last executing test programs: 11.782346753s ago: executing program 3 (id=2186): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff2300000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010406000015000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b523b85a187b0c65752a3ad50000007ddd0000cb4500639100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4aaab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611489607a2252c03f90eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa0000000000000033407700009f4d00008b798b4f7458d1863cc67c4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e2b42bcae95239ef5ca2a730a00c87c493dbfa60e63fda97a29682881eb8c9cfa72b08eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d817b324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca681b8574d35570477e2b3a52a0fdecb2717e21f8f187b1866108b6e8c71e26032176066599783568628f0309c3afa716d3706f1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca78a0000000000000010c6560896042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa74000000000010d9c418284324e0b26756e0f3cef66d27b218fb34709275ff40979a05b2978f71e4cf0e69d8bf370bbee602dcf3f0bdd7c375f8a6f92b0c0ad5b61526e5ea9e968fcaeb17127e491f19709978d3899640860307b569d885c77466da123bde42add210247eee66c8210534aa89a3ccd37f9e5a6ca9973a7acd2bd444e355dada4a646bd730f8b9273666186ace5228adcf26a7653f61bb8bdb51c245e604"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x14) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x1f2f, 0xf, 0x3ce, &(0x7f00000007c0)="9f44948721919512684003a40800", 0x0, 0xa6, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x23) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$inet6_mreq(0xffffffffffffffff, 0x10d, 0x0, 0x0, 0x0) (async) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000007c0)={&(0x7f00000006c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x7, [@datasec={0x3, 0x0, 0x0, 0xf, 0x1, [], "81"}, @datasec={0x0, 0x0, 0x0, 0xf, 0x3, [], "032a08"}]}, {0x0, [0x0, 0x0, 0x61, 0x5f, 0x2e]}}, &(0x7f0000000780)=""/5, 0x3b, 0x5, 0x1}, 0x20) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x6, [@var={0x4, 0x0, 0x0, 0xe, 0x4}, @func_proto={0x0, 0x0, 0x0, 0xd, 0x4}, @typedef={0x0, 0x0, 0x0, 0x10, 0x4}, @volatile={0x0, 0x0, 0x0, 0x4}]}, {0x0, [0x0, 0x0, 0x0, 0x2e]}}, 0x0, 0x52}, 0x20) socket(0x23, 0x5, 0x0) epoll_create1(0x0) (async) socket$inet6_sctp(0xa, 0x801, 0x84) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='afs_make_fs_call\x00'}, 0x10) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000004c0), 0xffffffffffffffff) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MESH(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)={0x1c, r4, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}]}, 0x1c}}, 0x0) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_ADDR(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)={0x20, r7, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6}]}]}, 0x20}}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) (async) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='0\x00\x00@', @ANYRES16=r9, @ANYBLOB="010000000000000000001a0000001c000d80040000801400008008000500feffffff0800030000000000"], 0x30}}, 0x0) (async) r10 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r10, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001a00010000000000000000000a800000", @ANYRES32=0x0, @ANYBLOB="00000000140001"], 0x30}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f6873720000000050000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000001c000380180003801400018076657468305f746f5f68737200000000080007"], 0xf0}}, 0x0) 11.617451179s ago: executing program 3 (id=2190): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0xa4, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASK={0x3c, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x4}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @empty}}}]}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASTER={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @rand_addr=0xc00}}}]}]}, 0xa4}}, 0x0) 11.461963085s ago: executing program 3 (id=2193): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01030000000000000048080000001400018008000500000000ed050001"], 0x28}}, 0x0) 11.378466468s ago: executing program 3 (id=2196): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x30, 0x1411, 0x801, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0xfe20}, @RDMA_NLDEV_ATTR_DEV_INDEX, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID, @RDMA_NLDEV_ATTR_RES_MRN, @RDMA_NLDEV_ATTR_STAT_MODE={0x0, 0x4a, 0xf0ff}, @RDMA_NLDEV_ATTR_STAT_RES, @RDMA_NLDEV_ATTR_RES_MRN, @RDMA_NLDEV_ATTR_PORT_INDEX, @RDMA_NLDEV_ATTR_DEV_INDEX]}, 0x30}}, 0x0) 11.212029751s ago: executing program 3 (id=2197): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40841, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00001b1de4356c052e79aaaaaaaaaaaa88a800008100000086dd6017785c00182f0000002100000000000000000000000000fe80000000000000000000000000000e800086dd"], 0xfdef) 11.013972831s ago: executing program 3 (id=2201): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@ipv4_newaddr={0x20, 0x14, 0x1, 0x0, 0x0, {}, [@IFA_LOCAL={0x8, 0x2, @dev}]}, 0x20}}, 0x8847) 1.97609296s ago: executing program 0 (id=2301): syz_init_net_socket$ax25(0x3, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000029c0)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x6, 0x4, 0x40, 0x5, 0x0, 0xffffffffffffffff, 0x1000}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, r0, 0x0, 0xa0028000}, 0x38) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'macvlan0\x00'}) r1 = socket(0x9, 0x803, 0xfffffffc) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000080000000007500000008000300", @ANYRES32=r4, @ANYBLOB="0a000600ffffffffffff0000060066008e8800002200330008030000080211000001080211000000ffffffffff"], 0x58}}, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) socket$l2tp(0x2, 0x2, 0x73) socket$inet6_sctp(0xa, 0x5, 0x84) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f0000000140)={0x20}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x275a, 0x0) write$cgroup_int(r6, &(0x7f0000000380), 0x101bf) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r6, 0x660c) ioctl$EXT4_IOC_MOVE_EXT(r6, 0xc028660f, &(0x7f00000000c0)={0x0, r5}) ioctl$EXT4_IOC_MOVE_EXT(r5, 0xc028660f, &(0x7f0000000080)={0x0, r6}) ioctl$EXT4_IOC_MOVE_EXT(r6, 0xc028660f, &(0x7f0000000000)={0x2880008, r5}) 1.62190479s ago: executing program 0 (id=2304): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="05a300000000000000000d00000008000300", @ANYRES32=r2], 0x1c}}, 0x700) 1.595739999s ago: executing program 2 (id=2306): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYRESDEC], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='mmap_lock_acquire_returned\x00', r0}, 0x10) getsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, &(0x7f00000001c0)=0x4, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000140), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000080), 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000003e00f8a2ccd570d89b5d1700027c000000000000"], 0x24}}, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, &(0x7f0000000200), &(0x7f0000000000)='syzkaller\x00', 0x3ff, 0x39, &(0x7f0000000040)=""/57, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x9, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000000c0)=[0x1, 0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f0000000140)=[{0x1, 0x5, 0xb, 0x4}, {0x4, 0x5, 0x7, 0x5}], 0x10, 0xb}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d, 0x0, 0x0, 0x2, 0x9}, 0x50) 1.465743433s ago: executing program 0 (id=2309): r0 = socket$xdp(0x2c, 0x3, 0x0) mmap$xdp(&(0x7f0000fef000/0xe000)=nil, 0xe000, 0x0, 0x10, r0, 0x80000000) 1.465444839s ago: executing program 2 (id=2310): openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="62a0", @ANYRESDEC], 0x10) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000001fc0)='blkio.bfq.io_service_time\x00', 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001a00)={{}, 0x0, &(0x7f00000019c0)}, 0x20) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xffff8000}, {}, {0x7, 0x0, 0xb, 0x9}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001c00)={0xffffffffffffffff, 0x58, &(0x7f0000001b80)}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)="a0ec9117cfe49f05000000a6911d92109feb68d514638e8de555887ac5e5", &(0x7f0000000240), 0xc30, r2}, 0x38) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000000c0)=[0x0], &(0x7f0000000140)=[0x0], 0x0, 0x8, &(0x7f0000000200)=[{}, {}, {}], 0x18, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001340)={0xffffffffffffffff, 0xe0, &(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000004c0), 0x4) r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000500)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x3}, 0x48) r6 = socket$inet6(0xa, 0x3, 0x3c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x0, 0x3, 0x0, 0x0}, 0x90) setsockopt$inet6_IPV6_RTHDR(r6, 0x29, 0x39, &(0x7f0000000f00)={0x0, 0x2, 0x2, 0x1, 0x0, [@mcast2]}, 0x18) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r6, 0x29, 0x3b, &(0x7f0000000300)=ANY=[@ANYBLOB="0017"], 0xc0) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0x5dc}], 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x10, 0x13, &(0x7f0000000000)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xbf12, 0x0, 0x0, 0x0, 0x944}, {}, {}, [@exit, @map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x20002000}, @call={0x85, 0x0, 0x0, 0x48}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000240)='GPL\x00', 0x2, 0xd9, &(0x7f0000000280)=""/217, 0x40f00, 0x20, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x0, 0x0, 0x4da, 0x7}, 0x10, r4, 0xffffffffffffffff, 0x4, &(0x7f0000000600)=[r3, r5, 0xffffffffffffffff], &(0x7f0000000640)=[{0x5, 0x3, 0x10, 0x7}, {0x2, 0x5, 0xa}, {0x4, 0x3, 0x10, 0x2}, {0x5, 0x3, 0xf, 0x7}], 0x10, 0x4}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000001e40)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x30, r0, 0x8, &(0x7f0000001d80)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000001dc0)={0x4, 0xe, 0x401, 0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x2, 0x0, &(0x7f0000001e00)=[{0x3, 0x5, 0x7, 0x6}, {0x0, 0x2, 0x7, 0x9}], 0x10, 0x3}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000001940)=@base={0x7, 0x4, 0x0, 0xf1b, 0x14, 0xffffffffffffffff, 0x1ff}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) 1.322603295s ago: executing program 0 (id=2312): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(0xffffffffffffffff) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x3, 0x10, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000002018150000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004500000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000009b00000095", @ANYRESOCT=0x0, @ANYRESOCT=r2, @ANYBLOB="0e9ee7584a26d5c7be864cef43205c98b9a317fa3981ba6d0190f2d829e41f46bc825f0f9a988694134b57bf3c762c94fc144dab731c4f5286ce50013bbc72b30ede6832c5bc3219ae4548eb15166a097d6a90838dfdc0959261f45ae75250099c0880941546bed2047bb7a923b567b37d035ec494b507b6aa1229c040f827c6b148a316c4bc58c30d7da67c96f05aa1a400dbc47fc18fff16fc30821ae35e037dd0305681f0021f5af0d41a7367c26983dfcdf4239eaebceada2444e1d2968565", @ANYRES16=r0], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x5, 0x0, 0x0}, 0x90) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x0, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2}, [@call, @printk={@s, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x50}}]}, 0x0}, 0x90) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r7 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r6, &(0x7f0000000280)=ANY=[@ANYBLOB="000008000100000000003d0000004600004000000000008490783fffffffac1414aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="b40000009078c8f69e12e62069fdc8c91c00000000"], 0x4e) r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x0, 0x16, &(0x7f0000000200)=ANY=[@ANYBLOB="61125000000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560602000f0200006706000020000000620a00ff0ee60000bf250000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffcd35010000000000ce040000000000001c000000000000009500000000000000db13d5d8b741f2cdaabc8383c8f56bb5df3083d20f8c2bf304000000815dcf0066d7ded3c5c49a08a503ea6d54f7f3125a8200578ac0836d6454745e70a27444003c5b20451b624db6f5320e9befc1e00b8b32917c4d30d16b7edb732bc3ac330b16c442aff70d27659bc58e296b16750c5577c848754b4894b07f15bab1c640a5c0c4fd62f9db829b301ef67fd2b2736f3af0c54af2412313b17c4c8081c4ed0572261960e227d34cfbfdb247bc2351c9d8363a8cb18b7330604da78b0aba47545f9a25a80dd7d28a5ae41824f611e6dd581c52698f9542a444a8a3969946faded5275c00"/420], &(0x7f0000000100)='GPL\x00'}, 0x90) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r9, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="0f", 0x1}], 0x1}, 0x0) recvmsg(r10, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)=""/78, 0x4e}], 0x1, 0x0, 0x2}, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r5, r8, 0x5}, 0x10) r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="180000815cb44c0d76635900000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000400)='kfree\x00', r11}, 0x10) r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x90) r13 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000580)='jbd2_handle_stats\x00', r12}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r13}, &(0x7f00000004c0), &(0x7f0000000500)=r12}, 0x20) sendmsg$inet(r4, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000100)='j', 0x1}], 0x1}, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) connect$inet6(r3, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) 1.167304479s ago: executing program 2 (id=2316): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x15, 0x2, &(0x7f0000000100)=@raw=[@ldst={0x1, 0x0, 0x4, 0x0, 0x1}, @jmp={0x5, 0x0, 0x9}], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb1e11900}, 0x90) 1.093589917s ago: executing program 1 (id=2317): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000008c0)={'wlan0\x00'}) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) bind$tipc(0xffffffffffffffff, 0x0, 0x0) bind$tipc(0xffffffffffffffff, 0x0, 0x0) bind$tipc(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x30, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x1c, 0x3, r4}, @val={0xc}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x60000000}]}, 0x30}}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000000700000008420300d3b34cc6d154f2171ab6c5408dcd0c11bdfe8f392383687ec4828f4c36396fc62ddb45", @ANYBLOB], 0x4c}}, 0x0) 1.037722979s ago: executing program 2 (id=2318): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x6, 0x0, 0x0, 0x0, 0x71, 0x11, 0x62}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x2a00}, @exit]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe}, 0x70) 1.024770239s ago: executing program 4 (id=2319): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x30, r3, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0xe69b6b7cd81c52aa}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x30}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r5 = socket$packet(0x11, 0xa, 0x300) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_queued_recursive\x00', 0x26e1, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r8, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000006b00)={0x50, r7, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "cabee339084eeef16f162471f4"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_TYPE={0x8}]}]}, 0x50}}, 0x0) close(r6) socket$inet6_udplite(0xa, 0x2, 0x88) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x54, r11, 0xfe12482fe0801d67, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc}, {0x8f}}]}, 0x54}}, 0x0) sendmmsg$sock(r6, &(0x7f0000007140)=[{{&(0x7f0000000240)=@in6={0xa, 0x4e21, 0x0, @empty}, 0x80, 0x0}}, {{&(0x7f0000000080)=@in6={0x2, 0x4e24, 0x0, @remote}, 0x80, 0x0, 0x0, &(0x7f0000003700)=[@timestamping={{0x18}}], 0x18}}], 0x2, 0x0) r12 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r0) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r12, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, 0x0, 0x600, 0x70bd25, 0x25dfdbff, {{}, {}, {0xc, 0x14, 'syz1\x00'}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4000041}, 0x0) r13 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r13, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_LP_INTERVAL={0x8, 0x13, 0xfffffffe}]}}}]}, 0x3c}}, 0x0) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x9}]}, 0xffffffffffffff43) syz_emit_ethernet(0x5a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd608a37f200242c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa84"], 0x0) sendmsg$NL80211_CMD_FRAME(r12, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r4, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}, 0x1, 0x0, 0x0, 0x8010}, 0x0) 865.948832ms ago: executing program 2 (id=2320): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000000d00010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000030900010073797a300000000054000000060a010400000000000000000100000208000b40000000000900010073797a30000000002c0004802800018008000100666962001c0002800800034000000000080001"], 0xdc}}, 0x0) 865.29134ms ago: executing program 1 (id=2321): r0 = socket$inet(0x2, 0x3, 0x14) setsockopt$inet_msfilter(r0, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYRES32], 0x1) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000002000)=ANY=[@ANYBLOB="ac1414bb7f000001010078d701186f124c95c4a33741281fb6c96d91ad13659d04e03df5d29fc73b92cf06f6e27e58354a7cf25bbc7057f464402ffef5cea0ae953d567545355eeb37e4c8c16e303d56fe036736def50141fcdbae236063524fbf8b1e236f441d1468299622bf3260ba4e01ae1004b92f7a8dd5546d6b5cff865d81d63ffad225ffbcd3115a8e4e351a76e3b0c053fab1d81205ed8787aae42a1fbeaa5ef6f33dfc87f8c19b38f7f1e3de7d02215407f1cced0d5378f0b9f0b4e963acdfe0fd01a360ebb54840bcab0fccf1b8437150ce08ad031b726a3e6e7dd3beeb7dbc4c1f1eb992e6bbdc65267960cffd741948834e0236ac109f4d118968f94980e80892fed281dd4fa17a04ad4c16f68dbeb7e49bd9154b69ec25e6ef132b819e1debd3c9740747c47c8e0c402ed3088f2c9a97b21b8d6ab4b76f8c5af3"], 0x18) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newtaction={0x5c, 0x30, 0x216822a75a8bdd29, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x0, 0x9}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0) (async) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_udp_SIOCOUTQ(r2, 0x5411, 0x0) (async) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r2, 0x89f9, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000040)={@dev={0xfe, 0x80, '\x00', 0x26}, @loopback, 0x10}}) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r2, 0x89f9, &(0x7f0000000340)={'sit0\x00', &(0x7f0000000300)={@remote, @dev={0xac, 0x14, 0x14, 0x35}, 0x0, 0x1b}}) (async) sendto$inet(r2, &(0x7f0000000200)="4202e85b033b768b577e9ff15b0f53555782cec2b45617cc01d5a73a3492bfc5a10f2ecac288f115a7983895c0e3fadcdf94e552b09655c7d779605866f4a83e06756d3d69cfcfe8fa7f0ae68637ac7e88a3e9eb3c03bb74f07e0018c9d5313e894c05594a1fe1949e83f982cc8802bc2b2f37f353ef34831a315cecd3571215ce18bf08", 0x84, 0x10, 0x0, 0x0) ioctl$sock_inet_udp_SIOCOUTQ(r2, 0x5411, 0x0) (async, rerun: 32) r3 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r2, 0x8040942d, &(0x7f00000008c0)) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0xa6, &(0x7f00000000c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00\b\x00', 0x70, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0xcdf, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "ffffffffff60000000000000"}]}}}}}}, 0x0) (async) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f00000007c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYBLOB="e9fe8076f28992c0009c5ddcdd810ef0b2f3dcfa3353e50ec780f40ccd44ee57cb2e390c", @ANYRES64], 0x48}}, 0x0) sendmsg$nl_route(r3, &(0x7f00000006c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000680)={&(0x7f0000000a40)=ANY=[@ANYBLOB, @ANYBLOB="0800000000220000a80116803000018010000600010000800100000000000000100002000600000070040000000100000c00070008000000000000006000018014000a00ffffffff0000000007000000000000000c0004000349ab3e08df994ef8014904596cda384e0000007f0000000c00030040000000ffffffff14000b00e5a1000000000000f0050000000000000c0003000100000008000000100006000300000000000000000001004c0001801000060000020000ff030000060000001000020001000000dc04000000000000280001000100000089b65578f81c0000000000000000000000000000000000000000000000000000c8000180a4000c801400010000000000ef05000004000000000000001400010003000000a00300000900000088a800001400010004000000d20c00000200000088a800001400010005000000900a000002000000810000001400010001000000510a00000500000000000000140001005e670000680400000500000088a8000014000100050000006e010000000000008100000014be9095890000009302000009000000000000000c0009007f0000000000010014000a000200000000000000070000000000000008002c00ad0e000021002200f7642fe0738c064b400bc678fc09003ddd2baeabed59b4b03832a9347600000008002e0003000000080029003eb9070008001f0009000000"], 0x214}, 0x1, 0x0, 0x0, 0x40001}, 0x40050) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001300)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000000000006040000000000000001000004f70000000000000003000000000000000000000000000009"], 0x0, 0x4a, 0x0, 0x1}, 0x20) ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f0000000140)={'sit0\x00', &(0x7f0000000100)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote, 0xc, 0x7}}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000780)={'sit0\x00', &(0x7f0000000700)={'syztnl0\x00', 0x0, 0x20, 0x0, 0x1, 0x800, {{0x15, 0x4, 0x3, 0x10, 0x54, 0x66, 0x0, 0x4, 0x4, 0x0, @local, @private=0xa010102, {[@timestamp_prespec={0x44, 0x2c, 0xf1, 0x3, 0x3, [{@broadcast, 0x5}, {@empty, 0xfffffb04}, {@local, 0x6}, {@multicast2, 0x3}, {@loopback, 0x9}]}, @generic={0x44, 0x11, "6c9dfdf989926d42ea8a9bf4d06b03"}, @noop, @end]}}}}}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000000880)={'erspan0\x00', &(0x7f0000005080)={'syztnl1\x00', r6, 0x10, 0x27876602e062571c, 0x7, 0x0, {{0x14, 0x4, 0x3, 0x27, 0x50, 0x266, 0x0, 0x4, 0x2, 0x0, @local, @multicast1, {[@rr={0x7, 0x13, 0xc5, [@loopback, @multicast2, @rand_addr=0x64010100, @broadcast]}, @timestamp={0x44, 0x28, 0x47, 0x0, 0x8, [0x4, 0x8, 0xfffffbfd, 0x9, 0x0, 0x3, 0x4, 0x9, 0xb8]}, @end]}}}}}) (async) r7 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0), 0xffffffffffffffff) (async, rerun: 64) sendmmsg(r4, &(0x7f0000004f80)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000004840)=@ll={0x11, 0xf8, r6, 0x1, 0x4, 0x6, @local}, 0x80, &(0x7f00000048c0), 0x0, &(0x7f0000004900)=[{0x10, 0x6}], 0x10}}, {{&(0x7f0000004a00)=@in={0x2, 0x4e21, @local}, 0x80, &(0x7f0000004b40)=[{&(0x7f0000004a80)="769ff982491f8225c9c5e20378e206822ac2a64b51dfbf55c9e8b612dd5996b4c2d50fa107b1fa6c5b24b751dc60c0d377cad715f2fabeb5e7492721467a1069825067a25dcc094ce3053984232c4b7e41256829e7f004d266b18ce569e620cb55caef3dfe4f1126528e3d4db6d6f6d3e4261108bedbd417011ca470b974fe1110d74cb57297171d600cae053dac05afd38faedccd2951daead67c36b2736873f8970a37", 0xa4}], 0x1, &(0x7f0000004b80)=[{0xa0, 0x10d, 0x2d38, "8f00fcf6c42c9c35b27906e582af3266e7059ad4fc02d90293f8ddb9c4f0f1d291591cd336073afea1c6eae7653891ac4beac735a7cd7c11c9a16ebabe4d1ef136047ac11a4902737c8be13f9a6823a26fd4a7cfb6cf2ddb584005cee863c5c2f9d73d18bb975be6362131d1b56d9fc7e2e700d5c58b6df7fb0112f7b9c0df949242ee60d1b69879e0fe392c"}, {0x78, 0x10d, 0x1f, "cad906caf431db48a1e625b26dc8434c265d3b1f4561c7b9e12f4728a6e2ab8bc281a1c8966ecb09a5c3f759ca859b48b4783b04e020a9da6bb620794fbd91f3e16a668b30fbd270d43b3609258a6bcbd6c802b159a2543c033cd7a3a06b86515ff923a203245a"}, {0x68, 0x113, 0xc5a, "2df86966464c17f83bce64f175529ac253ecb49e9006216299f138568c40931d079230077a10354d29dd8e44faf1033ca598ff6803d7a914bde41484963679cc1dff93d1178d67d72e367c2902c0a5aceae6cba06970"}, {0x68, 0x119, 0xab, "21bd74faa8f3418db02c485e3245beb537d545471b68734016f8e600b07e0d1969bd0f8e0e8e0d288dd1737a2a1db808ba02dd71a5a7d95e995ab0e95b2b93b913dfc083eca7dc306f8f9d051d91e92d18da973bc6"}, {0x38, 0x108, 0x5, "bb251de60684cbd1945cb13bae36f1ec2a48cb20e5c789fba0253351ae74b36f3635"}, {0xd8, 0x83cd7c86e11c3c04, 0x5, "cdd4180a2e3aa5ea5da2f86a5bc350ae0a49f49162a7efc87c18e6cf825f9a8fe9a358499dd920ba4a2909121b19640d6ab823609bb9dc3c0bd035299f1524b6926d08dd0f67b9ed78a845c1e8c538a755cf13c863afd7bc6e9044c682c65a847ed810e78b22d214842c04cb6c2ea309a6275c1d4cb3a6034480cb20f07ae66ee42942af28b21691cedffa7b8c51f23346977d506182c00c7cc336f052df9955ba6fcb2b0a9fc18a5028d70f9b095d54b9c585dcaa29d685405c76063af29bb5b8448f"}, {0xe0, 0x10e, 0x0, "d7d2fe89f4fbc297108c865974ed4ea66b34ce0450b860d46755826a0e3db075db6068bc61f1362248862ad307ef0c577868e44a7ed63db9b3f47d8d9819f2eee61336e0c41069ed120384a4f61e44f177a1b7c09b076be722479d811837d7d594cac401240890413399e79a06fc83cb989bb3f6d16ff41245315ba1f475de2667eb0f5c1a13a391911913cc1247bf5b4958f36d0055361cbd18029ba236dbe6dbabd0794ed26fe90cbffb68bde2813ecbf91410bbdcb9c766de7104767dba7a8cebbc72b6a2c24bdef8bd88c08642"}], 0x3d8}}], 0x3, 0x20000001) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r8, &(0x7f0000000640)={&(0x7f0000000400), 0xc, &(0x7f0000000600)={&(0x7f0000000440)={0x168, 0x0, 0x9, 0x101, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_QUEUE_NUM={0x8}, @NFCTH_TUPLE={0x4}, @NFCTH_TUPLE={0x98, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev}, {0x14, 0x4, @dev}}}, @CTA_TUPLE_PROTO, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @loopback}}}]}, @NFCTH_TUPLE={0x48, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xffffff47, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6}]}, @NFCTH_STATUS={0x8}, @NFCTH_TUPLE={0x10, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @NFCTH_TUPLE={0x2c, 0x2, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8}}]}, 0x168}}, 0x0) (async, rerun: 32) sendmsg$nl_route(r3, &(0x7f0000000a00)={&(0x7f0000000940), 0xc, &(0x7f00000009c0)={0x0}, 0x1, 0x0, 0x0, 0x200408c0}, 0x24000000) (rerun: 32) sendmsg$L2TP_CMD_TUNNEL_GET(r7, 0x0, 0x95) (async, rerun: 32) socket(0x10, 0x0, 0x0) (rerun: 32) 822.787392ms ago: executing program 0 (id=2322): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000dc0)={0x68, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x44, 0x33, @assoc_req={{{}, {}, @device_a, @device_b, @from_mac}, 0x0, 0x0, {0x0, 0x6, @default_ap_ssid}, @void, @val={0x2d, 0x1a}}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x8, 0xcd, [0x0, 0x0]}]}, 0x68}, 0x1, 0xf0ffffffffffffff}, 0x0) 820.363823ms ago: executing program 2 (id=2323): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0x1c, 0x16, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@IFLA_VF_IB_PORT_GUID={0x14}]}]}]}, 0x3c}}, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$kcm(0x29, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r2, 0x89e1, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c, 0x0}}], 0x1, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@newlink={0x64, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x34, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @mcast1}, @IFLA_GRE_ENCAP_TYPE={0x6}, @IFLA_GRE_REMOTE={0x14, 0x7, @mcast2}]}}}]}, 0x64}}, 0x0) write(0xffffffffffffffff, &(0x7f00000000c0)="24000000200099f0000000000000000002", 0x11) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="021380ee02"], 0x10}}, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)={0x2, 0x9, 0x2, 0x0, 0x2}, 0x10}}, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r1, 0x0, 0x8, &(0x7f0000000240)=0xc, 0x4) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x2d, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_netprio_ifpriomap(r5, &(0x7f0000000280), 0x2, 0x0) write$cgroup_netprio_ifpriomap(r6, &(0x7f00000002c0)={'veth0_to_bridge', 0x32, 0x34}, 0x12) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) socket$inet6_tcp(0xa, 0x1, 0x0) 617.903617ms ago: executing program 0 (id=2324): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x3, &(0x7f0000001300)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x90) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000180)={0x0, 0x1, 0x6, @link_local}, 0x10) sendmsg$ETHTOOL_MSG_RINGS_SET(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000340)={0x7c, 0x0, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_RINGS_HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_RINGS_RX={0x8, 0x6, 0x1}, @ETHTOOL_A_RINGS_TX={0x8}]}, 0x7c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x24, 0x0, 0x1, 0x401, 0xd, 0x0, {0x2, 0x0, 0x9}, [@CTA_TUPLE_ORIG={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x24}}, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="1506000000fff000004c0200000024000180060005004e22000008000300ac1414aa0600010002"], 0x38}}, 0x0) 552.681606ms ago: executing program 1 (id=2325): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x400002}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71002004000ffffffffffffffffffe7ee0000feff000000000200000000", 0x58}], 0x1) 539.898203ms ago: executing program 4 (id=2326): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x6, 0x0, 0x0, 0x0, 0x71, 0x11, 0x24}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x8c}, @exit]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe}, 0x70) 389.899037ms ago: executing program 4 (id=2327): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001b80)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000042000000b700000000000010950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2c4af38ffb7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836801ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0eb3280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d09a0a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96bf704526a8919bc700002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381ccc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a504a0301f89c2ee627e949c68b3a4a426a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73cfd1e76982f3d899f71e4a9f0ba8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f000000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffaf, 0x10, &(0x7f0000000040)}, 0x4e) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r0, 0x0, 0xe, 0x0, &(0x7f00000002c0)="69d387051eaf71a0486e5c660000", 0x0, 0x0, 0x0, 0xc00, 0x0, 0x0, 0x0}, 0x50) 389.688367ms ago: executing program 1 (id=2328): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="a9a8d626", @ANYRES16=r2, @ANYBLOB="01000000000000000000020000000c00098008000100ff000000"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4400000010201fff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b00010062726964676500001400028005002b00000000000500170000000000"], 0x44}}, 0x0) 299.468376ms ago: executing program 4 (id=2329): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r1, &(0x7f0000000000), 0x12) (async, rerun: 64) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a19000000000a01010000000000000000050000000900010073797a305b00000054000000030a01030000000000000000050000000900010073797a30000000000900030073797a32000000002800048008000240000000001400030067726574617030000000000000000000080001400000000114000000160a0000000000400000000000000000140000001100010000000000000000000000000a"], 0xb0}}, 0x0) (rerun: 64) 188.353225ms ago: executing program 1 (id=2330): r0 = socket(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000340)=ANY=[@ANYBLOB="02011400012918000e3580009f0001e92300002f0600ac141414e0000003808a8972bd0b72e41082b1a3d2061fd7fdfe4b88942a31f48597749c2d79c6fc26f7fbda34fb8825f80200e3c0aba61f630400dd04ffffca88facae8d966310a2fd74133bb"], 0xdd12}], 0x1}, 0x0) 57.991624ms ago: executing program 4 (id=2331): syz_emit_ethernet(0x3e, &(0x7f0000000300)={@broadcast, @random, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @dev}, @redirect={0x3, 0x945645dfea14ffa7, 0x0, @broadcast=0x1000000, {0x5, 0x4, 0x0, 0x0, 0x900, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @local}}}}}}, 0x0) 56.783517ms ago: executing program 1 (id=2332): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000040), 0xc) socket$qrtr(0x2a, 0x2, 0x0) recvmmsg(r0, &(0x7f0000001080)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) getpeername(r0, 0x0, &(0x7f0000001ac0)) ioctl$sock_qrtr_TIOCINQ(r0, 0x541b, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x58, @private0}]}, &(0x7f0000000100)=0x10) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000080)={r3}, &(0x7f00000000c0)=0x8) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000007c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="9feb01001800001800000018000000030000000000af0d7c1edce9c0900000010000000000001200000000005f00"], 0x0, 0x33, 0x0, 0x8}, 0x20) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2}, 0x48) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r6}, 0x48) bind$llc(0xffffffffffffffff, &(0x7f0000000000), 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r7, &(0x7f0000000000), &(0x7f0000000080)=@udp}, 0x20) syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CHANNEL(r5, &(0x7f0000000640)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x64, 0x0, 0x400, 0x70bd25, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16f3}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x12}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x36}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x9}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x10000}]}, 0x64}, 0x1, 0x0, 0x0, 0x5}, 0x4040404) sendmmsg(0xffffffffffffffff, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000300)="9c1a5d240d28c1ef3bad86fa8b0b17c2e22deda96f112434023ef22ae1ac88887d375da021e14831005f1abf41d64ef6e67ff9b93c476b766b01190750f00dce5b", 0x41}], 0x1}}], 0x1, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d80)={{r7}, &(0x7f0000000d00), &(0x7f0000000d40)='%+9llu \x00'}, 0x20) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(anubis)\x00'}, 0x58) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r7}, 0x20) bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f00000000c0)={r7, &(0x7f0000000340), 0x0}, 0x20) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000080)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0xddb, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x3}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x11, &(0x7f0000000200)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x375f}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@map_val={0x18, 0xc, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x80000001}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x8000, 0x7, 0x1, r4, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x1}, 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r9, 0x0, &(0x7f0000001700)=""/53}, 0x20) 0s ago: executing program 4 (id=2333): r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x5}, 0x1c) write$binfmt_aout(r0, &(0x7f00000034c0)=ANY=[@ANYBLOB="0b01640500000000feffffff0000000000000000810000000000000000000000f7ce744adb21d1462460899c11533a1c755bdc3c5241e74013f0646edb80007d451cfc49da02a13e92930ca18c03becdeb50d6f61c5e037a6138e5a00112dcc56acd55f44ef83e10419d3c0579"], 0x28) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f00000014c0)={0x0, 0x1, 0x7}, 0x8) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001680)=ANY=[@ANYBLOB="20000000410007010000000000000000047c00000c00018008000000", @ANYRES32=0x0, @ANYBLOB="368162a079b795ec5638a1ba06add9af5b46c7b0e35e1e07ad2582e782483fbcc7f112f1502affe60314d0f4575e6b16d267ae6e9f48975c2de16290598e4b3583b6a3d123189c304766f799b1999f04719d0179c961b45e933df915f43ef644f2f8de5f5a640065b358409d2d7f7370d19dae6eed20194c4e3f49935c8d67dcd34a33d0ddbf2f7a7b89f93a7cfb97159c2bff785d4697019858743594adca5f059f09312d9ab6e3ed270ab10263561faa83a6df12211a26da925ad157dc679dec5f3b1b751df1d29e35bc8b7d458d84f3"], 0x20}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001580), r4) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2c000000391ff2453f550537a0e0ce4a329b5685c57bb04f404f3473b2545e97f4370d4395256d87f10600000080000000f3883d", @ANYRES16=r5, @ANYRES64=r5], 0x2c}, 0x1, 0x0, 0x0, 0x24004844}, 0x0) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000000)={0x3, 0x8000}, 0x4) write$binfmt_script(0xffffffffffffffff, &(0x7f0000002140)={'#! ', './file0', [{0x20, '@}{,'}, {0x20, '\'-:()'}], 0xa, "0a66200531f1b4c1f4ae546e2658bf19f2eb3ae8b68b92d5966f4f42fb4cede0b051434d3be4bb80df3e09b754d34889827baed950d52483afeb6e7c404e21e20e2e3f90659adedb9b39d9c010323f7cef5e054d3c29f280b9dfcce89cff79564b8c714333597bd31f99294c139935bb1f98452275ceca069ca5fd22e52c9d57a8a112ccc9f7b8f623fa904c2a413908d963362ce1844523842cbd6f39c373f5c0824b2fd2b265dd06dc2cc823a431da773dcefe1018677bd86d62856d70a5621a8a9f8088e00b9766c5eb5e9cd4b4d528f98eb5faeb12a178cf4baaa994623500a588ddf8b939a08064b88d4b2053c11a0016a2fb4534d4fc698e796c9b8b47870f69d4e911c350b449c4128c0dd9b5bb70010f5e9f597b56170060ea05e66a044224b0063a51fef7c30f5e32f0b5649f9513f3dcb3f8ce95198397c6726d9377a297ae56508e702e40e4ad87b8d8dfe80568c1dec9d52d34ab3646f15ebd528a867423ee8c9d368ffbabe870e133c578fe2ee170adeb7e5969364e3b781a4bb950724dab521cb79c6ae26f19c8bacc400a4a98efa7ec0babeb749995c94f1c3b1a9d8fa90bf92810d38c640f246ed5cdcf86d7773a1b757554ea7321fc5e4e6fc599091380e56eebe136c3b467bc8c28c13b9146b0ae9f41bc98be0828dfa943ce62eb6a9903f0bd5ce3a755430da7e7d634b9a7bf57aec4b41451df3a62361ce75a3b17ff29f459a1deb744e252db0bf4596d892adf81878ea027ca92d79a6d83e83cc2e060da65ba6195f3c9d7af55d5b13bf7b46a7dadc8bbf88b434a51803bd201e74100466041fb647d182c378391ab7495aee63ab6c7c6df2f21fee345090b99b3928ac9dc89195c9fb178af3ec46e2bae806234a5df3ea7345ec2e417bc4b69c52c2ecbbc62208b2184019cc6682ac323cfd6cca20be723bd3baac9fb809bb033cd82874485ab85ccd4453e7a4067dab99c8bb308dcbb2963897bba613e12ba31f20d3b0e9ea0fd0c56b77de7b4e70ed7dd878213e9031bef52be642d3a8d0589fea7d199d109c2ff4131b90d7afb4470b0bd881c7acc1d6ac939cd2a3206076b0c9d5d8af07c37f61015da73eae66b547e7a0262bc264b28ea446c65ab74e24d95c2464673ed3cfc7e68ff94fb38e227d582d9aab1640a2a56ffd854ddb3a9f43154eae166560618df05655197ddce461b15fdafefba67ff0960b346ed66948559ff9b847ada52ec09d7ba53461869380c0de1e1dce90462851b7cf262757565007f5af8b53e7198eac2617a2aaf271dbdfac3e43ff9e7fd8e18783f5e168013b240050c86b96edb951a93cf6341797908fbb7327bcc9ce38926d0c4ef64556757d21bafb4c42b0b974ef4b8901f82671c7166a445ecdc7626a170ce59029361f49523edf5581de3aa1eff6f77d37dac760952bc0e6a9e8c4e5d6cd3ab0aa54f69d9cd5ba9dedc41d99e069cb00a7e41878112b274649e33545f849f0cf3f9eb39ec66e3997fdbb3e4766d2ea13dbb92fb340303de31f565dc28abcdf7e7a37c2bc53f368e58ba4e37fee6af89975a694cdf199ef5b835417b15214dacd3f4cd70106f9e8da7ff4a52e46ba89f5af0bf65da862924a2a4e5c3a3453d3c83db4a99e7739b4271ddcd39347052a39e6d29cf7d2d22b3adc9b4e33b439d4c2c97691d045b05dfa4770029c69b0aead2ab2efaecf6ccd366e890d9785f9cdafcf50c04d2d7404cd86c4e5c396595331a13d6ca8b77fbed5bf889cd7b66b004fae4af96e82dc9c5d00e6077c368d8f81c256338c0372fd41915588e73197f0b28064b2efd4ed868933772d18dd8ad3b85c341db1de1a916d34265bd930044ae6a3b714ec290b0537270f5ebd14639871acbd773bcff4fe7b46e2d7249a3a7bba6c6b939cdced40ca1303696953526c93b575339b3e2ba02abc38387042818b590026706aa690a1b2daf465655880c331727734872732bc5d9cfe98ebf4a161c82a78581ac21fa17619e234dc33740751fabb0cc739224004c9c33cc12894e054d929e7eba5e9478bac6a8ba488dda7a1b73b27e1bb34bbf47a48160dd0c89717f58042e957070a72553f16894cca6b543350119e5b3b429503af169d82bc80aa980135624832d395ef3e34c2ff591602c17a2aa5acc6dc2accd9d79f002c7ef7930d7a33dcdbee843f4ab7322427cc185a10e46e630c9a50477c099a251c71191ec1a13f6cc956d41dedab4b14c906331d258e2b566d59d2fe897965ca0a03c1a7cbf6c97a9f5a70498194c71b91b7a39533cc38c89dc3faa2d7f940369e0306e8bc12c060e8c99deed9c218da1d82233d189e8185cde6eba6103a5dbf495002c03605fae560caaa18db45ffbedec53d814a3ba85af002b0cc67a4bf9912e27189bd6760ba9207dba9bd331b3c112e560b7df7d9759544dadfc41bedc9539ad6fe9e3c3eeba41f2bf91f665cc85ace3613ebedfb5bf95124b0a1695add1082a918dcee98d81f525061e7426da2acf6677d35090844637da0213d71e8fcc42bdf79535a6055fac113aadf76314faed9a9aa82ac4990aa025d0d3ce24d3bf1c79b691a5e11e267da11152d3fafe3785e22568b6a58bf2baf166cbab551a62508b48e06840107e2ca6ac90605bff3598bd617eb480a4c67d0fbd5d278c65f1c4438184823a1165f170771dff0c6cb1a566f3af67de0daf245fdc44aa3022d250435ea5204c79c9af51dfaf4cd5ec157bb0cb04761d5ffd3dc119cffffd03a3a9921a914e70895abca25c435d0f801f5a6a7f6bd48a59c5accb413d22d85acb77a2e8c7bd89e7a17481fcf3539647e8c851d4e2315636197f1bc2a820b5b0e2a22e8be7c06a01afd6f6b16e57dacded4627d5425a427bb28142c23aeb86af29301df915510aef18bef1a0abce1fab6a465d30aa13505a511ef4b5bb0ed4709e6b6cf29fd6c0350ab1c578c23c63f07a7560afb8ab8b94d250cedb03bcac25c6412e6238beda29b82b18e54918da4babc37ca2ea8bc20d7d41d8734a09505dc72411ee3921f14d63aec10369d14acfe2b349e590cb686bda0af6e738b6a15e33c336520dc35eaba31d663db6f85b7cb3358115b687d6b34f67de397646a9758d51962c8b700ec655a5425a331b71b61e1ee2e65755dafa659a67d0dcd76179604fc8f64198da98e55e8bb8dd5fb07a33eeab7472b0d6e5c5102ee200992e8bdce8f5543542e0ac43c420a876081ca29c367a422ea2451a02dbe3bd2bb9516bfc155fc2acb965eb9c2f3bdd966c9e48c10f90d4d893e96343656cede26aaab4e517b647146e020a9b44de85ac21da591c81cdabb07f8b7fca1dfdd08f58e934f8a506ee7ea2380c8af857ec502997d7f52cb901b2c8422160932e2cbc68a7a78e68ba12d7909121ba8f7c866aad1e4a4b61bfba19febbfced887f95d28ea409eb5c6adb8a71e98fe87c1b49bb32b5d8e315e89f09b34f5065948332e90c13becd3e7e627ef79754dff5146e9ad146de0e4ab314e10b15d4436462a082bf81637b629f676891663fecd51184cfe843121ec643785d1fa68abd443acf630e8182ca764c5094bf29a09516efde2fd58544078cb4faca52a2ddea05deefa8730cc04b2f500c919f2b9fd6a438261a3b3a70c66695cb9636122b98677179006fc66abf64f75792617a8ad8c562604078b1937d36ec98786aa51c8ab60686a661d1bcfc4a0db46b1b813a56c0ce6b286925d77b1f7b4848c01eea8ecdba91d8d6d9c0071225cf53bcb85be05234dafadb1412edec99652628eae240ae4537943f1ebcb6b8535f90d933c5adb30042d1357e1f7f4c0b22861606bbdfb6571f0668577b1a1278205ee4dd087c7e79cd4ac457be814ae068ed40051596b8695e77ea2f0d032038ed36d35879830568cc71cc8e6317c4472f32d1fd414ae3bd493b714777d55519513cbbcb49a72482f1c8be8a34b84b8c03d76b72790774506524d84b12969db9406bd818f7822c60110b1a2a2bde2e15a8616b99903a3e7414fd7cb49bc08f5cd66371cff88a23204fd8b0e9f9586ad86a076847409a07a762f96f048d7c738a22db5817e8e0ab5f7c8fc2046ef3768d3b56b1368316397df92579d521ecdbe22701aeacba1acaab51fe771f9bcf97e7fe633c20fcc14c3f1644a590f929a433add3283286261e33f2596e983a3d836404de1c59fde2aa838f9bba6a77c4853b89c5bf2391b436a3a8499d3f4da8d4142ae9a0053e9caaaa3535f26be5273b5cb8f97e62bfa5123ed40c95357b6ec2da51ebf2cf4601029a3b5a16d67ac081a0d2a11b60e5bd662c797bf04a2b8dbef423058b0b30dd2a566bfddb7d577236ae0afb6fc0516e1be2ea376ab75a5d49b29a4b80ad5c5be5cce2d18c7da58d7e957e3ac7ab85664bc344fd418ed2620307baf609fb8d3dc5f3835d5933b370a5bb6d293108dd578ae5d7377fb40b1a306d55757d3601eebf9b08ef9b82509d44821edb82510c284e5f98345fe99b8882a6795e14d944228b43abc0c4e1deffc7ef7960ddc7f8c123ad808ff5380d2f163cab187844bd3d2ca5da542b2b94844b38d0206057afbeb016acf9c091e5973fce8349e3aab15e6ec87b7e225d475fcea367e7a1fce590d085a5114a0459d2c0a182e0e361a36deb4ad3132a52ec33c1216b2b1eb77cf902456b70d83555c6cba427e8a7d7409b158533e1d36c643e05de5207e29388ae57f8a12f559afea1539f9c4b0085560ad87a5ad56777ba7a9636e96ea4f93062c4b13eaf5ff09469d5aec74f3709f6692494feb544b864277b554475c153a3b1bfb6bb42e78eecfffca893d89baa1051a8ef09af83924aa9d370d82e8d74b92e4fd0a62219c6617eb3ece38a74128b4b9d625d14e9faaa2ae5580aeb2e0c646843db1c5ca9be3a49d731f7e2a71e62ff6985a7f09483b481ba3817042f6125689ca9359c58991e0b12878f8156e36de83baa3b25cee27ec07967d032f69ec57b0abfc6f39dbd2ddf47cc06a3079dbd32d0e7c94aa1432efd056e74aa136a87c2a1dda341ab648f7098c60087841c9a277d92e026db50f9db015569e60b398b773ebdced020201539522fc7f30d212f33598d2e949b3bc13afd0b981aaec02b6948ac86f00ae2e57c55e722db3debfb33fcff0b5485dab0160aa74fe3af1cc65c959d10efff7045221c9f5acf81f131ce082bb396c03f0022ad06a40298ed192c3492277466ddf0945c6ebc59dbead09efb32a1329fbe54df143126ab36fa79d60ee15f9ea3bb5dad329f4e14e7bb49295bc73876905c2edf04455a28ea8476ece540bd26a4a09de5ee0fad943a3150e403a498d01fa837638d306211d3630cbb48d4df9b0f6a6b0067f3c5e40c3ac151bfb5808bd47cbdf4cec02ce46b005fe1df5176bf82ae734439b187edeed0a7b4677c31ce6d40e9daa868e660de33da4b3d298ba1b8c1e838a9859f4d91bd97fa3fba3cf12e6780e4dcba1669eff3b100b8fe9e7898f40d82db7feb7c7b512e16b31cbfb142f716a79ec0124093bae4fd786870e489dba17cba3190f7bbefb8dbe2c87ee35b64ae4a016ea63d630aa088c6a95b0830bee153c24951a588eff7f1a68e688eec205886cb45dc61530c4c945039e101223428298ddb805db42c649d6b0c97a45608e3d902761510678a6c09e0160a1f047c5b2a88971df6d3fbd51edbefef41b9ee4a7156c73e3b09f35f9fb5aac7b2978027ea4f71bbd7245eaea91da6e9c896b994505971def3f170a2042cdb1229490fc59525c6a2d403cd00c86786410b4237302d"}, 0x1016) r7 = socket$inet_udp(0x2, 0x2, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) writev(r8, &(0x7f0000000400)=[{&(0x7f00000000c0)="390000001000111867090707a640400f0021ff3f30000000170a001700000000040037000900030001632564b758b9a64411f6bb744dc48f57", 0x39}], 0x1) r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), r3) r10 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r10, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000540)=""/207, 0xcf}, {&(0x7f0000000640)=""/124, 0x7c}, {&(0x7f00000003c0)}, {&(0x7f00000006c0)=""/255, 0xff}, {&(0x7f00000007c0)=""/22, 0x16}, {&(0x7f0000000800)=""/38, 0x26}], 0x6}, 0x850}], 0x1, 0x34000, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(r10, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="e0dd1b47", @ANYRES16=r9, @ANYBLOB="a78700000000000000000b000000"], 0x14}}, 0x0) bind$inet(r7, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10) sendto$inet(r7, &(0x7f00000008c0)="f72bacc3ca1a9edf08e239411cbcf4b2ef918084f500db36e20f4f509b2d142d7f20570bec6d2d7fcdd876a9f6167b334b1520e2a2e62197dcbc558318f53923acd32a9cc5e539620f83a0ebc7bf4516404a2b9baa92b0c687a280d35df349", 0x5f, 0x800, &(0x7f0000000380)={0x2, 0x4e23, @multicast2}, 0x10) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r11, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008001b"], 0x34}}, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) kernel console output (not intermixed with test programs): pe 3 has an invalid length. [ 75.619927][ T5777] netlink: 'syz.2.232': attribute type 3 has an invalid length. [ 75.759776][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 75.893540][ T4493] Bluetooth: hci0: command tx timeout [ 76.385620][ T5831] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 76.417147][ T5831] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 76.533038][ T4493] Bluetooth: hci4: command 0x0405 tx timeout [ 76.581626][ T5842] netlink: 'syz.0.252': attribute type 10 has an invalid length. [ 76.594816][ T5842] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 76.789267][ T45] cfg80211: failed to load regulatory.db [ 77.524787][ T5884] Cannot find add_set index 0 as target [ 77.857315][ T5901] netlink: 'syz.2.274': attribute type 3 has an invalid length. [ 78.001777][ T5907] __nla_validate_parse: 13 callbacks suppressed [ 78.001795][ T5907] netlink: 8 bytes leftover after parsing attributes in process `syz.2.277'. [ 78.148366][ T5914] netlink: 20 bytes leftover after parsing attributes in process `syz.4.280'. [ 78.180559][ T5916] netlink: 16 bytes leftover after parsing attributes in process `syz.1.281'. [ 78.307752][ T5923] netlink: 'syz.1.283': attribute type 13 has an invalid length. [ 78.323419][ T5923] netlink: 8 bytes leftover after parsing attributes in process `syz.1.283'. [ 78.341293][ T5923] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 78.668931][ T5937] netlink: 16 bytes leftover after parsing attributes in process `syz.1.289'. [ 78.682208][ T5937] netlink: 24 bytes leftover after parsing attributes in process `syz.1.289'. [ 78.807864][ T5944] netlink: 12 bytes leftover after parsing attributes in process `syz.3.291'. [ 79.159472][ T5954] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not '#! [ 79.159472][ T5954] cct.usage_percpu_sys' [ 79.168935][ T5965] netlink: 8 bytes leftover after parsing attributes in process `syz.3.300'. [ 79.346317][ T5977] netlink: 20 bytes leftover after parsing attributes in process `syz.3.304'. [ 79.480785][ T5986] netlink: 8 bytes leftover after parsing attributes in process `syz.1.307'. [ 79.956140][ T6010] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 80.456706][ T6044] netlink: 'syz.0.331': attribute type 10 has an invalid length. [ 80.540652][ T6044] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.567622][ T6044] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 80.604268][ T6030] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 81.423282][ T5106] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.432237][ T5106] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.440575][ T5106] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.461023][ T5106] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.477621][ T5106] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 81.485540][ T5106] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.948573][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.584777][ T6157] nbd: device at index 1 is going down [ 82.695356][ T1053] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.715056][ T6156] netlink: 'syz.4.368': attribute type 4 has an invalid length. [ 82.783843][ T6157] bond3: (slave gre2): The slave device specified does not support setting the MAC address [ 82.796908][ T6157] bond3: (slave gre2): Error -95 calling set_mac_address [ 82.829348][ T6161] netlink: 'syz.4.368': attribute type 4 has an invalid length. [ 82.848684][ T6160] bridge0: entered promiscuous mode [ 82.854791][ T6161] syz.4.368 (6161) used greatest stack depth: 18480 bytes left [ 82.892050][ T6160] bridge0: left promiscuous mode [ 83.017188][ T1053] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.019797][ T6175] __nla_validate_parse: 10 callbacks suppressed [ 83.019813][ T6175] netlink: 8 bytes leftover after parsing attributes in process `syz.4.371'. [ 83.049691][ T6091] chnl_net:caif_netlink_parms(): no params data found [ 83.266873][ T6184] netlink: 40 bytes leftover after parsing attributes in process `syz.3.376'. [ 83.267673][ T6188] netlink: 12 bytes leftover after parsing attributes in process `syz.4.378'. [ 83.288185][ T6188] netlink: 40 bytes leftover after parsing attributes in process `syz.4.378'. [ 83.310836][ T1053] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.441642][ T6194] netlink: 'syz.4.380': attribute type 10 has an invalid length. [ 83.465263][ T6194] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.477931][ T6194] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 83.545521][ T1053] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 83.573829][ T4493] Bluetooth: hci1: command tx timeout [ 83.608113][ T6200] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 83.685348][ T6091] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.703394][ T6091] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.721328][ T6091] bridge_slave_0: entered allmulticast mode [ 83.738171][ T6091] bridge_slave_0: entered promiscuous mode [ 83.762457][ T6213] netlink: 6 bytes leftover after parsing attributes in process `syz.4.385'. [ 83.780256][ T6091] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.797190][ T6091] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.824572][ T6091] bridge_slave_1: entered allmulticast mode [ 83.849266][ T6091] bridge_slave_1: entered promiscuous mode [ 83.873419][ T6210] netlink: 6 bytes leftover after parsing attributes in process `syz.4.385'. [ 83.888279][ T6210] netlink: 6 bytes leftover after parsing attributes in process `syz.4.385'. [ 83.945730][ T6222] netlink: 'syz.1.388': attribute type 1 has an invalid length. [ 83.957514][ T6222] netlink: 5 bytes leftover after parsing attributes in process `syz.1.388'. [ 84.010092][ T6225] netlink: 'syz.1.388': attribute type 1 has an invalid length. [ 84.046810][ T6210] netlink: 6 bytes leftover after parsing attributes in process `syz.4.385'. [ 84.049824][ T6225] netlink: 5 bytes leftover after parsing attributes in process `syz.1.388'. [ 84.102582][ T6091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.152203][ T6091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.368773][ T6237] IPv6: NLM_F_REPLACE set, but no existing node found! [ 84.446780][ T6091] team0: Port device team_slave_0 added [ 84.477868][ T6091] team0: Port device team_slave_1 added [ 84.641423][ T1053] bridge_slave_1: left allmulticast mode [ 84.685833][ T1053] bridge_slave_1: left promiscuous mode [ 84.707699][ T1053] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.791182][ T1053] bridge_slave_0: left allmulticast mode [ 84.808389][ T1053] bridge_slave_0: left promiscuous mode [ 84.819701][ T1053] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.347922][ T1053] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 85.363142][ T1053] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 85.378227][ T1053] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 85.388732][ T1053] bond0 (unregistering): Released all slaves [ 85.403952][ T1053] bond1 (unregistering): Released all slaves [ 85.432209][ T6091] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.442650][ T6091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.485867][ T6091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.571620][ T6091] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.579742][ T6091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.586999][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88802c261400: rx timeout, send abort [ 85.649039][ T6091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.659792][ T4493] Bluetooth: hci1: command tx timeout [ 85.942010][ T6308] openvswitch: netlink: Message has -1 unknown bytes. [ 85.976442][ T6091] hsr_slave_0: entered promiscuous mode [ 85.997843][ T6091] hsr_slave_1: entered promiscuous mode [ 86.018252][ T6091] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 86.035679][ T6091] Cannot create hsr debugfs directory [ 86.114745][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88802c261400: abort rx timeout. Force session deactivation [ 86.286724][ T6322] netlink: 'syz.1.416': attribute type 4 has an invalid length. [ 86.740195][ T6353] netlink: 'syz.1.422': attribute type 1 has an invalid length. [ 86.944860][ T1053] hsr_slave_0: left promiscuous mode [ 86.958046][ T1053] hsr_slave_1: left promiscuous mode [ 86.985937][ T1053] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 86.998117][ T1053] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 87.009830][ T1053] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 87.047903][ T1053] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 87.125560][ T1053] veth1_macvtap: left promiscuous mode [ 87.137270][ T1053] veth0_macvtap: left promiscuous mode [ 87.143411][ T1053] veth1_vlan: left promiscuous mode [ 87.148834][ T1053] veth0_vlan: left promiscuous mode [ 87.462654][ T6371] netlink: 'syz.2.428': attribute type 2 has an invalid length. [ 87.652569][ T1053] team0 (unregistering): Port device team_slave_1 removed [ 87.697971][ T1053] team0 (unregistering): Port device team_slave_0 removed [ 87.735339][ T4493] Bluetooth: hci1: command tx timeout [ 88.076801][ T6375] __nla_validate_parse: 6 callbacks suppressed [ 88.076818][ T6375] netlink: 16 bytes leftover after parsing attributes in process `syz.1.430'. [ 88.177174][ T6362] 8021q: adding VLAN 0 to HW filter on device bond1 [ 88.208920][ T6362] 8021q: adding VLAN 0 to HW filter on device bond2 [ 88.257344][ T6366] bond_slave_0: entered promiscuous mode [ 88.263376][ T6366] bond_slave_1: entered promiscuous mode [ 88.269074][ T6366] batadv0: entered promiscuous mode [ 88.287445][ T6366] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 88.304760][ T6366] bond_slave_0: left promiscuous mode [ 88.310253][ T6366] bond_slave_1: left promiscuous mode [ 88.315839][ T6366] batadv0: left promiscuous mode [ 88.508625][ T6383] netlink: 20 bytes leftover after parsing attributes in process `syz.1.432'. [ 88.830133][ T6402] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.440'. [ 88.836394][ T6401] pim6reg: entered allmulticast mode [ 88.862156][ T6399] pim6reg: left allmulticast mode [ 89.178546][ T6091] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.198105][ T6091] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.216283][ T6091] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.235428][ T6091] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.607792][ T6091] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.665675][ T6431] netlink: 'syz.3.450': attribute type 10 has an invalid length. [ 89.712769][ T6091] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.721981][ T6431] netlink: 212412 bytes leftover after parsing attributes in process `syz.3.450'. [ 89.763123][ T6431] openvswitch: netlink: Flow key attr not present in new flow. [ 89.767173][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.778620][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.813419][ T4493] Bluetooth: hci1: command tx timeout [ 89.860982][ T5148] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.868216][ T5148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.976877][ T6091] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 90.007626][ T6091] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.235422][ T6460] netlink: 4272 bytes leftover after parsing attributes in process `syz.1.458'. [ 90.271687][ T6460] netlink: 'syz.1.458': attribute type 1 has an invalid length. [ 90.308854][ T6460] netlink: 176 bytes leftover after parsing attributes in process `syz.1.458'. [ 90.580942][ T6091] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.721677][ T6488] warning: `syz.4.466' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 90.795234][ T6091] veth0_vlan: entered promiscuous mode [ 90.904011][ T6091] veth1_vlan: entered promiscuous mode [ 91.065064][ T6091] veth0_macvtap: entered promiscuous mode [ 91.115646][ T6091] veth1_macvtap: entered promiscuous mode [ 91.238177][ T6091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.273155][ T6091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.299402][ T6091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.340303][ T6091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.404963][ T6527] netlink: 2 bytes leftover after parsing attributes in process `syz.1.478'. [ 91.408013][ T6091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.465985][ T6091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.491127][ T6091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.520309][ T6091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.558942][ T6091] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.629925][ T6091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.657285][ T6091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.670796][ T6091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.686756][ T6091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.706610][ T6091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.745685][ T6091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.782157][ T6091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.820000][ T6091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.870035][ T6091] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.939976][ T6091] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.964620][ T6555] netlink: 48 bytes leftover after parsing attributes in process `syz.2.485'. [ 91.983248][ T6091] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.014334][ T6091] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.043330][ T6091] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.235525][ T6567] netlink: 'syz.1.487': attribute type 1 has an invalid length. [ 92.356234][ T6567] bond4: entered promiscuous mode [ 92.515718][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.522121][ T6583] netlink: 20 bytes leftover after parsing attributes in process `syz.4.491'. [ 92.547635][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.671165][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.687649][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.877298][ T6597] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 92.950410][ T6601] netlink: 8 bytes leftover after parsing attributes in process `syz.0.336'. [ 92.975462][ T6605] netlink: 'syz.3.501': attribute type 33 has an invalid length. [ 93.160493][ T6618] netlink: 'syz.3.505': attribute type 3 has an invalid length. [ 93.332225][ T6623] __nla_validate_parse: 1 callbacks suppressed [ 93.332244][ T6623] netlink: 4 bytes leftover after parsing attributes in process `syz.2.506'. [ 93.619185][ T6640] netlink: 'syz.3.511': attribute type 1 has an invalid length. [ 93.972165][ T6657] netlink: 28 bytes leftover after parsing attributes in process `syz.3.518'. [ 94.077362][ T6662] netlink: 12 bytes leftover after parsing attributes in process `syz.4.520'. [ 94.133550][ T6654] xt_TCPMSS: Only works on TCP SYN packets [ 94.157758][ T6654] netlink: 12 bytes leftover after parsing attributes in process `syz.0.517'. [ 94.502654][ T6680] netlink: 47 bytes leftover after parsing attributes in process `syz.1.527'. [ 94.538156][ T6680] nbd: couldn't find device at index 1 [ 94.690857][ T6657] infiniband syz1: set active [ 94.717810][ T6692] netlink: 8 bytes leftover after parsing attributes in process `syz.1.532'. [ 94.726712][ T6657] infiniband syz1: added veth1_vlan [ 94.946246][ T6657] RDS/IB: syz1: added [ 94.950340][ T6657] smc: adding ib device syz1 with port count 1 [ 94.985336][ T6704] netlink: 12 bytes leftover after parsing attributes in process `syz.4.536'. [ 94.996834][ T6657] smc: ib device syz1 port 1 has pnetid [ 95.092692][ T6711] netlink: 80 bytes leftover after parsing attributes in process `syz.2.540'. [ 95.172153][ T6715] netlink: 80 bytes leftover after parsing attributes in process `syz.0.541'. [ 95.178727][ T6716] xt_CT: You must specify a L4 protocol and not use inversions on it [ 95.416365][ T6727] netlink: 444 bytes leftover after parsing attributes in process `syz.1.545'. [ 95.869757][ T6746] xt_bpf: check failed: parse error [ 96.483390][ T6777] ebt_limit: overflow, try lower: 0/0 [ 96.527505][ T6777] netlink: 'syz.2.564': attribute type 6 has an invalid length. [ 96.528286][ T6779] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 97.405424][ T6824] netlink: 'syz.0.578': attribute type 1 has an invalid length. [ 97.443464][ T6824] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 97.450713][ T6824] IPv6: NLM_F_CREATE should be set when creating new route [ 97.458054][ T6824] IPv6: NLM_F_CREATE should be set when creating new route [ 98.147215][ T6858] netlink: 'syz.3.593': attribute type 4 has an invalid length. [ 98.344418][ T6865] netlink: 'syz.3.593': attribute type 4 has an invalid length. [ 98.750530][ T6896] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 98.772670][ T6897] __nla_validate_parse: 13 callbacks suppressed [ 98.772689][ T6897] netlink: 12 bytes leftover after parsing attributes in process `syz.1.602'. [ 99.030757][ T784] IPVS: starting estimator thread 0... [ 99.039280][ T6907] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 99.053535][ T6907] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 99.135325][ T6911] IPVS: using max 17 ests per chain, 40800 per kthread [ 99.259991][ T6920] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 99.529367][ T6923] netlink: 4 bytes leftover after parsing attributes in process `syz.4.612'. [ 99.592080][ T6933] netlink: 4 bytes leftover after parsing attributes in process `syz.4.612'. [ 99.675433][ T6934] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 100.071059][ T6952] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.623'. [ 100.101460][ T6954] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 100.437828][ T6970] netlink: 20 bytes leftover after parsing attributes in process `syz.0.628'. [ 100.521801][ T6969] netlink: 232 bytes leftover after parsing attributes in process `syz.1.631'. [ 100.578420][ T6978] netlink: 4 bytes leftover after parsing attributes in process `syz.4.633'. [ 100.687321][ T6978] team1: Failed to send options change via netlink (err -105) [ 100.696343][ T6978] team1: Mode changed to "activebackup" [ 100.717574][ T6984] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 100.793749][ T6987] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check. [ 100.892487][ T6991] netlink: 48 bytes leftover after parsing attributes in process `syz.3.638'. [ 100.916732][ T6994] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 101.249617][ T7014] xt_CT: You must specify a L4 protocol and not use inversions on it [ 101.272237][ T7012] netlink: 8 bytes leftover after parsing attributes in process `syz.2.646'. [ 101.460842][ T7020] bridge0: entered promiscuous mode [ 101.470235][ T7020] team0: entered promiscuous mode [ 101.488776][ T7020] team_slave_0: entered promiscuous mode [ 101.503222][ T7020] team_slave_1: entered promiscuous mode [ 101.519107][ T7020] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 101.527139][ T7020] Cannot create hsr debugfs directory [ 101.708634][ T7037] netlink: 'syz.1.654': attribute type 4 has an invalid length. [ 101.871891][ T7040] netlink: 56 bytes leftover after parsing attributes in process `syz.1.657'. [ 102.361424][ T7068] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.389789][ T7068] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 102.618361][ T7086] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 103.053263][ T7115] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (128) [ 103.358055][ T7127] team_slave_0: entered promiscuous mode [ 103.363851][ T7127] team_slave_1: entered promiscuous mode [ 103.423378][ T7127] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 103.465912][ T7127] team_slave_0: left promiscuous mode [ 103.471436][ T7127] team_slave_1: left promiscuous mode [ 103.549096][ T7144] netlink: 'syz.0.689': attribute type 30 has an invalid length. [ 103.940403][ T7159] netlink: 'syz.1.694': attribute type 1 has an invalid length. [ 104.194992][ T7169] __nla_validate_parse: 6 callbacks suppressed [ 104.195010][ T7169] netlink: 4 bytes leftover after parsing attributes in process `syz.3.700'. [ 104.211488][ T7169] team1 (uninitialized): Failed to send options change via netlink (err -105) [ 104.490057][ T7171] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 104.574833][ T7171] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 104.810160][ T7196] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 104.916658][ T7201] netlink: 8 bytes leftover after parsing attributes in process `syz.1.708'. [ 105.142268][ T7213] netlink: 'syz.3.714': attribute type 29 has an invalid length. [ 105.346589][ T7223] netlink: 104 bytes leftover after parsing attributes in process `syz.2.717'. [ 105.360292][ T7224] netlink: 12 bytes leftover after parsing attributes in process `syz.3.718'. [ 105.512447][ T7230] netlink: 64 bytes leftover after parsing attributes in process `syz.1.721'. [ 105.650741][ T7238] netlink: 'syz.4.725': attribute type 10 has an invalid length. [ 105.661043][ T7238] netlink: 40 bytes leftover after parsing attributes in process `syz.4.725'. [ 105.699138][ T7238] bond0: (slave batadv0): Releasing backup interface [ 105.739165][ T7238] bridge0: port 3(batadv0) entered blocking state [ 105.770284][ T7238] bridge0: port 3(batadv0) entered disabled state [ 105.796283][ T7238] batadv0: entered allmulticast mode [ 105.822026][ T7238] batadv0: entered promiscuous mode [ 105.839158][ T2496] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 105.848967][ T2496] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 105.861199][ T7244] netlink: 'syz.4.725': attribute type 10 has an invalid length. [ 105.881049][ T7244] batadv0: left allmulticast mode [ 105.887987][ T7244] batadv0: left promiscuous mode [ 105.898384][ T7244] bridge0: port 3(batadv0) entered disabled state [ 105.924808][ T7243] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 105.932112][ T7243] IPv6: NLM_F_CREATE should be set when creating new route [ 105.939457][ T7243] IPv6: NLM_F_CREATE should be set when creating new route [ 105.946731][ T7243] IPv6: NLM_F_CREATE should be set when creating new route [ 105.975047][ T7255] netlink: 4 bytes leftover after parsing attributes in process `syz.2.730'. [ 106.021039][ T7255] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 106.051773][ T7257] batman_adv: batadv1: Adding interface: netdevsim0 [ 106.082480][ T7257] batman_adv: batadv1: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.121638][ T7257] batman_adv: batadv1: Interface activated: netdevsim0 [ 106.449309][ T7284] netlink: 16 bytes leftover after parsing attributes in process `syz.2.740'. [ 106.499358][ T7283] netlink: 16 bytes leftover after parsing attributes in process `syz.2.740'. [ 106.876729][ T7300] netlink: 152 bytes leftover after parsing attributes in process `syz.4.745'. [ 107.186179][ T5106] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 107.197244][ T5106] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 107.205531][ T5106] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 107.214323][ T5106] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 107.222081][ T5106] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 107.231808][ T5106] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 107.314190][ T7343] sch_fq: defrate 0 ignored. [ 107.849996][ T7367] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.736107][ T7415] tipc: Failed to remove unknown binding: 66,1,1/0:2930669323/2930669325 [ 108.745086][ T7415] tipc: Failed to remove unknown binding: 66,1,1/0:2930669323/2930669325 [ 108.915696][ T7336] chnl_net:caif_netlink_parms(): no params data found [ 109.104189][ T7426] IPv6: NLM_F_REPLACE set, but no existing node found! [ 109.126609][ T5093] IPVS: starting estimator thread 0... [ 109.134260][ T7426] IPVS: rr: TCP 172.20.20.170:0 - no destination available [ 109.230877][ T7336] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.237374][ T7433] __nla_validate_parse: 8 callbacks suppressed [ 109.237389][ T7433] netlink: 24 bytes leftover after parsing attributes in process `syz.0.784'. [ 109.238538][ T7336] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.253251][ T7434] IPVS: using max 17 ests per chain, 40800 per kthread [ 109.253380][ T4493] Bluetooth: hci4: command tx timeout [ 109.260669][ T7336] bridge_slave_0: entered allmulticast mode [ 109.283963][ T7336] bridge_slave_0: entered promiscuous mode [ 109.320375][ T7336] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.337403][ T7336] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.357840][ T7336] bridge_slave_1: entered allmulticast mode [ 109.378504][ T7336] bridge_slave_1: entered promiscuous mode [ 109.494196][ T7451] netlink: 168 bytes leftover after parsing attributes in process `syz.3.791'. [ 109.506510][ T7451] netlink: 'syz.3.791': attribute type 2 has an invalid length. [ 109.514804][ T7451] netlink: 60 bytes leftover after parsing attributes in process `syz.3.791'. [ 109.523142][ T7336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.539723][ T7336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.636327][ T7455] (unnamed net_device) (uninitialized): peer notification delay (4) is not a multiple of miimon (7), value rounded to 0 ms [ 109.698956][ T7336] team0: Port device team_slave_0 added [ 109.718589][ T7336] team0: Port device team_slave_1 added [ 109.785569][ T7336] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.792667][ T7336] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.822004][ T7336] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.846549][ T7336] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.863308][ T7336] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.937792][ T7336] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 110.172784][ T7336] hsr_slave_0: entered promiscuous mode [ 110.212334][ T7336] hsr_slave_1: entered promiscuous mode [ 110.239205][ T7336] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 110.261297][ T7336] Cannot create hsr debugfs directory [ 110.578443][ T7496] netlink: 32 bytes leftover after parsing attributes in process `syz.1.807'. [ 110.757008][ T7504] netlink: 'syz.3.809': attribute type 1 has an invalid length. [ 110.772383][ T7336] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.926245][ T7336] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.024176][ T7336] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.069639][ T7515] tipc: Failed to remove unknown binding: 66,1,1/0:2270026389/2270026391 [ 111.092517][ T7515] tipc: Failed to remove unknown binding: 66,1,1/0:2270026389/2270026391 [ 111.112720][ T7336] batman_adv: batadv1: Interface deactivated: netdevsim0 [ 111.155724][ T7521] netlink: 4444 bytes leftover after parsing attributes in process `syz.1.816'. [ 111.166392][ T7521] netlink: 4444 bytes leftover after parsing attributes in process `syz.1.816'. [ 111.172078][ T7336] batman_adv: batadv1: Removing interface: netdevsim0 [ 111.178696][ T7521] netlink: 396 bytes leftover after parsing attributes in process `syz.1.816'. [ 111.204486][ T7336] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.243057][ T7515] netlink: 8 bytes leftover after parsing attributes in process `syz.3.813'. [ 111.340139][ T4493] Bluetooth: hci4: command tx timeout [ 111.408789][ T7336] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 111.472744][ T7336] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 111.555464][ T7336] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 111.632348][ T7336] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 111.838875][ T7555] tipc: Failed to remove unknown binding: 66,1,1/0:522244497/522244499 [ 111.847710][ T7555] tipc: Failed to remove unknown binding: 66,1,1/0:522244497/522244499 [ 111.870017][ T7555] netlink: 8 bytes leftover after parsing attributes in process `syz.0.829'. [ 111.927527][ T7336] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.982803][ T7336] 8021q: adding VLAN 0 to HW filter on device team0 [ 112.009842][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.017050][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.071684][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.078974][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.240444][ T7567] netlink: 'syz.0.834': attribute type 15 has an invalid length. [ 112.252594][ T7326] bridge_slave_1: left allmulticast mode [ 112.263951][ T7326] bridge_slave_1: left promiscuous mode [ 112.299009][ T7326] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.329955][ T7326] bridge_slave_0: left allmulticast mode [ 112.368032][ T7326] bridge_slave_0: left promiscuous mode [ 112.388107][ T7326] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.167287][ T7326] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 113.180014][ T7326] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 113.193985][ T7326] bond0 (unregistering): Released all slaves [ 113.414376][ T4493] Bluetooth: hci4: command tx timeout [ 113.555370][ T7336] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 113.770323][ T7625] netlink: 'syz.3.851': attribute type 1 has an invalid length. [ 113.946925][ T7336] veth0_vlan: entered promiscuous mode [ 113.964845][ T7336] veth1_vlan: entered promiscuous mode [ 114.075240][ T7336] veth0_macvtap: entered promiscuous mode [ 114.100145][ T7336] veth1_macvtap: entered promiscuous mode [ 114.208557][ T7336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 114.273216][ T7336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 114.293342][ T7336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 114.319254][ T7336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 114.324322][ T7642] netlink: 'syz.4.859': attribute type 4 has an invalid length. [ 114.331514][ T7336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 114.358291][ T7336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 114.370566][ T7336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 114.392410][ T7336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 114.423763][ T7336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 114.444577][ T7336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 114.474672][ T7336] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 114.582698][ T7640] lo speed is unknown, defaulting to 1000 [ 114.661554][ T7643] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 114.704525][ T7654] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 0, id = 0 [ 114.720169][ T7648] IPVS: stopping backup sync thread 7654 ... [ 114.733819][ T7336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 114.786382][ T7336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 114.804974][ T7656] netlink: 8 bytes leftover after parsing attributes in process `syz.3.864'. [ 114.807306][ T7336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 114.833423][ T7336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 114.849384][ T7336] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 114.888990][ T7326] hsr_slave_0: left promiscuous mode [ 114.905157][ T7326] hsr_slave_1: left promiscuous mode [ 114.922260][ T7326] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 114.934011][ T7326] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 114.942261][ T7326] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 114.968859][ T7326] veth1_macvtap: left promiscuous mode [ 114.976644][ T7326] veth0_macvtap: left promiscuous mode [ 114.982247][ T7326] veth1_vlan: left promiscuous mode [ 114.990190][ T7326] veth0_vlan: left promiscuous mode [ 115.074919][ T7326] infiniband syz2: set down [ 115.400707][ T7326] team0 (unregistering): Port device team_slave_1 removed [ 115.432742][ T7326] team0 (unregistering): Port device team_slave_0 removed [ 115.496090][ T4493] Bluetooth: hci4: command tx timeout [ 115.541246][ T7329] smc: removing ib device syz2 [ 115.771393][ T7640] lo speed is unknown, defaulting to 1000 [ 115.823468][ T784] infiniband syz2: ib_query_port failed (-19) [ 115.832724][ T7336] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.872151][ T7336] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.922961][ T7336] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.931708][ T7336] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.966363][ T7640] lo speed is unknown, defaulting to 1000 [ 116.598745][ T7327] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.615997][ T7327] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.762830][ T7327] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.770742][ T7327] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.834578][ T7696] netlink: 'syz.1.879': attribute type 30 has an invalid length. [ 116.868409][ T7696] netlink: 4 bytes leftover after parsing attributes in process `syz.1.879'. [ 116.915302][ T7696] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 116.922741][ T7696] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 117.019057][ T7704] netlink: 20 bytes leftover after parsing attributes in process `syz.3.881'. [ 117.040741][ T7696] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 117.421218][ T7640] infiniband syz0: set active [ 117.426416][ T5093] lo speed is unknown, defaulting to 1000 [ 117.438290][ T7640] infiniband syz0: added lo [ 117.444266][ T7640] syz0: rxe_create_cq: returned err = -12 [ 117.457737][ T7640] infiniband syz0: Couldn't create ib_mad CQ [ 117.477912][ T7640] infiniband syz0: Couldn't open port 1 [ 117.648621][ T7720] netlink: 8 bytes leftover after parsing attributes in process `syz.1.886'. [ 117.670037][ T7640] RDS/IB: syz0: added [ 117.675680][ T7720] netlink: 4 bytes leftover after parsing attributes in process `syz.1.886'. [ 117.693036][ T7720] netlink: 4 bytes leftover after parsing attributes in process `syz.1.886'. [ 117.696901][ T7640] smc: adding ib device syz0 with port count 1 [ 117.742723][ T7640] smc: ib device syz0 port 1 has pnetid [ 117.748850][ T7720] netlink: 4 bytes leftover after parsing attributes in process `syz.1.886'. [ 117.748869][ T7720] netlink: 4 bytes leftover after parsing attributes in process `syz.1.886'. [ 117.786453][ T7723] netlink: 20 bytes leftover after parsing attributes in process `syz.4.888'. [ 117.810825][ T5093] lo speed is unknown, defaulting to 1000 [ 117.832399][ T7727] netlink: 210620 bytes leftover after parsing attributes in process `syz.3.889'. [ 117.858701][ T7640] lo speed is unknown, defaulting to 1000 [ 118.466643][ T7640] lo speed is unknown, defaulting to 1000 [ 118.641455][ T7640] lo speed is unknown, defaulting to 1000 [ 118.841115][ T7640] lo speed is unknown, defaulting to 1000 [ 118.994462][ T7761] trusted_key: syz.1.901 sent an empty control message without MSG_MORE. [ 118.999051][ T7763] ip6gretap0: entered promiscuous mode [ 119.327772][ T7640] lo speed is unknown, defaulting to 1000 [ 119.588543][ T7791] team0: entered promiscuous mode [ 119.594067][ T7791] team_slave_0: entered promiscuous mode [ 119.602237][ T7791] team_slave_1: entered promiscuous mode [ 119.610376][ T7791] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 119.667066][ T7794] mac80211_hwsim hwsim9 wlan0: entered promiscuous mode [ 119.677453][ T7794] macsec1: entered promiscuous mode [ 119.686704][ T7794] macsec1: entered allmulticast mode [ 119.692104][ T7794] mac80211_hwsim hwsim9 wlan0: entered allmulticast mode [ 119.731810][ T7794] mac80211_hwsim hwsim9 wlan0: left allmulticast mode [ 119.745708][ T7794] mac80211_hwsim hwsim9 wlan0: left promiscuous mode [ 119.847472][ T7803] FAULT_INJECTION: forcing a failure. [ 119.847472][ T7803] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 119.885985][ T7803] CPU: 1 PID: 7803 Comm: syz.4.919 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 [ 119.896396][ T7803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 119.906480][ T7803] Call Trace: [ 119.909778][ T7803] [ 119.912722][ T7803] dump_stack_lvl+0x241/0x360 [ 119.917433][ T7803] ? __pfx_dump_stack_lvl+0x10/0x10 [ 119.922647][ T7803] ? __pfx__printk+0x10/0x10 [ 119.927260][ T7803] ? __pfx_lock_release+0x10/0x10 [ 119.932306][ T7803] should_fail_ex+0x3b0/0x4e0 [ 119.937012][ T7803] _copy_from_user+0x2f/0xe0 [ 119.941611][ T7803] copy_msghdr_from_user+0xae/0x680 [ 119.946815][ T7803] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 119.952636][ T7803] __sys_sendmsg+0x23d/0x3a0 [ 119.957236][ T7803] ? __pfx___sys_sendmsg+0x10/0x10 [ 119.962364][ T7803] ? vfs_write+0x7c4/0xc90 [ 119.966845][ T7803] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 119.973189][ T7803] ? do_syscall_64+0x100/0x230 [ 119.977969][ T7803] ? do_syscall_64+0xb6/0x230 [ 119.982664][ T7803] do_syscall_64+0xf3/0x230 [ 119.987182][ T7803] ? clear_bhb_loop+0x35/0x90 [ 119.991878][ T7803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.997794][ T7803] RIP: 0033:0x7f4986b75bd9 [ 120.002214][ T7803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.022264][ T7803] RSP: 002b:00007f498792d048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 120.030683][ T7803] RAX: ffffffffffffffda RBX: 00007f4986d03f60 RCX: 00007f4986b75bd9 [ 120.038648][ T7803] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003 [ 120.046617][ T7803] RBP: 00007f498792d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 120.054586][ T7803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.062723][ T7803] R13: 000000000000000b R14: 00007f4986d03f60 R15: 00007ffea36ca148 [ 120.070701][ T7803] [ 120.617772][ T7846] __nla_validate_parse: 9 callbacks suppressed [ 120.617791][ T7846] netlink: 8 bytes leftover after parsing attributes in process `syz.2.932'. [ 120.643554][ T7829] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 120.865629][ T7863] netlink: 'syz.1.934': attribute type 10 has an invalid length. [ 120.876705][ T7860] netlink: 8 bytes leftover after parsing attributes in process `syz.3.935'. [ 120.903519][ T7860] netlink: 16 bytes leftover after parsing attributes in process `syz.3.935'. [ 121.256998][ T7887] netlink: 24 bytes leftover after parsing attributes in process `syz.3.945'. [ 121.297518][ T7887] netlink: 24 bytes leftover after parsing attributes in process `syz.3.945'. [ 121.324997][ T7893] netlink: 24 bytes leftover after parsing attributes in process `syz.2.946'. [ 121.327513][ T7887] netlink: 24 bytes leftover after parsing attributes in process `syz.3.945'. [ 121.352675][ T7887] netlink: 24 bytes leftover after parsing attributes in process `syz.3.945'. [ 121.380938][ T7887] netlink: 24 bytes leftover after parsing attributes in process `syz.3.945'. [ 121.429416][ T7887] netlink: 24 bytes leftover after parsing attributes in process `syz.3.945'. [ 122.744342][ T7976] vlan2: entered allmulticast mode [ 122.763114][ T7976] geneve0: entered allmulticast mode [ 122.789153][ T7976] bridge0: port 3(vlan2) entered blocking state [ 122.810956][ T7976] bridge0: port 3(vlan2) entered disabled state [ 122.857985][ T7976] vlan2: entered promiscuous mode [ 122.884524][ T7976] geneve0: entered promiscuous mode [ 122.899521][ T7976] bridge0: port 3(vlan2) entered blocking state [ 122.905983][ T7976] bridge0: port 3(vlan2) entered forwarding state [ 123.186129][ T8002] IPv6: NLM_F_REPLACE set, but no existing node found! [ 123.298247][ T8010] netlink: 'syz.3.991': attribute type 25 has an invalid length. [ 123.390049][ T8010] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.399672][ T8010] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.408817][ T8010] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.417602][ T8010] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 123.851627][ T8029] syzkaller0: entered promiscuous mode [ 123.869569][ T8029] syzkaller0: entered allmulticast mode [ 124.234341][ T8060] netlink: 'syz.2.1013': attribute type 4 has an invalid length. [ 124.329891][ T8065] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 124.442657][ T8071] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 124.607045][ T8079] netlink: 'syz.2.1021': attribute type 1 has an invalid length. [ 125.850877][ T8113] xt_l2tp: missing protocol rule (udp|l2tpip) [ 126.147598][ T8122] netlink: 'syz.3.1034': attribute type 10 has an invalid length. [ 126.174299][ T8122] __nla_validate_parse: 55 callbacks suppressed [ 126.174315][ T8122] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1034'. [ 126.350662][ T8133] Bluetooth: MGMT ver 1.22 [ 126.362645][ T8133] Bluetooth: hci3: invalid length 0, exp 2 for type 22 [ 126.499695][ T8146] netlink: 'syz.3.1042': attribute type 11 has an invalid length. [ 126.512352][ T8143] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 126.694903][ C0] Dead loop on virtual device ipvlan1, fix it urgently! [ 126.885425][ T8167] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1051'. [ 127.234562][ T8184] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1054'. [ 127.297857][ T8187] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1054'. [ 127.781829][ T8212] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1066'. [ 128.318244][ T8242] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1076'. [ 128.351569][ T8244] netlink: 'syz.3.1075': attribute type 1 has an invalid length. [ 128.409838][ T8244] bond3: entered promiscuous mode [ 128.689060][ T8267] netlink: 'syz.2.1084': attribute type 1 has an invalid length. [ 128.699550][ T8262] netlink: 'syz.4.1082': attribute type 3 has an invalid length. [ 128.709147][ T8267] netlink: 116 bytes leftover after parsing attributes in process `syz.2.1084'. [ 128.887231][ T8278] IPv6: NLM_F_REPLACE set, but no existing node found! [ 128.948508][ T8280] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1090'. [ 128.981511][ T8277] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1090'. [ 129.009550][ T8277] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1090'. [ 129.115184][ T8294] tipc: Started in network mode [ 129.120079][ T8294] tipc: Node identity fffffffd, cluster identity 4711 [ 129.142937][ T8294] tipc: Node number set to 4294967293 [ 129.230292][ T8301] nbd: couldn't find device at index 1 [ 129.258796][ C0] bridge0: received packet on vlan2 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 129.348028][ T8308] batadv_slave_1: entered promiscuous mode [ 129.366017][ T8307] batadv_slave_1: left promiscuous mode [ 129.614517][ T8324] Cannot find set identified by id 0 to match [ 129.927997][ T8335] lo speed is unknown, defaulting to 1000 [ 129.997829][ T8338] net veth1_virt_wifi : renamed from virt_wifi0 [ 130.362650][ T8357] netlink: 'syz.1.1117': attribute type 11 has an invalid length. [ 130.374763][ T8357] netlink: 'syz.1.1117': attribute type 2 has an invalid length. [ 130.628735][ T8363] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 130.982492][ T8377] netlink: 'syz.4.1126': attribute type 10 has an invalid length. [ 131.364683][ T8404] netlink: 'syz.3.1134': attribute type 1 has an invalid length. [ 131.383408][ T8404] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 131.390652][ T8404] IPv6: NLM_F_CREATE should be set when creating new route [ 131.397954][ T8404] IPv6: NLM_F_CREATE should be set when creating new route [ 131.576359][ T8414] __nla_validate_parse: 14 callbacks suppressed [ 131.576379][ T8414] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1137'. [ 131.603236][ T8414] syz1: rxe_newlink: already configured on veth1_vlan [ 131.676756][ T8419] Cannot find add_set index 0 as target [ 131.919285][ T8431] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1146'. [ 131.945099][ T8433] bridge1: entered promiscuous mode [ 131.950445][ T8433] bridge1: entered allmulticast mode [ 132.049389][ T8433] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1147'. [ 132.207789][ T8447] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1152'. [ 132.558948][ T8476] netlink: 'syz.2.1164': attribute type 46 has an invalid length. [ 132.895321][ T8485] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1162'. [ 132.967527][ T8503] Cannot find set identified by id 0 to match [ 133.066678][ T8508] bridge0: entered promiscuous mode [ 133.087021][ T8508] team0: entered promiscuous mode [ 133.106615][ T8508] team_slave_0: entered promiscuous mode [ 133.120660][ T8508] team_slave_1: entered promiscuous mode [ 133.140389][ T8515] netlink: 'syz.1.1174': attribute type 4 has an invalid length. [ 133.149608][ T8508] hsr2: Slave B (team0) is not up; please bring it up to get a fully working HSR network [ 133.367499][ T8525] netlink: 208316 bytes leftover after parsing attributes in process `syz.2.1179'. [ 133.583706][ T8535] ip6tnl1: entered promiscuous mode [ 133.596632][ T8535] ip6tnl1: entered allmulticast mode [ 133.631969][ T8544] infiniband syz0: set down [ 133.721540][ T784] lo speed is unknown, defaulting to 1000 [ 133.732085][ T784] lo speed is unknown, defaulting to 1000 [ 133.754417][ T8550] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1189'. [ 133.853388][ T8557] netlink: 'syz.2.1191': attribute type 31 has an invalid length. [ 134.029114][ T8568] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1196'. [ 134.035448][ T8565] sctp: [Deprecated]: syz.2.1194 (pid 8565) Use of int in max_burst socket option. [ 134.035448][ T8565] Use struct sctp_assoc_value instead [ 134.177951][ T8577] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1194'. [ 134.442526][ T8597] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1205'. [ 134.470525][ T8589] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 134.720750][ T8609] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 134.728056][ T8609] IPv6: NLM_F_CREATE should be set when creating new route [ 134.735375][ T8609] IPv6: NLM_F_CREATE should be set when creating new route [ 134.742606][ T8609] IPv6: NLM_F_CREATE should be set when creating new route [ 134.781724][ T8613] netlink: 'syz.4.1212': attribute type 10 has an invalid length. [ 134.812274][ T8613] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 134.831507][ T8613] bridge0: port 3(batadv0) entered blocking state [ 134.852714][ T8613] bridge0: port 3(batadv0) entered disabled state [ 134.873431][ T8613] batadv0: entered allmulticast mode [ 134.891815][ T8613] batadv0: entered promiscuous mode [ 134.907871][ T8613] bridge0: port 3(batadv0) entered blocking state [ 134.914513][ T8613] bridge0: port 3(batadv0) entered forwarding state [ 134.945702][ T8617] netlink: 'syz.4.1212': attribute type 10 has an invalid length. [ 134.994128][ T8617] bridge0: port 3(batadv0) entered disabled state [ 135.026764][ T8617] batadv0: left allmulticast mode [ 135.047800][ T8617] batadv0: left promiscuous mode [ 135.062217][ T8617] bridge0: port 3(batadv0) entered disabled state [ 135.621745][ T8664] openvswitch: netlink: Message has 4 unknown bytes. [ 136.049737][ T8695] (unnamed net_device) (uninitialized): option arp_validate: invalid value (18446744073709551615) [ 136.285487][ T8713] dummy0: entered promiscuous mode [ 136.322753][ T8713] batadv0: entered promiscuous mode [ 136.338538][ T8713] debugfs: Directory 'hsr2' with parent 'hsr' already present! [ 136.373271][ T8713] Cannot create hsr debugfs directory [ 136.379123][ T8713] hsr2: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network [ 136.712620][ T8745] __nla_validate_parse: 7 callbacks suppressed [ 136.712639][ T8745] netlink: 892 bytes leftover after parsing attributes in process `syz.3.1262'. [ 136.830887][ T8753] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1264'. [ 137.026051][ T8768] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1269'. [ 137.275244][ T8782] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1274'. [ 137.299588][ T8784] netlink: 'syz.2.1275': attribute type 1 has an invalid length. [ 137.330848][ T8782] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 137.419819][ T8782] batman_adv: batadv1: Adding interface: netdevsim0 [ 137.429606][ T8782] batman_adv: batadv1: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 137.460507][ T8782] batman_adv: batadv1: Interface activated: netdevsim0 [ 137.619924][ T8801] netlink: 'syz.2.1282': attribute type 4 has an invalid length. [ 137.716798][ T8810] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1285'. [ 138.031208][ T8837] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1292'. [ 138.198193][ T8843] netlink: 'syz.0.1291': attribute type 29 has an invalid length. [ 138.832099][ T8882] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1305'. [ 138.976104][ T8891] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1310'. [ 139.080481][ T8895] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1311'. [ 139.118661][ T8898] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1314'. [ 139.202721][ T8901] team2: Mode changed to "activebackup" [ 139.266582][ T8905] netlink: 'syz.2.1315': attribute type 2 has an invalid length. [ 139.877626][ T8936] bridge0: port 3(geneve1) entered blocking state [ 139.887364][ T8936] bridge0: port 3(geneve1) entered disabled state [ 139.907729][ T8936] geneve1: entered allmulticast mode [ 139.961758][ T8936] geneve1: entered promiscuous mode [ 140.001403][ T8936] bridge0: port 3(geneve1) entered blocking state [ 140.008397][ T8936] bridge0: port 3(geneve1) entered forwarding state [ 140.020658][ T8944] FAULT_INJECTION: forcing a failure. [ 140.020658][ T8944] name failslab, interval 1, probability 0, space 0, times 1 [ 140.040689][ T8944] CPU: 0 PID: 8944 Comm: syz.3.1331 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 [ 140.050789][ T8944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 140.060943][ T8944] Call Trace: [ 140.064243][ T8944] [ 140.067191][ T8944] dump_stack_lvl+0x241/0x360 [ 140.071898][ T8944] ? __pfx_dump_stack_lvl+0x10/0x10 [ 140.077117][ T8944] ? __pfx__printk+0x10/0x10 [ 140.081740][ T8944] ? netlink_insert+0x10b7/0x14b0 [ 140.086775][ T8944] should_fail_ex+0x3b0/0x4e0 [ 140.091447][ T8944] ? __alloc_skb+0x1c3/0x440 [ 140.096036][ T8944] should_failslab+0x9/0x20 [ 140.100540][ T8944] kmem_cache_alloc_node_noprof+0x71/0x320 [ 140.106347][ T8944] __alloc_skb+0x1c3/0x440 [ 140.110759][ T8944] ? __pfx___alloc_skb+0x10/0x10 [ 140.115778][ T8944] ? netlink_autobind+0xd6/0x2f0 [ 140.120713][ T8944] ? netlink_autobind+0x2b0/0x2f0 [ 140.125742][ T8944] netlink_sendmsg+0x638/0xcb0 [ 140.130508][ T8944] ? __pfx_netlink_sendmsg+0x10/0x10 [ 140.135786][ T8944] ? __import_iovec+0x536/0x820 [ 140.140624][ T8944] ? aa_sock_msg_perm+0x91/0x160 [ 140.145574][ T8944] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 140.150861][ T8944] ? security_socket_sendmsg+0x87/0xb0 [ 140.156316][ T8944] ? __pfx_netlink_sendmsg+0x10/0x10 [ 140.161591][ T8944] __sock_sendmsg+0x221/0x270 [ 140.166262][ T8944] ____sys_sendmsg+0x525/0x7d0 [ 140.171025][ T8944] ? __pfx_____sys_sendmsg+0x10/0x10 [ 140.176314][ T8944] __sys_sendmsg+0x2b0/0x3a0 [ 140.180899][ T8944] ? __pfx___sys_sendmsg+0x10/0x10 [ 140.186003][ T8944] ? vfs_write+0x7c4/0xc90 [ 140.190440][ T8944] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 140.196760][ T8944] ? do_syscall_64+0x100/0x230 [ 140.201517][ T8944] ? do_syscall_64+0xb6/0x230 [ 140.206185][ T8944] do_syscall_64+0xf3/0x230 [ 140.210709][ T8944] ? clear_bhb_loop+0x35/0x90 [ 140.215380][ T8944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.221260][ T8944] RIP: 0033:0x7f824c175bd9 [ 140.225668][ T8944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.245267][ T8944] RSP: 002b:00007f824ced9048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 140.253676][ T8944] RAX: ffffffffffffffda RBX: 00007f824c303f60 RCX: 00007f824c175bd9 [ 140.261636][ T8944] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003 [ 140.269595][ T8944] RBP: 00007f824ced90a0 R08: 0000000000000000 R09: 0000000000000000 [ 140.277554][ T8944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.285512][ T8944] R13: 000000000000004d R14: 00007f824c303f60 R15: 00007ffc607b1898 [ 140.293487][ T8944] [ 140.575652][ T8969] Bluetooth: hci3: invalid length 0, exp 2 for type 12 [ 140.660539][ T8976] rdma_rxe: rxe_newlink: failed to add lo [ 140.676875][ T8976] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 140.893327][ T8987] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 141.738593][ T9032] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 141.794283][ T9032] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 141.816603][ T9038] __nla_validate_parse: 7 callbacks suppressed [ 141.816622][ T9038] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1369'. [ 141.841491][ T9032] 8021q: adding VLAN 0 to HW filter on device bond1 [ 141.857343][ T9032] 8021q: adding VLAN 0 to HW filter on device team1 [ 141.904756][ T9032] 8021q: adding VLAN 0 to HW filter on device team2 [ 141.917735][ T5148] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.925058][ T5148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.952186][ T9036] netlink: 'syz.2.1368': attribute type 5 has an invalid length. [ 142.147964][ T9050] can: request_module (can-proto-4) failed. [ 142.563655][ T9077] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1388'. [ 142.608960][ T9078] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1386'. [ 142.801452][ T9089] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1389'. [ 142.872033][ T9095] openvswitch: netlink: Message has -1 unknown bytes. [ 142.968528][ T9101] netlink: 'syz.2.1398': attribute type 1 has an invalid length. [ 143.134420][ T9114] xt_limit: Overflow, try lower: 65536/524288 [ 143.160501][ T9111] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1401'. [ 143.199765][ T9111] netlink: 'syz.2.1401': attribute type 2 has an invalid length. [ 143.230122][ T9111] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1401'. [ 143.410859][ T9140] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1408'. [ 143.592309][ T9147] syzkaller1: entered promiscuous mode [ 143.607308][ T9147] syzkaller1: entered allmulticast mode [ 143.728637][ T9154] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 143.890125][ T9159] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1412'. [ 143.907829][ T9159] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1412'. [ 143.920339][ T9159] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1412'. [ 143.955292][ T9159] vlan0: entered allmulticast mode [ 143.968198][ T9159] veth0_vlan: entered allmulticast mode [ 144.018674][ T9170] netlink: 'syz.3.1419': attribute type 10 has an invalid length. [ 144.061327][ T9181] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 144.091571][ T9174] netlink: 'syz.4.1420': attribute type 10 has an invalid length. [ 144.112757][ T9181] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 144.127439][ T9174] bridge0: port 3(geneve1) entered disabled state [ 144.135018][ T9174] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.143172][ T9174] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.180464][ T9184] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 144.229260][ T5143] IPVS: starting estimator thread 0... [ 144.243427][ T9174] bridge0: port 3(geneve1) entered blocking state [ 144.250026][ T9174] bridge0: port 3(geneve1) entered forwarding state [ 144.256946][ T9174] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.264140][ T9174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.271613][ T9174] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.278838][ T9174] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.347032][ T9174] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 144.359049][ T9187] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 144.394724][ T9186] IPVS: using max 19 ests per chain, 45600 per kthread [ 144.759350][ T7329] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 144.770668][ T5106] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 144.781275][ T7329] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.793235][ T5106] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 144.801149][ T5106] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 144.817522][ T5106] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 144.825492][ T5106] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 144.835642][ T5106] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 144.911459][ T7329] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 144.923688][ T7329] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.950382][ T9210] sch_tbf: burst 0 is lower than device lo mtu (11337746) ! [ 145.012328][ T7329] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 145.030818][ T7329] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.053948][ T9212] netlink: 'syz.1.1432': attribute type 5 has an invalid length. [ 145.087219][ T7329] batman_adv: batadv1: Interface deactivated: netdevsim0 [ 145.163518][ T7329] batman_adv: batadv1: Removing interface: netdevsim0 [ 145.200841][ T7329] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 145.231771][ T7329] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.442827][ T9203] lo speed is unknown, defaulting to 1000 [ 145.549470][ T7329] bridge_slave_1: left allmulticast mode [ 145.573614][ T7329] bridge_slave_1: left promiscuous mode [ 145.579390][ T7329] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.666678][ T7329] bridge_slave_0: left allmulticast mode [ 145.672376][ T7329] bridge_slave_0: left promiscuous mode [ 145.693114][ T7329] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.075507][ T7329] bridge0 (unregistering): left promiscuous mode [ 146.179668][ T7329] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 146.191007][ T7329] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 146.202076][ T7329] bond0 (unregistering): Released all slaves [ 146.289882][ T7329] bond1 (unregistering): Released all slaves [ 146.374892][ T7329] bond2 (unregistering): Released all slaves [ 146.392514][ T7329] bond3 (unregistering): Released all slaves [ 146.665930][ T9256] netlink: 'syz.2.1450': attribute type 6 has an invalid length. [ 146.890320][ T9269] netlink: 'syz.2.1457': attribute type 1 has an invalid length. [ 146.935098][ T4493] Bluetooth: hci2: command tx timeout [ 147.115943][ T9287] __nla_validate_parse: 9 callbacks suppressed [ 147.115962][ T9287] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1459'. [ 147.538072][ T9307] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1465'. [ 147.659111][ T9313] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 147.672421][ T9313] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 147.682468][ T9313] gretap1: entered promiscuous mode [ 147.690197][ T9313] gretap1: entered allmulticast mode [ 147.778211][ T9203] chnl_net:caif_netlink_parms(): no params data found [ 147.832275][ T9319] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1467'. [ 148.086773][ T9330] hsr0: entered promiscuous mode [ 148.814748][ T9369] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1475'. [ 148.928964][ T7329] team0: left promiscuous mode [ 148.943059][ T7329] team_slave_0: left promiscuous mode [ 148.965053][ T7329] team_slave_1: left promiscuous mode [ 148.981807][ T7329] dummy0: left promiscuous mode [ 148.993382][ T7329] batadv0: left promiscuous mode [ 149.013396][ T4493] Bluetooth: hci2: command tx timeout [ 149.037926][ T7329] hsr_slave_0: left promiscuous mode [ 149.057630][ T7329] hsr_slave_1: left promiscuous mode [ 149.074347][ T7329] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 149.089088][ T7329] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 149.099858][ T7329] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 149.111727][ T7329] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 149.141908][ T9383] netlink: 232 bytes leftover after parsing attributes in process `syz.2.1481'. [ 149.167418][ T7329] veth1_macvtap: left promiscuous mode [ 149.173672][ T7329] veth0_macvtap: left promiscuous mode [ 149.179837][ T7329] veth1_vlan: left promiscuous mode [ 149.185222][ T7329] veth0_vlan: left promiscuous mode [ 149.230605][ T7329] infiniband syz1: set down [ 149.317252][ T9388] raw_sendmsg: syz.0.1484 forgot to set AF_INET. Fix it! [ 149.402342][ T9389] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1484'. [ 149.543986][ T7327] smc: removing ib device syz1 [ 149.780430][ T7329] team0 (unregistering): Port device team_slave_1 removed [ 149.823282][ T7329] team0 (unregistering): Port device team_slave_0 removed [ 150.131192][ T9203] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.139781][ T9203] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.148792][ T9203] bridge_slave_0: entered allmulticast mode [ 150.160855][ T9203] bridge_slave_0: entered promiscuous mode [ 150.171065][ T9203] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.179219][ T9203] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.187093][ T9203] bridge_slave_1: entered allmulticast mode [ 150.195005][ T9203] bridge_slave_1: entered promiscuous mode [ 150.224823][ T9374] vxcan0: entered promiscuous mode [ 150.230343][ T9374] vlan3: entered promiscuous mode [ 150.236463][ T9374] vlan3: entered allmulticast mode [ 150.241591][ T9374] vxcan0: entered allmulticast mode [ 150.248488][ T9374] vxcan0: left allmulticast mode [ 150.254195][ T9374] vxcan0: left promiscuous mode [ 150.276365][ T25] infiniband syz1: ib_query_port failed (-19) [ 150.276369][ T9381] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1483'. [ 150.322983][ T9385] netlink: 'syz.0.1484': attribute type 2 has an invalid length. [ 150.453709][ T9394] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1486'. [ 150.510842][ T9394] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1486'. [ 150.586156][ T9203] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 150.663416][ T9203] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 150.703005][ T9407] netlink: 209844 bytes leftover after parsing attributes in process `syz.4.1491'. [ 151.094885][ T9203] team0: Port device team_slave_0 added [ 151.101120][ T4493] Bluetooth: hci2: command tx timeout [ 151.128255][ T9203] team0: Port device team_slave_1 added [ 151.473337][ T9203] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 151.497619][ T9203] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.662404][ T9203] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 151.781333][ T9203] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 151.817932][ T9203] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.901966][ T9203] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 152.422808][ T9203] hsr_slave_0: entered promiscuous mode [ 152.452384][ T9203] hsr_slave_1: entered promiscuous mode [ 152.493820][ T9474] netlink: 'syz.2.1507': attribute type 1 has an invalid length. [ 152.594847][ T9497] __nla_validate_parse: 2 callbacks suppressed [ 152.594866][ T9497] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1512'. [ 152.725862][ T9507] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1513'. [ 152.751532][ T9507] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 152.774348][ T9501] batman_adv: batadv0: Adding interface: netdevsim0 [ 152.791547][ T9509] netlink: 6 bytes leftover after parsing attributes in process `syz.0.1517'. [ 152.797775][ T9501] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 152.828012][ T9501] batman_adv: batadv0: Interface activated: netdevsim0 [ 152.857090][ T9513] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1518'. [ 152.871410][ T9513] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1518'. [ 153.079430][ T9522] openvswitch: netlink: Flow key attr not present in new flow. [ 153.115529][ T9522] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1522'. [ 153.182947][ T4493] Bluetooth: hci2: command tx timeout [ 153.337963][ T9518] lo speed is unknown, defaulting to 1000 [ 153.364455][ T9533] netlink: 'syz.0.1524': attribute type 17 has an invalid length. [ 153.388332][ T9533] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1524'. [ 153.403115][ T9533] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 153.750247][ T9545] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1526'. [ 153.780321][ T9545] netlink: 'syz.2.1526': attribute type 2 has an invalid length. [ 153.804492][ T9545] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1526'. [ 154.052597][ T9556] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1528'. [ 154.075920][ T9203] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 154.107716][ T9203] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 154.148100][ T9203] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 154.183399][ T9203] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 154.508042][ T9203] 8021q: adding VLAN 0 to HW filter on device bond0 [ 154.586836][ T9203] 8021q: adding VLAN 0 to HW filter on device team0 [ 154.634372][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.641622][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.704351][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.711495][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.149439][ T9203] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 155.267800][ T9203] veth0_vlan: entered promiscuous mode [ 155.294824][ T9203] veth1_vlan: entered promiscuous mode [ 155.350823][ T9203] veth0_macvtap: entered promiscuous mode [ 155.369534][ T9203] veth1_macvtap: entered promiscuous mode [ 155.399394][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.410336][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.421341][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.432400][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.461900][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.478603][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.489963][ T9619] netlink: 'syz.4.1545': attribute type 1 has an invalid length. [ 155.514672][ T9203] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 155.524087][ T9619] netlink: 'syz.4.1545': attribute type 1 has an invalid length. [ 155.547996][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.560038][ T9619] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 155.582386][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.596400][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.611696][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.628925][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.639518][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.652031][ T9203] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 155.665073][ T9203] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.675464][ T9203] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.684267][ T9203] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.694162][ T9203] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.014640][ T9637] team1: Mode changed to "activebackup" [ 156.025393][ T2486] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.060771][ T2486] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.121959][ T9641] netlink: 'syz.0.1549': attribute type 4 has an invalid length. [ 156.160609][ T2824] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.189558][ T2824] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.365720][ T9652] vlan3: entered promiscuous mode [ 156.381252][ T9652] vlan3: entered allmulticast mode [ 156.397077][ T9652] bridge0: entered allmulticast mode [ 156.411465][ T9652] bridge0: left allmulticast mode [ 156.475785][ T9661] netlink: 'syz.2.1556': attribute type 10 has an invalid length. [ 156.523882][ T9661] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 156.547411][ T9665] netlink: 'syz.3.1557': attribute type 2 has an invalid length. [ 156.594562][ T9661] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 156.646504][ T9661] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 156.688619][ T9661] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 156.904621][ T9682] pim6reg1: entered promiscuous mode [ 156.925098][ T9682] pim6reg1: entered allmulticast mode [ 157.510851][ T9715] vlan2: entered promiscuous mode [ 157.531269][ T9715] bridge0: entered promiscuous mode [ 157.543083][ T9715] vlan2: entered allmulticast mode [ 157.557124][ T9715] bridge0: entered allmulticast mode [ 157.594266][ T9715] bridge0: left allmulticast mode [ 157.626819][ T9715] bridge0: left promiscuous mode [ 157.674372][ T5106] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 157.693304][ T5106] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 157.701189][ T5106] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 157.720773][ T5106] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 157.733155][ T5106] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 157.741377][ T5106] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 157.832234][ T9725] netlink: 'syz.0.1573': attribute type 10 has an invalid length. [ 157.884326][ T9725] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 157.916993][ T9725] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 157.932228][ T9725] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 157.970599][ T9725] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 158.003917][ T9729] __nla_validate_parse: 12 callbacks suppressed [ 158.003935][ T9729] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1575'. [ 158.048614][ T9729] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1575'. [ 158.113727][ T9729] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1575'. [ 158.133616][ T9729] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1575'. [ 158.152411][ T9729] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1575'. [ 158.281658][ T9744] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1579'. [ 158.317120][ T2824] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.366275][ T9742] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1578'. [ 158.410629][ T9745] netlink: 'syz.0.1578': attribute type 1 has an invalid length. [ 158.441067][ T9745] netlink: 'syz.0.1578': attribute type 2 has an invalid length. [ 158.594319][ T2824] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.634130][ T9766] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1585'. [ 158.676288][ T9769] netlink: 'syz.3.1586': attribute type 3 has an invalid length. [ 158.700502][ T9721] lo speed is unknown, defaulting to 1000 [ 158.745633][ T9771] openvswitch: netlink: Message has -1 unknown bytes. [ 158.857183][ T2824] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.050918][ T2824] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.126206][ T9792] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1595'. [ 159.480282][ T2824] vlan2: left promiscuous mode [ 159.499599][ T2824] geneve0: left promiscuous mode [ 159.505752][ T2824] bridge0: port 3(vlan2) entered disabled state [ 159.545676][ T2824] bridge_slave_1: left allmulticast mode [ 159.573017][ T2824] bridge_slave_1: left promiscuous mode [ 159.579737][ T2824] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.601314][ T2824] bridge_slave_0: left allmulticast mode [ 159.609611][ T2824] bridge_slave_0: left promiscuous mode [ 159.617890][ T2824] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.732197][ T2824] geneve0: left allmulticast mode [ 159.817545][ T5106] Bluetooth: hci4: command tx timeout [ 160.481634][ T2824] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 160.498897][ T2824] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 160.510453][ T2824] bond0 (unregistering): Released all slaves [ 160.524699][ T2824] bond1 (unregistering): Released all slaves [ 160.632028][ T9857] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1608'. [ 160.777534][ T9862] netlink: 'syz.1.1610': attribute type 11 has an invalid length. [ 160.838299][ T9873] netlink: 'syz.1.1610': attribute type 11 has an invalid length. [ 160.859867][ T9873] debugfs: Directory 'netdev:' with parent 'phy12' already present! [ 161.047282][ T9881] netlink: 'syz.4.1615': attribute type 1 has an invalid length. [ 161.148312][ T9881] bond2: entered promiscuous mode [ 161.182186][ T9895] netlink: 'syz.3.1618': attribute type 1 has an invalid length. [ 161.653881][ T9721] chnl_net:caif_netlink_parms(): no params data found [ 161.820607][ T2824] hsr_slave_0: left promiscuous mode [ 161.859716][ T2824] hsr_slave_1: left promiscuous mode [ 161.893802][ T2824] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 161.903210][ T5106] Bluetooth: hci4: command tx timeout [ 161.925228][ T2824] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 161.974136][ T2824] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 161.985865][ T2824] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 162.039666][ T2824] veth1_macvtap: left promiscuous mode [ 162.053630][ T2824] veth0_macvtap: left promiscuous mode [ 162.060214][ T2824] veth1_vlan: left promiscuous mode [ 162.070128][ T2824] veth0_vlan: left promiscuous mode [ 162.491246][ T2824] team0 (unregistering): Port device team_slave_1 removed [ 162.527528][ T2824] team0 (unregistering): Port device team_slave_0 removed [ 162.869296][ T9934] netlink: 'syz.0.1630': attribute type 1 has an invalid length. [ 162.877454][ T9934] netlink: 'syz.0.1630': attribute type 2 has an invalid length. [ 162.890412][ T9937] IPv6: sit1: Disabled Multicast RS [ 162.903227][ T9945] team_slave_0: left promiscuous mode [ 162.949522][ T9945] team0: Port device team_slave_0 removed [ 162.959058][ T9947] tipc: Enabled bearer , priority 16 [ 163.158971][ T9959] ip6t_REJECT: ECHOREPLY is not supported [ 163.270889][ T9959] netlink: 'syz.3.1640': attribute type 1 has an invalid length. [ 163.302193][ T9721] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.305417][ T9959] __nla_validate_parse: 9 callbacks suppressed [ 163.305431][ T9959] netlink: 9388 bytes leftover after parsing attributes in process `syz.3.1640'. [ 163.326708][ T9721] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.351494][ T9721] bridge_slave_0: entered allmulticast mode [ 163.372371][ T9721] bridge_slave_0: entered promiscuous mode [ 163.390739][ T9721] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.423006][ T9721] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.450316][ T9721] bridge_slave_1: entered allmulticast mode [ 163.464837][ T9721] bridge_slave_1: entered promiscuous mode [ 163.474192][ T9981] netlink: 'syz.4.1643': attribute type 10 has an invalid length. [ 163.521564][ T9981] batman_adv: batadv0: Adding interface: team0 [ 163.552469][ T9981] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.590704][ T9981] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 163.797058][ T9721] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 163.850412][ T9721] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 163.871719][T10000] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1647'. [ 163.887176][ T2824] IPVS: stop unused estimator thread 0... [ 163.973216][ T4493] Bluetooth: hci4: command tx timeout [ 164.018699][ T9721] team0: Port device team_slave_0 added [ 164.060639][ T9721] team0: Port device team_slave_1 added [ 164.136988][T10017] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1649'. [ 164.164894][ T9721] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 164.171867][ T9721] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 164.209103][ T9721] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 164.252736][ T9721] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 164.279859][ T9721] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 164.344014][ T9721] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 164.676679][ T9721] hsr_slave_0: entered promiscuous mode [ 164.706947][ T9721] hsr_slave_1: entered promiscuous mode [ 164.719812][ T9721] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 164.735139][ T9721] Cannot create hsr debugfs directory [ 164.754495][T10048] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.053392][ T4493] Bluetooth: hci4: command 0x0419 tx timeout [ 166.081402][T10126] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.1675'. [ 166.099428][ T9721] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 166.139771][ T9721] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 166.202802][ T9721] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 166.227511][ T9721] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 166.262471][T10134] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1681'. [ 166.282764][T10134] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 166.338145][T10134] batman_adv: batadv1: Adding interface: netdevsim0 [ 166.349414][T10134] batman_adv: batadv1: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 166.378410][T10134] batman_adv: batadv1: Interface activated: netdevsim0 [ 166.590304][ T9721] 8021q: adding VLAN 0 to HW filter on device bond0 [ 166.657868][T10154] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1685'. [ 166.689419][ T9721] 8021q: adding VLAN 0 to HW filter on device team0 [ 166.717542][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.724753][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.771296][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.778470][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.881941][ T9721] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 166.945767][ T9721] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 167.071978][T10173] netlink: 576 bytes leftover after parsing attributes in process `syz.0.1690'. [ 167.151025][T10178] netlink: 'syz.4.1692': attribute type 2 has an invalid length. [ 167.424238][ T9721] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 167.465614][T10200] FAULT_INJECTION: forcing a failure. [ 167.465614][T10200] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 167.529065][T10200] CPU: 1 PID: 10200 Comm: syz.0.1699 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 [ 167.539260][T10200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 167.549319][T10200] Call Trace: [ 167.552594][T10200] [ 167.555519][T10200] dump_stack_lvl+0x241/0x360 [ 167.560194][T10200] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.565384][T10200] ? __pfx__printk+0x10/0x10 [ 167.570049][T10200] ? __pfx_lock_release+0x10/0x10 [ 167.575085][T10200] should_fail_ex+0x3b0/0x4e0 [ 167.579766][T10200] _copy_from_iter+0x1f6/0x1960 [ 167.584612][T10200] ? __virt_addr_valid+0x183/0x520 [ 167.589725][T10200] ? __pfx_lock_release+0x10/0x10 [ 167.594764][T10200] ? __alloc_skb+0x28f/0x440 [ 167.599352][T10200] ? __pfx__copy_from_iter+0x10/0x10 [ 167.604635][T10200] ? __virt_addr_valid+0x183/0x520 [ 167.609740][T10200] ? __virt_addr_valid+0x183/0x520 [ 167.614841][T10200] ? __virt_addr_valid+0x44e/0x520 [ 167.619947][T10200] ? __check_object_size+0x49c/0x900 [ 167.625231][T10200] netlink_sendmsg+0x73d/0xcb0 [ 167.630006][T10200] ? __pfx_netlink_sendmsg+0x10/0x10 [ 167.635288][T10200] ? __import_iovec+0x536/0x820 [ 167.640130][T10200] ? aa_sock_msg_perm+0x91/0x160 [ 167.645068][T10200] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 167.650346][T10200] ? security_socket_sendmsg+0x87/0xb0 [ 167.655806][T10200] ? __pfx_netlink_sendmsg+0x10/0x10 [ 167.661082][T10200] __sock_sendmsg+0x221/0x270 [ 167.665755][T10200] ____sys_sendmsg+0x525/0x7d0 [ 167.670522][T10200] ? __pfx_____sys_sendmsg+0x10/0x10 [ 167.675822][T10200] __sys_sendmsg+0x2b0/0x3a0 [ 167.680410][T10200] ? __pfx___sys_sendmsg+0x10/0x10 [ 167.685515][T10200] ? vfs_write+0x7c4/0xc90 [ 167.689951][T10200] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 167.696270][T10200] ? do_syscall_64+0x100/0x230 [ 167.701023][T10200] ? do_syscall_64+0xb6/0x230 [ 167.705689][T10200] do_syscall_64+0xf3/0x230 [ 167.710183][T10200] ? clear_bhb_loop+0x35/0x90 [ 167.714854][T10200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.720736][T10200] RIP: 0033:0x7ff7a0175bd9 [ 167.725140][T10200] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.744845][T10200] RSP: 002b:00007ff7a0ee7048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 167.753249][T10200] RAX: ffffffffffffffda RBX: 00007ff7a0303f60 RCX: 00007ff7a0175bd9 [ 167.761210][T10200] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003 [ 167.769174][T10200] RBP: 00007ff7a0ee70a0 R08: 0000000000000000 R09: 0000000000000000 [ 167.777145][T10200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 167.785107][T10200] R13: 000000000000000b R14: 00007ff7a0303f60 R15: 00007ffd69388cd8 [ 167.793080][T10200] [ 167.956435][T10209] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1701'. [ 168.037815][ T9721] veth0_vlan: entered promiscuous mode [ 168.081089][ T9721] veth1_vlan: entered promiscuous mode [ 168.133169][ T5106] Bluetooth: hci4: command 0x0419 tx timeout [ 168.207924][ T9721] veth0_macvtap: entered promiscuous mode [ 168.228740][ T9721] veth1_macvtap: entered promiscuous mode [ 168.274219][T10231] SET target dimension over the limit! [ 168.275795][ T9721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 168.328487][ T9721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.340187][ T9721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 168.369903][ T9721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.392277][ T9721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 168.417905][ T9721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.448674][ T9721] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 168.473430][T10231] macvtap0: entered promiscuous mode [ 168.479003][T10231] macvtap0: entered allmulticast mode [ 168.495837][T10231] veth0_macvtap: entered allmulticast mode [ 168.546416][ T9721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 168.604840][ T9721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.632966][ T9721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 168.663290][ T9721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.682023][ T9721] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 168.715768][ T9721] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 168.735245][ T9721] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 168.756190][ T9721] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.797066][ T9721] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.816233][T10260] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1715'. [ 168.820324][ T9721] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.829313][T10262] Bluetooth: hci3: invalid length 0, exp 2 for type 0 [ 168.841735][ T9721] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 168.860293][T10264] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1717'. [ 168.900487][T10264] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1717'. [ 168.938624][ C1] Dead loop on virtual device ipvlan1, fix it urgently! [ 169.063050][T10268] sed (10268) used greatest stack depth: 9560 bytes left [ 169.102970][ T2486] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 169.117849][ T2486] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 169.236907][ T2486] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 169.273583][T10281] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1722'. [ 169.281077][T10284] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1723'. [ 169.288870][ T2486] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 169.303424][T10284] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1723'. [ 169.554123][T10300] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1726'. [ 169.700324][T10309] vlan3: entered allmulticast mode [ 169.734036][T10309] geneve0: entered allmulticast mode [ 169.762486][T10309] bridge0: port 4(vlan3) entered blocking state [ 169.788246][T10309] bridge0: port 4(vlan3) entered disabled state [ 169.798908][T10309] vlan3: entered promiscuous mode [ 169.808951][T10309] geneve0: entered promiscuous mode [ 169.820822][T10309] bridge0: port 4(vlan3) entered blocking state [ 169.827238][T10309] bridge0: port 4(vlan3) entered forwarding state [ 169.950491][T10327] netlink: 'syz.3.1733': attribute type 3 has an invalid length. [ 170.618983][T10373] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1747'. [ 170.660210][T10373] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 170.669237][T10373] team0: Port device batadv1 added [ 170.878398][T10384] netlink: 'syz.3.1751': attribute type 1 has an invalid length. [ 170.919932][T10389] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1752'. [ 170.990883][T10392] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1754'. [ 171.256873][T10409] netlink: 'syz.1.1760': attribute type 11 has an invalid length. [ 171.520933][T10425] IPVS: Unknown mcast interface: vcan0 [ 171.929427][T10450] netlink: 'syz.4.1774': attribute type 1 has an invalid length. [ 172.066655][T10461] netlink: 'syz.3.1780': attribute type 33 has an invalid length. [ 172.176223][T10466] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 172.183535][T10466] IPv6: NLM_F_CREATE should be set when creating new route [ 172.190805][T10466] IPv6: NLM_F_CREATE should be set when creating new route [ 172.352736][T10482] x_tables: duplicate underflow at hook 3 [ 172.395398][T10486] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_team, syncid = 196608, id = 0 [ 172.825781][T10510] dummy0: entered promiscuous mode [ 172.851416][T10510] dummy0: left promiscuous mode [ 172.865295][T10512] netlink: 'syz.0.1799': attribute type 11 has an invalid length. [ 172.905639][T10512] netlink: 'syz.0.1799': attribute type 11 has an invalid length. [ 172.921062][T10512] debugfs: Directory 'netdev:' with parent 'phy14' already present! [ 173.286589][T10537] bond_slave_0: entered promiscuous mode [ 173.293218][T10537] bond_slave_1: entered promiscuous mode [ 173.298962][T10537] bridge0: entered promiscuous mode [ 173.363946][T10537] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 173.392554][T10537] bond_slave_0: left promiscuous mode [ 173.398106][T10537] bond_slave_1: left promiscuous mode [ 173.403772][T10537] bridge0: left promiscuous mode [ 173.439068][T10542] IPv6: NLM_F_REPLACE set, but no existing node found! [ 173.448586][T10544] netlink: 'syz.0.1812': attribute type 58 has an invalid length. [ 173.728610][T10567] netlink: 'syz.3.1817': attribute type 10 has an invalid length. [ 173.930090][T10577] lo speed is unknown, defaulting to 1000 [ 173.971723][T10582] __nla_validate_parse: 15 callbacks suppressed [ 173.971740][T10582] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1822'. [ 174.084179][T10587] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1824'. [ 174.297046][T10602] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1828'. [ 174.301377][T10603] x_tables: unsorted underflow at hook 3 [ 174.644242][T10617] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 174.808690][T10630] netlink: 'syz.4.1836': attribute type 33 has an invalid length. [ 175.149285][T10646] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1843'. [ 175.153749][T10651] netlink: 4444 bytes leftover after parsing attributes in process `syz.1.1844'. [ 175.161866][T10650] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1845'. [ 175.184952][T10651] netlink: 4444 bytes leftover after parsing attributes in process `syz.1.1844'. [ 175.212954][T10651] netlink: 396 bytes leftover after parsing attributes in process `syz.1.1844'. [ 175.265436][T10652] team1: Failed to send options change via netlink (err -105) [ 175.303101][T10652] team1: Mode changed to "activebackup" [ 175.669694][T10681] netlink: 204476 bytes leftover after parsing attributes in process `syz.2.1850'. [ 175.831277][T10692] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1855'. [ 176.266183][T10727] netlink: 'syz.2.1866': attribute type 2 has an invalid length. [ 176.624986][T10748] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 177.368236][T10798] 8021q: adding VLAN 0 to HW filter on device batadv3 [ 177.391056][T10798] batman_adv: batadv1: Interface deactivated: netdevsim0 [ 177.417746][T10798] batman_adv: batadv1: Removing interface: netdevsim0 [ 177.455404][T10798] batman_adv: batadv3: Adding interface: netdevsim0 [ 177.472582][T10798] batman_adv: batadv3: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 177.529277][T10798] batman_adv: batadv3: Interface activated: netdevsim0 [ 177.847067][T10828] netlink: 'syz.1.1903': attribute type 1 has an invalid length. [ 177.919253][T10828] 8021q: adding VLAN 0 to HW filter on device bond6 [ 178.333315][T10855] netlink: 'syz.1.1913': attribute type 1 has an invalid length. [ 178.415860][T10855] bond7: entered promiscuous mode [ 178.447149][T10864] bridge5: the hash_elasticity option has been deprecated and is always 16 [ 178.505754][T10864] bond7: (slave bridge5): making interface the new active one [ 178.531966][T10864] bridge5: entered promiscuous mode [ 178.542801][T10864] bond7: (slave bridge5): Enslaving as an active interface with an up link [ 178.614336][T10855] bond7 (unregistering): (slave bridge5): Releasing active interface [ 178.622465][T10855] bridge5: left promiscuous mode [ 178.632139][T10870] netlink: 'syz.2.1917': attribute type 4 has an invalid length. [ 178.659200][T10855] bond7 (unregistering): Released all slaves [ 179.238857][T10907] __nla_validate_parse: 12 callbacks suppressed [ 179.238877][T10907] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1929'. [ 179.360691][T10904] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1927'. [ 179.441336][T10904] pim6reg: entered allmulticast mode [ 179.524846][T10924] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1932'. [ 179.544409][T10926] netlink: 'syz.4.1933': attribute type 1 has an invalid length. [ 179.577832][T10926] bond3: entered promiscuous mode [ 179.650822][T10932] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1935'. [ 179.652204][T10926] bridge3: the hash_elasticity option has been deprecated and is always 16 [ 179.712010][T10926] bond3: (slave bridge3): making interface the new active one [ 179.721806][T10926] bridge3: entered promiscuous mode [ 179.729303][T10926] bond3: (slave bridge3): Enslaving as an active interface with an up link [ 179.751849][T10936] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1933'. [ 179.793665][T10936] bond3 (unregistering): (slave bridge3): Releasing active interface [ 179.801785][T10936] bridge3: left promiscuous mode [ 179.873302][T10936] bond3 (unregistering): Released all slaves [ 179.906476][T10944] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1938'. [ 180.154635][T10955] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1944'. [ 180.201092][T10956] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1943'. [ 180.216282][T10956] veth1_macvtap: left promiscuous mode [ 180.225832][T10956] macsec0: entered allmulticast mode [ 180.264669][T10955] team1: Mode changed to "activebackup" [ 180.391756][T10969] SET target dimension over the limit! [ 180.443083][T10971] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1950'. [ 180.642660][T10987] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1954'. [ 181.253020][ T53] Bluetooth: hci3: command 0x0406 tx timeout [ 181.259184][ T5095] Bluetooth: hci0: command 0x0406 tx timeout [ 181.421827][T11024] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: invalid value (129) [ 181.580486][T11036] ebt_limit: overflow, try lower: 570423552/2483027968 [ 181.751804][T11052] netlink: 'syz.2.1984': attribute type 3 has an invalid length. [ 181.801163][T11040] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 182.594343][T11100] vlan3: entered allmulticast mode [ 182.599515][T11100] geneve0: entered allmulticast mode [ 182.601639][T11102] xt_hashlimit: Unknown mode mask 242, kernel too old? [ 182.625326][T11100] bridge0: port 3(vlan3) entered blocking state [ 182.631943][T11100] bridge0: port 3(vlan3) entered disabled state [ 182.640323][T11100] vlan3: entered promiscuous mode [ 182.646195][T11100] geneve0: entered promiscuous mode [ 182.652293][T11100] bridge0: port 3(vlan3) entered blocking state [ 182.658750][T11100] bridge0: port 3(vlan3) entered forwarding state [ 182.695174][T11104] syzkaller0: entered allmulticast mode [ 183.002534][T11118] netlink: 'syz.4.2009': attribute type 33 has an invalid length. [ 183.366137][T11139] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 183.434940][T11139] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 183.472013][T11139] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 183.523222][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88802bca4c00: rx timeout, send abort [ 183.704744][T11161] netlink: 'syz.4.2024': attribute type 11 has an invalid length. [ 183.721364][T11161] netlink: 'syz.4.2024': attribute type 11 has an invalid length. [ 183.729632][T11161] debugfs: Directory 'netdev:' with parent 'phy6' already present! [ 184.031559][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88802bca4c00: abort rx timeout. Force session deactivation [ 184.065862][T11166] dummy0: entered promiscuous mode [ 184.075957][T11166] dummy0: left promiscuous mode [ 184.106537][T11168] netlink: 'syz.0.2027': attribute type 1 has an invalid length. [ 184.182701][T11170] netlink: 'syz.0.2028': attribute type 1 has an invalid length. [ 184.204860][T11170] netlink: 'syz.0.2028': attribute type 2 has an invalid length. [ 184.242035][T11170] tipc: Enabling of bearer rejected, already enabled [ 184.329295][T11174] __nla_validate_parse: 17 callbacks suppressed [ 184.329314][T11174] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2030'. [ 184.559998][T11186] netlink: 'syz.3.2035': attribute type 1 has an invalid length. [ 184.589404][T11176] atomic_op ffff8880182f3198 conn xmit_atomic 0000000000000000 [ 184.629138][T11176] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 184.664103][T11190] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2036'. [ 184.683938][T11190] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2036'. [ 184.798883][T11200] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2041'. [ 184.897580][T11208] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2042'. [ 184.917871][T11210] FAULT_INJECTION: forcing a failure. [ 184.917871][T11210] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 184.948573][T11210] CPU: 0 PID: 11210 Comm: syz.2.2044 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 [ 184.958772][T11210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 184.968859][T11210] Call Trace: [ 184.972149][T11210] [ 184.975088][T11210] dump_stack_lvl+0x241/0x360 [ 184.979793][T11210] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.985010][T11210] ? __pfx__printk+0x10/0x10 [ 184.989629][T11210] ? __pfx_lock_release+0x10/0x10 [ 184.994703][T11210] should_fail_ex+0x3b0/0x4e0 [ 184.999402][T11210] _copy_from_iter+0x1f6/0x1960 [ 185.004270][T11210] ? __virt_addr_valid+0x183/0x520 [ 185.009401][T11210] ? __pfx_lock_release+0x10/0x10 [ 185.014445][T11210] ? __alloc_skb+0x28f/0x440 [ 185.019052][T11210] ? __pfx__copy_from_iter+0x10/0x10 [ 185.021145][T11208] netlink: 'syz.0.2042': attribute type 1 has an invalid length. [ 185.024376][T11210] ? __virt_addr_valid+0x183/0x520 [ 185.024404][T11210] ? __virt_addr_valid+0x183/0x520 [ 185.024423][T11210] ? __virt_addr_valid+0x44e/0x520 [ 185.024447][T11210] ? __check_object_size+0x49c/0x900 [ 185.035526][T11208] netlink: 'syz.0.2042': attribute type 2 has an invalid length. [ 185.037227][T11210] netlink_sendmsg+0x73d/0xcb0 [ 185.065150][T11210] ? __pfx_netlink_sendmsg+0x10/0x10 [ 185.070431][T11210] ? __import_iovec+0x536/0x820 [ 185.075273][T11210] ? aa_sock_msg_perm+0x91/0x160 [ 185.080207][T11210] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 185.085479][T11210] ? security_socket_sendmsg+0x87/0xb0 [ 185.090952][T11210] ? __pfx_netlink_sendmsg+0x10/0x10 [ 185.096227][T11210] __sock_sendmsg+0x221/0x270 [ 185.100897][T11210] ____sys_sendmsg+0x525/0x7d0 [ 185.105662][T11210] ? __pfx_____sys_sendmsg+0x10/0x10 [ 185.110950][T11210] __sys_sendmsg+0x2b0/0x3a0 [ 185.115534][T11210] ? __pfx___sys_sendmsg+0x10/0x10 [ 185.120638][T11210] ? vfs_write+0x7c4/0xc90 [ 185.125075][T11210] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 185.131394][T11210] ? do_syscall_64+0x100/0x230 [ 185.136154][T11210] ? do_syscall_64+0xb6/0x230 [ 185.140820][T11210] do_syscall_64+0xf3/0x230 [ 185.145311][T11210] ? clear_bhb_loop+0x35/0x90 [ 185.149978][T11210] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.155860][T11210] RIP: 0033:0x7f5ec0975bd9 [ 185.160263][T11210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.179855][T11210] RSP: 002b:00007f5ec03ff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 185.188262][T11210] RAX: ffffffffffffffda RBX: 00007f5ec0b03f60 RCX: 00007f5ec0975bd9 [ 185.196225][T11210] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000007 [ 185.204190][T11210] RBP: 00007f5ec03ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 185.212156][T11210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.220118][T11210] R13: 000000000000004d R14: 00007f5ec0b03f60 R15: 00007ffe370ccf28 [ 185.228091][T11210] [ 185.284973][T11208] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2042'. [ 185.300288][T11208] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2042'. [ 185.333781][T11208] tipc: Enabling of bearer rejected, already enabled [ 185.381169][T11221] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2048'. [ 185.587603][T11234] netlink: 'syz.3.2054': attribute type 4 has an invalid length. [ 185.679159][T11232] syzkaller0: entered allmulticast mode [ 185.778054][T11246] netlink: 4444 bytes leftover after parsing attributes in process `syz.0.2059'. [ 185.810372][T11246] netlink: 4444 bytes leftover after parsing attributes in process `syz.0.2059'. [ 185.970711][T11257] netlink: 'syz.0.2063': attribute type 5 has an invalid length. [ 186.040661][T11257] : entered promiscuous mode [ 186.188068][T11277] xt_cgroup: path and classid specified [ 186.196728][T11275] openvswitch: netlink: Tunnel attr 8192 out of range max 16 [ 186.401882][T11282] atomic_op ffff888018eb9198 conn xmit_atomic 0000000000000000 [ 186.420396][T11282] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 186.586235][T11304] netlink: 'syz.2.2079': attribute type 35 has an invalid length. [ 186.686598][T11299] netlink: 'syz.3.2076': attribute type 30 has an invalid length. [ 187.079698][T11331] atomic_op ffff888079886998 conn xmit_atomic 0000000000000000 [ 187.307018][T11353] IPVS: length: 96 != 8 [ 187.717967][T11379] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (128) [ 187.827196][T11387] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 188.059630][ T29] audit: type=1107 audit(1720321797.742:2): pid=11402 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=':Y$nJ5 9Icc}֨ V}L(ΤO*?S\HSsdLY۞D|UsH;=' [ 188.159863][T11405] bridge0: port 4(vlan3) entered disabled state [ 188.166615][T11405] bridge0: port 3(geneve1) entered disabled state [ 188.173238][T11405] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.180416][T11405] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.202796][T11408] bridge0: port 4(vlan3) entered blocking state [ 188.209273][T11408] bridge0: port 4(vlan3) entered forwarding state [ 188.215972][T11408] bridge0: port 3(geneve1) entered blocking state [ 188.222491][T11408] bridge0: port 3(geneve1) entered forwarding state [ 188.229351][T11408] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.236475][T11408] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.243970][T11408] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.251163][T11408] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.281225][T11408] bridge0: entered promiscuous mode [ 188.291199][T11408] bridge0: entered allmulticast mode [ 188.308112][ C0] bridge0: received packet on vlan3 with own address as source address (addr:aa:aa:aa:aa:aa:17, vlan:0) [ 188.334637][ C1] bridge0: received packet on vlan3 with own address as source address (addr:aa:aa:aa:aa:aa:17, vlan:0) [ 188.744427][ C1] bridge0: received packet on vlan3 with own address as source address (addr:aa:aa:aa:aa:aa:17, vlan:0) [ 189.147115][T11475] Cannot find set identified by id 0 to match [ 189.229716][T11481] pimreg: entered allmulticast mode [ 189.382287][T11490] __nla_validate_parse: 17 callbacks suppressed [ 189.382307][T11490] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2147'. [ 189.465376][T11495] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2146'. [ 189.486469][T11495] validate_nla: 7 callbacks suppressed [ 189.486485][T11495] netlink: 'syz.0.2146': attribute type 12 has an invalid length. [ 189.537573][T11499] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2151'. [ 189.543181][T11495] netlink: 'syz.0.2146': attribute type 13 has an invalid length. [ 189.581462][T11495] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 189.583833][T11499] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2151'. [ 189.590593][T11495] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 189.608083][T11495] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 189.616913][T11495] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 189.639753][T11495] vxlan0: entered promiscuous mode [ 189.652777][T11494] team2: Mode changed to "activebackup" [ 189.737648][T11505] netlink: 'syz.3.2154': attribute type 10 has an invalid length. [ 189.768090][T11505] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 189.800755][T11511] netlink: 'syz.1.2157': attribute type 1 has an invalid length. [ 189.875404][T11510] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2156'. [ 189.949806][T11521] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2161'. [ 189.978821][T11522] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2160'. [ 190.051776][T11525] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2163'. [ 190.539373][T11555] xt_ecn: cannot match TCP bits for non-tcp packets [ 190.902662][T11568] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2178'. [ 191.017827][T11572] x_tables: duplicate underflow at hook 4 [ 191.543264][T11598] netlink: 'syz.3.2190': attribute type 1 has an invalid length. [ 191.675650][T11604] netlink: 'syz.3.2193': attribute type 1 has an invalid length. [ 191.712721][T11609] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2195'. [ 192.000092][T11609] infiniband syz1: set active [ 192.012289][T11609] infiniband syz1: added veth1_vlan [ 192.147792][T11609] RDS/IB: syz1: added [ 192.151876][T11609] smc: adding ib device syz1 with port count 1 [ 192.154260][T11627] bond_slave_0: entered promiscuous mode [ 192.164175][T11627] bond_slave_1: entered promiscuous mode [ 192.172334][T11627] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 192.193838][T11627] bond_slave_0: left promiscuous mode [ 192.196281][T11609] smc: ib device syz1 port 1 has pnetid [ 192.199277][T11627] bond_slave_1: left promiscuous mode [ 192.331894][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88802cb79400: rx timeout, send abort [ 192.803522][ T5106] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 192.812658][ T5106] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 192.823117][ T5106] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 192.837618][ T5106] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 192.840302][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88802cb79400: abort rx timeout. Force session deactivation [ 192.874112][ T5106] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 192.881804][ T5106] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 193.028393][T11642] lo speed is unknown, defaulting to 1000 [ 193.147001][ T7327] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.373782][ T7327] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.584331][ T7327] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.693955][ T7327] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.948551][T11687] netlink: 'syz.2.2224': attribute type 33 has an invalid length. [ 194.009537][ T7327] bridge_slave_1: left allmulticast mode [ 194.024874][ T7327] bridge_slave_1: left promiscuous mode [ 194.030817][ T7327] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.052562][ T7327] bridge_slave_0: left allmulticast mode [ 194.058613][ T7327] bridge_slave_0: left promiscuous mode [ 194.064700][ T7327] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.514223][ T7327] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 194.528423][ T7327] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 194.552293][ T7327] bond0 (unregistering): Released all slaves [ 194.564880][ T7327] bond1 (unregistering): Released all slaves [ 194.576985][T11691] netlink: 'syz.2.2224': attribute type 33 has an invalid length. [ 194.777213][T11716] __nla_validate_parse: 8 callbacks suppressed [ 194.777234][T11716] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2232'. [ 194.828981][T11716] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2232'. [ 194.857346][ T7327] IPVS: stopping master sync thread 10486 ... [ 194.940433][T11722] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 194.943775][ T5106] Bluetooth: hci2: command tx timeout [ 194.987332][T11723] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 195.160936][T11736] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2234'. [ 195.325302][T11741] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2236'. [ 196.117136][T11642] chnl_net:caif_netlink_parms(): no params data found [ 196.161333][T11783] xt_CT: You must specify a L4 protocol and not use inversions on it [ 196.190640][T11782] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2248'. [ 196.320021][T11789] team1: Failed to send options change via netlink (err -105) [ 196.338012][T11789] team1: Mode changed to "activebackup" [ 196.680180][T11806] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2254'. [ 196.706235][T11806] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2254'. [ 196.726175][T11806] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2254'. [ 196.793965][ T7327] hsr_slave_0: left promiscuous mode [ 196.806472][ T7327] hsr_slave_1: left promiscuous mode [ 196.820856][ T7327] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 196.828788][ T7327] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 196.847207][ T7327] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 196.863008][ T7327] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 196.908353][T11826] xt_CT: You must specify a L4 protocol and not use inversions on it [ 196.910771][ T7327] veth1_macvtap: left promiscuous mode [ 196.934396][ T7327] veth0_macvtap: left promiscuous mode [ 196.940069][ T7327] veth1_vlan: left promiscuous mode [ 196.964344][ T7327] veth0_vlan: left promiscuous mode [ 197.023309][ T5106] Bluetooth: hci2: command tx timeout [ 197.313730][ T7327] team0 (unregistering): Port device batadv1 removed [ 197.648631][ T7327] team0 (unregistering): Port device team_slave_1 removed [ 197.688674][ T7327] team0 (unregistering): Port device team_slave_0 removed [ 198.074001][T11825] IPv6: NLM_F_REPLACE set, but no existing node found! [ 198.377341][T11642] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.402469][T11642] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.433637][T11642] bridge_slave_0: entered allmulticast mode [ 198.441017][T11642] bridge_slave_0: entered promiscuous mode [ 198.453269][T11859] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2264'. [ 198.489886][T11862] netlink: 'syz.0.2265': attribute type 6 has an invalid length. [ 198.517171][T11642] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.542475][T11642] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.562823][T11642] bridge_slave_1: entered allmulticast mode [ 198.582640][T11642] bridge_slave_1: entered promiscuous mode [ 198.611410][T11862] netlink: 'syz.0.2265': attribute type 3 has an invalid length. [ 198.874996][T11642] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.915453][T11642] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.093334][T11898] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (128) [ 199.103663][ T5106] Bluetooth: hci2: command tx timeout [ 199.140534][T11642] team0: Port device team_slave_0 added [ 199.181772][T11642] team0: Port device team_slave_1 added [ 199.238724][T11905] netlink: 'syz.4.2275': attribute type 10 has an invalid length. [ 199.251443][T11905] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2275'. [ 199.270189][T11905] bridge0: port 5(batadv0) entered blocking state [ 199.278548][T11905] bridge0: port 5(batadv0) entered disabled state [ 199.285251][T11905] batadv0: entered allmulticast mode [ 199.293656][T11905] batadv0: entered promiscuous mode [ 199.299621][T11905] bridge0: port 5(batadv0) entered blocking state [ 199.306206][T11905] bridge0: port 5(batadv0) entered forwarding state [ 199.360169][T11912] netlink: 'syz.4.2275': attribute type 10 has an invalid length. [ 199.388333][T11912] bridge0: port 5(batadv0) entered disabled state [ 199.441717][T11912] batadv0: left allmulticast mode [ 199.456910][T11912] batadv0: left promiscuous mode [ 199.467892][T11912] bridge0: port 5(batadv0) entered disabled state [ 199.490197][T11642] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 199.503774][T11642] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 199.537167][T11642] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 199.590803][T11642] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 199.601350][T11642] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 199.642979][T11642] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 199.687256][T11922] netlink: 'syz.4.2279': attribute type 1 has an invalid length. [ 199.742678][T11922] bond3: entered promiscuous mode [ 199.782674][T11924] bridge5: the hash_elasticity option has been deprecated and is always 16 [ 199.798571][T11924] bond3: (slave bridge5): making interface the new active one [ 199.807317][T11924] bridge5: entered promiscuous mode [ 199.815535][T11924] bond3: (slave bridge5): Enslaving as an active interface with an up link [ 199.830078][T11928] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2279'. [ 199.854374][T11928] bond3 (unregistering): (slave bridge5): Releasing active interface [ 199.873591][T11928] bridge5: left promiscuous mode [ 199.885264][T11928] bond3 (unregistering): Released all slaves [ 200.232560][T11642] hsr_slave_0: entered promiscuous mode [ 200.262048][T11642] hsr_slave_1: entered promiscuous mode [ 200.277360][T11958] netlink: 'syz.1.2288': attribute type 1 has an invalid length. [ 200.455820][T11959] erspan0: entered promiscuous mode [ 200.890396][T11981] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2296'. [ 201.173020][ T5106] Bluetooth: hci2: command tx timeout [ 201.269125][T12003] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2298'. [ 201.313349][T12003] block nbd0: not configured, cannot reconfigure [ 201.345452][T11999] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2301'. [ 201.381755][T12007] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2302'. [ 201.507888][T12008] team3: Mode changed to "activebackup" [ 201.521228][T12010] netlink: 'syz.4.2303': attribute type 10 has an invalid length. [ 202.092139][T12048] netlink: 'syz.1.2317': attribute type 3 has an invalid length. [ 202.284039][T12051] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2319'. [ 202.336174][T12051] (unnamed net_device) (uninitialized): option lp_interval: invalid value (18446744073709551614) [ 202.367444][T12051] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647 [ 202.392020][T12051] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2319'. [ 202.421541][T11642] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 202.466888][T11642] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 202.503738][T11642] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 202.541786][T11642] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 202.582609][T12075] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2324'. [ 202.624420][T12075] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2324'. [ 202.773820][T11642] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.822274][T11642] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.857517][T12089] netlink: 5 bytes leftover after parsing attributes in process `syz.4.2329'. [ 202.860120][ T5093] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.873577][ T5093] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.908370][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.915559][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.010782][T11642] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 203.131461][T12101] [ 203.133830][T12101] ====================================================== [ 203.140850][T12101] WARNING: possible circular locking dependency detected [ 203.147870][T12101] 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 Not tainted [ 203.155068][T12101] ------------------------------------------------------ [ 203.162086][T12101] syz.4.2333/12101 is trying to acquire lock: [ 203.168153][T12101] ffff888060185218 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2){+...}-{2:2}, at: __dev_queue_xmit+0x2353/0x3e90 [ 203.180365][T12101] [ 203.180365][T12101] but task is already holding lock: [ 203.187743][T12101] ffff88807d1d48d8 (&qdisc_xmit_lock_key#3){+.-.}-{2:2}, at: sch_direct_xmit+0x1c4/0x5f0 [ 203.197607][T12101] [ 203.197607][T12101] which lock already depends on the new lock. [ 203.197607][T12101] [ 203.208014][T12101] [ 203.208014][T12101] the existing dependency chain (in reverse order) is: [ 203.217029][T12101] [ 203.217029][T12101] -> #1 (&qdisc_xmit_lock_key#3){+.-.}-{2:2}: [ 203.225308][T12101] lock_acquire+0x1ed/0x550 [ 203.230346][T12101] _raw_spin_lock+0x2e/0x40 [ 203.235382][T12101] sch_direct_xmit+0x1c4/0x5f0 [ 203.240679][T12101] __dev_queue_xmit+0x1a7f/0x3e90 [ 203.246246][T12101] ip6_finish_output2+0xffa/0x1680 [ 203.251893][T12101] ip6_finish_output+0x41e/0x810 [ 203.257369][T12101] NF_HOOK+0x9e/0x430 [ 203.261886][T12101] mld_sendpack+0x843/0xdb0 [ 203.266927][T12101] mld_ifc_work+0x7d6/0xd90 [ 203.271976][T12101] process_scheduled_works+0xa2c/0x1830 [ 203.272090][T11642] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.278033][T12101] worker_thread+0x86d/0xd50 [ 203.278053][T12101] kthread+0x2f0/0x390 [ 203.278071][T12101] ret_from_fork+0x4b/0x80 [ 203.278092][T12101] ret_from_fork_asm+0x1a/0x30 [ 203.278114][T12101] [ 203.278114][T12101] -> #0 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2){+...}-{2:2}: [ 203.278150][T12101] validate_chain+0x18e0/0x5900 [ 203.278171][T12101] __lock_acquire+0x1346/0x1fd0 [ 203.278188][T12101] lock_acquire+0x1ed/0x550 [ 203.278204][T12101] _raw_spin_lock+0x2e/0x40 [ 203.278222][T12101] __dev_queue_xmit+0x2353/0x3e90 [ 203.278243][T12101] ip6_finish_output2+0xffa/0x1680 [ 203.278261][T12101] ip6_finish_output+0x41e/0x810 [ 203.278282][T12101] ndisc_send_skb+0xab2/0x1380 [ 203.278300][T12101] ndisc_solicit+0x493/0x6a0 [ 203.332058][T11642] veth0_vlan: entered promiscuous mode [ 203.335891][T12101] __neigh_event_send+0xece/0x15b0 [ 203.335920][T12101] neigh_resolve_output+0x1b5/0x740 [ 203.358418][T11642] veth1_vlan: entered promiscuous mode [ 203.362853][T12101] ip6_finish_output2+0xffa/0x1680 [ 203.362879][T12101] ip6_finish_output+0x41e/0x810 [ 203.362901][T12101] ip6_send_skb+0x112/0x230 [ 203.398216][T11642] veth0_macvtap: entered promiscuous mode [ 203.401147][T12101] icmp6_send+0x15fc/0x2070 [ 203.401173][T12101] ip6_link_failure+0x3c/0x4f0 [ 203.417213][T12101] ip_tunnel_xmit+0x1653/0x2950 [ 203.422597][T12101] __gre_xmit+0x1cf/0x260 [ 203.427455][T12101] erspan_xmit+0xabe/0x1310 [ 203.432487][T12101] dev_hard_start_xmit+0x27a/0x7e0 [ 203.437989][T11642] veth1_macvtap: entered promiscuous mode [ 203.438115][T12101] sch_direct_xmit+0x2b6/0x5f0 [ 203.449095][T12101] __dev_queue_xmit+0x1d3f/0x3e90 [ 203.454656][T12101] ip6_finish_output2+0xffa/0x1680 [ 203.458786][T11642] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 203.460283][T12101] ip6_finish_output+0x41e/0x810 [ 203.471898][T11642] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.476100][T12101] rawv6_send_hdrinc+0xcfc/0x1890 [ 203.476123][T12101] rawv6_sendmsg+0x1962/0x23c0 [ 203.476139][T12101] __sock_sendmsg+0x1a6/0x270 [ 203.476157][T12101] sock_write_iter+0x2dd/0x400 [ 203.476173][T12101] vfs_write+0xa72/0xc90 [ 203.476191][T12101] ksys_write+0x1a0/0x2c0 [ 203.476208][T12101] do_syscall_64+0xf3/0x230 [ 203.476226][T12101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.476246][T12101] [ 203.476246][T12101] other info that might help us debug this: [ 203.476246][T12101] [ 203.476253][T12101] Possible unsafe locking scenario: [ 203.476253][T12101] [ 203.476259][T12101] CPU0 CPU1 [ 203.476265][T12101] ---- ---- [ 203.476271][T12101] lock(&qdisc_xmit_lock_key#3); [ 203.476292][T12101] lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2); [ 203.476313][T12101] lock(&qdisc_xmit_lock_key#3); [ 203.476332][T12101] lock( [ 203.490545][T11642] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 203.491605][T12101] dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2); [ 203.491626][T12101] [ 203.491626][T12101] *** DEADLOCK *** [ 203.491626][T12101] [ 203.499340][T11642] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.502038][T12101] 10 locks held by syz.4.2333/12101: [ 203.502052][T12101] #0: ffffffff8e333f20 [ 203.511845][T11642] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 203.512041][T12101] (rcu_read_lock [ 203.517193][T11642] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.521852][T12101] ){....}-{1:2}, at: rawv6_send_hdrinc+0xb7a/0x1890 [ 203.532759][T11642] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 203.538456][T12101] #1: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: ip6_finish_output2+0x712/0x1680 [ 203.538508][T12101] #2: ffffffff8e333f80 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2da/0x3e90 [ 203.538560][T12101] #3: ffff88807d1d48d8 (&qdisc_xmit_lock_key#3){+.-.}-{2:2}, at: sch_direct_xmit+0x1c4/0x5f0 [ 203.538610][T12101] #4: ffff88802a9b0918 (k-slock-AF_INET6){+.-.}-{2:2}, at: icmp6_send+0xc45/0x2070 [ 203.538655][T12101] #5: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: icmp6_send+0xba4/0x2070 [ 203.558979][T11642] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 203.561815][T12101] #6: ffffffff8e333f20 (rcu_read_lock){....}-{1:2} [ 203.575221][T11642] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.578949][T12101] , at: ip6_finish_output2+0x712/0x1680 [ 203.578974][T12101] #7: [ 203.581927][T11642] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 203.592255][T12101] ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: ndisc_send_skb+0x574/0x1380 [ 203.592301][T12101] #8: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: ip6_finish_output2+0x712/0x1680 [ 203.592344][T12101] #9: ffffffff8e333f80 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2da/0x3e90 [ 203.592392][T12101] [ 203.592392][T12101] stack backtrace: [ 203.592399][T12101] CPU: 1 PID: 12101 Comm: syz.4.2333 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 [ 203.592420][T12101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 203.592431][T12101] Call Trace: [ 203.592439][T12101] [ 203.592447][T12101] dump_stack_lvl+0x241/0x360 [ 203.592470][T12101] ? __pfx_dump_stack_lvl+0x10/0x10 [ 203.592494][T12101] ? print_circular_bug+0x130/0x1a0 [ 203.592519][T12101] check_noncircular+0x36a/0x4a0 [ 203.592545][T12101] ? __pfx_check_noncircular+0x10/0x10 [ 203.592566][T12101] ? __bfs+0x368/0x6f0 [ 203.592585][T12101] ? __pfx_usage_skip+0x10/0x10 [ 203.592613][T12101] validate_chain+0x18e0/0x5900 [ 203.592647][T12101] ? __pfx_validate_chain+0x10/0x10 [ 203.592669][T12101] ? __pfx_validate_chain+0x10/0x10 [ 203.592692][T12101] ? validate_chain+0x15b1/0x5900 [ 203.592720][T12101] ? register_lock_class+0x102/0x980 [ 203.605675][T11642] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.607763][T12101] ? __pfx_register_lock_class+0x10/0x10 [ 203.622141][T11642] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 203.622802][T12101] ? __pfx_validate_chain+0x10/0x10 [ 203.627973][T11642] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.637341][T12101] ? mark_lock+0x9a/0x350 [ 203.637372][T12101] __lock_acquire+0x1346/0x1fd0 [ 203.637398][T12101] lock_acquire+0x1ed/0x550 [ 203.637414][T12101] ? __dev_queue_xmit+0x2353/0x3e90 [ 203.637442][T12101] ? __pfx_lock_acquire+0x10/0x10 [ 203.637461][T12101] ? __pfx_lock_acquire+0x10/0x10 [ 203.637479][T12101] ? __lock_acquire+0x1346/0x1fd0 [ 203.637499][T12101] ? rcu_lockdep_current_cpu_online+0x37/0x120 [ 203.637523][T12101] ? rcu_read_lock_bh_held+0x7e/0x120 [ 203.637544][T12101] ? __pfx_rcu_read_lock_bh_held+0x10/0x10 [ 203.637569][T12101] _raw_spin_lock+0x2e/0x40 [ 203.637589][T12101] ? __dev_queue_xmit+0x2353/0x3e90 [ 203.637612][T12101] __dev_queue_xmit+0x2353/0x3e90 [ 203.637641][T12101] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 203.647112][T11642] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 203.651031][T12101] ? __dev_queue_xmit+0x2da/0x3e90 [ 203.669190][T11642] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.674554][T12101] ? __pfx___dev_queue_xmit+0x10/0x10 [ 203.674584][T12101] ? neigh_resolve_output+0x450/0x740 [ 203.674608][T12101] ? read_seqbegin+0x157/0x2b0 [ 203.674630][T12101] ? lockdep_hardirqs_on+0x99/0x150 [ 203.674657][T12101] ? read_seqbegin+0x208/0x2b0 [ 203.674683][T12101] ? __pfx_read_seqbegin+0x10/0x10 [ 203.674707][T12101] ? neigh_resolve_output+0x2e5/0x740 [ 203.674731][T12101] ? eth_header+0x11c/0x1f0 [ 203.674755][T12101] ? __asan_memcpy+0x40/0x70 [ 203.674775][T12101] ? eth_header+0x11c/0x1f0 [ 203.674798][T12101] ? __pfx_eth_header+0x10/0x10 [ 203.674820][T12101] ? neigh_resolve_output+0x61f/0x740 [ 203.674852][T12101] ip6_finish_output2+0xffa/0x1680 [ 203.674875][T12101] ? ip6_finish_output2+0x712/0x1680 [ 203.674893][T12101] ? nf_hook+0x9e/0x450 [ 203.674914][T12101] ? __pfx_ip6_finish_output2+0x10/0x10 [ 203.674937][T12101] ? ip6_mtu+0x81/0x3f0 [ 203.674962][T12101] ip6_finish_output+0x41e/0x810 [ 203.674989][T12101] ndisc_send_skb+0xab2/0x1380 [ 203.675010][T12101] ? ndisc_send_skb+0x574/0x1380 [ 203.675033][T12101] ? __pfx_ndisc_send_skb+0x10/0x10 [ 203.688272][T11642] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.695100][T12101] ? __pfx_dst_output+0x10/0x10 [ 203.695125][T12101] ? __asan_memcpy+0x40/0x70 [ 203.695148][T12101] ? __pfx_ndisc_ns_create+0x10/0x10 [ 203.695169][T12101] ? ipv6_get_lladdr+0x35a/0x3d0 [ 203.695189][T12101] ? ipv6_get_lladdr+0x2c/0x3d0 [ 203.695209][T12101] ndisc_solicit+0x493/0x6a0 [ 203.695233][T12101] ? __pfx_ndisc_solicit+0x10/0x10 [ 203.710919][T11642] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.713655][T12101] ? __skb_clone+0x454/0x6c0 [ 203.713688][T12101] ? __pfx_ndisc_solicit+0x10/0x10 [ 203.713711][T12101] __neigh_event_send+0xece/0x15b0 [ 203.713742][T12101] neigh_resolve_output+0x1b5/0x740 [ 203.713766][T12101] ? __ipv6_neigh_lookup_noref+0x533/0x730 [ 203.713790][T12101] ip6_finish_output2+0xffa/0x1680 [ 203.713813][T12101] ? ip6_finish_output2+0x712/0x1680 [ 203.713829][T12101] ? nf_hook+0x9e/0x450 [ 203.713849][T12101] ? __pfx_ip6_finish_output2+0x10/0x10 [ 203.713872][T12101] ? ip6_mtu+0x81/0x3f0 [ 203.713895][T12101] ip6_finish_output+0x41e/0x810 [ 203.713929][T12101] ip6_send_skb+0x112/0x230 [ 203.713949][T12101] ? icmp6_send+0xba4/0x2070 [ 203.713967][T12101] icmp6_send+0x15fc/0x2070 [ 203.713991][T12101] ? icmp6_send+0xba4/0x2070 [ 203.714017][T12101] ? __pfx_icmp6_send+0x10/0x10 [ 203.714038][T12101] ? in6_dump_addrs+0x10/0x1e40 [ 203.714057][T12101] ? __pfx_lock_release+0x10/0x10 [ 203.714085][T12101] ? ip6_neigh_lookup+0x44b/0x580 [ 203.714104][T12101] ? __pfx_ip6_neigh_lookup+0x10/0x10 [ 203.714127][T12101] ip6_link_failure+0x3c/0x4f0 [ 203.714147][T12101] ? dst_link_failure+0x107/0x160 [ 203.714173][T12101] ip_tunnel_xmit+0x1653/0x2950 [ 203.714210][T12101] ? __pfx_ip_tunnel_xmit+0x10/0x10 [ 203.714234][T12101] ? gre_build_header+0x341/0xb30 [ 203.714260][T12101] ? __pfx_gre_build_header+0x10/0x10 [ 203.714281][T12101] ? validate_chain+0x11e/0x5900 [ 203.731151][T11642] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.731224][T12101] __gre_xmit+0x1cf/0x260 [ 204.316356][T12101] ? __pfx___gre_xmit+0x10/0x10 [ 204.321241][T12101] ? erspan_build_header+0x174/0x360 [ 204.326559][T12101] erspan_xmit+0xabe/0x1310 [ 204.331104][T12101] ? __pfx_erspan_xmit+0x10/0x10 [ 204.336062][T12101] ? __pfx_lock_acquire+0x10/0x10 [ 204.341109][T12101] dev_hard_start_xmit+0x27a/0x7e0 [ 204.346251][T12101] sch_direct_xmit+0x2b6/0x5f0 [ 204.351056][T12101] ? __pfx_sch_direct_xmit+0x10/0x10 [ 204.356364][T12101] __dev_queue_xmit+0x1d3f/0x3e90 [ 204.361415][T12101] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 204.367409][T12101] ? __dev_queue_xmit+0x2da/0x3e90 [ 204.372540][T12101] ? __pfx___dev_queue_xmit+0x10/0x10 [ 204.377934][T12101] ? neigh_resolve_output+0x450/0x740 [ 204.383323][T12101] ? read_seqbegin+0x157/0x2b0 [ 204.388104][T12101] ? lockdep_hardirqs_on+0x99/0x150 [ 204.393346][T12101] ? read_seqbegin+0x208/0x2b0 [ 204.398130][T12101] ? __pfx_read_seqbegin+0x10/0x10 [ 204.403268][T12101] ? neigh_resolve_output+0x2e5/0x740 [ 204.408658][T12101] ? eth_header+0x11c/0x1f0 [ 204.413180][T12101] ? __asan_memcpy+0x40/0x70 [ 204.417790][T12101] ? eth_header+0x11c/0x1f0 [ 204.422315][T12101] ? __pfx_eth_header+0x10/0x10 [ 204.427181][T12101] ? neigh_resolve_output+0x61f/0x740 [ 204.432585][T12101] ip6_finish_output2+0xffa/0x1680 [ 204.437715][T12101] ? ip6_finish_output2+0x712/0x1680 [ 204.443014][T12101] ? nf_hook+0x9e/0x450 [ 204.447182][T12101] ? __pfx_ip6_finish_output2+0x10/0x10 [ 204.452748][T12101] ? ip6_mtu+0x81/0x3f0 [ 204.456931][T12101] ip6_finish_output+0x41e/0x810 [ 204.461889][T12101] ? rawv6_send_hdrinc+0xb7a/0x1890 [ 204.467100][T12101] rawv6_send_hdrinc+0xcfc/0x1890 [ 204.472146][T12101] ? __pfx_rawv6_send_hdrinc+0x10/0x10 [ 204.477616][T12101] ? ip6_dst_lookup_flow+0x13e/0x180 [ 204.482915][T12101] ? __pfx_dst_output+0x10/0x10 [ 204.487778][T12101] ? __pfx_ip6_dst_lookup_flow+0x10/0x10 [ 204.493419][T12101] ? aa_label_sk_perm+0x4f0/0x6d0 [ 204.498808][T12101] ? __lock_acquire+0x1346/0x1fd0 [ 204.503842][T12101] ? rawv6_sendmsg+0xfe9/0x23c0 [ 204.508709][T12101] rawv6_sendmsg+0x1962/0x23c0 [ 204.513502][T12101] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 204.518629][T12101] ? preempt_schedule_common+0x84/0xd0 [ 204.524108][T12101] ? aa_sk_perm+0x967/0xab0 [ 204.528632][T12101] ? inet_sendmsg+0x330/0x390 [ 204.533314][T12101] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 204.538608][T12101] ? security_socket_sendmsg+0x87/0xb0 [ 204.544086][T12101] __sock_sendmsg+0x1a6/0x270 [ 204.548778][T12101] sock_write_iter+0x2dd/0x400 [ 204.553557][T12101] ? __pfx_sock_write_iter+0x10/0x10 [ 204.558856][T12101] ? bpf_lsm_file_permission+0x9/0x10 [ 204.564241][T12101] ? security_file_permission+0x7f/0xa0 [ 204.569806][T12101] vfs_write+0xa72/0xc90 [ 204.574071][T12101] ? __pfx_sock_write_iter+0x10/0x10 [ 204.579367][T12101] ? __pfx_vfs_write+0x10/0x10 [ 204.584142][T12101] ? do_futex+0x392/0x560 [ 204.588503][T12101] ksys_write+0x1a0/0x2c0 [ 204.592849][T12101] ? __pfx_ksys_write+0x10/0x10 [ 204.597797][T12101] ? do_syscall_64+0x100/0x230 [ 204.602580][T12101] ? do_syscall_64+0xb6/0x230 [ 204.607286][T12101] do_syscall_64+0xf3/0x230 [ 204.611891][T12101] ? clear_bhb_loop+0x35/0x90 [ 204.616708][T12101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.624191][T12101] RIP: 0033:0x7f4986b75bd9 [ 204.628625][T12101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.648252][T12101] RSP: 002b:00007f498792d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 204.656681][T12101] RAX: ffffffffffffffda RBX: 00007f4986d03f60 RCX: 00007f4986b75bd9 [ 204.664678][T12101] RDX: 0000000000000028 RSI: 00000000200034c0 RDI: 0000000000000003 [ 204.672661][T12101] RBP: 00007f4986be4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 204.680644][T12101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 204.688628][T12101] R13: 000000000000000b R14: 00007f4986d03f60 R15: 00007ffea36ca148 [ 204.696618][T12101] [ 204.765367][T11642] ieee80211 phy30: Selected rate control algorithm 'minstrel_ht' [ 204.828545][ T2824] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.829731][T11642] ieee80211 phy31: Selected rate control algorithm 'minstrel_ht' [ 204.850390][ T2824] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.884949][T12101] netlink: 'syz.4.2333': attribute type 1 has an invalid length. [ 204.892820][ T7327] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.918539][ T7327] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.931746][T12101] __nla_validate_parse: 64 callbacks suppressed [ 204.931763][T12101] netlink: 9 bytes leftover after parsing attributes in process `syz.4.2333'. [ 204.952583][T12101] 0: renamed from hsr_slave_1 (while UP) [ 204.968232][T12101] 0: entered allmulticast mode [ 204.984026][T12101] A link change request failed with some changes committed already. Interface c0 may have been left with an inconsistent configuration, please check.