program: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x12, 0x3, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000010000010000000000000ded5bf76efa89dd0000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @cgroup_sock_addr=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff1}, 0x94) r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000c80)={r0, r2, 0xa, 0x0, @void}, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) timer_settime(0x0, 0x1, &(0x7f00000004c0)={{}, {0x77359400}}, 0x0) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e23, @private=0xa010101}}}, &(0x7f0000000080)=0x84) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f00000000c0)={r4, 0xa706, 0x3, [0x71, 0x1c, 0x400]}, 0xe) getsockopt$ARPT_SO_GET_INFO(r3, 0x0, 0x60, &(0x7f0000000500)={'filter\x00', 0x0, [0xf44f, 0x0, 0x2d]}, &(0x7f0000000580)=0x44) r5 = socket$inet_sctp(0x2, 0x0, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r5, 0x84, 0xf, &(0x7f00000003c0)={r4, @in={{0x2, 0x4e23, @remote}}, 0x7fff, 0x7fff, 0x2, 0x40, 0x73a3cc5a}, &(0x7f0000000480)=0x98) r6 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x41}}, &(0x7f0000000480)='GPL\x00'}, 0x90) renameat2(r2, &(0x7f00000005c0)='./file0\x00', r2, &(0x7f00000006c0)='./file0\x00', 0x7) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'ip6gre0\x00'}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x3c}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0x21, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffee9}, 0x94) r11 = socket$nl_route(0x10, 0x3, 0x0) r12 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) r13 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r13, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) ioctl$TUNSETIFF(r12, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) sendmsg$nl_route(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000740)=ANY=[@ANYBLOB="340000001000010827bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="80400100000001000c002b8008000100", @ANYRES32=r10, @ANYBLOB="0001000000000000764fd08e56e21b45200105e16a7930f01e97f7e068d6aee1bcc33aed466b6cd9c2d229e9f63aecf64b31558ac215135fc938d5f7abf02d4b11bfa00cb7bf08686adac940b310aafa0bbeefde622b8166bddd9144218a18b8d017543ab229508ef4fbfdb2416722dcec8c0d7f4d95df9996db142d92594221ecc04f7cb9029cd875b6d528bc35f781bb6c6174cb3b11a78b3e999fa9dc65efa1c85b412a19f8e4defe6f3539fdc28ee8a95f78292661d4"], 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) [ 88.738925][ T5323] Bluetooth: hci0: command tx timeout [ 88.904664][ T5347] bridge_slave_0: left allmulticast mode [ 88.910317][ T5347] bridge_slave_0: left promiscuous mode [ 88.913075][ T5347] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.927176][ T5347] bridge_slave_1: left allmulticast mode [ 88.929670][ T5347] bridge_slave_1: left promiscuous mode [ 88.942362][ T5347] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.960700][ T5347] bond0: (slave bond_slave_0): Releasing backup interface [ 88.974064][ T5347] bond0: (slave bond_slave_1): Releasing backup interface [ 88.989232][ T5347] team0: Port device team_slave_0 removed [ 88.999599][ T5347] team0: Port device team_slave_1 removed [ 89.003744][ T5347] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 89.007185][ T5347] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 89.012747][ T5347] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 89.015988][ T5347] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 89.021409][ T5347] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 89.028376][ T5351] ip6gre0: entered promiscuous mode [ 89.038042][ T5351] team0: Port device ip6gre0 added [ 89.048886][ T5346] team0: Port device ip6gre0 removed [ 89.067319][ T5346] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 89.080598][ T10] skbuff: skb_under_panic: text:ffffffff8a29dd38 len:136 put:40 head:ffff888041541000 data:ffff888041540fe8 tail:0x70 end:0x6c0 dev:team0 [ 89.094138][ T10] ------------[ cut here ]------------ [ 89.096597][ T10] kernel BUG at net/core/skbuff.c:213! [ 89.100158][ T5346] netlink: 8 bytes leftover after parsing attributes in process `syz.0.0'. [ 89.104364][ T10] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 89.107165][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT(full) [ 89.110953][ T10] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 89.115749][ T10] Workqueue: mld mld_ifc_work [ 89.117919][ T10] RIP: 0010:skb_panic+0x157/0x160 [ 89.120110][ T10] Code: c7 20 ac 8f 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 2e 6a f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 89.128474][ T10] RSP: 0018:ffffc900001c7280 EFLAGS: 00010282 [ 89.131095][ T10] RAX: 0000000000000087 RBX: dffffc0000000000 RCX: 8e9d0eab9bf1d800 [ 89.134528][ T10] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 89.137985][ T10] RBP: 00000000000006c0 R08: ffffc900001c6f87 R09: 1ffff92000038df0 [ 89.141315][ T10] R10: dffffc0000000000 R11: fffff52000038df1 R12: ffff88803edbd290 [ 89.144838][ T10] R13: ffff888041541000 R14: ffff888041540fe8 R15: 0000000000000070 [ 89.148334][ T10] FS: 0000000000000000(0000) GS:ffff88808d22a000(0000) knlGS:0000000000000000 [ 89.152308][ T10] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.155300][ T10] CR2: 00007f6b20398d20 CR3: 0000000011b69000 CR4: 0000000000352ef0 [ 89.158870][ T10] Call Trace: [ 89.160488][ T10] [ 89.161955][ T10] ? ip6gre_header+0xc8/0x790 [ 89.164074][ T10] ? ip6gre_header+0xc8/0x790 [ 89.166222][ T10] skb_push+0xc3/0xe0 [ 89.167998][ T10] ip6gre_header+0xc8/0x790 [ 89.170021][ T10] ? __pfx_ip6gre_header+0x10/0x10 [ 89.172303][ T10] ? read_seqbegin+0x1ac/0x250 [ 89.174460][ T10] ? __pfx_read_seqbegin+0x10/0x10 [ 89.176661][ T10] ? ___neigh_create+0x1c5f/0x2230 [ 89.179089][ T10] ? __pfx_ip6gre_header+0x10/0x10 [ 89.181641][ T10] neigh_connected_output+0x286/0x460 [ 89.184282][ T10] ip6_finish_output2+0xfb3/0x1480 [ 89.186676][ T10] ? __pfx_ip6_finish_output2+0x10/0x10 [ 89.189161][ T10] ? ip6_mtu+0x7d/0x490 [ 89.191031][ T10] ? ip6_mtu+0x7d/0x490 [ 89.192902][ T10] ip6_finish_output+0x234/0x7d0 [ 89.195095][ T10] ? ip6_output+0x126/0x550 [ 89.197054][ T10] ip6_output+0x340/0x550 [ 89.199227][ T10] NF_HOOK+0x9e/0x380 [ 89.201247][ T10] ? NF_HOOK+0x101/0x380 [ 89.203236][ T10] ? __pfx_NF_HOOK+0x10/0x10 [ 89.205532][ T10] ? __pfx_dst_output+0x10/0x10 [ 89.207761][ T10] ? icmp6_dst_alloc+0x3a5/0x420 [ 89.209947][ T10] ? icmp6_dst_alloc+0x3a5/0x420 [ 89.212081][ T10] mld_sendpack+0x8d4/0xe60 [ 89.214105][ T10] ? mld_sendpack+0x1e7/0xe60 [ 89.216199][ T10] ? __pfx_mld_sendpack+0x10/0x10 [ 89.218408][ T10] mld_ifc_work+0x83e/0xd60 [ 89.220447][ T10] ? _raw_spin_unlock_irq+0x23/0x50 [ 89.223075][ T10] ? process_scheduled_works+0x9ef/0x1770 [ 89.225953][ T10] process_scheduled_works+0xad1/0x1770 [ 89.228385][ T10] ? __pfx_process_scheduled_works+0x10/0x10 [ 89.231051][ T10] worker_thread+0x8a0/0xda0 [ 89.233150][ T10] kthread+0x711/0x8a0 [ 89.234993][ T10] ? __pfx_worker_thread+0x10/0x10 [ 89.237338][ T10] ? __pfx_kthread+0x10/0x10 [ 89.239697][ T10] ? _raw_spin_unlock_irq+0x23/0x50 [ 89.242145][ T10] ? lockdep_hardirqs_on+0x98/0x140 [ 89.244737][ T10] ? __pfx_kthread+0x10/0x10 [ 89.246647][ T10] ret_from_fork+0x599/0xb30 [ 89.248549][ T10] ? __pfx_ret_from_fork+0x10/0x10 [ 89.250624][ T10] ? __pfx_kthread+0x10/0x10 [ 89.252520][ T10] ret_from_fork_asm+0x1a/0x30 [ 89.254435][ T10] [ 89.255714][ T10] Modules linked in: [ 89.257831][ T10] ---[ end trace 0000000000000000 ]--- [ 89.375186][ T10] RIP: 0010:skb_panic+0x157/0x160 [ 89.377493][ T10] Code: c7 20 ac 8f 8c 48 8b 74 24 08 48 8b 54 24 10 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 55 41 57 41 56 e8 2e 6a f5 ff 48 83 c4 20 90 <0f> 0b cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 89.406818][ T10] RSP: 0018:ffffc900001c7280 EFLAGS: 00010282 [ 89.414488][ T10] RAX: 0000000000000087 RBX: dffffc0000000000 RCX: 8e9d0eab9bf1d800 [ 89.423891][ T10] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 89.427619][ T10] RBP: 00000000000006c0 R08: ffffc900001c6f87 R09: 1ffff92000038df0 [ 89.431868][ T10] R10: dffffc0000000000 R11: fffff52000038df1 R12: ffff88803edbd290 [ 89.435162][ T10] R13: ffff888041541000 R14: ffff888041540fe8 R15: 0000000000000070 [ 89.438614][ T10] FS: 0000000000000000(0000) GS:ffff88808d22a000(0000) knlGS:0000000000000000 [ 89.442787][ T10] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.445633][ T10] CR2: 00007f6b20475218 CR3: 00000000115d2000 CR4: 0000000000352ef0 [ 89.449604][ T10] Kernel panic - not syncing: Fatal exception [ 89.452761][ T10] Kernel Offset: disabled [ 89.454795][ T10] Rebooting in 86400 seconds..