program: r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8000, 0x2) ioctl$vim2m_VIDIOC_TRY_FMT(r3, 0xc0d05640, &(0x7f00000005c0)={0xa, @pix={0x4, 0x0, 0x49433553, 0x9, 0x6, 0x5, 0xa, 0x3, 0x0, 0x7, 0x39f50d5a19de3083, 0x4}}) r4 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=@framed, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000440)={'netdevsim0\x00', 0x0}) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c00000095000000000000002b4003fe37a077ae55f52c0d80a2649baca85309be96d5a45bbbdb5ff7ffffffd075b3eee14473f51be98db7efbb059842badcfc81364470e8e04acb807fbbabc68abdcce9f672b6bb61c302dfd5c11071adac29fd64d33a3502fbeb1ed99dd0e792f24c420bfcc2635421d339ad521d6953b1137850d9e9ebf65ee988ea2dbee528678eb47efb7b3f19046c6f1bd1bf56e5853ed96137f95b3a11954ed1c8a8676468cf2405e48723d4b1ff"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x18) r7 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r11, r8, 0x25, 0x0, @val=@tcx={@void, @value}}, 0x40) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={0xffffffffffffffff, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) syz_usb_connect$hid(0x6, 0x0, 0x0, 0x0) r12 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r12, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r6}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r6, r5, 0x25, 0x0, @void}, 0x10) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r5, {0x0, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x24000010) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r13 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r13, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x403, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @dev={0xfe, 0x80, '\x00', 0x40}}]}]}, @IFLA_ALT_IFNAME={0x14, 0x35, 'team_slave_1\x00'}]}, 0x50}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000240)={r14, 0x5, 0x6, @multicast}, 0x10) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={r14, 0x1, 0x6, @link_local}, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'sit0\x00'}) setsockopt$packet_add_memb(r0, 0x107, 0x2, &(0x7f0000000080)={r14, 0x5, 0x6, @multicast}, 0x10) [ 68.466731][ T4669] Bluetooth: hci0: command tx timeout [ 68.540398][ T5321] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 68.555902][ T5321] ------------[ cut here ]------------ [ 68.558314][ T5321] WARNING: CPU: 0 PID: 5321 at ./include/net/netdev_lock.h:54 dev_xdp_install+0x5e6/0x760 [ 68.562458][ T5321] Modules linked in: [ 68.564030][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 68.568590][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.572617][ T5321] RIP: 0010:dev_xdp_install+0x5e6/0x760 [ 68.574786][ T5321] Code: 06 48 3b 84 24 a0 00 00 00 0f 85 8e 01 00 00 89 d8 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 3b ff d4 f7 90 <0f> 0b 90 e9 2d fc ff ff e8 2d ff d4 f7 c6 05 0b 5d 5b 06 01 90 48 [ 68.582171][ T5321] RSP: 0018:ffffc9000d5b7980 EFLAGS: 00010287 [ 68.584476][ T5321] RAX: ffffffff89ee57a5 RBX: 0000000000000000 RCX: 0000000000100000 [ 68.587739][ T5321] RDX: ffffc9000e2e2000 RSI: 0000000000000132 RDI: 0000000000000133 [ 68.590771][ T5321] RBP: ffffc9000d5b7a80 R08: ffffffff89ee5389 R09: 0000000000000000 [ 68.593942][ T5321] R10: ffffc9000d5b79e0 R11: fffff52001ab6f40 R12: ffffc90001976000 [ 68.597112][ T5321] R13: 1ffff92001ab6f38 R14: dffffc0000000000 R15: ffff88801e75c000 [ 68.600110][ T5321] FS: 00007f67079ce6c0(0000) GS:ffff88808c59c000(0000) knlGS:0000000000000000 [ 68.603666][ T5321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.606455][ T5321] CR2: 00007f67079cbf70 CR3: 0000000043de0000 CR4: 0000000000352ef0 [ 68.609553][ T5321] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.612641][ T5321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.615999][ T5321] Call Trace: [ 68.617391][ T5321] [ 68.618640][ T5321] ? __pfx_nsim_bpf+0x10/0x10 [ 68.620699][ T5321] ? __pfx_dev_xdp_install+0x10/0x10 [ 68.622964][ T5321] ? __pfx_nsim_bpf+0x10/0x10 [ 68.624956][ T5321] dev_xdp_attach+0xc5d/0xfe0 [ 68.627022][ T5321] bpf_xdp_link_attach+0x3a2/0x760 [ 68.629084][ T5321] ? __pfx_bpf_xdp_link_attach+0x10/0x10 [ 68.631385][ T5321] ? __fget_files+0x39d/0x420 [ 68.633355][ T5321] ? __fget_files+0x2a/0x420 [ 68.635198][ T5321] ? attach_type_to_prog_type+0x316/0x460 [ 68.637766][ T5321] ? bpf_prog_attach_check_attach_type+0x2cb/0x4f0 [ 68.640274][ T5321] link_create+0x440/0x870 [ 68.641973][ T5321] __sys_bpf+0x5ad/0x8b0 [ 68.643687][ T5321] ? __pfx___sys_bpf+0x10/0x10 [ 68.645489][ T5321] ? __rseq_handle_notify_resume+0x3c8/0x15d0 [ 68.647915][ T5321] __x64_sys_bpf+0x7c/0x90 [ 68.649676][ T5321] do_syscall_64+0xf3/0x230 [ 68.651509][ T5321] ? clear_bhb_loop+0x45/0xa0 [ 68.653498][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.656122][ T5321] RIP: 0033:0x7f6706b8d169 [ 68.657904][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.665002][ T5321] RSP: 002b:00007f67079ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 68.668928][ T5321] RAX: ffffffffffffffda RBX: 00007f6706da5fa0 RCX: 00007f6706b8d169 [ 68.672021][ T5321] RDX: 0000000000000010 RSI: 00002000000000c0 RDI: 000000000000001c [ 68.676351][ T5321] RBP: 00007f6706c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 68.679343][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.682388][ T5321] R13: 0000000000000000 R14: 00007f6706da5fa0 R15: 00007ffd22b75398 [ 68.685530][ T5321] [ 68.686999][ T5321] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 68.689788][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.14.0-syzkaller-12245-g91e5bfe317d8 #0 PREEMPT(full) [ 68.694159][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.698204][ T5321] Call Trace: [ 68.699443][ T5321] [ 68.700540][ T5321] dump_stack_lvl+0x241/0x360 [ 68.702399][ T5321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 68.704342][ T5321] ? __pfx__printk+0x10/0x10 [ 68.706301][ T5321] ? vscnprintf+0x5d/0x90 [ 68.707984][ T5321] panic+0x349/0x880 [ 68.709536][ T5321] ? __warn+0x174/0x4d0 [ 68.711196][ T5321] ? __pfx_panic+0x10/0x10 [ 68.713204][ T5321] __warn+0x344/0x4d0 [ 68.714918][ T5321] ? dev_xdp_install+0x5e6/0x760 [ 68.716919][ T5321] report_bug+0x2b3/0x500 [ 68.718604][ T5321] ? dev_xdp_install+0x5e6/0x760 [ 68.720585][ T5321] ? dev_xdp_install+0x5e6/0x760 [ 68.722565][ T5321] ? dev_xdp_install+0x5e8/0x760 [ 68.724574][ T5321] handle_bug+0x89/0x170 [ 68.726240][ T5321] exc_invalid_op+0x1a/0x50 [ 68.728080][ T5321] asm_exc_invalid_op+0x1a/0x20 [ 68.730008][ T5321] RIP: 0010:dev_xdp_install+0x5e6/0x760 [ 68.732182][ T5321] Code: 06 48 3b 84 24 a0 00 00 00 0f 85 8e 01 00 00 89 d8 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 3b ff d4 f7 90 <0f> 0b 90 e9 2d fc ff ff e8 2d ff d4 f7 c6 05 0b 5d 5b 06 01 90 48 [ 68.738903][ T5321] RSP: 0018:ffffc9000d5b7980 EFLAGS: 00010287 [ 68.740997][ T5321] RAX: ffffffff89ee57a5 RBX: 0000000000000000 RCX: 0000000000100000 [ 68.743798][ T5321] RDX: ffffc9000e2e2000 RSI: 0000000000000132 RDI: 0000000000000133 [ 68.746872][ T5321] RBP: ffffc9000d5b7a80 R08: ffffffff89ee5389 R09: 0000000000000000 [ 68.749831][ T5321] R10: ffffc9000d5b79e0 R11: fffff52001ab6f40 R12: ffffc90001976000 [ 68.752848][ T5321] R13: 1ffff92001ab6f38 R14: dffffc0000000000 R15: ffff88801e75c000 [ 68.755925][ T5321] ? dev_xdp_install+0x1c9/0x760 [ 68.757857][ T5321] ? dev_xdp_install+0x5e5/0x760 [ 68.759733][ T5321] ? __pfx_nsim_bpf+0x10/0x10 [ 68.761539][ T5321] ? __pfx_dev_xdp_install+0x10/0x10 [ 68.763535][ T5321] ? __pfx_nsim_bpf+0x10/0x10 [ 68.765320][ T5321] dev_xdp_attach+0xc5d/0xfe0 [ 68.767189][ T5321] bpf_xdp_link_attach+0x3a2/0x760 [ 68.769243][ T5321] ? __pfx_bpf_xdp_link_attach+0x10/0x10 [ 68.771433][ T5321] ? __fget_files+0x39d/0x420 [ 68.773311][ T5321] ? __fget_files+0x2a/0x420 [ 68.775106][ T5321] ? attach_type_to_prog_type+0x316/0x460 [ 68.777395][ T5321] ? bpf_prog_attach_check_attach_type+0x2cb/0x4f0 [ 68.779946][ T5321] link_create+0x440/0x870 [ 68.781697][ T5321] __sys_bpf+0x5ad/0x8b0 [ 68.783405][ T5321] ? __pfx___sys_bpf+0x10/0x10 [ 68.785281][ T5321] ? __rseq_handle_notify_resume+0x3c8/0x15d0 [ 68.787702][ T5321] __x64_sys_bpf+0x7c/0x90 [ 68.789398][ T5321] do_syscall_64+0xf3/0x230 [ 68.791148][ T5321] ? clear_bhb_loop+0x45/0xa0 [ 68.792942][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.795199][ T5321] RIP: 0033:0x7f6706b8d169 [ 68.796984][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.804216][ T5321] RSP: 002b:00007f67079ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 68.807240][ T5321] RAX: ffffffffffffffda RBX: 00007f6706da5fa0 RCX: 00007f6706b8d169 [ 68.810232][ T5321] RDX: 0000000000000010 RSI: 00002000000000c0 RDI: 000000000000001c [ 68.813261][ T5321] RBP: 00007f6706c0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 68.816394][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.819368][ T5321] R13: 0000000000000000 R14: 00007f6706da5fa0 R15: 00007ffd22b75398 [ 68.822388][ T5321] [ 68.823834][ T5321] Kernel Offset: disabled [ 68.825498][ T5321] Rebooting in 86400 seconds..