsg+0x10/0x10 [ 128.506476][ T7278] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 128.512395][ T7278] ? ksys_write+0x23e/0x2c0 [ 128.516947][ T7278] ? __pfx_lock_release+0x10/0x10 [ 128.521997][ T7278] ? vfs_write+0x7c4/0xc90 [ 128.526447][ T7278] ? __mutex_unlock_slowpath+0x21d/0x750 [ 128.532097][ T7278] ? __pfx_vfs_write+0x10/0x10 [ 128.536893][ T7278] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 128.542991][ T7278] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 128.549348][ T7278] ? do_syscall_64+0x100/0x230 [ 128.554141][ T7278] __x64_sys_sendmmsg+0xa0/0xb0 [ 128.559013][ T7278] do_syscall_64+0xf3/0x230 [ 128.563526][ T7278] ? clear_bhb_loop+0x35/0x90 [ 128.568216][ T7278] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.574142][ T7278] RIP: 0033:0x7fc31b575bd9 [ 128.578652][ T7278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.598268][ T7278] RSP: 002b:00007fc31c3a2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 128.606783][ T7278] RAX: ffffffffffffffda RBX: 00007fc31b703f60 RCX: 00007fc31b575bd9 [ 128.614768][ T7278] RDX: 0000000000000651 RSI: 0000000020000000 RDI: 0000000000000004 [ 128.622769][ T7278] RBP: 00007fc31c3a20a0 R08: 0000000000000000 R09: 0000000000000000 [ 128.630839][ T7278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 128.638922][ T7278] R13: 000000000000000b R14: 00007fc31b703f60 R15: 00007ffeef3b1968 [ 128.647108][ T7278] [ 128.662523][ T6897] veth1_vlan: entered promiscuous mode [ 128.710427][ T6897] veth0_macvtap: entered promiscuous mode [ 128.723247][ T6897] veth1_macvtap: entered promiscuous mode [ 128.801439][ T6897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.812645][ T6897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.826395][ T6897] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 128.847637][ T6897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.869278][ T6897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.888503][ T6897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.928367][ T6897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.939292][ T6897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.952359][ T6897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.963419][ T6897] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.975762][ T6897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.980156][ T7298] netlink: 'syz.0.742': attribute type 1 has an invalid length. [ 128.991259][ T6897] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 129.009676][ T7300] xt_TCPMSS: Only works on TCP SYN packets [ 129.035786][ T6897] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.046240][ T6897] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.086686][ T6897] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.108337][ T6897] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.316977][ T5619] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.341681][ T5619] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.434287][ T5634] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.463869][ T5634] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.479540][ T7316] tipc: Enabling of bearer rejected, failed to enable media [ 129.508941][ T7316] netlink: 'syz.3.747': attribute type 3 has an invalid length. [ 129.667712][ T7320] netlink: 'syz.1.599': attribute type 10 has an invalid length. [ 129.719465][ T7324] netlink: 'syz.2.750': attribute type 6 has an invalid length. [ 129.850695][ T7331] netlink: 'syz.0.753': attribute type 13 has an invalid length. [ 130.007956][ T7332] hsr0: entered promiscuous mode [ 130.075999][ T7344] __nla_validate_parse: 6 callbacks suppressed [ 130.076022][ T7344] netlink: 20 bytes leftover after parsing attributes in process `syz.4.757'. [ 130.420238][ T7367] netlink: 4 bytes leftover after parsing attributes in process `syz.1.765'. [ 130.519151][ T7363] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.689475][ T7378] netlink: 4 bytes leftover after parsing attributes in process `syz.3.768'. [ 130.717424][ T7378] team0: entered promiscuous mode [ 130.726514][ T7378] team_slave_1: entered promiscuous mode [ 130.745691][ T7377] team0: left promiscuous mode [ 130.763850][ T7377] team_slave_1: left promiscuous mode [ 130.777841][ T7385] gretap0: entered promiscuous mode [ 130.786645][ T7385] gretap0: left promiscuous mode [ 130.842617][ T7382] hsr0: entered promiscuous mode [ 131.022385][ T7404] netlink: 12 bytes leftover after parsing attributes in process `syz.2.775'. [ 131.200066][ T7412] macvlan2: entered promiscuous mode [ 131.211485][ T7412] macvlan2: entered allmulticast mode [ 131.284857][ T7418] netlink: 52 bytes leftover after parsing attributes in process `syz.0.782'. [ 131.356567][ T7420] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.784'. [ 131.763298][ T7450] xt_NFQUEUE: number of total queues is 0 [ 131.918780][ T7458] openvswitch: netlink: Key 0 has unexpected len 4 expected 0 [ 132.028043][ T7465] netlink: 528 bytes leftover after parsing attributes in process `syz.0.794'. [ 132.044008][ T7459] Bluetooth: MGMT ver 1.22 [ 132.076455][ T7456] dummy0: entered promiscuous mode [ 132.719824][ T7487] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 132.799783][ T7490] netlink: 'syz.1.806': attribute type 1 has an invalid length. [ 132.807499][ T7490] netlink: 9344 bytes leftover after parsing attributes in process `syz.1.806'. [ 132.823604][ T7490] netlink: 'syz.1.806': attribute type 1 has an invalid length. [ 132.877256][ T7490] netlink: 8 bytes leftover after parsing attributes in process `syz.1.806'. [ 132.958770][ T7493] bond_slave_0: entered promiscuous mode [ 132.964569][ T7493] bond_slave_1: entered promiscuous mode [ 133.007475][ T7493] vlan3: entered promiscuous mode [ 133.030233][ T7493] bond0: entered promiscuous mode [ 133.063571][ T7501] netlink: 12 bytes leftover after parsing attributes in process `syz.1.810'. [ 133.073423][ T7493] bond0: left promiscuous mode [ 133.079298][ T7493] bond_slave_0: left promiscuous mode [ 133.084950][ T7493] bond_slave_1: left promiscuous mode [ 133.154364][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.160832][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.389091][ T7515] netlink: 'syz.3.813': attribute type 20 has an invalid length. [ 134.002306][ T7551] netlink: 'syz.4.827': attribute type 1 has an invalid length. [ 134.349491][ T7577] netlink: 'syz.2.838': attribute type 1 has an invalid length. [ 134.374614][ T7578] netdevsim netdevsim0 : renamed from netdevsim0 (while UP) [ 134.649365][ T7590] xt_cgroup: path and classid specified [ 134.663218][ T7590] netlink: zone id is out of range [ 134.679999][ T7590] netlink: zone id is out of range [ 134.695335][ T7590] netlink: zone id is out of range [ 134.719292][ T7590] netlink: zone id is out of range [ 134.729149][ T7590] netlink: zone id is out of range [ 134.742744][ T7590] netlink: zone id is out of range [ 134.753821][ T7590] netlink: zone id is out of range [ 134.767443][ T7590] netlink: zone id is out of range [ 134.951561][ T7606] Bluetooth: hci3: invalid length 0, exp 2 for type 19 [ 135.156944][ T7619] FAULT_INJECTION: forcing a failure. [ 135.156944][ T7619] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 135.173942][ T7619] CPU: 0 PID: 7619 Comm: syz.3.852 Not tainted 6.10.0-rc6-syzkaller-01261-ge0ee68a8bef9 #0 [ 135.184078][ T7619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 135.188320][ T7621] __nla_validate_parse: 4 callbacks suppressed [ 135.188342][ T7621] netlink: 20 bytes leftover after parsing attributes in process `syz.0.853'. [ 135.194152][ T7619] Call Trace: [ 135.194165][ T7619] [ 135.194175][ T7619] dump_stack_lvl+0x241/0x360 [ 135.194208][ T7619] ? __pfx_dump_stack_lvl+0x10/0x10 [ 135.194234][ T7619] ? __pfx__printk+0x10/0x10 [ 135.194270][ T7619] should_fail_ex+0x3b0/0x4e0 [ 135.194309][ T7619] _copy_from_user+0x2f/0xe0 [ 135.194337][ T7619] sctp_setsockopt+0xcc/0x11c0 [ 135.194375][ T7619] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 135.250111][ T7619] do_sock_setsockopt+0x3af/0x720 [ 135.255264][ T7619] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 135.260915][ T7619] ? __fget_files+0x29/0x470 [ 135.265526][ T7619] ? __fget_files+0x3f6/0x470 [ 135.270224][ T7619] __sys_setsockopt+0x1ae/0x250 [ 135.275098][ T7619] __x64_sys_setsockopt+0xb5/0xd0 [ 135.280143][ T7619] do_syscall_64+0xf3/0x230 [ 135.284660][ T7619] ? clear_bhb_loop+0x35/0x90 [ 135.289365][ T7619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.295268][ T7619] RIP: 0033:0x7f3a28575bd9 [ 135.299693][ T7619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.320207][ T7619] RSP: 002b:00007f3a29384048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 135.329249][ T7619] RAX: ffffffffffffffda RBX: 00007f3a28703f60 RCX: 00007f3a28575bd9 [ 135.337237][ T7619] RDX: 0000000000000001 RSI: 0000000000000084 RDI: 0000000000000003 [ 135.345308][ T7619] RBP: 00007f3a293840a0 R08: 0000000000000014 R09: 0000000000000000 [ 135.353296][ T7619] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000001 [ 135.361277][ T7619] R13: 000000000000000b R14: 00007f3a28703f60 R15: 00007fff4fff7c38 [ 135.369275][ T7619] [ 136.096105][ T7662] x_tables: ip_tables: osf match: only valid for protocol 6 [ 136.232972][ T7666] netlink: 4 bytes leftover after parsing attributes in process `syz.0.868'. [ 136.615697][ T7679] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 136.725903][ T7693] netlink: 8 bytes leftover after parsing attributes in process `syz.4.880'. [ 136.771596][ T7691] x_tables: ip_tables: osf match: only valid for protocol 6 [ 136.944934][ T7708] netlink: 6 bytes leftover after parsing attributes in process `syz.4.884'. [ 136.976279][ T7708] net_ratelimit: 2 callbacks suppressed [ 136.976300][ T7708] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 137.175109][ T7718] netlink: 28 bytes leftover after parsing attributes in process `syz.4.890'. [ 137.193147][ T7718] netlink: 28 bytes leftover after parsing attributes in process `syz.4.890'. [ 137.230979][ T7718] netlink: 28 bytes leftover after parsing attributes in process `syz.4.890'. [ 137.649576][ T7753] netlink: 5288 bytes leftover after parsing attributes in process `syz.4.902'. [ 137.687239][ T7753] openvswitch: netlink: IP tunnel dst address not specified [ 137.744356][ T7759] batman_adv: batadv0: adding TT local entry 4a:c8:93:75:00:00 to non-existent VLAN 2358 [ 137.913021][ T7768] netlink: 116 bytes leftover after parsing attributes in process `syz.3.908'. [ 137.933543][ T7768] netlink: 12 bytes leftover after parsing attributes in process `syz.3.908'. [ 138.071902][ T7774] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 138.086914][ T7774] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 138.102585][ T7774] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 138.110560][ T7774] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 138.168173][ T7782] x_tables: ip_tables: osf match: only valid for protocol 6 [ 138.763408][ T7815] batadv_slave_0: entered promiscuous mode [ 138.783668][ T7815] batadv_slave_0: entered allmulticast mode [ 138.814478][ T7815] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 47249 - 0 [ 138.827979][ T7815] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 47249 - 0 [ 138.848151][ T7815] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 47249 - 0 [ 138.859872][ T7815] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 47249 - 0 [ 138.873456][ T7815] netdevsim netdevsim2 netdevsim0: set [1, 2] type 2 family 0 port 52474 - 0 [ 138.884442][ T7815] netdevsim netdevsim2 netdevsim1: set [1, 2] type 2 family 0 port 52474 - 0 [ 138.898988][ T7815] netdevsim netdevsim2 netdevsim2: set [1, 2] type 2 family 0 port 52474 - 0 [ 138.900995][ T7819] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 138.960563][ T7815] netdevsim netdevsim2 netdevsim3: set [1, 2] type 2 family 0 port 52474 - 0 [ 138.969893][ T7815] geneve2: entered promiscuous mode [ 138.975154][ T7815] geneve2: entered allmulticast mode [ 139.186089][ T7833] netlink: 'syz.3.935': attribute type 1 has an invalid length. [ 139.194641][ T7833] netlink: 'syz.3.935': attribute type 1 has an invalid length. [ 139.378956][ T5096] Bluetooth: hci0: command 0x0c1a tx timeout [ 139.386610][ T5101] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 139.513014][ T7849] netlink: 'syz.2.946': attribute type 1 has an invalid length. [ 139.681409][ T7860] netlink: 'syz.4.950': attribute type 4 has an invalid length. [ 139.692100][ T7863] netlink: 'syz.3.949': attribute type 1 has an invalid length. [ 139.705485][ T7863] netlink: 'syz.3.949': attribute type 1 has an invalid length. [ 139.963165][ T7876] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled [ 140.607480][ T7899] netlink: 'syz.2.962': attribute type 1 has an invalid length. [ 140.620887][ T7899] netlink: 'syz.2.962': attribute type 1 has an invalid length. [ 140.634914][ T7885] __nla_validate_parse: 5 callbacks suppressed [ 140.634936][ T7885] netlink: 8 bytes leftover after parsing attributes in process `syz.4.954'. [ 140.655594][ T7899] netlink: 12 bytes leftover after parsing attributes in process `syz.2.962'. [ 140.672007][ T7901] xt_bpf: check failed: parse error [ 140.932684][ T7917] netlink: 'syz.0.968': attribute type 1 has an invalid length. [ 141.214389][ T7927] can: request_module (can-proto-0) failed. [ 141.244476][ T7932] netlink: 20 bytes leftover after parsing attributes in process `syz.2.973'. [ 141.464546][ T7937] macsec1: entered promiscuous mode [ 141.470223][ T7937] macsec1: entered allmulticast mode [ 141.489266][ T7937] bridge0: entered allmulticast mode [ 141.501413][ T7937] bridge0: left allmulticast mode [ 141.513247][ T7941] netlink: 'syz.0.976': attribute type 1 has an invalid length. [ 141.667240][ T7941] netlink: 12 bytes leftover after parsing attributes in process `syz.0.976'. [ 141.715430][ T7949] netlink: 224 bytes leftover after parsing attributes in process `syz.3.978'. [ 141.750891][ T7949] netlink: 8 bytes leftover after parsing attributes in process `syz.3.978'. [ 141.817316][ T7944] netlink: 4 bytes leftover after parsing attributes in process `syz.3.978'. [ 141.865263][ T7960] trusted_key: syz.4.981 sent an empty control message without MSG_MORE. [ 141.950383][ T7960] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 142.036819][ T7926] netlink: 5 bytes leftover after parsing attributes in process `syz.1.970'. [ 142.325626][ T7982] nlmon0: entered promiscuous mode [ 142.353977][ T7982] vlan3: entered promiscuous mode [ 142.399806][ T7982] nlmon0: left promiscuous mode [ 142.487117][ T7989] netlink: 12 bytes leftover after parsing attributes in process `syz.3.992'. [ 142.519261][ T7993] bridge0: entered promiscuous mode [ 142.559101][ T7993] netlink: 12 bytes leftover after parsing attributes in process `syz.1.994'. [ 142.856909][ T7992] bridge0: left promiscuous mode [ 145.093480][ T8104] macvlan2: entered promiscuous mode [ 145.115304][ T8104] macvlan2: entered allmulticast mode [ 145.492113][ T8131] bridge0: entered promiscuous mode [ 145.643907][ T8142] macvlan2: entered promiscuous mode [ 145.658279][ T8142] macvlan2: entered allmulticast mode [ 146.573964][ T8171] __nla_validate_parse: 7 callbacks suppressed [ 146.573986][ T8171] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1048'. [ 146.883169][ T8184] IPVS: Scheduler module ip_vs_sip not found [ 147.050432][ T8197] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1056'. [ 147.127624][ T8192] syz_tun: entered allmulticast mode [ 147.175744][ T8191] syz_tun: left allmulticast mode [ 147.200558][ T8199] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1058'. [ 147.243445][ C0] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 147.250488][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.258604][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.266546][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.274672][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.282663][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.290777][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.298769][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.306845][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.314862][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.322974][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.331004][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.339103][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.347128][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.355240][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.363311][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.371396][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.379377][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.387421][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.395401][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.403496][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.411513][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.420781][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.428780][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.436840][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.444831][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.452942][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.460950][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.469050][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.476991][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.485091][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.493220][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.501312][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.509296][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.517357][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.525326][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.533522][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.541507][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.549616][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.557553][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.565653][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.573639][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.581713][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.589686][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.597827][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.605897][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.613985][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 147.621975][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 147.727268][ T8206] tipc: Enabled bearer , priority 10 [ 147.829797][ T8215] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1063'. [ 147.989137][ T8222] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1066'. [ 148.055990][ T8234] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1068'. [ 148.256526][ T8246] FAULT_INJECTION: forcing a failure. [ 148.256526][ T8246] name failslab, interval 1, probability 0, space 0, times 0 [ 148.282679][ T8249] FAULT_INJECTION: forcing a failure. [ 148.282679][ T8249] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 148.296282][ T8246] CPU: 1 PID: 8246 Comm: syz.1.1073 Not tainted 6.10.0-rc6-syzkaller-01261-ge0ee68a8bef9 #0 [ 148.306396][ T8246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 148.316505][ T8246] Call Trace: [ 148.319821][ T8246] [ 148.322817][ T8246] dump_stack_lvl+0x241/0x360 [ 148.327543][ T8246] ? __pfx_dump_stack_lvl+0x10/0x10 [ 148.332906][ T8246] ? __pfx__printk+0x10/0x10 [ 148.337647][ T8246] should_fail_ex+0x3b0/0x4e0 [ 148.342377][ T8246] ? __alloc_skb+0x1c3/0x440 [ 148.347016][ T8246] should_failslab+0x9/0x20 [ 148.351570][ T8246] kmem_cache_alloc_node_noprof+0x71/0x320 [ 148.357427][ T8246] ? br_get_link_af_size_filtered+0xdb/0xd30 [ 148.363604][ T8246] __alloc_skb+0x1c3/0x440 [ 148.368060][ T8246] ? __pfx___alloc_skb+0x10/0x10 [ 148.373050][ T8246] ? if_nlmsg_size+0x53a/0x7a0 [ 148.377847][ T8246] rtmsg_ifinfo_build_skb+0x84/0x260 [ 148.383158][ T8246] rtnetlink_event+0x1b1/0x260 [ 148.387940][ T8246] notifier_call_chain+0x19f/0x3e0 [ 148.393069][ T8246] dev_set_mtu_ext+0x4e5/0x710 [ 148.397940][ T8246] ? __pfx_dev_set_mtu_ext+0x10/0x10 [ 148.403243][ T8246] ? __mutex_trylock_common+0x183/0x2e0 [ 148.408810][ T8246] ? __pfx___mutex_trylock_common+0x10/0x10 [ 148.414724][ T8246] ? ib_device_get_by_netdev+0x85/0x5e0 [ 148.420420][ T8246] dev_set_mtu+0xb0/0x1a0 [ 148.424779][ T8246] ? __mutex_lock+0x2ef/0xd70 [ 148.429478][ T8246] ? __pfx_dev_set_mtu+0x10/0x10 [ 148.434461][ T8246] ? __pfx_hsr_netdev_notify+0x10/0x10 [ 148.439941][ T8246] ? udp_tunnel_nic_netdevice_event+0x192/0x12f0 [ 148.446322][ T8246] ? ip6_route_dev_notify+0x99/0x600 [ 148.451625][ T8246] ? notifier_call_chain+0x162/0x3e0 [ 148.456923][ T8246] team_change_mtu+0xbc/0x2b0 [ 148.461631][ T8246] dev_set_mtu_ext+0x3f8/0x710 [ 148.466414][ T8246] ? __pfx_dev_set_mtu_ext+0x10/0x10 [ 148.471732][ T8246] dev_set_mtu+0xb0/0x1a0 [ 148.476102][ T8246] ? __pfx___might_resched+0x10/0x10 [ 148.481400][ T8246] ? __pfx_dev_set_mtu+0x10/0x10 [ 148.486363][ T8246] ? __mutex_lock+0x2ef/0xd70 [ 148.491061][ T8246] ? full_name_hash+0x93/0xe0 [ 148.495772][ T8246] dev_ifsioc+0x566/0xe70 [ 148.500143][ T8246] ? __pfx_dev_ifsioc+0x10/0x10 [ 148.505025][ T8246] ? dev_load+0x21/0x1f0 [ 148.509296][ T8246] dev_ioctl+0x719/0x1340 [ 148.513665][ T8246] sock_do_ioctl+0x240/0x460 [ 148.518303][ T8246] ? __pfx_sock_do_ioctl+0x10/0x10 [ 148.523454][ T8246] sock_ioctl+0x629/0x8e0 [ 148.527804][ T8246] ? __pfx_sock_ioctl+0x10/0x10 [ 148.532665][ T8246] ? __fget_files+0x29/0x470 [ 148.537273][ T8246] ? __fget_files+0x3f6/0x470 [ 148.541963][ T8246] ? __fget_files+0x29/0x470 [ 148.546574][ T8246] ? bpf_lsm_file_ioctl+0x9/0x10 [ 148.551524][ T8246] ? security_file_ioctl+0x87/0xb0 [ 148.556649][ T8246] ? __pfx_sock_ioctl+0x10/0x10 [ 148.561510][ T8246] __se_sys_ioctl+0xfc/0x170 [ 148.566117][ T8246] do_syscall_64+0xf3/0x230 [ 148.570630][ T8246] ? clear_bhb_loop+0x35/0x90 [ 148.575323][ T8246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.581228][ T8246] RIP: 0033:0x7f9fea775bd9 [ 148.585654][ T8246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.605271][ T8246] RSP: 002b:00007f9feb5f9048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 148.613697][ T8246] RAX: ffffffffffffffda RBX: 00007f9fea903f60 RCX: 00007f9fea775bd9 [ 148.621696][ T8246] RDX: 00000000200008c0 RSI: 0000000000008922 RDI: 0000000000000005 [ 148.629775][ T8246] RBP: 00007f9feb5f90a0 R08: 0000000000000000 R09: 0000000000000000 [ 148.637781][ T8246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 148.645762][ T8246] R13: 000000000000000b R14: 00007f9fea903f60 R15: 00007ffd433fb938 [ 148.653766][ T8246] [ 148.658933][ T8249] CPU: 1 PID: 8249 Comm: syz.4.1075 Not tainted 6.10.0-rc6-syzkaller-01261-ge0ee68a8bef9 #0 [ 148.669050][ T8249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 148.679141][ T8249] Call Trace: [ 148.682456][ T8249] [ 148.685426][ T8249] dump_stack_lvl+0x241/0x360 [ 148.690159][ T8249] ? __pfx_dump_stack_lvl+0x10/0x10 [ 148.695408][ T8249] ? __pfx__printk+0x10/0x10 [ 148.700056][ T8249] should_fail_ex+0x3b0/0x4e0 [ 148.704796][ T8249] prepare_alloc_pages+0x1da/0x5d0 [ 148.709970][ T8249] __alloc_pages_noprof+0x166/0x6c0 [ 148.715231][ T8249] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 148.721034][ T8249] alloc_pages_mpol_noprof+0x3e8/0x680 [ 148.726737][ T8249] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 148.732253][ T8246] team_slave_1: mtu greater than device maximum [ 148.732768][ T8249] ? alloc_pages_noprof+0xef/0x170 [ 148.739277][ T8246] team0: Device team_slave_1 failed to change mtu [ 148.744123][ T8249] get_free_pages_noprof+0xc/0x30 [ 148.755733][ T8249] kasan_populate_vmalloc_pte+0x38/0xe0 [ 148.761341][ T8249] __apply_to_page_range+0x8a8/0xe50 [ 148.766688][ T8249] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 148.771350][ T5146] tipc: Node number set to 893414266 [ 148.772959][ T8249] ? __pfx___apply_to_page_range+0x10/0x10 [ 148.784081][ T8249] ? do_raw_spin_unlock+0x13c/0x8b0 [ 148.789337][ T8249] ? kmem_cache_alloc_node_noprof+0x1c4/0x320 [ 148.795476][ T8249] alloc_vmap_area+0x1d41/0x23e0 [ 148.800509][ T8249] ? __pfx_alloc_vmap_area+0x10/0x10 [ 148.805846][ T8249] ? __kasan_kmalloc+0x98/0xb0 [ 148.810654][ T8249] ? kmalloc_node_trace_noprof+0x1d3/0x300 [ 148.816478][ T8249] ? __get_vm_area_node+0x113/0x270 [ 148.821702][ T8249] ? bloom_map_alloc+0x21a/0x450 [ 148.826669][ T8249] __get_vm_area_node+0x1a9/0x270 [ 148.831737][ T8249] __vmalloc_node_range_noprof+0x3bc/0x1460 [ 148.837651][ T8249] ? bloom_map_alloc+0x21a/0x450 [ 148.842606][ T8249] ? __lock_acquire+0x1346/0x1fd0 [ 148.847856][ T8249] ? aa_get_newest_label+0xff/0x6f0 [ 148.853083][ T8249] ? __pfx_aa_get_newest_label+0x10/0x10 [ 148.858741][ T8249] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 148.865086][ T8249] ? apparmor_capable+0x138/0x1b0 [ 148.870134][ T8249] bpf_map_area_alloc+0xfc/0x120 [ 148.875185][ T8249] ? bloom_map_alloc+0x21a/0x450 [ 148.880142][ T8249] bloom_map_alloc+0x21a/0x450 [ 148.884921][ T8249] map_create+0x90c/0x1200 [ 148.889362][ T8249] ? security_bpf+0x87/0xb0 [ 148.893886][ T8249] __sys_bpf+0x6d1/0x810 [ 148.898151][ T8249] ? __pfx___sys_bpf+0x10/0x10 [ 148.902947][ T8249] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 148.908940][ T8249] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 148.915290][ T8249] __x64_sys_bpf+0x7c/0x90 [ 148.919815][ T8249] do_syscall_64+0xf3/0x230 [ 148.924378][ T8249] ? clear_bhb_loop+0x35/0x90 [ 148.929227][ T8249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.935319][ T8249] RIP: 0033:0x7f4472575bd9 [ 148.939748][ T8249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.959392][ T8249] RSP: 002b:00007f44733cb048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 148.967825][ T8249] RAX: ffffffffffffffda RBX: 00007f4472703f60 RCX: 00007f4472575bd9 [ 148.975808][ T8249] RDX: 0000000000000048 RSI: 00000000200003c0 RDI: 0000000000000000 [ 148.983800][ T8249] RBP: 00007f44733cb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 148.991780][ T8249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 148.999757][ T8249] R13: 000000000000000b R14: 00007f4472703f60 R15: 00007ffe84ac9c68 [ 149.007840][ T8249] [ 149.199756][ T8265] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1078'. [ 149.247534][ T8265] 0ªX¹¦À: renamed from caif0 [ 149.352780][ T8265] 0ªX¹¦À: entered allmulticast mode [ 149.358281][ T8265] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 149.378089][ T8272] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1079'. [ 149.535070][ T8287] FAULT_INJECTION: forcing a failure. [ 149.535070][ T8287] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 149.559680][ T8286] netlink: 116 bytes leftover after parsing attributes in process `syz.1.1084'. [ 149.562855][ T8287] CPU: 1 PID: 8287 Comm: syz.2.1086 Not tainted 6.10.0-rc6-syzkaller-01261-ge0ee68a8bef9 #0 [ 149.578826][ T8287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 149.588914][ T8287] Call Trace: [ 149.592220][ T8287] [ 149.595169][ T8287] dump_stack_lvl+0x241/0x360 [ 149.599869][ T8287] ? __pfx_dump_stack_lvl+0x10/0x10 [ 149.605080][ T8287] ? __pfx__printk+0x10/0x10 [ 149.609683][ T8287] ? __pfx_lock_release+0x10/0x10 [ 149.614721][ T8287] ? __lock_acquire+0x1346/0x1fd0 [ 149.619764][ T8287] should_fail_ex+0x3b0/0x4e0 [ 149.624469][ T8287] _copy_from_user+0x2f/0xe0 [ 149.629074][ T8287] sctp_getsockopt_assoc_stats+0xfa/0x9a0 [ 149.634816][ T8287] ? mark_lock+0x9a/0x350 [ 149.639158][ T8287] ? __pfx_sctp_getsockopt_assoc_stats+0x10/0x10 [ 149.645562][ T8287] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 149.651327][ T8287] sctp_getsockopt+0x42f/0xbb0 [ 149.656131][ T8287] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 149.662072][ T8287] do_sock_getsockopt+0x373/0x850 [ 149.667125][ T8287] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 149.672693][ T8287] ? __fget_files+0x3f6/0x470 [ 149.677399][ T8287] __sys_getsockopt+0x271/0x330 [ 149.682274][ T8287] ? __pfx___sys_getsockopt+0x10/0x10 [ 149.687667][ T8287] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 149.694010][ T8287] ? do_syscall_64+0x100/0x230 [ 149.698790][ T8287] __x64_sys_getsockopt+0xb5/0xd0 [ 149.703836][ T8287] do_syscall_64+0xf3/0x230 [ 149.708350][ T8287] ? clear_bhb_loop+0x35/0x90 [ 149.713054][ T8287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.718971][ T8287] RIP: 0033:0x7fc31b575bd9 [ 149.723415][ T8287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.743314][ T8287] RSP: 002b:00007fc31c3a2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 149.751762][ T8287] RAX: ffffffffffffffda RBX: 00007fc31b703f60 RCX: 00007fc31b575bd9 [ 149.759751][ T8287] RDX: 0000000000000070 RSI: 0000000000000084 RDI: 0000000000000003 [ 149.767818][ T8287] RBP: 00007fc31c3a20a0 R08: 0000000020001080 R09: 0000000000000000 [ 149.775801][ T8287] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 149.783782][ T8287] R13: 000000000000000b R14: 00007fc31b703f60 R15: 00007ffeef3b1968 [ 149.791874][ T8287] [ 150.018326][ T8291] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1088'. [ 150.069477][ T8291] Êü: entered promiscuous mode [ 150.212857][ T8306] 1ªX¹¦À: renamed from 60ªX¹¦À [ 150.234740][ T8306] A link change request failed with some changes committed already. Interface 61ªX¹¦À may have been left with an inconsistent configuration, please check. [ 150.761080][ T8337] tipc: Invalid UDP bearer configuration [ 150.761138][ T8337] tipc: Enabling of bearer rejected, failed to enable media [ 150.907793][ T8348] validate_nla: 4 callbacks suppressed [ 150.907815][ T8348] netlink: 'syz.3.1111': attribute type 29 has an invalid length. [ 150.933328][ T8348] netlink: 'syz.3.1111': attribute type 29 has an invalid length. [ 151.377169][ T8371] tap0: tun_chr_ioctl cmd 2147767506 [ 151.743358][ T8398] __nla_validate_parse: 9 callbacks suppressed [ 151.743379][ T8398] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1125'. [ 151.851721][ T8399] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1128'. [ 152.024829][ T8411] netlink: 'syz.1.1130': attribute type 1 has an invalid length. [ 152.085992][ T8414] netlink: 'syz.3.1133': attribute type 10 has an invalid length. [ 152.120085][ T8414] batman_adv: batadv0: Adding interface: team0 [ 152.127198][ T8414] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 152.178117][ T8414] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 152.186572][ T8422] xt_TCPMSS: Only works on TCP SYN packets [ 152.356380][ T8425] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1136'. [ 152.366078][ T8425] 0ªX¹¦À: renamed from caif0 [ 152.373889][ T8425] 0ªX¹¦À: entered allmulticast mode [ 152.379561][ T8425] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 152.779863][ T8448] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1146'. [ 152.799465][ T8446] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (129) [ 153.365654][ T8478] vlan3: entered promiscuous mode [ 153.376563][ T8478] syz_tun: entered promiscuous mode [ 153.397729][ T8478] team0: Port device vlan3 added [ 153.855605][ T8501] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1164'. [ 153.874403][ T8501] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1164'. [ 154.475652][ T8529] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1174'. [ 154.510466][ T8529] ip6gretap0: entered promiscuous mode [ 154.541320][ T8529] macvtap1: entered promiscuous mode [ 154.546817][ T8529] macvtap1: entered allmulticast mode [ 154.586461][ T8529] ip6gretap0: entered allmulticast mode [ 154.606452][ T8530] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1174'. [ 154.642913][ T8530] ip6gretap0: left allmulticast mode [ 154.666721][ T8530] ip6gretap0: left promiscuous mode [ 154.686687][ T8530] macvtap1: left promiscuous mode [ 154.696714][ T5096] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 154.703831][ T8530] macvtap1: left allmulticast mode [ 154.714244][ T5096] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 154.723262][ T5096] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 154.735680][ T5096] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 154.744984][ T5096] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 154.753692][ T5096] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 154.927199][ T8544] netlink: 'syz.4.1178': attribute type 1 has an invalid length. [ 155.001504][ T8544] bond1: entered promiscuous mode [ 155.027527][ T8550] bond1: (slave ip6gretap1): making interface the new active one [ 155.036741][ T8550] ip6gretap1: entered promiscuous mode [ 155.046545][ T8550] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 155.080059][ T8544] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1178'. [ 155.111495][ T8544] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1178'. [ 155.131144][ T8544] bond1: entered allmulticast mode [ 155.136330][ T8544] ip6gretap1: entered allmulticast mode [ 155.149743][ T8544] 8021q: adding VLAN 0 to HW filter on device bond1 [ 155.204705][ T8544] netlink: 'syz.4.1178': attribute type 1 has an invalid length. [ 155.600511][ T8533] chnl_net:caif_netlink_parms(): no params data found [ 155.837248][ T8533] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.847011][ T8533] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.855332][ T8533] bridge_slave_0: entered allmulticast mode [ 155.864832][ T8533] bridge_slave_0: entered promiscuous mode [ 155.884725][ T8533] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.896042][ T8533] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.904067][ T8533] bridge_slave_1: entered allmulticast mode [ 155.914625][ T8533] bridge_slave_1: entered promiscuous mode [ 156.122896][ T8533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 156.176789][ T8533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 156.295093][ T8533] team0: Port device team_slave_0 added [ 156.337299][ T8533] team0: Port device team_slave_1 added [ 156.483541][ T8533] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 156.527093][ T8533] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.561941][ T8533] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 156.580576][ T8533] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 156.590808][ T8533] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.627433][ T8533] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 156.773042][ T8613] vlan2: entered promiscuous mode [ 156.793459][ T8613] syz_tun: entered promiscuous mode [ 156.821409][ T5096] Bluetooth: hci2: command tx timeout [ 156.835066][ T8613] team0: Port device vlan2 added [ 156.873955][ T8533] hsr_slave_0: entered promiscuous mode [ 156.905679][ T8533] hsr_slave_1: entered promiscuous mode [ 156.939620][ T8533] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 156.947273][ T8533] Cannot create hsr debugfs directory [ 157.270987][ T8633] tipc: Enabling of bearer rejected, failed to enable media [ 157.705637][ T8533] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.858064][ T8533] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.041841][ T8533] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.131272][ T8533] netdevsim netdevsim3  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.499928][ T8533] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 158.519289][ T8533] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 158.547925][ T8533] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 158.603521][ T8533] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 158.898600][ T5096] Bluetooth: hci2: command tx timeout [ 159.014664][ T8533] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.073917][ T8533] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.103918][ T785] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.111157][ T785] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.193223][ T785] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.200520][ T785] bridge0: port 2(bridge_slave_1) entered forwarding state [ 159.264270][ T8677] __nla_validate_parse: 2 callbacks suppressed [ 159.264294][ T8677] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1218'. [ 160.106902][ T8533] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.561694][ T8533] veth0_vlan: entered promiscuous mode [ 160.655491][ T8533] veth1_vlan: entered promiscuous mode [ 160.687140][ T8707] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1226'. [ 160.711234][ T8703] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1224'. [ 160.793725][ T8533] veth0_macvtap: entered promiscuous mode [ 160.833548][ T8533] veth1_macvtap: entered promiscuous mode [ 160.852085][ T8712] bridge0: port 3(macsec0) entered blocking state [ 160.869279][ T8712] bridge0: port 3(macsec0) entered disabled state [ 160.894504][ T8712] macsec0: entered allmulticast mode [ 160.914034][ T8712] veth1_macvtap: entered allmulticast mode [ 160.924295][ T8712] macsec0: entered promiscuous mode [ 160.933264][ T8712] bridge0: port 3(macsec0) entered blocking state [ 160.940287][ T8712] bridge0: port 3(macsec0) entered forwarding state [ 160.979484][ T5096] Bluetooth: hci2: command tx timeout [ 161.173661][ T8533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.201613][ T8533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.223505][ T8533] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 161.351963][ T8533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.373657][ T8533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.384940][ T8533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.395609][ T8533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.405807][ T8533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.417229][ T8533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.430218][ T8533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.440920][ T8533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.452778][ T8533] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 161.510095][ T8533] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.530763][ T8533] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.543480][ T8533] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.553408][ T8533] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.775646][ T7433] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 161.791479][ T7433] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.801097][ T8750] netlink: 'syz.1.1240': attribute type 1 has an invalid length. [ 161.838556][ T8750] netlink: 'syz.1.1240': attribute type 1 has an invalid length. [ 161.875053][ T8750] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1240'. [ 161.876075][ T8751] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1239'. [ 161.885447][ T7433] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 161.903670][ T8753] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1241'. [ 161.911862][ T7433] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 162.120397][ T8761] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.1172'. [ 162.145528][ T8760] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1243'. [ 162.386537][ T8771] netlink: 'syz.1.1244': attribute type 8 has an invalid length. [ 162.424155][ T8775] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 162.424707][ T8771] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1244'. [ 162.685042][ T8784] netlink: 'syz.1.1251': attribute type 1 has an invalid length. [ 162.706477][ T8784] netlink: 'syz.1.1251': attribute type 1 has an invalid length. [ 162.742086][ T8784] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1251'. [ 162.959597][ T8802] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 163.058644][ T5096] Bluetooth: hci2: command tx timeout [ 163.153182][ T8816] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled [ 163.269384][ T8821] netlink: 'syz.2.1267': attribute type 1 has an invalid length. [ 163.287476][ T8821] netlink: 'syz.2.1267': attribute type 1 has an invalid length. [ 163.799480][ T8857] netlink: 'syz.1.1282': attribute type 1 has an invalid length. [ 163.814093][ T8857] netlink: 'syz.1.1282': attribute type 1 has an invalid length. [ 164.316144][ T5629] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.342222][ T5629] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.690823][ T8895] netlink: 'syz.2.1292': attribute type 1 has an invalid length. [ 164.711457][ T8895] __nla_validate_parse: 6 callbacks suppressed [ 164.711478][ T8895] netlink: 101600 bytes leftover after parsing attributes in process `syz.2.1292'. [ 164.792768][ T8897] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 164.833778][ T8897] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 164.878730][ T8900] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1294'. [ 164.917354][ T8897] netem: change failed [ 165.389631][ T8938] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1309'. [ 165.817377][ T8967] xt_CT: You must specify a L4 protocol and not use inversions on it [ 165.897345][ T8974] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1319'. [ 166.084117][ T8981] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1322'. [ 166.156537][ T8985] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1324'. [ 166.156995][ T8983] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1323'. [ 166.220195][ T8983] macvlan3: entered allmulticast mode [ 166.236054][ T8987] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1325'. [ 166.238476][ T8983] mac80211_hwsim hwsim10 wlan0: entered promiscuous mode [ 166.274347][ T8983] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode [ 166.311793][ T8983] bond0: (slave macvlan3): Enslaving as an active interface with an up link [ 166.824929][ T8996] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1330'. [ 166.862520][ T8996] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1330'. [ 166.896909][ T8998] validate_nla: 8 callbacks suppressed [ 166.896932][ T8998] netlink: 'syz.1.1329': attribute type 13 has an invalid length. [ 166.993543][ T9005] bridge2: entered promiscuous mode [ 167.011008][ T9005] vlan5: entered promiscuous mode [ 167.046050][ T8996] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 167.054411][ T8996] IPv6: NLM_F_CREATE should be set when creating new route [ 167.134872][ T9011] netlink: 'syz.2.1335': attribute type 1 has an invalid length. [ 167.160115][ T9011] netlink: 'syz.2.1335': attribute type 1 has an invalid length. [ 167.178276][ T9016] nbd: must specify at least one socket [ 167.323152][ T9023] 1ªX¹¦À: renamed from 60ªX¹¦À [ 167.360193][ T9023] A link change request failed with some changes committed already. Interface 61ªX¹¦À may have been left with an inconsistent configuration, please check. [ 167.382921][ T9027] netlink: 'syz.2.1340': attribute type 1 has an invalid length. [ 168.103996][ T9063] netlink: 'syz.0.1350': attribute type 1 has an invalid length. [ 168.131186][ T9063] netlink: 'syz.0.1350': attribute type 1 has an invalid length. [ 168.332874][ T9078] xt_hashlimit: max too large, truncated to 1048576 [ 168.503152][ T9091] x_tables: ip_tables: osf match: only valid for protocol 6 [ 168.602953][ T9094] team0: entered promiscuous mode [ 168.608147][ T9094] team_slave_0: entered promiscuous mode [ 168.614592][ T9094] team_slave_1: entered promiscuous mode [ 168.631121][ T9097] FAULT_INJECTION: forcing a failure. [ 168.631121][ T9097] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 168.648089][ T9097] CPU: 0 PID: 9097 Comm: syz.2.1361 Not tainted 6.10.0-rc6-syzkaller-01261-ge0ee68a8bef9 #0 [ 168.658222][ T9097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 168.668317][ T9097] Call Trace: [ 168.671632][ T9097] [ 168.674600][ T9097] dump_stack_lvl+0x241/0x360 [ 168.679324][ T9097] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.684553][ T9097] ? __pfx__printk+0x10/0x10 [ 168.689179][ T9097] should_fail_ex+0x3b0/0x4e0 [ 168.693906][ T9097] prepare_alloc_pages+0x1da/0x5d0 [ 168.699054][ T9097] __alloc_pages_noprof+0x166/0x6c0 [ 168.704281][ T9097] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 168.710064][ T9097] alloc_pages_mpol_noprof+0x3e8/0x680 [ 168.715593][ T9097] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 168.721703][ T9097] ? alloc_pages_noprof+0xef/0x170 [ 168.726864][ T9097] get_free_pages_noprof+0xc/0x30 [ 168.731915][ T9097] kasan_populate_vmalloc_pte+0x38/0xe0 [ 168.737476][ T9097] __apply_to_page_range+0x8a8/0xe50 [ 168.742795][ T9097] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 168.749057][ T9097] ? __pfx___apply_to_page_range+0x10/0x10 [ 168.754882][ T9097] ? do_raw_spin_unlock+0x13c/0x8b0 [ 168.760097][ T9097] ? kmem_cache_alloc_node_noprof+0x1c4/0x320 [ 168.766203][ T9097] alloc_vmap_area+0x1d41/0x23e0 [ 168.771192][ T9097] ? __pfx_alloc_vmap_area+0x10/0x10 [ 168.776494][ T9097] ? __kasan_kmalloc+0x98/0xb0 [ 168.781290][ T9097] ? kmalloc_node_trace_noprof+0x1d3/0x300 [ 168.787207][ T9097] ? __get_vm_area_node+0x113/0x270 [ 168.792427][ T9097] ? bloom_map_alloc+0x21a/0x450 [ 168.797393][ T9097] __get_vm_area_node+0x1a9/0x270 [ 168.802442][ T9097] __vmalloc_node_range_noprof+0x3bc/0x1460 [ 168.808351][ T9097] ? bloom_map_alloc+0x21a/0x450 [ 168.813397][ T9097] ? __lock_acquire+0x1346/0x1fd0 [ 168.818562][ T9097] ? aa_get_newest_label+0xff/0x6f0 [ 168.823926][ T9097] ? __pfx_aa_get_newest_label+0x10/0x10 [ 168.829583][ T9097] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 168.836022][ T9097] ? apparmor_capable+0x138/0x1b0 [ 168.841157][ T9097] bpf_map_area_alloc+0xfc/0x120 [ 168.846111][ T9097] ? bloom_map_alloc+0x21a/0x450 [ 168.851063][ T9097] bloom_map_alloc+0x21a/0x450 [ 168.855844][ T9097] map_create+0x90c/0x1200 [ 168.860283][ T9097] ? security_bpf+0x87/0xb0 [ 168.864820][ T9097] __sys_bpf+0x6d1/0x810 [ 168.869087][ T9097] ? __pfx___sys_bpf+0x10/0x10 [ 168.873905][ T9097] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 168.879989][ T9097] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 168.886346][ T9097] ? do_syscall_64+0x100/0x230 [ 168.891134][ T9097] __x64_sys_bpf+0x7c/0x90 [ 168.895586][ T9097] do_syscall_64+0xf3/0x230 [ 168.900103][ T9097] ? clear_bhb_loop+0x35/0x90 [ 168.904796][ T9097] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.910874][ T9097] RIP: 0033:0x7fc31b575bd9 [ 168.915421][ T9097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.935996][ T9097] RSP: 002b:00007fc31c3a2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 168.944433][ T9097] RAX: ffffffffffffffda RBX: 00007fc31b703f60 RCX: 00007fc31b575bd9 [ 168.952424][ T9097] RDX: 0000000000000048 RSI: 00000000200003c0 RDI: 0000000000000000 [ 168.960415][ T9097] RBP: 00007fc31c3a20a0 R08: 0000000000000000 R09: 0000000000000000 [ 168.968407][ T9097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 168.976571][ T9097] R13: 000000000000000b R14: 00007fc31b703f60 R15: 00007ffeef3b1968 [ 168.984565][ T9097] [ 169.183756][ T9100] team0: left promiscuous mode [ 169.219993][ T9100] team_slave_0: left promiscuous mode [ 169.225639][ T9100] team_slave_1: left promiscuous mode [ 169.370586][ T9119] x_tables: ip_tables: osf match: only valid for protocol 6 [ 169.481957][ T9122] rose0: entered allmulticast mode [ 169.597058][ T9133] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 169.739240][ T9142] __nla_validate_parse: 8 callbacks suppressed [ 169.739262][ T9142] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1377'. [ 169.862375][ T9142] team0: Port device bridge5 added [ 169.980413][ T9158] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1381'. [ 169.988781][ T9142] syz.0.1377 (9142) used greatest stack depth: 17752 bytes left [ 170.071535][ T9164] netlink: 'syz.0.1383': attribute type 29 has an invalid length. [ 170.087015][ T9164] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1383'. [ 170.103607][ T9157] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1380'. [ 170.113653][ T9164] netlink: 'syz.0.1383': attribute type 29 has an invalid length. [ 170.126881][ T9165] x_tables: ip_tables: osf match: only valid for protocol 6 [ 170.130548][ T9164] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1383'. [ 170.268616][ T9170] ɶƣ0GC¦: entered promiscuous mode [ 170.323781][ T9174] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1388'. [ 170.517233][ T9186] vxcan1: tx address claim with dest, not broadcast [ 170.525849][ T9185] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1391'. [ 171.007071][ T9218] netlink: 'syz.4.1403': attribute type 1 has an invalid length. [ 171.120176][ T9229] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd [ 171.291918][ T9238] xt_TCPMSS: Only works on TCP SYN packets [ 171.732455][ T9268] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1417'. [ 171.857363][ T9270] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1418'. [ 171.898616][ T9270] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1418'. [ 171.962217][ T9275] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 173.373907][ T6897] syz_tun: left promiscuous mode [ 173.456622][ T5101] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 173.468282][ T5101] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 173.481627][ T5101] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 173.489411][ T6897] team0: Port device vlan2 removed [ 173.495680][ T5101] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 173.508196][ T5101] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 173.518703][ T5101] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 173.731084][ T5609] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.902304][ T5609] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.926656][ T9357] FAULT_INJECTION: forcing a failure. [ 173.926656][ T9357] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 173.929362][ T9360] smc: net device lo applied user defined pnetid SYZ2 [ 173.944102][ T9357] CPU: 0 PID: 9357 Comm: syz.4.1448 Not tainted 6.10.0-rc6-syzkaller-01261-ge0ee68a8bef9 #0 [ 173.957335][ T9357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 173.967431][ T9357] Call Trace: [ 173.970741][ T9357] [ 173.973690][ T9357] dump_stack_lvl+0x241/0x360 [ 173.978385][ T9357] ? __pfx_dump_stack_lvl+0x10/0x10 [ 173.983604][ T9357] ? __pfx__printk+0x10/0x10 [ 173.988216][ T9357] ? __pfx_lock_release+0x10/0x10 [ 173.993262][ T9357] should_fail_ex+0x3b0/0x4e0 [ 173.997961][ T9357] _copy_from_user+0x2f/0xe0 [ 174.002564][ T9357] copy_msghdr_from_user+0xae/0x680 [ 174.007794][ T9357] ? _parse_integer_limit+0x1b5/0x200 [ 174.013278][ T9357] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 174.019123][ T9357] __sys_sendmmsg+0x374/0x740 [ 174.023831][ T9357] ? __pfx___sys_sendmmsg+0x10/0x10 [ 174.029111][ T9357] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 174.035031][ T9357] ? ksys_write+0x23e/0x2c0 [ 174.039853][ T9357] ? __pfx_lock_release+0x10/0x10 [ 174.046029][ T9357] ? vfs_write+0x7c4/0xc90 [ 174.050617][ T9357] ? __mutex_unlock_slowpath+0x21d/0x750 [ 174.056292][ T9357] ? __pfx_vfs_write+0x10/0x10 [ 174.061090][ T9357] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 174.067088][ T9357] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 174.073433][ T9357] ? do_syscall_64+0x100/0x230 [ 174.078212][ T9357] __x64_sys_sendmmsg+0xa0/0xb0 [ 174.083112][ T9357] do_syscall_64+0xf3/0x230 [ 174.087713][ T9357] ? clear_bhb_loop+0x35/0x90 [ 174.092403][ T9357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.098574][ T9357] RIP: 0033:0x7f4472575bd9 [ 174.103015][ T9357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.122735][ T9357] RSP: 002b:00007f44733cb048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 174.131169][ T9357] RAX: ffffffffffffffda RBX: 00007f4472703f60 RCX: 00007f4472575bd9 [ 174.139160][ T9357] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000006 [ 174.147145][ T9357] RBP: 00007f44733cb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 174.155125][ T9357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 174.163108][ T9357] R13: 000000000000000b R14: 00007f4472703f60 R15: 00007ffe84ac9c68 [ 174.171104][ T9357] [ 174.226622][ T9360] smc: net device lo erased user defined pnetid SYZ2 [ 174.437077][ T9372] vxcan1: tx address claim with different name [ 174.571203][ T9379] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 174.735753][ T5609] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.915524][ T5609] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.941083][ T9393] __nla_validate_parse: 7 callbacks suppressed [ 174.941103][ T9393] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1460'. [ 175.089895][ T9399] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1463'. [ 175.126457][ T9338] chnl_net:caif_netlink_parms(): no params data found [ 175.140620][ T9404] x_tables: ip_tables: osf match: only valid for protocol 6 [ 175.418136][ T5609] bridge_slave_1: left allmulticast mode [ 175.428079][ T5609] bridge_slave_1: left promiscuous mode [ 175.434366][ T5609] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.451133][ T5609] bridge_slave_0: left allmulticast mode [ 175.468934][ T5609] bridge_slave_0: left promiscuous mode [ 175.478746][ T5609] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.479650][ T9421] x_tables: duplicate underflow at hook 3 [ 175.634340][ T5101] Bluetooth: hci1: command tx timeout [ 176.146739][ T5609] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 176.166872][ T5609] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 176.183569][ T5609] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 176.195804][ T5609] bond0 (unregistering): Released all slaves [ 176.208264][ T9419] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1471'. [ 176.217961][ T9338] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.243840][ T9338] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.262772][ T9338] bridge_slave_0: entered allmulticast mode [ 176.292496][ T9338] bridge_slave_0: entered promiscuous mode [ 176.350862][ T9338] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.370970][ T9338] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.378285][ T9338] bridge_slave_1: entered allmulticast mode [ 176.416741][ T9338] bridge_slave_1: entered promiscuous mode [ 176.620203][ T9338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 176.820496][ T9467] xt_cgroup: path and classid specified [ 176.887535][ T9338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 176.887609][ T9474] netlink: zone id is out of range [ 176.903833][ T9468] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1483'. [ 176.910082][ T9474] netlink: zone id is out of range [ 176.923850][ T9474] netlink: zone id is out of range [ 176.925557][ T9470] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1486'. [ 176.930316][ T9474] netlink: zone id is out of range [ 176.944457][ T9474] netlink: zone id is out of range [ 176.950651][ T9474] netlink: zone id is out of range [ 176.956529][ T9474] netlink: zone id is out of range [ 176.965365][ T9474] netlink: zone id is out of range [ 176.979726][ T9475] netlink: 'syz.2.1488': attribute type 3 has an invalid length. [ 176.985980][ T9474] netlink: zone id is out of range [ 177.009050][ T9474] netlink: set zone limit has 4 unknown bytes [ 177.015644][ T9475] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.1488'. [ 177.163975][ T5609] hsr_slave_0: left promiscuous mode [ 177.209054][ T9483] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1491'. [ 177.222510][ T9483] netlink: 43 bytes leftover after parsing attributes in process `syz.3.1491'. [ 177.233584][ T9483] netlink: 'syz.3.1491': attribute type 5 has an invalid length. [ 177.241436][ T9483] netlink: 43 bytes leftover after parsing attributes in process `syz.3.1491'. [ 177.255118][ T5609] hsr_slave_1: left promiscuous mode [ 177.275195][ T5609] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 177.285661][ T5609] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 177.305261][ T5609] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 177.313040][ T5609] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 177.336837][ T5609] veth1_macvtap: left promiscuous mode [ 177.342773][ T5609] veth0_macvtap: left promiscuous mode [ 177.348879][ T5609] veth1_vlan: left promiscuous mode [ 177.355216][ T5609] veth0_vlan: left promiscuous mode [ 177.698913][ T5101] Bluetooth: hci1: command tx timeout [ 177.953949][ T5609] team0 (unregistering): Port device team_slave_1 removed [ 177.994462][ T5609] team0 (unregistering): Port device team_slave_0 removed [ 178.130758][ T9493] netlink: 180 bytes leftover after parsing attributes in process `syz.2.1495'. [ 178.147242][ T9493] netlink: 'syz.2.1495': attribute type 1 has an invalid length. [ 178.511366][ T9338] team0: Port device team_slave_0 added [ 178.630260][ T9493] netem: invalid attributes len -24 [ 178.635681][ T9493] netem: change failed [ 178.661277][ T9338] team0: Port device team_slave_1 added [ 178.945341][ T9338] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 178.979622][ T9338] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.016487][ T9338] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 179.059490][ T9338] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 179.066508][ T9338] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.172107][ T9338] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 179.523356][ T9536] netlink: 'syz.3.1506': attribute type 3 has an invalid length. [ 179.627997][ T9338] hsr_slave_0: entered promiscuous mode [ 179.664473][ T9338] hsr_slave_1: entered promiscuous mode [ 179.780432][ T5101] Bluetooth: hci1: command tx timeout [ 179.789068][ T9552] x_tables: ip_tables: osf match: only valid for protocol 6 [ 180.276314][ T9578] netlink: 'syz.0.1520': attribute type 29 has an invalid length. [ 180.285830][ T9583] netlink: 'syz.2.1521': attribute type 4 has an invalid length. [ 180.297096][ T9578] netlink: 'syz.0.1520': attribute type 29 has an invalid length. [ 180.314141][ T9578] __nla_validate_parse: 2 callbacks suppressed [ 180.314164][ T9578] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1520'. [ 180.595541][ T9597] netlink: 'syz.4.1525': attribute type 1 has an invalid length. [ 180.603591][ T9597] netlink: 'syz.4.1525': attribute type 1 has an invalid length. [ 180.616259][ T9597] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1525'. [ 180.750752][ T9600] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1526'. [ 180.834948][ T9338] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 180.869875][ T9338] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 180.919016][ T9338] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 180.947978][ T9338] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 181.270780][ T9622] ieee802154 phy0 wpan0: encryption failed: -22 [ 181.331838][ T9626] bridge4: the hash_elasticity option has been deprecated and is always 16 [ 181.356370][ T9338] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.389439][ T9629] netlink: 'syz.3.1536': attribute type 1 has an invalid length. [ 181.438762][ T9629] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1536'. [ 181.454832][ T9338] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.552392][ T9636] xt_bpf: check failed: parse error [ 181.593690][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.601161][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.648813][ T5178] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.656001][ T5178] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.858598][ T5101] Bluetooth: hci1: command tx timeout [ 182.050581][ T9659] validate_nla: 2 callbacks suppressed [ 182.050604][ T9659] netlink: 'syz.2.1549': attribute type 1 has an invalid length. [ 182.090684][ T9659] netlink: 'syz.2.1549': attribute type 1 has an invalid length. [ 182.131481][ T9664] netlink: 'syz.3.1550': attribute type 7 has an invalid length. [ 182.159588][ T9668] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1549'. [ 182.383696][ T9338] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.553626][ T9338] veth0_vlan: entered promiscuous mode [ 182.604122][ T9338] veth1_vlan: entered promiscuous mode [ 182.670671][ T9695] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1559'. [ 182.712236][ T9338] veth0_macvtap: entered promiscuous mode [ 182.752929][ T9338] veth1_macvtap: entered promiscuous mode [ 182.805895][ T9338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 182.857221][ T9338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.891971][ T9338] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 182.917583][ T9338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 182.943051][ T9338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.947561][ T9705] netlink: 'syz.4.1563': attribute type 29 has an invalid length. [ 182.953023][ T9338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 182.953049][ T9338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.004705][ T9338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 183.026642][ T9338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.036815][ T9338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 183.047627][ T9338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 183.060062][ T9338] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 183.073560][ T9338] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.082450][ T9338] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.092382][ T9338] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.103092][ T9338] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.114673][ T9705] netlink: 'syz.4.1563': attribute type 29 has an invalid length. [ 183.281024][ T9715] netlink: 'syz.4.1567': attribute type 1 has an invalid length. [ 183.305856][ T2448] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 183.313892][ T9715] netlink: 9384 bytes leftover after parsing attributes in process `syz.4.1567'. [ 183.331469][ T2448] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 183.450081][ T9722] netlink: 'syz.0.1570': attribute type 29 has an invalid length. [ 183.458884][ T2448] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 183.466749][ T2448] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 183.498052][ T9722] netlink: 'syz.0.1570': attribute type 29 has an invalid length. [ 183.542872][ T9728] netlink: 'syz.0.1570': attribute type 29 has an invalid length. [ 183.565899][ T9722] netlink: 'syz.0.1570': attribute type 29 has an invalid length. [ 183.602873][ T9727] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1572'. [ 183.809132][ T9741] vlan3: entered promiscuous mode [ 183.814245][ T9741] macvlan1: entered promiscuous mode [ 183.874864][ T9741] vlan3: entered allmulticast mode [ 183.895649][ T9741] macvlan1: entered allmulticast mode [ 183.909438][ T9741] veth1_vlan: entered allmulticast mode [ 183.928153][ T9741] macvlan1: left allmulticast mode [ 183.945766][ T9741] veth1_vlan: left allmulticast mode [ 183.969432][ T9741] macvlan1: left promiscuous mode [ 184.268809][ T9753] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1581'. [ 184.331374][ T5096] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 184.348303][ T5096] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 184.362384][ T5096] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 184.372152][ T5096] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 184.382650][ T5096] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 184.399600][ T5096] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 184.491927][ T9770] No such timeout policy "syz0" [ 184.542649][ T9762] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1583'. [ 184.821095][ T5609] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.016624][ T5609] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.154832][ T5609] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.309672][ T5609] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 185.320597][ T9813] __nla_validate_parse: 3 callbacks suppressed [ 185.320615][ T9813] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1598'. [ 185.343816][ T9813] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1598'. [ 185.821168][ T5609] bridge_slave_1: left allmulticast mode [ 185.849759][ T5609] bridge_slave_1: left promiscuous mode [ 185.855592][ T5609] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.909515][ T5609] bridge_slave_0: left allmulticast mode [ 185.915218][ T5609] bridge_slave_0: left promiscuous mode [ 185.926183][ T5609] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.464583][ T5609] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 186.477052][ T5609] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 186.498799][ T5096] Bluetooth: hci5: command tx timeout [ 186.500438][ T5609] bond0 (unregistering): Released all slaves [ 186.526198][ T9842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 186.538037][ T9842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.550142][ T9842] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 186.586172][ T9845] netlink: 34 bytes leftover after parsing attributes in process `syz.0.1610'. [ 186.625613][ T9846] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 53506 - 0 [ 186.635884][ T9846] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 53506 - 0 [ 186.645518][ T9846] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 53506 - 0 [ 186.655125][ T9846] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 53506 - 0 [ 186.666186][ T9846] netdevsim netdevsim1 netdevsim0: set [1, 2] type 2 family 0 port 40829 - 0 [ 186.681785][ T9846] netdevsim netdevsim1 netdevsim1: set [1, 2] type 2 family 0 port 40829 - 0 [ 186.690841][ T9846] netdevsim netdevsim1 netdevsim2: set [1, 2] type 2 family 0 port 40829 - 0 [ 186.702566][ T9846] netdevsim netdevsim1 netdevsim3: set [1, 2] type 2 family 0 port 40829 - 0 [ 186.714551][ T9846] geneve2: entered promiscuous mode [ 186.723203][ T9846] geneve2: entered allmulticast mode [ 186.732295][ T9848] netlink: 34 bytes leftover after parsing attributes in process `syz.0.1610'. [ 186.882038][ T9756] chnl_net:caif_netlink_parms(): no params data found [ 186.920483][ T9871] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1617'. [ 186.987380][ T9865] IPVS: Scheduler module ip_vs_sip not found [ 187.109284][ T9878] xt_bpf: check failed: parse error [ 187.130991][ T9875] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1618'. [ 187.294665][ T5609] hsr_slave_0: left promiscuous mode [ 187.323792][ T5609] hsr_slave_1: left promiscuous mode [ 187.351706][ T9893] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1626'. [ 187.362639][ T5609] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 187.385494][ T5609] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 187.414562][ T5609] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 187.441554][ T5609] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 187.474898][ T5609] veth1_macvtap: left promiscuous mode [ 187.480783][ T5609] veth0_macvtap: left promiscuous mode [ 187.487498][ T5609] veth1_vlan: left promiscuous mode [ 187.493320][ T5609] veth0_vlan: left promiscuous mode [ 188.112203][ T5609] team0 (unregistering): Port device team_slave_1 removed [ 188.161822][ T5609] team0 (unregistering): Port device team_slave_0 removed [ 188.575704][ T9903] team_slave_1: mtu greater than device maximum [ 188.583120][ T5096] Bluetooth: hci5: command tx timeout [ 188.592235][ T9903] team0: Device team_slave_1 failed to change mtu [ 188.817944][ T9756] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.871656][ T9756] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.900181][ T9756] bridge_slave_0: entered allmulticast mode [ 188.918607][ T9756] bridge_slave_0: entered promiscuous mode [ 188.960617][ T9756] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.001084][ T9756] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.018517][ T9756] bridge_slave_1: entered allmulticast mode [ 189.042249][ T9756] bridge_slave_1: entered promiscuous mode [ 189.120425][ T9930] tipc: Enabling of bearer rejected, failed to enable media [ 189.211783][ T9756] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.246241][ T9756] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.276191][ T9941] validate_nla: 1 callbacks suppressed [ 189.276214][ T9941] netlink: 'syz.0.1642': attribute type 29 has an invalid length. [ 189.308244][ T9941] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1642'. [ 189.385110][ T9941] netlink: 'syz.0.1642': attribute type 29 has an invalid length. [ 189.398128][ T9941] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1642'. [ 189.504500][ T9756] team0: Port device team_slave_0 added [ 189.520549][ T9940] hsr0: entered promiscuous mode [ 189.531365][ T9756] team0: Port device team_slave_1 added [ 189.671476][ T9756] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 189.694480][ T9756] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.779829][ T9756] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 189.841065][ T9962] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1647'. [ 189.860613][ T9756] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 189.878540][ T9756] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.940777][ T9756] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.096939][ T9756] hsr_slave_0: entered promiscuous mode [ 190.108140][ T9756] hsr_slave_1: entered promiscuous mode [ 190.138679][ T9756] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 190.156640][ T9756] Cannot create hsr debugfs directory [ 190.226337][ T9992] FAULT_INJECTION: forcing a failure. [ 190.226337][ T9992] name failslab, interval 1, probability 0, space 0, times 0 [ 190.263515][ T9992] CPU: 0 PID: 9992 Comm: syz.1.1658 Not tainted 6.10.0-rc6-syzkaller-01261-ge0ee68a8bef9 #0 [ 190.273660][ T9992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 190.283764][ T9992] Call Trace: [ 190.287080][ T9992] [ 190.290047][ T9992] dump_stack_lvl+0x241/0x360 [ 190.294867][ T9992] ? __pfx_dump_stack_lvl+0x10/0x10 [ 190.300117][ T9992] ? __pfx__printk+0x10/0x10 [ 190.304751][ T9992] ? ref_tracker_alloc+0x332/0x490 [ 190.309941][ T9992] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 190.312965][ T9998] FAULT_INJECTION: forcing a failure. [ 190.312965][ T9998] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 190.315538][ T9992] should_fail_ex+0x3b0/0x4e0 [ 190.315581][ T9992] ? skb_clone+0x20c/0x390 [ 190.338271][ T9992] should_failslab+0x9/0x20 [ 190.342812][ T9992] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 190.348232][ T9992] skb_clone+0x20c/0x390 [ 190.352692][ T9992] __netlink_deliver_tap+0x3cc/0x7c0 [ 190.358014][ T9992] ? netlink_deliver_tap+0x2e/0x1b0 [ 190.363258][ T9992] netlink_deliver_tap+0x19d/0x1b0 [ 190.368650][ T9992] netlink_sendskb+0x68/0x140 [ 190.373364][ T9992] netlink_unicast+0x39d/0x990 [ 190.378155][ T9992] ? __asan_memcpy+0x40/0x70 [ 190.382784][ T9992] ? __pfx_netlink_unicast+0x10/0x10 [ 190.388114][ T9992] netlink_rcv_skb+0x262/0x430 [ 190.392917][ T9992] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 190.398419][ T9992] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 190.403865][ T9992] ? netlink_deliver_tap+0x2e/0x1b0 [ 190.409119][ T9992] netlink_unicast+0x7f0/0x990 [ 190.413944][ T9992] ? __pfx_netlink_unicast+0x10/0x10 [ 190.419268][ T9992] ? __virt_addr_valid+0x183/0x520 [ 190.424418][ T9992] ? __check_object_size+0x49c/0x900 [ 190.429742][ T9992] ? bpf_lsm_netlink_send+0x9/0x10 [ 190.434890][ T9992] netlink_sendmsg+0x8e4/0xcb0 [ 190.439706][ T9992] ? __pfx_netlink_sendmsg+0x10/0x10 [ 190.445138][ T9992] ? __import_iovec+0x536/0x820 [ 190.450010][ T9992] ? aa_sock_msg_perm+0x91/0x160 [ 190.454974][ T9992] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 190.460287][ T9992] ? security_socket_sendmsg+0x87/0xb0 [ 190.465797][ T9992] ? __pfx_netlink_sendmsg+0x10/0x10 [ 190.471115][ T9992] __sock_sendmsg+0x221/0x270 [ 190.475851][ T9992] ____sys_sendmsg+0x525/0x7d0 [ 190.480681][ T9992] ? __pfx_____sys_sendmsg+0x10/0x10 [ 190.486811][ T9992] __sys_sendmsg+0x2b0/0x3a0 [ 190.491692][ T9992] ? __pfx___sys_sendmsg+0x10/0x10 [ 190.497037][ T9992] ? vfs_write+0x7c4/0xc90 [ 190.501512][ T9992] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 190.507857][ T9992] ? do_syscall_64+0x100/0x230 [ 190.512647][ T9992] ? do_syscall_64+0xb6/0x230 [ 190.517341][ T9992] do_syscall_64+0xf3/0x230 [ 190.521891][ T9992] ? clear_bhb_loop+0x35/0x90 [ 190.526583][ T9992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.532491][ T9992] RIP: 0033:0x7fb844b75bd9 [ 190.537134][ T9992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 190.557187][ T9992] RSP: 002b:00007fb845874048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 190.565615][ T9992] RAX: ffffffffffffffda RBX: 00007fb844d03f60 RCX: 00007fb844b75bd9 [ 190.573598][ T9992] RDX: 0000000000000000 RSI: 0000000020001200 RDI: 0000000000000003 [ 190.581583][ T9992] RBP: 00007fb8458740a0 R08: 0000000000000000 R09: 0000000000000000 [ 190.589661][ T9992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 190.597641][ T9992] R13: 000000000000000b R14: 00007fb844d03f60 R15: 00007ffe08d2faf8 [ 190.605664][ T9992] [ 190.618761][ T9998] CPU: 0 PID: 9998 Comm: syz.2.1662 Not tainted 6.10.0-rc6-syzkaller-01261-ge0ee68a8bef9 #0 [ 190.628570][ T9996] __nla_validate_parse: 2 callbacks suppressed [ 190.628593][ T9996] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1661'. [ 190.628955][ T9998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 190.654069][ T9998] Call Trace: [ 190.657384][ T9998] [ 190.660348][ T9998] dump_stack_lvl+0x241/0x360 [ 190.665102][ T9998] ? __pfx_dump_stack_lvl+0x10/0x10 [ 190.670365][ T9998] ? __pfx__printk+0x10/0x10 [ 190.674997][ T9998] ? validate_chain+0x11e/0x5900 [ 190.679978][ T9998] ? __pfx_lock_release+0x10/0x10 [ 190.685052][ T9998] should_fail_ex+0x3b0/0x4e0 [ 190.689789][ T9998] _copy_from_user+0x2f/0xe0 [ 190.694442][ T9998] do_tcp_getsockopt+0x20f/0x3570 [ 190.699518][ T9998] ? __lock_acquire+0x1346/0x1fd0 [ 190.704597][ T9998] ? __pfx_do_tcp_getsockopt+0x10/0x10 [ 190.710113][ T9998] ? aa_sock_opt_perm+0x20/0x120 [ 190.715306][ T9998] ? mark_lock+0x9a/0x350 [ 190.720374][ T9998] ? __pfx_validate_chain+0x10/0x10 [ 190.726064][ T9998] ? __lock_acquire+0x1346/0x1fd0 [ 190.731231][ T9998] ? aa_label_sk_perm+0x4f0/0x6d0 [ 190.736495][ T9998] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 190.741985][ T9998] ? get_pid_task+0x23/0x1f0 [ 190.746717][ T9998] ? __pfx___might_resched+0x10/0x10 [ 190.752059][ T9998] ? __lock_acquire+0x1346/0x1fd0 [ 190.757138][ T9998] ? aa_sk_perm+0x967/0xab0 [ 190.761694][ T9998] ? aa_sock_opt_perm+0x20/0x120 [ 190.766683][ T9998] tcp_getsockopt+0xfb/0x1c0 [ 190.771322][ T9998] ? aa_sock_opt_perm+0x20/0x120 [ 190.776410][ T9998] ? __pfx_tcp_getsockopt+0x10/0x10 [ 190.781691][ T9998] ? aa_sock_opt_perm+0x20/0x120 [ 190.786878][ T9998] ? sock_common_getsockopt+0x2e/0xb0 [ 190.792302][ T9998] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 190.798248][ T9998] do_sock_getsockopt+0x373/0x850 [ 190.803329][ T9998] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 190.808942][ T9998] ? __fget_files+0x3f6/0x470 [ 190.813668][ T9998] __sys_getsockopt+0x271/0x330 [ 190.818556][ T9998] ? __pfx___sys_getsockopt+0x10/0x10 [ 190.825013][ T9998] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 190.831482][ T9998] ? do_syscall_64+0x100/0x230 [ 190.836265][ T9998] __x64_sys_getsockopt+0xb5/0xd0 [ 190.841312][ T9998] do_syscall_64+0xf3/0x230 [ 190.845831][ T9998] ? clear_bhb_loop+0x35/0x90 [ 190.850526][ T9998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.856453][ T9998] RIP: 0033:0x7fc31b575bd9 [ 190.860881][ T9998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 190.880506][ T9998] RSP: 002b:00007fc31c3a2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 190.888940][ T9998] RAX: ffffffffffffffda RBX: 00007fc31b703f60 RCX: 00007fc31b575bd9 [ 190.896926][ T9998] RDX: 0000000000000002 RSI: 0000000000000006 RDI: 0000000000000003 [ 190.904995][ T9998] RBP: 00007fc31c3a20a0 R08: 0000000020000100 R09: 0000000000000000 [ 190.912985][ T9998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 190.921179][ T9998] R13: 000000000000000b R14: 00007fc31b703f60 R15: 00007ffeef3b1968 [ 190.929442][ T9998] [ 190.944204][ T5096] Bluetooth: hci5: command tx timeout [ 191.108106][T10006] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1666'. [ 191.282308][T10020] netlink: 'syz.0.1671': attribute type 1 has an invalid length. [ 191.296338][T10020] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1671'. [ 191.483229][T10031] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1675'. [ 191.506261][T10031] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1675'. [ 191.628670][ T9756] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 191.643506][ T9756] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 191.680358][ T9756] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 191.733606][ T9756] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 191.814860][T10050] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1683'. [ 192.045311][ T9756] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.157815][ T9756] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.208299][T10069] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1690'. [ 192.232520][ T5178] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.239775][ T5178] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.306599][ T5178] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.313913][ T5178] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.547245][T10088] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1696'. [ 192.871327][ T9756] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.972528][ T9756] veth0_vlan: entered promiscuous mode [ 192.979151][ T5096] Bluetooth: hci5: command tx timeout [ 193.002085][ T9756] veth1_vlan: entered promiscuous mode [ 193.061939][T10112] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1703'. [ 193.081467][ T9756] veth0_macvtap: entered promiscuous mode [ 193.111837][ T9756] veth1_macvtap: entered promiscuous mode [ 193.143268][T10115] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1703'. [ 193.203273][ T9756] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 193.245275][ T9756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.268545][ T9756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.289954][ T9756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.314460][ T9756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.331331][ T9756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.342862][ T9756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.356472][ T9756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 193.368661][ T9756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.381138][ T9756] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 193.394522][ T9756] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.407317][ T9756] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.417083][ T9756] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.426519][ T9756] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.717763][T10133] xt_limit: Overflow, try lower: 262144/524288 [ 193.728887][ T2448] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.743877][ T2448] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.756970][T10132] openvswitch: netlink: Key 0 has unexpected len 4 expected 0 [ 193.901625][ T2448] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.929078][ T2448] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 194.606956][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.616026][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.020051][T10178] netlink: 'syz.2.1725': attribute type 1 has an invalid length. [ 195.063174][T10182] smc: net device lo applied user defined pnetid SYZ2 [ 195.085368][T10182] smc: net device lo erased user defined pnetid SYZ2 [ 195.189727][T10190] netlink: 'syz.0.1730': attribute type 6 has an invalid length. [ 195.293338][T10192] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for erspan1 [ 195.622422][T10218] netlink: 'syz.4.1735': attribute type 1 has an invalid length. [ 195.645277][T10218] netlink: 'syz.4.1735': attribute type 1 has an invalid length. [ 195.665674][T10218] __nla_validate_parse: 7 callbacks suppressed [ 195.665697][T10218] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1735'. [ 196.146536][T10229] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 196.213957][T10238] netlink: 'syz.0.1743': attribute type 2 has an invalid length. [ 196.289630][T10240] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1744'. [ 196.483862][T10250] netlink: 'syz.0.1748': attribute type 1 has an invalid length. [ 196.518591][T10250] netlink: 'syz.0.1748': attribute type 1 has an invalid length. [ 196.552392][T10250] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1748'. [ 196.657866][T10260] (unnamed net_device) (uninitialized): option mode: invalid value (254) [ 196.672544][ T5100] Bluetooth: hci0: command 0x0c1a tx timeout [ 196.672554][ T53] Bluetooth: hci3: command 0x0406 tx timeout [ 196.770806][T10266] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1756'. [ 196.799810][T10267] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1754'. [ 196.867103][T10263] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1753'. [ 197.180854][T10289] netlink: 'syz.0.1764': attribute type 1 has an invalid length. [ 197.204127][T10289] netlink: 'syz.0.1764': attribute type 1 has an invalid length. [ 197.265282][T10289] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1764'. [ 197.660298][T10325] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 197.668768][T10325] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 198.080281][T10348] netlink: 'syz.2.1780': attribute type 1 has an invalid length. [ 198.112024][T10348] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1780'. [ 198.341304][T10364] FAULT_INJECTION: forcing a failure. [ 198.341304][T10364] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 198.391053][T10364] CPU: 0 PID: 10364 Comm: syz.1.1788 Not tainted 6.10.0-rc6-syzkaller-01261-ge0ee68a8bef9 #0 [ 198.401286][T10364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 198.411437][T10364] Call Trace: [ 198.414759][T10364] [ 198.417722][T10364] dump_stack_lvl+0x241/0x360 [ 198.422547][T10364] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.427794][T10364] ? __pfx__printk+0x10/0x10 [ 198.432433][T10364] ? __pfx_lock_release+0x10/0x10 [ 198.437499][T10364] ? vfs_write+0x7c4/0xc90 [ 198.442003][T10364] should_fail_ex+0x3b0/0x4e0 [ 198.446774][T10364] _copy_from_user+0x2f/0xe0 [ 198.451498][T10364] __sys_bpf+0x1a4/0x810 [ 198.455794][T10364] ? __pfx___sys_bpf+0x10/0x10 [ 198.460643][T10364] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 198.466672][T10364] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 198.473195][T10364] ? do_syscall_64+0x100/0x230 [ 198.478197][T10364] __x64_sys_bpf+0x7c/0x90 [ 198.482672][T10364] do_syscall_64+0xf3/0x230 [ 198.487222][T10364] ? clear_bhb_loop+0x35/0x90 [ 198.491960][T10364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.497981][T10364] RIP: 0033:0x7fb844b75bd9 [ 198.502433][T10364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.523085][T10364] RSP: 002b:00007fb845874048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 198.531556][T10364] RAX: ffffffffffffffda RBX: 00007fb844d03f60 RCX: 00007fb844b75bd9 [ 198.539579][T10364] RDX: 000000000000000c RSI: 0000000020000100 RDI: 0000000000000023 [ 198.547792][T10364] RBP: 00007fb8458740a0 R08: 0000000000000000 R09: 0000000000000000 [ 198.556597][T10364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 198.564612][T10364] R13: 000000000000000b R14: 00007fb844d03f60 R15: 00007ffe08d2faf8 [ 198.572643][T10364] [ 198.693148][T10377] IPv6: sit2: Disabled Multicast RS [ 198.943786][T10394] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1796'. [ 199.380911][T10416] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1808'. [ 199.428642][T10416] tipc: Invalid UDP bearer configuration [ 199.428714][T10416] tipc: Enabling of bearer rejected, failed to enable media [ 200.977036][T10489] validate_nla: 6 callbacks suppressed [ 200.977061][T10489] netlink: 'syz.2.1830': attribute type 1 has an invalid length. [ 201.000769][T10489] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 201.003891][T10488] netlink: 'syz.2.1830': attribute type 1 has an invalid length. [ 201.022306][T10488] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 201.521524][T10522] netlink: 'syz.0.1838': attribute type 3 has an invalid length. [ 201.657815][T10528] batman_adv: batadv0: adding TT local entry 4a:c8:93:75:00:00 to non-existent VLAN 2358 [ 201.866176][T10540] __nla_validate_parse: 4 callbacks suppressed [ 201.866202][T10540] netlink: 658 bytes leftover after parsing attributes in process `syz.1.1850'. [ 201.979314][T10545] netlink: 'syz.4.1852': attribute type 10 has an invalid length. [ 202.018723][T10545] netlink: 212412 bytes leftover after parsing attributes in process `syz.4.1852'. [ 202.039651][T10545] openvswitch: netlink: Flow key attr not present in new flow. [ 202.370982][T10564] netlink: 'syz.4.1856': attribute type 1 has an invalid length. [ 202.416209][T10565] hsr0: entered promiscuous mode [ 202.424616][T10564] netlink: 236 bytes leftover after parsing attributes in process `syz.4.1856'. [ 202.458627][T10564] NCSI netlink: No device for ifindex 458760 [ 202.724132][ T5096] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 202.735194][ T5096] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 202.744603][ T5096] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 202.753191][ T5096] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 202.765825][ T5096] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 202.778923][ T5096] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 202.875547][T10581] netlink: 'syz.0.1860': attribute type 11 has an invalid length. [ 202.920035][T10585] netlink: 5288 bytes leftover after parsing attributes in process `syz.3.1862'. [ 202.941205][T10585] openvswitch: netlink: IP tunnel dst address not specified [ 203.015045][T10589] netlink: 658 bytes leftover after parsing attributes in process `syz.4.1863'. [ 203.108366][T10592] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1864'. [ 203.171079][T10592] macvlan2: entered allmulticast mode [ 203.180322][T10592] mac80211_hwsim hwsim21 wlan0: entered promiscuous mode [ 203.187657][T10592] mac80211_hwsim hwsim21 wlan0: entered allmulticast mode [ 203.201054][T10592] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 203.284941][ T7433] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.318659][ T7433] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 53506 - 0 [ 203.333863][ T7433] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 40829 - 0 [ 203.480253][ T7433] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.509264][ T7433] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 53506 - 0 [ 203.516130][T10613] netlink: 'syz.0.1871': attribute type 8 has an invalid length. [ 203.541574][ T7433] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 40829 - 0 [ 203.554797][T10613] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1871'. [ 203.722373][ T7433] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.736836][ T7433] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 53506 - 0 [ 203.748991][ T7433] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 40829 - 0 [ 203.771987][T10625] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1875'. [ 203.882387][T10624] netlink: 658 bytes leftover after parsing attributes in process `syz.2.1876'. [ 203.940924][ T7433] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.967322][ T7433] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 53506 - 0 [ 203.992296][ T7433] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 40829 - 0 [ 204.034708][T10633] netlink: 'syz.2.1878': attribute type 3 has an invalid length. [ 204.241390][T10646] netlink: 'syz.2.1883': attribute type 9 has an invalid length. [ 204.275740][T10646] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.1883'. [ 204.511449][T10649] netlink: 'syz.2.1883': attribute type 9 has an invalid length. [ 204.578571][T10570] chnl_net:caif_netlink_parms(): no params data found [ 204.741026][ T7433] bridge_slave_1: left allmulticast mode [ 204.746748][ T7433] bridge_slave_1: left promiscuous mode [ 204.779778][ T7433] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.826156][ T5101] Bluetooth: hci2: command tx timeout [ 204.889922][ T7433] bridge_slave_0: left allmulticast mode [ 204.895638][ T7433] bridge_slave_0: left promiscuous mode [ 204.901965][T10677] netlink: 'syz.0.1892': attribute type 1 has an invalid length. [ 204.932475][ T7433] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.805400][ T7433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 205.819441][ T7433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 205.836657][ T7433] bond0 (unregistering): Released all slaves [ 206.127766][T10570] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.151849][T10570] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.185680][T10570] bridge_slave_0: entered allmulticast mode [ 206.195527][T10570] bridge_slave_0: entered promiscuous mode [ 206.216231][T10698] team0: entered promiscuous mode [ 206.226101][T10698] team_slave_0: entered promiscuous mode [ 206.249852][T10698] team_slave_1: entered promiscuous mode [ 206.255759][T10698] bridge5: entered promiscuous mode [ 206.968787][ T5096] Bluetooth: hci2: command tx timeout [ 207.268301][T10570] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.284910][T10570] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.307708][T10570] bridge_slave_1: entered allmulticast mode [ 207.321772][T10570] bridge_slave_1: entered promiscuous mode [ 207.366975][T10698] team0: left promiscuous mode [ 207.376887][T10698] team_slave_0: left promiscuous mode [ 207.384517][ C1] Dead loop on virtual device ipvlan1, fix it urgently! [ 207.416046][T10698] team_slave_1: left promiscuous mode [ 207.426199][T10698] bridge5: left promiscuous mode [ 207.646717][T10570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.910076][T10727] validate_nla: 1 callbacks suppressed [ 207.910100][T10727] netlink: 'syz.4.1906': attribute type 1 has an invalid length. [ 207.945972][T10729] netlink: 'syz.0.1907': attribute type 29 has an invalid length. [ 207.968879][T10727] netlink: 'syz.4.1906': attribute type 1 has an invalid length. [ 208.096078][T10570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.132831][T10729] netlink: 'syz.0.1907': attribute type 29 has an invalid length. [ 208.148912][T10727] __nla_validate_parse: 5 callbacks suppressed [ 208.148932][T10727] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1906'. [ 208.423177][T10731] netlink: 'syz.0.1907': attribute type 29 has an invalid length. [ 208.443197][T10733] netlink: 'syz.0.1907': attribute type 29 has an invalid length. [ 208.469470][T10737] x_tables: ip_tables: osf match: only valid for protocol 6 [ 208.640367][ T7433] hsr_slave_0: left promiscuous mode [ 208.681628][ T7433] hsr_slave_1: left promiscuous mode [ 208.722885][ T7433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 208.777302][ T7433] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 208.813976][ T7433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 208.950708][ T7433] veth1_macvtap: left promiscuous mode [ 208.978623][ T5096] Bluetooth: hci2: command tx timeout [ 208.988840][ T7433] veth0_macvtap: left promiscuous mode [ 209.013408][ T7433] veth1_vlan: left promiscuous mode [ 209.034171][ T7433] veth0_vlan: left promiscuous mode [ 209.695096][ T7433] team0 (unregistering): Port device team_slave_1 removed [ 209.745030][ T7433] team0 (unregistering): Port device team_slave_0 removed [ 209.772209][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88802de54800: rx timeout, send abort [ 210.253631][T10734] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1908'. [ 210.282049][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88802de54800: abort rx timeout. Force session deactivation [ 210.313668][T10570] team0: Port device team_slave_0 added [ 210.388037][T10750] netlink: 'syz.0.1914': attribute type 1 has an invalid length. [ 210.407204][T10570] team0: Port device team_slave_1 added [ 210.453998][T10750] netlink: 636 bytes leftover after parsing attributes in process `syz.0.1914'. [ 210.506756][T10756] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1916'. [ 210.564704][T10570] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 210.590913][T10570] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.658978][T10570] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 210.710638][T10766] netlink: 'syz.3.1918': attribute type 1 has an invalid length. [ 210.726628][T10766] netlink: 'syz.3.1918': attribute type 1 has an invalid length. [ 210.749559][T10570] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 210.756569][T10570] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.793745][T10570] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 210.813888][T10766] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1918'. [ 211.010217][T10570] hsr_slave_0: entered promiscuous mode [ 211.017408][T10570] hsr_slave_1: entered promiscuous mode [ 211.059217][ T5096] Bluetooth: hci2: command tx timeout [ 211.526979][T10782] x_tables: ip_tables: osf match: only valid for protocol 6 [ 211.707828][T10788] netlink: 'syz.0.1926': attribute type 4 has an invalid length. [ 212.041391][T10796] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1929'. [ 212.250827][T10570] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 212.305191][T10570] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 212.373316][T10570] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 212.445614][T10570] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 212.646764][T10820] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1937'. [ 212.790385][T10824] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1939'. [ 212.890844][T10829] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1941'. [ 212.953581][T10829] validate_nla: 3 callbacks suppressed [ 212.953603][T10829] netlink: 'syz.4.1941': attribute type 29 has an invalid length. [ 212.969501][T10829] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1941'. [ 213.012930][T10570] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.087258][T10570] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.161267][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.168520][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.202629][ T5149] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.209884][ T5149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.423595][T10854] __nla_validate_parse: 2 callbacks suppressed [ 213.423617][T10854] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1951'. [ 213.470495][T10856] netlink: 'syz.2.1952': attribute type 1 has an invalid length. [ 213.506080][T10856] netlink: 'syz.2.1952': attribute type 1 has an invalid length. [ 213.541749][T10856] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1952'. [ 213.686526][T10866] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1956'. [ 213.709876][T10866] 0ªX¹¦À: renamed from caif0 [ 213.732298][T10866] 0ªX¹¦À: entered allmulticast mode [ 213.738930][T10868] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1957'. [ 213.755873][T10866] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 213.787428][T10868] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1957'. [ 213.869238][T10570] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.986681][T10874] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1959'. [ 214.010068][T10570] veth0_vlan: entered promiscuous mode [ 214.037634][T10570] veth1_vlan: entered promiscuous mode [ 214.141533][T10882] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1962'. [ 214.177869][T10570] veth0_macvtap: entered promiscuous mode [ 214.196663][T10882] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1962'. [ 214.264690][T10570] veth1_macvtap: entered promiscuous mode [ 214.329477][T10891] netlink: 'syz.0.1965': attribute type 1 has an invalid length. [ 214.336612][T10570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 214.337751][T10891] netlink: 'syz.0.1965': attribute type 1 has an invalid length. [ 214.378745][T10570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.412738][T10570] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 214.435105][T10891] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1965'. [ 214.494814][T10570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 214.516180][T10570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.535249][T10570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 214.546545][T10570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.557322][T10570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 214.575145][T10570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.587087][T10570] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 214.600200][T10570] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.623529][T10570] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 214.635734][T10899] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 214.676766][T10570] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.700485][T10570] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.723748][T10570] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.739667][T10570] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.964011][ T7435] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 214.995035][ T7435] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.111389][ T7435] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.145051][ T7435] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.237317][T10924] netlink: 'syz.0.1980': attribute type 1 has an invalid length. [ 215.258546][T10924] netlink: 'syz.0.1980': attribute type 1 has an invalid length. [ 215.284316][T10924] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1980'. [ 215.518966][T10934] team0: entered promiscuous mode [ 215.524638][T10934] team_slave_0: entered promiscuous mode [ 215.559816][T10934] team_slave_1: entered promiscuous mode [ 215.565968][T10934] bridge5: entered promiscuous mode [ 215.629082][T10932] team0: left promiscuous mode [ 215.639631][T10932] team_slave_0: left promiscuous mode [ 215.645294][T10932] team_slave_1: left promiscuous mode [ 215.678948][T10932] bridge5: left promiscuous mode [ 215.847194][T10949] IPv6: sit3: Disabled Multicast RS [ 216.058822][T10963] netlink: 'syz.0.1995': attribute type 1 has an invalid length. [ 216.181713][T10971] bond4: (slave vlan2): Opening slave failed [ 216.212904][T10974] smc: net device lo applied user defined pnetid SYZ2 [ 216.252867][T10974] smc: net device lo erased user defined pnetid SYZ2 [ 216.546597][T10995] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 216.595043][T10993] netlink: 'syz.1.2006': attribute type 10 has an invalid length. [ 216.750234][T11001] macvlan2: entered promiscuous mode [ 216.764706][T11001] macvlan2: entered allmulticast mode [ 216.796249][T11005] openvswitch: netlink: Key 0 has unexpected len 2 expected 0 [ 217.020814][T11021] ipvlan2: entered promiscuous mode [ 217.049746][T11021] ipvlan2: entered allmulticast mode [ 217.055144][T11021] ip6gretap0: entered allmulticast mode [ 217.466410][T11044] netlink: 'syz.2.2022': attribute type 1 has an invalid length. [ 217.524998][T11044] bond2: (slave vlan3): Opening slave failed [ 217.610714][T11048] team0: Port device netdevsim0 added [ 217.720362][T11052] team0: Port device netdevsim0 removed [ 217.761563][T11052] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 217.869899][T11069] tipc: Enabling of bearer rejected, failed to enable media [ 218.093465][T11079] IPv6: NLM_F_REPLACE set, but no existing node found! [ 218.144368][ T5178] IPVS: starting estimator thread 0... [ 218.150967][T11079] IPVS: rr: TCP 172.20.20.170:0 - no destination available [ 218.260619][T11085] IPVS: using max 18 ests per chain, 43200 per kthread [ 218.383687][T11095] netdevsim netdevsim4 : renamed from netdevsim0 (while UP) [ 218.999027][T11135] __nla_validate_parse: 15 callbacks suppressed [ 218.999061][T11135] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2052'. [ 219.016744][T11136] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2050'. [ 219.204413][T11127] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2050'. [ 219.912000][T11167] hsr0: entered promiscuous mode [ 220.167761][T11189] netlink: 277 bytes leftover after parsing attributes in process `syz.1.2072'. [ 220.177071][T11191] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2073'. [ 220.375146][T11198] validate_nla: 2 callbacks suppressed [ 220.375169][T11198] netlink: 'syz.2.2076': attribute type 1 has an invalid length. [ 220.481549][T11206] bond3: (slave vlan3): Opening slave failed [ 220.530785][T11211] netlink: 5288 bytes leftover after parsing attributes in process `syz.4.2081'. [ 220.557593][T11211] openvswitch: netlink: IP tunnel dst address not specified [ 220.967242][T11233] netlink: 105120 bytes leftover after parsing attributes in process `syz.3.2088'. [ 220.988272][T11236] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2089'. [ 221.008341][T11236] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2089'. [ 221.722151][T11277] netlink: 'syz.2.2102': attribute type 4 has an invalid length. [ 222.175481][T11298] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2109'. [ 222.759302][T11317] netlink: 'syz.2.2116': attribute type 17 has an invalid length. [ 222.786635][T11317] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 223.161578][T11333] IPVS: Scheduler module ip_vs_sip not found [ 223.466578][T11363] netlink: 'syz.2.2131': attribute type 1 has an invalid length. [ 223.517876][T11363] bond4: entered promiscuous mode [ 223.584121][T11363] ip6gretap1: entered promiscuous mode [ 223.591596][T11363] ip6gretap1: entered allmulticast mode [ 223.604459][T11363] bond4: (slave ip6gretap1): making interface the new active one [ 223.614620][T11363] bond4: (slave ip6gretap1): Enslaving as an active interface with an up link [ 223.717411][T11375] do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 224.119383][T11400] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 224.231877][T11406] netlink: 'syz.0.2138': attribute type 29 has an invalid length. [ 224.262329][T11406] netlink: 'syz.0.2138': attribute type 29 has an invalid length. [ 224.273145][T11406] netlink: 'syz.0.2138': attribute type 29 has an invalid length. [ 224.282061][T11406] netlink: 'syz.0.2138': attribute type 29 has an invalid length. [ 224.385137][T11415] bridge0: port 4(geneve1) entered blocking state [ 224.401681][T11415] bridge0: port 4(geneve1) entered disabled state [ 224.413168][T11415] geneve1: entered allmulticast mode [ 224.464680][T11415] geneve1: entered promiscuous mode [ 224.489384][T11415] bridge0: port 4(geneve1) entered blocking state [ 224.496091][T11415] bridge0: port 4(geneve1) entered forwarding state [ 224.848771][T11437] netlink: 'syz.2.2143': attribute type 1 has an invalid length. [ 224.937650][T11437] bond5: entered promiscuous mode [ 225.018351][T11445] team_slave_0: entered allmulticast mode [ 225.086365][T11437] ip6gretap2: entered promiscuous mode [ 225.109686][T11437] ip6gretap2: entered allmulticast mode [ 225.126703][T11437] bond5: (slave ip6gretap2): making interface the new active one [ 225.145319][T11437] bond5: (slave ip6gretap2): Enslaving as an active interface with an up link [ 225.155826][T11457] __nla_validate_parse: 1 callbacks suppressed [ 225.155846][T11457] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2148'. [ 225.200186][T11457] macvlan4: entered promiscuous mode [ 225.205828][T11457] macvlan4: entered allmulticast mode [ 225.242381][T11460] team_slave_0: entered promiscuous mode [ 225.248817][T11460] team_slave_1: entered promiscuous mode [ 225.285831][T11460] macvtap1: entered promiscuous mode [ 225.298536][T11460] team0: entered promiscuous mode [ 225.302176][ C1] Dead loop on virtual device ipvlan1, fix it urgently! [ 225.306953][T11460] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 225.331856][T11466] netlink: 'syz.2.2151': attribute type 2 has an invalid length. [ 225.357130][T11466] netlink: 244 bytes leftover after parsing attributes in process `syz.2.2151'. [ 225.563887][T11476] batadv_slave_0: left promiscuous mode [ 225.570887][T11478] netlink: 'syz.0.2156': attribute type 9 has an invalid length. [ 225.594373][T11476] batadv_slave_0: left allmulticast mode [ 225.600450][T11478] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2156'. [ 225.951728][T11502] sch_tbf: peakrate 114 is lower than or equals to rate 4294967294 ! [ 226.965953][T11544] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2180'. [ 227.186974][T11544] team0: Port device bridge1 added [ 227.212541][T11552] tipc: New replicast peer: 100.1.1.1 [ 227.239152][T11552] tipc: Enabled bearer , priority 10 [ 227.357770][T11558] netlink: 760 bytes leftover after parsing attributes in process `syz.4.2187'. [ 227.379998][ T5096] Bluetooth: hci4: command 0x0406 tx timeout [ 227.393058][T11558] netlink: 760 bytes leftover after parsing attributes in process `syz.4.2187'. [ 227.677405][T11573] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2192'. [ 227.712809][T11575] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2191'. [ 227.745605][T11575] ipip0: entered promiscuous mode [ 227.951617][T11582] smc: net device lo applied user defined pnetid SYZ2 [ 227.969336][T11582] smc: net device lo erased user defined pnetid SYZ2 [ 228.136297][T11590] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 228.349899][T11593] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 228.360609][ T5204] tipc: Node number set to 521215077 [ 228.369641][T11600] netlink: 'syz.4.2204': attribute type 21 has an invalid length. [ 228.419245][T11593] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 228.525757][T11593] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 228.572064][T11593] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 229.221526][T11635] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2220'. [ 229.729664][T11662] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2232'. [ 229.924647][T11674] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 230.104358][T11682] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 230.128265][ T5146] wlan1: No basic rates, using min rate instead [ 230.150105][T11674] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 230.150394][ T5146] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 230.182849][ T5146] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 230.260378][T11682] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 230.283866][T11682] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 230.303850][ T5646] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 230.413576][T11697] __nla_validate_parse: 1 callbacks suppressed [ 230.413601][T11697] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2247'. [ 230.436710][ T5646] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 230.558636][ T746] wlan1: authentication with 08:02:11:00:00:00 timed out [ 231.118234][T11727] netlink: 'syz.3.2259': attribute type 11 has an invalid length. [ 231.147178][T11727] netlink: 'syz.3.2259': attribute type 11 has an invalid length. [ 231.167549][T11727] debugfs: Directory 'netdev:' with parent 'phy22' already present! [ 231.779807][T11753] syzkaller0: entered promiscuous mode [ 231.785453][T11753] syzkaller0: entered allmulticast mode [ 233.774187][T11768] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2279'. [ 233.956660][T11794] netlink: 'syz.4.2288': attribute type 6 has an invalid length. [ 234.003693][T11801] netlink: 'syz.2.2291': attribute type 1 has an invalid length. [ 234.007178][T11800] IPVS: rr: TCP 172.20.20.170:0 - no destination available [ 234.120685][T11802] bond6: (slave gre1): The slave device specified does not support setting the MAC address [ 234.139629][T11802] bond6: (slave gre1): Setting fail_over_mac to active for active-backup mode [ 234.170265][T11802] bond6: (slave gre1): making interface the new active one [ 234.187215][T11802] bond6: (slave gre1): Enslaving as an active interface with an up link [ 234.514183][T11832] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2302'. [ 235.912940][T11919] Bluetooth: hci3: invalid length 0, exp 2 for type 4 [ 235.991215][T11923] : renamed from bridge_slave_0 (while UP) [ 236.180900][ T35] ================================================================== [ 236.189025][ T35] BUG: KASAN: slab-use-after-free in l2tp_session_delete+0x28/0x9e0 [ 236.197130][ T35] Write of size 8 at addr ffff88804952a808 by task kworker/u8:2/35 [ 236.205228][ T35] [ 236.207668][ T35] CPU: 1 PID: 35 Comm: kworker/u8:2 Not tainted 6.10.0-rc6-syzkaller-01261-ge0ee68a8bef9 #0 [ 236.218072][ T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 236.228159][ T35] Workqueue: l2tp l2tp_tunnel_del_work [ 236.234007][ T35] Call Trace: [ 236.237296][ T35] [ 236.240243][ T35] dump_stack_lvl+0x241/0x360 [ 236.244956][ T35] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.250197][ T35] ? __pfx__printk+0x10/0x10 [ 236.254971][ T35] ? _printk+0xd5/0x120 [ 236.259224][ T35] ? __virt_addr_valid+0x183/0x520 [ 236.264349][ T35] ? __virt_addr_valid+0x183/0x520 [ 236.269479][ T35] print_report+0x169/0x550 [ 236.274009][ T35] ? __virt_addr_valid+0x183/0x520 [ 236.279165][ T35] ? __virt_addr_valid+0x183/0x520 [ 236.284311][ T35] ? __virt_addr_valid+0x44e/0x520 [ 236.289445][ T35] ? __phys_addr+0xba/0x170 [ 236.293967][ T35] ? l2tp_session_delete+0x28/0x9e0 [ 236.299193][ T35] kasan_report+0x143/0x180 [ 236.304240][ T35] ? l2tp_session_delete+0x28/0x9e0 [ 236.309498][ T35] kasan_check_range+0x282/0x290 [ 236.314457][ T35] l2tp_session_delete+0x28/0x9e0 [ 236.319496][ T35] ? l2tp_tunnel_del_work+0x1d3/0x330 [ 236.325010][ T35] l2tp_tunnel_del_work+0x1cb/0x330 [ 236.330779][ T35] ? process_scheduled_works+0x945/0x1830 [ 236.337048][ T35] process_scheduled_works+0xa2c/0x1830 [ 236.342619][ T35] ? __pfx_process_scheduled_works+0x10/0x10 [ 236.348624][ T35] ? assign_work+0x364/0x3d0 [ 236.353220][ T35] worker_thread+0x86d/0xd50 [ 236.357910][ T35] ? __kthread_parkme+0x169/0x1d0 [ 236.363479][ T35] ? __pfx_worker_thread+0x10/0x10 [ 236.368599][ T35] kthread+0x2f0/0x390 [ 236.372717][ T35] ? __pfx_worker_thread+0x10/0x10 [ 236.377851][ T35] ? __pfx_kthread+0x10/0x10 [ 236.382480][ T35] ret_from_fork+0x4b/0x80 [ 236.386932][ T35] ? __pfx_kthread+0x10/0x10 [ 236.391555][ T35] ret_from_fork_asm+0x1a/0x30 [ 236.396344][ T35] [ 236.399369][ T35] [ 236.401691][ T35] Allocated by task 11927: [ 236.406296][ T35] kasan_save_track+0x3f/0x80 [ 236.411165][ T35] __kasan_kmalloc+0x98/0xb0 [ 236.415852][ T35] __kmalloc_noprof+0x1f9/0x400 [ 236.420846][ T35] l2tp_session_create+0x3b/0xc20 [ 236.426009][ T35] pppol2tp_connect+0xca3/0x17a0 [ 236.430969][ T35] __sys_connect+0x2df/0x310 [ 236.435579][ T35] __x64_sys_connect+0x7a/0x90 [ 236.440441][ T35] do_syscall_64+0xf3/0x230 [ 236.444953][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.450864][ T35] [ 236.453189][ T35] Freed by task 16: [ 236.456993][ T35] kasan_save_track+0x3f/0x80 [ 236.461682][ T35] kasan_save_free_info+0x40/0x50 [ 236.466728][ T35] poison_slab_object+0xe0/0x150 [ 236.471710][ T35] __kasan_slab_free+0x37/0x60 [ 236.476485][ T35] kfree+0x149/0x360 [ 236.480433][ T35] __sk_destruct+0x58/0x5f0 [ 236.484949][ T35] rcu_core+0xafd/0x1830 [ 236.489305][ T35] handle_softirqs+0x2c4/0x970 [ 236.494084][ T35] run_ksoftirqd+0xca/0x130 [ 236.498603][ T35] smpboot_thread_fn+0x544/0xa30 [ 236.503652][ T35] kthread+0x2f0/0x390 [ 236.507817][ T35] ret_from_fork+0x4b/0x80 [ 236.512799][ T35] ret_from_fork_asm+0x1a/0x30 [ 236.519155][ T35] [ 236.521497][ T35] Last potentially related work creation: [ 236.527212][ T35] kasan_save_stack+0x3f/0x60 [ 236.531951][ T35] __kasan_record_aux_stack+0xac/0xc0 [ 236.537898][ T35] call_rcu+0x167/0xa70 [ 236.542081][ T35] pppol2tp_release+0x24b/0x350 [ 236.546946][ T35] sock_close+0xbc/0x240 [ 236.551191][ T35] __fput+0x24a/0x8a0 [ 236.555174][ T35] task_work_run+0x24f/0x310 [ 236.559787][ T35] syscall_exit_to_user_mode+0x168/0x360 [ 236.565438][ T35] do_syscall_64+0x100/0x230 [ 236.570033][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.575931][ T35] [ 236.578261][ T35] The buggy address belongs to the object at ffff88804952a800 [ 236.578261][ T35] which belongs to the cache kmalloc-1k of size 1024 [ 236.592327][ T35] The buggy address is located 8 bytes inside of [ 236.592327][ T35] freed 1024-byte region [ffff88804952a800, ffff88804952ac00) [ 236.606594][ T35] [ 236.608924][ T35] The buggy address belongs to the physical page: [ 236.615366][ T35] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x49528 [ 236.626071][ T35] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 236.634788][ T35] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 236.642367][ T35] page_type: 0xffffefff(slab) [ 236.647072][ T35] raw: 00fff00000000040 ffff888015041dc0 dead000000000100 dead000000000122 [ 236.655755][ T35] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 236.664356][ T35] head: 00fff00000000040 ffff888015041dc0 dead000000000100 dead000000000122 [ 236.673039][ T35] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 236.681732][ T35] head: 00fff00000000003 ffffea0001254a01 ffffffffffffffff 0000000000000000 [ 236.690422][ T35] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 236.699272][ T35] page dumped because: kasan: bad access detected [ 236.705942][ T35] page_owner tracks the page as allocated [ 236.711691][ T35] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4945, tgid 4945 (sh), ts 57663229081, free_ts 57653121035 [ 236.733901][ T35] post_alloc_hook+0x1f3/0x230 [ 236.738703][ T35] get_page_from_freelist+0x2e4c/0x2f10 [ 236.744293][ T35] __alloc_pages_noprof+0x256/0x6c0 [ 236.749609][ T35] alloc_slab_page+0x5f/0x120 [ 236.754297][ T35] allocate_slab+0x5a/0x2f0 [ 236.758808][ T35] ___slab_alloc+0xcd1/0x14b0 [ 236.763506][ T35] __slab_alloc+0x58/0xa0 [ 236.767844][ T35] __kmalloc_noprof+0x257/0x400 [ 236.772881][ T35] tomoyo_init_log+0x1b3e/0x2050 [ 236.777838][ T35] tomoyo_supervisor+0x38a/0x11f0 [ 236.782873][ T35] tomoyo_env_perm+0x178/0x210 [ 236.787746][ T35] tomoyo_find_next_domain+0x1384/0x1cf0 [ 236.793409][ T35] tomoyo_bprm_check_security+0x115/0x180 [ 236.799227][ T35] security_bprm_check+0x65/0x90 [ 236.804294][ T35] bprm_execve+0xa56/0x17c0 [ 236.808819][ T35] do_execveat_common+0x553/0x700 [ 236.813855][ T35] page last free pid 4945 tgid 4945 stack trace: [ 236.820879][ T35] free_unref_page+0xd22/0xea0 [ 236.827362][ T35] __put_partials+0xeb/0x130 [ 236.833008][ T35] put_cpu_partial+0x17c/0x250 [ 236.837966][ T35] __slab_free+0x2ea/0x3d0 [ 236.843198][ T35] qlist_free_all+0x9e/0x140 [ 236.847903][ T35] kasan_quarantine_reduce+0x14f/0x170 [ 236.853372][ T35] __kasan_slab_alloc+0x23/0x80 [ 236.858234][ T35] __kmalloc_node_noprof+0x1d2/0x440 [ 236.863541][ T35] kvmalloc_node_noprof+0x72/0x190 [ 236.868658][ T35] seq_read_iter+0x202/0xd60 [ 236.873268][ T35] proc_reg_read_iter+0x1c3/0x290 [ 236.878309][ T35] vfs_read+0x9bd/0xbc0 [ 236.882477][ T35] ksys_read+0x1a0/0x2c0 [ 236.886732][ T35] do_syscall_64+0xf3/0x230 [ 236.891252][ T35] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.897166][ T35] [ 236.899495][ T35] Memory state around the buggy address: [ 236.905156][ T35] ffff88804952a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 236.913251][ T35] ffff88804952a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 236.923016][ T35] >ffff88804952a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 236.932272][ T35] ^ [ 236.936628][ T35] ffff88804952a880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 236.944993][ T35] ffff88804952a900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 236.953154][ T35] ================================================================== [ 237.032947][ T35] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 237.040379][ T35] CPU: 1 PID: 35 Comm: kworker/u8:2 Not tainted 6.10.0-rc6-syzkaller-01261-ge0ee68a8bef9 #0 [ 237.051005][ T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 237.061187][ T35] Workqueue: l2tp l2tp_tunnel_del_work [ 237.066697][ T35] Call Trace: [ 237.070008][ T35] [ 237.072954][ T35] dump_stack_lvl+0x241/0x360 [ 237.077653][ T35] ? __pfx_dump_stack_lvl+0x10/0x10 [ 237.082856][ T35] ? __pfx__printk+0x10/0x10 [ 237.087461][ T35] ? preempt_schedule+0xe1/0xf0 [ 237.092343][ T35] ? vscnprintf+0x5d/0x90 [ 237.096716][ T35] panic+0x349/0x860 [ 237.100744][ T35] ? check_panic_on_warn+0x21/0xb0 [ 237.105884][ T35] ? __pfx_panic+0x10/0x10 [ 237.110317][ T35] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 237.116484][ T35] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 237.122943][ T35] ? print_report+0x502/0x550 [ 237.127652][ T35] check_panic_on_warn+0x86/0xb0 [ 237.132620][ T35] ? l2tp_session_delete+0x28/0x9e0 [ 237.137925][ T35] end_report+0x77/0x160 [ 237.142452][ T35] kasan_report+0x154/0x180 [ 237.146985][ T35] ? l2tp_session_delete+0x28/0x9e0 [ 237.152205][ T35] kasan_check_range+0x282/0x290 [ 237.157242][ T35] l2tp_session_delete+0x28/0x9e0 [ 237.162451][ T35] ? l2tp_tunnel_del_work+0x1d3/0x330 [ 237.168263][ T35] l2tp_tunnel_del_work+0x1cb/0x330 [ 237.173473][ T35] ? process_scheduled_works+0x945/0x1830 [ 237.179201][ T35] process_scheduled_works+0xa2c/0x1830 [ 237.184767][ T35] ? __pfx_process_scheduled_works+0x10/0x10 [ 237.190771][ T35] ? assign_work+0x364/0x3d0 [ 237.195401][ T35] worker_thread+0x86d/0xd50 [ 237.200047][ T35] ? __kthread_parkme+0x169/0x1d0 [ 237.205178][ T35] ? __pfx_worker_thread+0x10/0x10 [ 237.210294][ T35] kthread+0x2f0/0x390 [ 237.214399][ T35] ? __pfx_worker_thread+0x10/0x10 [ 237.222663][ T35] ? __pfx_kthread+0x10/0x10 [ 237.227298][ T35] ret_from_fork+0x4b/0x80 [ 237.231730][ T35] ? __pfx_kthread+0x10/0x10 [ 237.236339][ T35] ret_from_fork_asm+0x1a/0x30 [ 237.241181][ T35] [ 237.244540][ T35] Kernel Offset: disabled [ 237.248964][ T35] Rebooting in 86400 seconds..