last executing test programs: 1.440659387s ago: executing program 3 (id=7): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0xff90}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.423385317s ago: executing program 2 (id=3): r0 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r1, @ANYBLOB="0200000000008000740012000800010076746936"], 0xa0}}, 0x0) r2 = socket(0x10, 0x3, 0x0) r3 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r3, &(0x7f0000000600)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000040)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ssrr={0x89, 0x7, 0x4, [@local]}]}}}, @ip_tos_u8={{0x11}}], 0x30}, 0x0) r4 = socket$inet_sctp(0x2, 0x400000000001, 0x84) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)) sendto$inet(r4, &(0x7f00000000c0)='!', 0x1, 0x0, &(0x7f0000000080)={0x2, 0x0, @private=0xa010100}, 0x10) listen(r4, 0xda8c) accept4(r4, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x400000000000235, 0x0) write$binfmt_script(r2, &(0x7f0000000040)={'#! ', './file0', [{0x20, '$]+\r:(-]'}, {0x20, ')-'}, {0x20, '$:.'}], 0xa, "aad42c41442b3cc1fc57f6f20e1a2ef3ef28b05e1f03c9e81d42e6422abf574135e822a3a8c4cbd64df066e706d5d4e9a22bfe2761633b21d87cfa8f11ada094e18a761e0300"}, 0x61) socket(0x10, 0x803, 0x0) (async) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r1, @ANYBLOB="0200000000008000740012000800010076746936"], 0xa0}}, 0x0) (async) socket(0x10, 0x3, 0x0) (async) socket$inet(0x2, 0x2, 0x1) (async) sendmsg$inet(r3, &(0x7f0000000600)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000040)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ssrr={0x89, 0x7, 0x4, [@local]}]}}}, @ip_tos_u8={{0x11}}], 0x30}, 0x0) (async) socket$inet_sctp(0x2, 0x400000000001, 0x84) (async) epoll_create1(0x0) (async) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000040)) (async) sendto$inet(r4, &(0x7f00000000c0)='!', 0x1, 0x0, &(0x7f0000000080)={0x2, 0x0, @private=0xa010100}, 0x10) (async) listen(r4, 0xda8c) (async) accept4(r4, 0x0, 0x0, 0x0) (async) sendmmsg(r2, &(0x7f0000000000), 0x400000000000235, 0x0) (async) write$binfmt_script(r2, &(0x7f0000000040)={'#! ', './file0', [{0x20, '$]+\r:(-]'}, {0x20, ')-'}, {0x20, '$:.'}], 0xa, "aad42c41442b3cc1fc57f6f20e1a2ef3ef28b05e1f03c9e81d42e6422abf574135e822a3a8c4cbd64df066e706d5d4e9a22bfe2761633b21d87cfa8f11ada094e18a761e0300"}, 0x61) (async) 1.263612558s ago: executing program 3 (id=8): shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, 0x0, &(0x7f0000000040)) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000180)=@ethtool_cmd={0x3d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x11a, 0x3, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) 1.079183994s ago: executing program 3 (id=9): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000080)={'filter\x00', 0x7, 0x4, 0x3c8, 0x2e0, 0x0, 0x2e0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@MARK={0x28}}, {{@arp={@rand_addr, @local, 0x0, 0x0, 0x0, 0x0, {@mac}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth1\x00', 'veth0_to_batadv\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @mac=@remote, @dev, @broadcast}}}, {{@arp={@broadcast, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac}, {@mac=@broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'macvlan0\x00', 'sit0\x00'}, 0xc0, 0xe8}, @unspec=@NFQUEUE0={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x60, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x60}}, 0x0) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0}, 0x90) (async) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) socket$nl_route(0x10, 0x3, 0x0) (async) socket(0x10, 0x803, 0x0) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="180000002600000006000000000000000700000078f08ec5e70fed7d001239a3f1a1f4b5b68b390e6710e7e5efbe44d8615b89110f91b0f6120a584b3785527ab277cc87926255eecd38143be0219da7d3f9021922e3c2808a", @ANYRES32=0x0], 0x18}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x3, 0x3800, 0x3f}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x10, 0x48}, [@ldst={0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x80ffffff}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) r2 = socket(0x23, 0x5, 0x0) (async) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r3, &(0x7f0000000000)={0x27}, 0x62) unshare(0x400) (async) listen(r3, 0x0) (async) ppoll(&(0x7f00000002c0)=[{r3}], 0x1, &(0x7f0000000300)={0x0, 0x3938700}, 0x0, 0x0) (async) getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000540)=0x1, &(0x7f0000000580)=0x4) (async) getsockopt$nfc_llcp(r2, 0x113, 0x0, 0x0, 0x692d84746b19a7c5) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x4, 0xc, 0x1000}, 0x48) 1.078318937s ago: executing program 4 (id=5): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x80000000, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xf, 0x0, 0x7, 0x0, 0x0, 0x2, 0x21, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.050554549s ago: executing program 2 (id=10): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x1, 0x5865, 0x0, {0x0, 0x0, 0x74, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_FWD_MASK={0x6, 0x9, 0x6}]}}}]}, 0x3c}}, 0x0) 965.55931ms ago: executing program 0 (id=1): r0 = socket$inet6(0xa, 0x2, 0x0) socket$unix(0x1, 0x5, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)) socket$netlink(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket(0x1d, 0x2, 0x6) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$FS_IOC_GETFLAGS(r1, 0x80086601, &(0x7f0000000040)) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000000), 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, 0x0, 0x800) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x5c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}]}, @NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc}, @NFTA_COUNTER_PACKETS={0xc}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xa4}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmmsg$inet(r0, &(0x7f00000008c0), 0x0, 0x0) 819.321041ms ago: executing program 3 (id=11): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, &(0x7f0000000800), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000001c0)={0x0, 0x4, 0x0, 0x0, @vifc_lcl_ifindex, @loopback}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x6}, @NFTA_CT_DREG={0x8}, @NFTA_CT_DIRECTION={0x5}]}}}]}, @NFTA_RULE_CHAIN={0x0, 0x2, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}, 0x1, 0x0, 0x0, 0x4}, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x5c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWCHAIN={0x30, 0x3, 0xa, 0x103, 0x60, 0x0, {0x2}, [@NFTA_CHAIN_ID={0x8}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x4}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x74, 0xe}}, 0x58}}, 0x0) r4 = socket(0x10, 0x802, 0x0) r5 = socket$unix(0x1, 0x2, 0x0) bind$unix(r5, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r6 = socket$unix(0x1, 0x2, 0x0) connect$unix(r6, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r6, &(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) write(r4, &(0x7f0000000640)="fc00000018000703ab092500090007000a070200000000020000369321000100f9e553b40005d0000000000000b7550c8292773411419da79bb94be2e0b2c5d157089446d0b90000bc000500ff006c6c256f1a272f2e118934d07302ad031720d7d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70c9ddefefe082083e9a9199d3ef3d92c83170e5bba4a463ae4f5566f91cf190201ded875b2ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48f841f99080548deac270e33429fd3004275e63fb8d38a873cf1587c3b4100"/252, 0xfc) syz_open_procfs$namespace(0x0, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f0000000fc0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x10, &(0x7f0000000080)=@framed={{}, [@snprintf={{}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r7}, 0xc) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10, r8, 0x0) syz_init_net_socket$ax25(0x3, 0x3, 0x0) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000040)=0x8, 0x4) syz_emit_ethernet(0x7a, &(0x7f00000009c0)={@random="856b1200ffff", @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "381f34", 0x44, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8100}}}}}}}, 0x0) 818.776054ms ago: executing program 4 (id=12): r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000029000)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) (async) r4 = socket$can_j1939(0x1d, 0x2, 0x7) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)={0x14, r7, 0x301, 0x0, 0x0, {0x1c}}, 0x14}}, 0x0) (async) r8 = socket$inet6(0xa, 0x805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1}]}, &(0x7f00000002c0)=0x10) (async) sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) getsockopt$bt_hci(r8, 0x84, 0xe, &(0x7f0000000080)=""/4076, &(0x7f0000000040)=0xfec) r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) (async, rerun: 64) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) (rerun: 64) sendmsg$BATADV_CMD_SET_VLAN(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x24, r9, 0x1, 0x400000, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r10}, @BATADV_ATTR_VLANID={0x6}]}, 0x24}}, 0x0) bind$packet(r1, &(0x7f0000000180)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) (async) getsockname$packet(r1, &(0x7f00000015c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000700)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x6558, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3800000054000147880000000000000007008209", @ANYRES32=r11, @ANYBLOB="20000100", @ANYRES32=r13, @ANYBLOB="00001000e000030000010001000000000000000008"], 0x38}}, 0x0) (async) r14 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r14, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[], 0x14c}}, 0x0) (async, rerun: 64) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) (async, rerun: 64) r15 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000400)="3f4e55f1", 0x4) (async) sendto$unix(r15, &(0x7f0000000080), 0xffffff9d, 0x0, 0x0, 0x0) (async) recvfrom(r15, &(0x7f00000030c0)=""/4117, 0xffffffffffffffbf, 0x0, 0x0, 0xffffffffffffff54) (async, rerun: 32) sendmmsg$unix(r15, &(0x7f0000005c40)=[{{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f00000001c0)=',', 0x1}], 0x1}}], 0x1, 0x0) (async, rerun: 32) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 805.405823ms ago: executing program 2 (id=13): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6(0xa, 0x6, 0x1) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev}, 0x1c) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000180), 0x2000) r2 = openat$cgroup_ro(r1, &(0x7f00000001c0)='cpuset.effective_cpus\x00', 0x26e1, 0x0) close(r2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x5, 0x2}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0xfffffffffffffc2b}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a80)={{r6}, &(0x7f0000000a00), &(0x7f0000000a40)=r5}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r6}, &(0x7f0000000880), &(0x7f00000008c0)=r5}, 0x20) r7 = socket$nl_generic(0x10, 0x3, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) unshare(0x6020400) ioctl$FICLONERANGE(r7, 0x4020940d, &(0x7f00000016c0)={{r8}}) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SEG6_CMD_DUMPHMAC(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, 0x0, 0x200}, 0x14}}, 0x0) write$cgroup_subtree(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="80fd"], 0x9) gettid() getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000640)={{{@in6=@mcast1, @in6=@private1}}, {{@in=@multicast2}, 0x0, @in6=@private0}}, &(0x7f00000002c0)=0xe8) 754.249953ms ago: executing program 1 (id=2): listen(0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00'}, 0x10) setsockopt$sock_attach_bpf(r0, 0x1, 0x10, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000180)}], 0x1}, 0x20000801) recvmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40002002) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000cc0)={'wlan0\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000e40)={0x0, 0xd, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="2508007a0000000000000700000008000300", @ANYRES32=r3, @ANYBLOB="1400140064756d6d7930000000000000000000001400040076657468315f746f5f626f016400000005005300010000000800050004"], 0x54}}, 0x0) 615.389608ms ago: executing program 0 (id=14): sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x4000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) (async, rerun: 64) sendmsg$NFT_BATCH(r0, 0x0, 0x0) (rerun: 64) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, 0x0, 0x0) (async) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) write$cgroup_int(r4, 0x0, 0x0) (async) r5 = socket$nl_route(0x10, 0x3, 0x0) (async) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'bond0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x61, &(0x7f0000000040)={&(0x7f0000000480)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0xb}}}]}, 0x48}}, 0x0) (async, rerun: 64) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, r4, 0x0) (rerun: 64) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x10, &(0x7f0000000000)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r8}}]}, &(0x7f0000000300)='GPL\x00', 0xd, 0xff7, &(0x7f0000001e00)=""/4087}, 0x90) (async) r9 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r9, 0x10d, 0x0, 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) r10 = socket$inet6_udp(0xa, 0x2, 0x0) (async) r11 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r11, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, r10, {0x2, 0x0, @multicast1}, 0x1}}, 0x2e) (async) r12 = socket$pppl2tp(0x18, 0x1, 0x1) socket$xdp(0x2c, 0x3, 0x0) (async) connect$pppl2tp(r12, &(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, r10, 0x80006, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x3a) (async) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000400)=@newlink={0x54, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x10, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_INGRESS_QOS={0x4}]}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_BROADCAST={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}]}, 0x54}}, 0x0) 560.620309ms ago: executing program 4 (id=15): accept4$x25(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_SET_VLAN(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000032c0)={'syztnl2\x00', &(0x7f0000003240)={'ip_vti0\x00', 0x0, 0x25, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x8, 0x14, 0x65, 0x0, 0x1, 0x2f, 0x0, @remote, @broadcast}}}}) 475.814173ms ago: executing program 1 (id=16): socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffffdd, 0xa}, [@ldst={0x3, 0x2, 0x3, 0x1c10a1, 0x0, 0xffffffffffffffc0}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x37, 0xffffffffffffffff, 0x19, &(0x7f0000000000)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000000)={0x2}, 0x10}, 0x90) socket$inet6(0x10, 0x3, 0x0) socket$inet6(0x10, 0x3, 0x0) socket$alg(0x26, 0x5, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_rdma(0x10, 0x3, 0x14) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000040)={0x20, 0x10, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd=r1}, @typed={0x8, 0x0, 0x0, 0x0, @fd}]}, 0x20}], 0x1}, 0x0) 429.392191ms ago: executing program 0 (id=17): socket$packet(0x11, 0xa, 0x300) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'syz_tun\x00'}]}]}]}], {0x14}}, 0x80}}, 0x0) syz_emit_ethernet(0x32, &(0x7f0000001500)={@local, @random="bf7d132b5a64", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0x600, @empty}, {0x0, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0) 243.165931ms ago: executing program 0 (id=18): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180100000100a7d90000000000000000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) write(r0, &(0x7f0000000340)="4100000001000c", 0x7) 199.629315ms ago: executing program 2 (id=19): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000180)={0x0, 0xd00, &(0x7f0000000140)={&(0x7f0000000080)={0x28, 0x4, 0x6, 0x3, 0x0, 0x3000000, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x0) 164.665151ms ago: executing program 3 (id=20): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000580)={r1, 0xf, 0x0, 0x2, 0x0, 0x0, 0x0, 0xc00d, 0x0, 0x0, 0x0, 0x0}, 0x50) 160.415879ms ago: executing program 1 (id=21): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x10, &(0x7f0000000000)=@framed={{}, [@snprintf={{}, {0x3, 0x3, 0x6, 0x2, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x69}}]}, &(0x7f0000000300)='GPL\x00'}, 0x90) r2 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000500)='./cgroup.net/syz1\x00', 0x1ff) sendmsg$inet(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000009c0)='m ', 0x2}], 0x1}, 0x4000005) recvmsg$unix(r3, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x10002) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$BTRFS_IOC_SEND(r3, 0x40489426, &(0x7f0000000280)={{r5}, 0x7, &(0x7f0000000200)=[0x3, 0x2, 0xf37, 0x1, 0xf65a, 0x3, 0xdd], 0x8f3b, 0x5}) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0xcd, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000001f40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f00000007c0)='skb_copy_datagram_iovec\x00', r7}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@struct={0x2}]}, {0x0, [0x0, 0x61, 0x2e]}}, 0x0, 0x29}, 0x20) sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x30, 0x2a, 0x9, 0x0, 0x0, {0x4, 0x0, 0x2c00}, [@typed={0x14, 0x16, 0x0, 0x0, @ipv6=@loopback}, @typed={0x8, 0xc, 0x0, 0x0, @fd=r0}]}, 0x30}, 0x1, 0x3000000}, 0x0) 51.380214ms ago: executing program 4 (id=22): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newtaction={0x6c, 0x30, 0x9, 0x0, 0x0, {}, [{0x58, 0x1, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x20000000}, 0x3}}, @TCA_VLAN_PUSH_VLAN_ID={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) (async) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)={0x4c, r2, 0x1, 0x0, 0x0, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8}, {0xfffffde2, 0x11, 0x5}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4010}, 0x4000040) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000040)={'filter\x00', 0x7, 0x4, 0x3f8, 0x210, 0x100, 0x100, 0x310, 0x310, 0x310, 0x4, 0x0, {[{{@arp={@dev, @multicast1, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_hsr\x00', 'syz_tun\x00', {}, {}, 0x2}, 0xc0, 0x100}, @unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "e22a239a6bb651a9837df08bc7f880efe7126f5d56b33dd54f5db150ee26"}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac, @mac=@broadcast, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, {{@arp={@local, @local, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@dev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'batadv_slave_1\x00', 'erspan0\x00'}, 0xc0, 0x100}, @unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "9695d92849c79fac2d070731112f73924a493f1567e5d8b4cd2c5f35f67b"}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x448) (async) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x8, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="7800000039000900000000000000000001000000040000000c000180cafc00000547000008000200000009004c0007"], 0x78}}, 0x0) 9.877141ms ago: executing program 3 (id=23): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x4}, 0x10) close(r0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x2, 0x0, 0xff81}, [@call={0x85, 0x0, 0x0, 0xa0}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 4.841307ms ago: executing program 0 (id=24): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000480)={{0x10, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x3}, {0x0, [0x1e]}}, &(0x7f0000001f40)=""/4096, 0x1b, 0x1000, 0xa}, 0x20) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)={{0x14}, [@NFT_MSG_DELRULE={0x38, 0x6, 0xa, 0x135cfb4307d517, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x2}]}], {0x14}}, 0x60}}, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0xb001, 0x4, 0x3c0, 0x1f0, 0x0, 0x0, 0x2d8, 0x2d8, 0x2d8, 0x7fffffe, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x1f0}}, {{@uncond, 0xc0, 0x108, 0x0, {0x0, 0x1e03}}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@MARK={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x410) 0s ago: executing program 2 (id=25): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newlink={0x4c, 0x10, 0x409, 0x300, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x14, 0x5, 0x0, 0x1, [@IFLA_BRPORT_STATE={0x5}, @IFLA_BRPORT_LEARNING={0x5}]}}}]}, 0x4c}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.245' (ED25519) to the list of known hosts. [ 51.306444][ T5081] cgroup: Unknown subsys name 'net' [ 51.470018][ T5081] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 52.896410][ T5081] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 55.994209][ T5092] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 56.009104][ T5092] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 56.016886][ T5092] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 56.024963][ T5092] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 56.033981][ T5092] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 56.041645][ T5092] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 56.049102][ T5092] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 56.057541][ T5092] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 56.065391][ T5092] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 56.072987][ T5092] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 56.081809][ T5097] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 56.090748][ T5092] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 56.132621][ T5092] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 56.143163][ T5092] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 56.153596][ T5105] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 56.162196][ T5105] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 56.170415][ T5105] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 56.179540][ T5105] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 56.196776][ T5105] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 56.213100][ T5105] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 56.220628][ T4493] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 56.229760][ T4493] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 56.238422][ T4493] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 56.241732][ T5105] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 56.250421][ T4493] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 56.253763][ T5105] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 56.260534][ T4493] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 56.267392][ T5105] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 56.280652][ T5105] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 56.285329][ T4493] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 56.635990][ T5094] chnl_net:caif_netlink_parms(): no params data found [ 56.756683][ T5090] chnl_net:caif_netlink_parms(): no params data found [ 56.844418][ T5099] chnl_net:caif_netlink_parms(): no params data found [ 56.908874][ T5094] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.916146][ T5094] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.923674][ T5094] bridge_slave_0: entered allmulticast mode [ 56.931326][ T5094] bridge_slave_0: entered promiscuous mode [ 56.961412][ T5094] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.968682][ T5094] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.975989][ T5094] bridge_slave_1: entered allmulticast mode [ 56.983606][ T5094] bridge_slave_1: entered promiscuous mode [ 57.058029][ T5103] chnl_net:caif_netlink_parms(): no params data found [ 57.088517][ T5094] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.097924][ T5090] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.105536][ T5090] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.113352][ T5090] bridge_slave_0: entered allmulticast mode [ 57.120291][ T5090] bridge_slave_0: entered promiscuous mode [ 57.128024][ T5090] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.135243][ T5090] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.143098][ T5090] bridge_slave_1: entered allmulticast mode [ 57.149794][ T5090] bridge_slave_1: entered promiscuous mode [ 57.169250][ T5100] chnl_net:caif_netlink_parms(): no params data found [ 57.198098][ T5094] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.249409][ T5099] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.256844][ T5099] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.264343][ T5099] bridge_slave_0: entered allmulticast mode [ 57.271644][ T5099] bridge_slave_0: entered promiscuous mode [ 57.308514][ T5099] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.316149][ T5099] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.324004][ T5099] bridge_slave_1: entered allmulticast mode [ 57.332036][ T5099] bridge_slave_1: entered promiscuous mode [ 57.348399][ T5090] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.360637][ T5090] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.393797][ T5094] team0: Port device team_slave_0 added [ 57.451312][ T5094] team0: Port device team_slave_1 added [ 57.457507][ T5100] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.465046][ T5100] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.473013][ T5100] bridge_slave_0: entered allmulticast mode [ 57.479696][ T5100] bridge_slave_0: entered promiscuous mode [ 57.489418][ T5099] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.531565][ T5100] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.538698][ T5100] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.549883][ T5100] bridge_slave_1: entered allmulticast mode [ 57.556577][ T5100] bridge_slave_1: entered promiscuous mode [ 57.576664][ T5099] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.588687][ T5090] team0: Port device team_slave_0 added [ 57.596866][ T5090] team0: Port device team_slave_1 added [ 57.603644][ T5103] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.610840][ T5103] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.617955][ T5103] bridge_slave_0: entered allmulticast mode [ 57.625247][ T5103] bridge_slave_0: entered promiscuous mode [ 57.633757][ T5103] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.640953][ T5103] bridge0: port 2(bridge_slave_1) entered disabled state [ 57.648113][ T5103] bridge_slave_1: entered allmulticast mode [ 57.655473][ T5103] bridge_slave_1: entered promiscuous mode [ 57.715643][ T5094] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.722713][ T5094] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.749338][ T5094] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.762936][ T5094] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.769890][ T5094] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.795918][ T5094] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.809564][ T5100] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.822730][ T5100] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 57.867550][ T5103] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 57.894088][ T5099] team0: Port device team_slave_0 added [ 57.900564][ T5090] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 57.907579][ T5090] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.933986][ T5090] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 57.946931][ T5090] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 57.953962][ T5090] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 57.979923][ T5090] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 57.993292][ T5103] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.026751][ T5100] team0: Port device team_slave_0 added [ 58.035216][ T5099] team0: Port device team_slave_1 added [ 58.086101][ T5103] team0: Port device team_slave_0 added [ 58.094222][ T5100] team0: Port device team_slave_1 added [ 58.137326][ T5094] hsr_slave_0: entered promiscuous mode [ 58.145951][ T5094] hsr_slave_1: entered promiscuous mode [ 58.154930][ T5103] team0: Port device team_slave_1 added [ 58.161531][ T5105] Bluetooth: hci0: command tx timeout [ 58.165787][ T4493] Bluetooth: hci1: command tx timeout [ 58.188391][ T5099] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.195506][ T5099] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.222487][ T5099] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.236682][ T5099] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.243926][ T4493] Bluetooth: hci2: command tx timeout [ 58.243981][ T5099] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.275639][ T5099] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.302775][ T5100] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.309737][ T5100] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.336096][ T4493] Bluetooth: hci3: command tx timeout [ 58.336114][ T5105] Bluetooth: hci4: command tx timeout [ 58.341170][ T5100] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.360859][ T5100] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.367805][ T5100] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.394379][ T5100] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.431540][ T5090] hsr_slave_0: entered promiscuous mode [ 58.438165][ T5090] hsr_slave_1: entered promiscuous mode [ 58.444948][ T5090] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.453044][ T5090] Cannot create hsr debugfs directory [ 58.459086][ T5103] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.467016][ T5103] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.493902][ T5103] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.549238][ T5103] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.556478][ T5103] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.582567][ T5103] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.649751][ T5100] hsr_slave_0: entered promiscuous mode [ 58.656421][ T5100] hsr_slave_1: entered promiscuous mode [ 58.664262][ T5100] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.672132][ T5100] Cannot create hsr debugfs directory [ 58.681153][ T5099] hsr_slave_0: entered promiscuous mode [ 58.687336][ T5099] hsr_slave_1: entered promiscuous mode [ 58.693537][ T5099] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.701193][ T5099] Cannot create hsr debugfs directory [ 58.787104][ T5103] hsr_slave_0: entered promiscuous mode [ 58.793848][ T5103] hsr_slave_1: entered promiscuous mode [ 58.800640][ T5103] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 58.808336][ T5103] Cannot create hsr debugfs directory [ 59.190803][ T5094] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 59.210642][ T5094] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 59.225360][ T5094] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 59.241706][ T5094] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 59.264953][ T5099] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.293476][ T5099] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.306349][ T5099] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.334863][ T5099] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.368987][ T5100] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 59.384399][ T5100] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 59.404802][ T5100] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 59.432212][ T5100] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 59.506718][ T5090] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 59.516738][ T5090] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 59.527440][ T5090] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 59.539021][ T5090] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 59.646136][ T5103] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 59.676308][ T5103] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 59.687768][ T5103] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 59.699592][ T5103] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 59.801632][ T5094] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.817408][ T5099] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.862754][ T5094] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.874804][ T5100] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.934435][ T5142] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.941879][ T5142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.963299][ T5099] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.987731][ T5090] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.996510][ T5140] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.003671][ T5140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.013373][ T5140] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.020530][ T5140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.042587][ T5100] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.077197][ T5143] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.084504][ T5143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.094505][ T5143] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.101649][ T5143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.148229][ T5090] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.174778][ T5140] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.181925][ T5140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.225075][ T5103] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.240269][ T4493] Bluetooth: hci0: command tx timeout [ 60.240285][ T5105] Bluetooth: hci1: command tx timeout [ 60.244951][ T5140] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.258158][ T5140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.269293][ T5140] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.276462][ T5140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.317320][ T5103] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.340410][ T4493] Bluetooth: hci2: command tx timeout [ 60.349624][ T5140] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.356784][ T5140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.396263][ T5099] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.406859][ T4493] Bluetooth: hci4: command tx timeout [ 60.410596][ T4493] Bluetooth: hci3: command tx timeout [ 60.448820][ T5140] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.455993][ T5140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.489629][ T5100] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 60.879471][ T5094] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.959101][ T5099] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.999168][ T5090] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.038215][ T5094] veth0_vlan: entered promiscuous mode [ 61.058138][ T5100] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.086641][ T5094] veth1_vlan: entered promiscuous mode [ 61.131303][ T5103] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.178655][ T5090] veth0_vlan: entered promiscuous mode [ 61.219736][ T5090] veth1_vlan: entered promiscuous mode [ 61.232626][ T5099] veth0_vlan: entered promiscuous mode [ 61.242786][ T5094] veth0_macvtap: entered promiscuous mode [ 61.267994][ T5094] veth1_macvtap: entered promiscuous mode [ 61.319922][ T5099] veth1_vlan: entered promiscuous mode [ 61.374778][ T5103] veth0_vlan: entered promiscuous mode [ 61.390859][ T5090] veth0_macvtap: entered promiscuous mode [ 61.399209][ T5094] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.427461][ T5090] veth1_macvtap: entered promiscuous mode [ 61.436030][ T5094] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.470479][ T5094] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.479338][ T5094] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.488480][ T5094] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.497899][ T5094] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.516377][ T5103] veth1_vlan: entered promiscuous mode [ 61.543793][ T5100] veth0_vlan: entered promiscuous mode [ 61.582016][ T5100] veth1_vlan: entered promiscuous mode [ 61.606807][ T5099] veth0_macvtap: entered promiscuous mode [ 61.615404][ T5090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.626068][ T5090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.637715][ T5090] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.649473][ T5090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 61.661690][ T5090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.673895][ T5090] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.713208][ T5103] veth0_macvtap: entered promiscuous mode [ 61.723551][ T5099] veth1_macvtap: entered promiscuous mode [ 61.753523][ T5100] veth0_macvtap: entered promiscuous mode [ 61.782025][ T5090] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.790961][ T5090] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.799624][ T5090] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.809004][ T5090] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.819685][ T5103] veth1_macvtap: entered promiscuous mode [ 61.833427][ T5100] veth1_macvtap: entered promiscuous mode [ 61.857889][ T5099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.872735][ T5099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.882648][ T5099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.893563][ T5099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.906550][ T5099] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.941667][ T5100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.952305][ T5100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.962510][ T5100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.974912][ T5100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.985293][ T5100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.997017][ T5100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.008213][ T5100] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.022173][ T5099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.032822][ T5099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.043010][ T5099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.053952][ T5099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.065419][ T5099] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.076062][ T5099] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.080688][ T2879] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.093186][ T5099] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.104253][ T5099] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.113493][ T5099] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.122293][ T2879] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.127377][ T5100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.142771][ T5100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.152702][ T5100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.164023][ T5100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.174082][ T5100] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.184793][ T5100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.195796][ T5100] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.206721][ T5103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.217563][ T5103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.227696][ T5103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.238287][ T5103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.248208][ T5103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.258730][ T5103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.268641][ T5103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.279141][ T5103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.291094][ T5103] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.317861][ T5100] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.326733][ T4493] Bluetooth: hci1: command tx timeout [ 62.331217][ T4493] Bluetooth: hci0: command tx timeout [ 62.337334][ T5100] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.346746][ T5100] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.355576][ T5100] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.394046][ T2879] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.403618][ T2879] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.410700][ T4493] Bluetooth: hci2: command tx timeout [ 62.464765][ T5103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.475765][ T5103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.490638][ T4493] Bluetooth: hci3: command tx timeout [ 62.490715][ T5105] Bluetooth: hci4: command tx timeout [ 62.500380][ T5103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.512032][ T5103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.522606][ T5103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.533097][ T5103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.542994][ T5103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.553707][ T5103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.565400][ T5103] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.611444][ T5103] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.626576][ T5103] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.635648][ T5103] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.645186][ T5103] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.682003][ T2828] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.693874][ T2828] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.803720][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.806817][ T2828] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.820350][ T2828] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.828689][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.908890][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.918807][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.012666][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.039376][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.139024][ T2828] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.169880][ T2828] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.185477][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.242711][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.288293][ T5185] sctp: failed to load transform for md5: -2 [ 63.434275][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.479815][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.506790][ T5197] x_tables: duplicate underflow at hook 1 [ 63.727555][ T5207] pimreg: entered allmulticast mode [ 63.828710][ T5207] netlink: 24 bytes leftover after parsing attributes in process `syz.3.11'. [ 63.842734][ T5213] netlink: 'syz.1.2': attribute type 20 has an invalid length. [ 63.940606][ T5207] netlink: 188 bytes leftover after parsing attributes in process `syz.3.11'. [ 63.982471][ T5207] pimreg: left allmulticast mode [ 64.039386][ T5214] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 64.338614][ T5239] Bluetooth: MGMT ver 1.22 [ 64.405760][ T5105] Bluetooth: hci0: command tx timeout [ 64.405886][ T4493] Bluetooth: hci1: command tx timeout [ 64.480855][ T4493] Bluetooth: hci2: command tx timeout [ 64.493273][ T5247] netlink: 8 bytes leftover after parsing attributes in process `syz.4.22'. [ 64.550202][ T5251] netlink: 'syz.4.22': attribute type 7 has an invalid length. [ 64.560602][ T4493] Bluetooth: hci3: command tx timeout [ 64.565225][ T5105] Bluetooth: hci4: command tx timeout [ 64.566842][ T5253] netlink: 'syz.1.21': attribute type 11 has an invalid length. [ 64.601424][ T5141] ================================================================== [ 64.609521][ T5141] BUG: KASAN: slab-use-after-free in nf_tables_trans_destroy_work+0x152b/0x1750 [ 64.618559][ T5141] Read of size 2 at addr ffff8880166a19c4 by task kworker/1:4/5141 [ 64.626450][ T5141] [ 64.628777][ T5141] CPU: 1 PID: 5141 Comm: kworker/1:4 Not tainted 6.10.0-rc5-syzkaller-01209-gaa77b1128016 #0 [ 64.638932][ T5141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 64.649037][ T5141] Workqueue: events nf_tables_trans_destroy_work [ 64.655389][ T5141] Call Trace: [ 64.658668][ T5141] [ 64.661603][ T5141] dump_stack_lvl+0x241/0x360 [ 64.666301][ T5141] ? __pfx_dump_stack_lvl+0x10/0x10 [ 64.671512][ T5141] ? __pfx__printk+0x10/0x10 [ 64.676111][ T5141] ? _printk+0xd5/0x120 [ 64.677408][ T5251] Κό: entered promiscuous mode [ 64.680256][ T5141] ? __virt_addr_valid+0x183/0x520 [ 64.680284][ T5141] ? __virt_addr_valid+0x183/0x520 [ 64.680306][ T5141] print_report+0x169/0x550 [ 64.680327][ T5141] ? __virt_addr_valid+0x183/0x520 [ 64.680348][ T5141] ? __virt_addr_valid+0x183/0x520 [ 64.680368][ T5141] ? __virt_addr_valid+0x44e/0x520 [ 64.715162][ T5141] ? __phys_addr+0xba/0x170 [ 64.719686][ T5141] ? nf_tables_trans_destroy_work+0x152b/0x1750 [ 64.725934][ T5141] kasan_report+0x143/0x180 [ 64.730456][ T5141] ? nf_tables_trans_destroy_work+0x152b/0x1750 [ 64.736708][ T5141] nf_tables_trans_destroy_work+0x152b/0x1750 [ 64.742787][ T5141] ? __pfx_nf_tables_trans_destroy_work+0x10/0x10 [ 64.749213][ T5141] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 64.755204][ T5141] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 64.761549][ T5141] ? process_scheduled_works+0x945/0x1830 [ 64.767280][ T5141] process_scheduled_works+0xa2c/0x1830 [ 64.772848][ T5141] ? __pfx_process_scheduled_works+0x10/0x10 [ 64.778840][ T5141] ? assign_work+0x364/0x3d0 [ 64.783436][ T5141] worker_thread+0x86d/0xd50 [ 64.788039][ T5141] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 64.793948][ T5141] ? __kthread_parkme+0x169/0x1d0 [ 64.798980][ T5141] ? __pfx_worker_thread+0x10/0x10 [ 64.804099][ T5141] kthread+0x2f0/0x390 [ 64.808174][ T5141] ? __pfx_worker_thread+0x10/0x10 [ 64.813293][ T5141] ? __pfx_kthread+0x10/0x10 [ 64.817893][ T5141] ret_from_fork+0x4b/0x80 [ 64.822320][ T5141] ? __pfx_kthread+0x10/0x10 [ 64.826923][ T5141] ret_from_fork_asm+0x1a/0x30 [ 64.831708][ T5141] [ 64.834730][ T5141] [ 64.837047][ T5141] Allocated by task 5250: [ 64.841377][ T5141] kasan_save_track+0x3f/0x80 [ 64.846071][ T5141] __kasan_kmalloc+0x98/0xb0 [ 64.850670][ T5141] kmalloc_trace_noprof+0x19c/0x2c0 [ 64.855870][ T5141] nf_tables_newtable+0x52e/0x1dc0 [ 64.860987][ T5141] nfnetlink_rcv+0x1427/0x2a90 [ 64.865757][ T5141] netlink_unicast+0x7f0/0x990 [ 64.870525][ T5141] netlink_sendmsg+0x8e4/0xcb0 [ 64.875295][ T5141] __sock_sendmsg+0x221/0x270 [ 64.879973][ T5141] ____sys_sendmsg+0x525/0x7d0 [ 64.884740][ T5141] __sys_sendmsg+0x2b0/0x3a0 [ 64.889336][ T5141] do_syscall_64+0xf3/0x230 [ 64.893843][ T5141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.899737][ T5141] [ 64.902057][ T5141] Freed by task 5249: [ 64.906040][ T5141] kasan_save_track+0x3f/0x80 [ 64.910730][ T5141] kasan_save_free_info+0x40/0x50 [ 64.915753][ T5141] poison_slab_object+0xe0/0x150 [ 64.920692][ T5141] __kasan_slab_free+0x37/0x60 [ 64.925458][ T5141] kfree+0x149/0x360 [ 64.929358][ T5141] __nft_release_table+0xe80/0xf40 [ 64.934470][ T5141] nft_rcv_nl_event+0x55f/0x6d0 [ 64.939332][ T5141] notifier_call_chain+0x19f/0x3e0 [ 64.944450][ T5141] blocking_notifier_call_chain+0x69/0x90 [ 64.950175][ T5141] netlink_release+0x11a6/0x1b10 [ 64.955117][ T5141] sock_close+0xbc/0x240 [ 64.959360][ T5141] __fput+0x406/0x8b0 [ 64.963344][ T5141] task_work_run+0x24f/0x310 [ 64.967943][ T5141] syscall_exit_to_user_mode+0x168/0x370 [ 64.973580][ T5141] do_syscall_64+0x100/0x230 [ 64.978176][ T5141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.984080][ T5141] [ 64.986406][ T5141] Last potentially related work creation: [ 64.992124][ T5141] kasan_save_stack+0x3f/0x60 [ 64.996809][ T5141] __kasan_record_aux_stack+0xac/0xc0 [ 65.002184][ T5141] insert_work+0x3e/0x330 [ 65.006515][ T5141] __queue_work+0xc16/0xee0 [ 65.011025][ T5141] queue_work_on+0x1c2/0x380 [ 65.015622][ T5141] rhltable_remove+0x1097/0x1160 [ 65.020567][ T5141] __nft_release_table+0xc57/0xf40 [ 65.025682][ T5141] nft_rcv_nl_event+0x55f/0x6d0 [ 65.030542][ T5141] notifier_call_chain+0x19f/0x3e0 [ 65.035658][ T5141] blocking_notifier_call_chain+0x69/0x90 [ 65.041381][ T5141] netlink_release+0x11a6/0x1b10 [ 65.046328][ T5141] sock_close+0xbc/0x240 [ 65.050580][ T5141] __fput+0x406/0x8b0 [ 65.054566][ T5141] task_work_run+0x24f/0x310 [ 65.059172][ T5141] syscall_exit_to_user_mode+0x168/0x370 [ 65.064809][ T5141] do_syscall_64+0x100/0x230 [ 65.069401][ T5141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.075303][ T5141] [ 65.077626][ T5141] The buggy address belongs to the object at ffff8880166a1800 [ 65.077626][ T5141] which belongs to the cache kmalloc-cg-512 of size 512 [ 65.091946][ T5141] The buggy address is located 452 bytes inside of [ 65.091946][ T5141] freed 512-byte region [ffff8880166a1800, ffff8880166a1a00) [ 65.105748][ T5141] [ 65.108077][ T5141] The buggy address belongs to the physical page: [ 65.114495][ T5141] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x166a0 [ 65.123259][ T5141] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 65.131763][ T5141] memcg:ffff8880233ad201 [ 65.136005][ T5141] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 65.143571][ T5141] page_type: 0xffffefff(slab) [ 65.148261][ T5141] raw: 00fff00000000040 ffff88801504f140 ffffea0001115b00 dead000000000002 [ 65.156855][ T5141] raw: 0000000000000000 0000000080100010 00000001ffffefff ffff8880233ad201 [ 65.165454][ T5141] head: 00fff00000000040 ffff88801504f140 ffffea0001115b00 dead000000000002 [ 65.174137][ T5141] head: 0000000000000000 0000000080100010 00000001ffffefff ffff8880233ad201 [ 65.182815][ T5141] head: 00fff00000000002 ffffea000059a801 ffffffffffffffff 0000000000000000 [ 65.191496][ T5141] head: ffff888000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 65.200172][ T5141] page dumped because: kasan: bad access detected [ 65.206596][ T5141] page_owner tracks the page as allocated [ 65.212308][ T5141] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4560, tgid 4560 (udevd), ts 29695035733, free_ts 27406115023 [ 65.233097][ T5141] post_alloc_hook+0x1f3/0x230 [ 65.237881][ T5141] get_page_from_freelist+0x2e4c/0x2f10 [ 65.243442][ T5141] __alloc_pages_noprof+0x256/0x6c0 [ 65.248652][ T5141] alloc_slab_page+0x5f/0x120 [ 65.253335][ T5141] allocate_slab+0x5a/0x2f0 [ 65.257846][ T5141] ___slab_alloc+0xcd1/0x14b0 [ 65.262527][ T5141] __slab_alloc+0x58/0xa0 [ 65.266859][ T5141] kmalloc_node_track_caller_noprof+0x281/0x440 [ 65.273104][ T5141] kmalloc_reserve+0x111/0x2a0 [ 65.277876][ T5141] __alloc_skb+0x1f3/0x440 [ 65.282300][ T5141] alloc_skb_with_frags+0xc3/0x770 [ 65.287415][ T5141] sock_alloc_send_pskb+0x91a/0xa60 [ 65.292624][ T5141] unix_dgram_sendmsg+0x6d3/0x1f80 [ 65.297739][ T5141] __sock_sendmsg+0x221/0x270 [ 65.302427][ T5141] sock_write_iter+0x2dd/0x400 [ 65.307197][ T5141] vfs_write+0xa72/0xc90 [ 65.311451][ T5141] page last free pid 4724 tgid 4724 stack trace: [ 65.317777][ T5141] free_unref_folios+0xf23/0x19e0 [ 65.322816][ T5141] folios_put_refs+0x93a/0xa60 [ 65.327583][ T5141] free_pages_and_swap_cache+0x5c8/0x690 [ 65.333221][ T5141] tlb_flush_mmu+0x3a3/0x680 [ 65.337815][ T5141] tlb_finish_mmu+0xd4/0x200 [ 65.342410][ T5141] exit_mmap+0x44f/0xc80 [ 65.346665][ T5141] __mmput+0x115/0x3c0 [ 65.350834][ T5141] exit_mm+0x220/0x310 [ 65.354910][ T5141] do_exit+0x9aa/0x27e0 [ 65.359080][ T5141] do_group_exit+0x207/0x2c0 [ 65.363683][ T5141] __x64_sys_exit_group+0x3f/0x40 [ 65.368717][ T5141] do_syscall_64+0xf3/0x230 [ 65.373228][ T5141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.379135][ T5141] [ 65.381458][ T5141] Memory state around the buggy address: [ 65.387090][ T5141] ffff8880166a1880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.395154][ T5141] ffff8880166a1900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.403221][ T5141] >ffff8880166a1980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.411286][ T5141] ^ [ 65.417523][ T5141] ffff8880166a1a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.425590][ T5141] ffff8880166a1a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.433661][ T5141] ================================================================== [ 65.473185][ T5141] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 65.480424][ T5141] CPU: 1 PID: 5141 Comm: kworker/1:4 Not tainted 6.10.0-rc5-syzkaller-01209-gaa77b1128016 #0 [ 65.490586][ T5141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 65.500741][ T5141] Workqueue: events nf_tables_trans_destroy_work [ 65.507098][ T5141] Call Trace: [ 65.510386][ T5141] [ 65.513325][ T5141] dump_stack_lvl+0x241/0x360 [ 65.518021][ T5141] ? __pfx_dump_stack_lvl+0x10/0x10 [ 65.523234][ T5141] ? __pfx__printk+0x10/0x10 [ 65.527855][ T5141] ? preempt_schedule+0xe1/0xf0 [ 65.532721][ T5141] ? vscnprintf+0x5d/0x90 [ 65.537066][ T5141] panic+0x349/0x860 [ 65.540973][ T5141] ? check_panic_on_warn+0x21/0xb0 [ 65.546099][ T5141] ? __pfx_panic+0x10/0x10 [ 65.550527][ T5141] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 65.556506][ T5141] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 65.562849][ T5141] ? print_report+0x502/0x550 [ 65.567522][ T5141] check_panic_on_warn+0x86/0xb0 [ 65.572453][ T5141] ? nf_tables_trans_destroy_work+0x152b/0x1750 [ 65.578682][ T5141] end_report+0x77/0x160 [ 65.582920][ T5141] kasan_report+0x154/0x180 [ 65.587421][ T5141] ? nf_tables_trans_destroy_work+0x152b/0x1750 [ 65.593657][ T5141] nf_tables_trans_destroy_work+0x152b/0x1750 [ 65.599719][ T5141] ? __pfx_nf_tables_trans_destroy_work+0x10/0x10 [ 65.606124][ T5141] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 65.612098][ T5141] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 65.618420][ T5141] ? process_scheduled_works+0x945/0x1830 [ 65.624124][ T5141] process_scheduled_works+0xa2c/0x1830 [ 65.629666][ T5141] ? __pfx_process_scheduled_works+0x10/0x10 [ 65.635634][ T5141] ? assign_work+0x364/0x3d0 [ 65.640213][ T5141] worker_thread+0x86d/0xd50 [ 65.644792][ T5141] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 65.650674][ T5141] ? __kthread_parkme+0x169/0x1d0 [ 65.655684][ T5141] ? __pfx_worker_thread+0x10/0x10 [ 65.660782][ T5141] kthread+0x2f0/0x390 [ 65.664839][ T5141] ? __pfx_worker_thread+0x10/0x10 [ 65.669935][ T5141] ? __pfx_kthread+0x10/0x10 [ 65.674526][ T5141] ret_from_fork+0x4b/0x80 [ 65.678934][ T5141] ? __pfx_kthread+0x10/0x10 [ 65.683541][ T5141] ret_from_fork_asm+0x1a/0x30 [ 65.688300][ T5141] [ 65.691416][ T5141] Kernel Offset: disabled [ 65.695752][ T5141] Rebooting in 86400 seconds..