last executing test programs: 4.521859199s ago: executing program 1 (id=1060): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r0, &(0x7f0000000240)="047eca672abe493d", 0x8, 0x20004000, &(0x7f0000000340)={0x2, 0x4e20, @local}, 0x10) 4.400166336s ago: executing program 1 (id=1062): socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="34000000190001090000000000100000"], 0x34}}, 0x4040010) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r2}, 0x4) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000c90000007b8af8ff00000000b7080000000008007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007d00000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x100000035, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r10, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r12, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r11, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) close(r11) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000016001000071b48013d030100000000001f02000000000000bc26080000000000bf67000000000000160200000fff0700670200000a000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r13 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r13, 0x107, 0x12, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x80, 0x0, 0x0) 4.183077486s ago: executing program 3 (id=1066): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x38, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xac}, 0x1, 0x0, 0x0, 0x8040}, 0x0) 4.060898742s ago: executing program 3 (id=1068): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{0x0, 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) r1 = socket$inet(0x2b, 0x801, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x48f, &(0x7f0000000000)={0x11, @empty=0x11e, 0x4e24, 0x0, 'lc\x00', 0x1c, 0x2, 0x4a}, 0x2c) syz_init_net_socket$llc(0x1a, 0x1, 0x0) pselect6(0x0, 0x0, 0x0, &(0x7f0000000580)={0x7, 0xfffffffffffffffc, 0x9, 0x0, 0xffff, 0xaee3, 0x5}, 0x0, &(0x7f0000000840)={&(0x7f0000000800)={[0x2]}, 0x8}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$unix(0x1, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000001600), 0xffffffffffffffff) r4 = socket(0x1e, 0x1, 0x0) connect$tipc(r4, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000001640)={0x1c, r3, 0x1}, 0x1c}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0xffffff8a) r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r6, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c) r7 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r7, &(0x7f0000000080)="c4b33da19360b2bf9cbac674b9eeb73303927fde9113c35218bd2cec8e96288c5233e7f21dc820f06aa03b62a6010c46721dbd85d254a5bc49734fbdb05d3e39fe7a848d73391f5215bdeb6c4c2ee76c7624d8836588b2f0d999", 0x5a, 0x40080, &(0x7f0000000000)={0xa, 0x0, 0x40, @dev={0xfe, 0x80, '\x00', 0x41}, 0xff, 0xfffffffd}, 0x20) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB], 0x74}}, 0x0) r9 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r6, &(0x7f0000000100)={0x10000010}) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0xf, &(0x7f0000000180)=ANY=[], 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 4.001684283s ago: executing program 2 (id=1069): r0 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f000000b800)=ANY=[@ANYBLOB="00020201"], 0x18) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xb, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000069000010000000000100000018010000696c6c2500000000002020207b1af8ff00000000bfa1000000000000070100fef7"], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x4}}], 0x18}}], 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6(0xa, 0x3, 0x8) setsockopt$inet6_int(r1, 0x29, 0x4b, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002'], 0x28}}], 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xfe}, [@IFLA_XDP={0x4}, @IFLA_GROUP={0x8}]}, 0x2c}}, 0x14) pselect6(0x517, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x700}, &(0x7f0000000240)={0x0, 0x989680}, &(0x7f00000002c0)={&(0x7f0000000280), 0x8}) bind$netlink(r2, &(0x7f0000000400)={0x10, 0x0, 0x25dfdbff, 0x200}, 0x31) socket$kcm(0x11, 0x3, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3576], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r3}, 0x10) write$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000300)={'veth1_vlan', 0x32, 0x30}, 0xd) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000b00)=@newsa={0x144, 0x1a, 0x713, 0x0, 0x0, {{@in=@multicast1, @in=@multicast2}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x32}, @in=@multicast2, {0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x8}, {0x0, 0x8000000000000000}, {}, 0x0, 0x4, 0x2, 0x1}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @offload={0xc, 0x1c, {0x0, 0xf5a50c724839a57c}}]}, 0x144}}, 0x0) 3.871304936s ago: executing program 2 (id=1072): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x3, 0x40000004, 0x0, 0xffffffffffffffff, 0x47, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) r1 = epoll_create1(0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000008c0)={0x1}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) r3 = socket$packet(0x11, 0x2, 0x300) socket$rds(0x15, 0x5, 0x0) syz_80211_join_ibss(&(0x7f00000001c0)='wlan0\x00', &(0x7f0000000200)=@default_ap_ssid, 0x6, 0x0) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r3, 0x107, 0x16, &(0x7f0000000280)={0x0, 0x0}, 0x10) sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x28, 0x1404, 0x8, 0x70bd2a, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r5) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="410000000000000001000603000014000300060a0004090300f006e8ffffffffffff07000700263a0909140002"], 0x44}, 0x1, 0x1000000}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000002c00010026bd7000fedbdf250400007ae893464dea8d00f9f4b9041f0715e02cfc7ac51bc8915bc13a9661c7aa94634b93f2e52e8af11bcaf964d63d414b6a5bf9402c912abfd4ed667c"], 0x14}, 0x1, 0x0, 0x0, 0x409d}, 0x50) 3.809776182s ago: executing program 4 (id=1073): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000b00)=@updsa={0x138, 0x1a, 0x1, 0x70bd2a, 0x25dfdbfd, {{@in6=@private0, @in=@broadcast, 0x4e22, 0x405, 0x4e20, 0xbd, 0xa, 0x20, 0x20, 0x8}, {@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4d2, 0x2b}, @in6=@empty, {0x100000000, 0xfffffffffffffffc, 0x177d, 0x80000001, 0x5, 0x6, 0x2, 0x6}, {0x5, 0x0, 0x8, 0x8001}, {0x401, 0x2, 0x7}, 0x70bd26, 0x3504, 0xa, 0x2, 0x3, 0xc0}, [@algo_auth={0x48, 0x1, {{'sha384-ce\x00'}}}]}, 0x138}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x5, &(0x7f0000000040)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x23}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) setsockopt$sock_int(r1, 0x1, 0xa, &(0x7f00000001c0)=0x9, 0x4) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f00000005c0)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000640)=0x40) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r3, &(0x7f0000000280)={0xa, 0x4e22, 0x7ff, @dev={0xfe, 0x80, '\x00', 0x14}, 0x7}, 0x1c) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x34, r5, 0x7, 0x70bd25, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x20, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @local}}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x8081}, 0x24000800) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x80}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = socket(0x10, 0x803, 0x0) socket(0x22, 0xa, 0x8) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x388, 0x0, 0x0, 0xffffff6a, 0x180, 0x0, 0x2b8, 0x258, 0x258, 0x2b8, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [0x0, 0x0, 0x0, 0xff], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11, 0x0, 0x0, 0x77}, 0x0, 0x118, 0x180, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x9}}, @common=@unspec=@connlimit={{0x40}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x118, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@dst={{0x48}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0, 0x3d6}, {0x28}}}}, 0x3e8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000500)={'lo\x00', 0x0}) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r10, 0x0) r11 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r11, &(0x7f00000033c0)={&(0x7f0000000280)={0x2, 0x4e20, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x41040}, 0x4000000) openat$cgroup_pressure(r10, &(0x7f00000001c0)='io.pressure\x00', 0x2, 0x0) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x70bd2c, 0x25dfdbff, {0xa, 0x80, 0x0, 0x0, r9}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}}, 0x1400000000000000) connect$pppoe(r10, &(0x7f0000000200)={0x18, 0x0, {0x4, @multicast, 'veth0_to_hsr\x00'}}, 0x1e) 3.662449226s ago: executing program 2 (id=1074): socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="34000000190001090000000000100000021800000000fd00000000000800"], 0x34}}, 0x4040010) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r2}, 0x4) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000c90000007b8af8ff00000000b7080000000008007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007d00000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x100000035, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r10, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r12, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r11, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) close(r11) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000016001000071b48013d030100000000001f02000000000000bc26080000000000bf67000000000000160200000fff0700670200000a000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r13 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r13, 0x107, 0x12, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x80, 0x0, 0x0) 3.650681714s ago: executing program 4 (id=1075): r0 = getpid() bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x10010000004e20}, 0x1c) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[], 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f0000000100)={0x0, 0x4100, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r2, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r0}}]}, 0x3c}}, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007500000004"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x491, 0x0, 0x0) r6 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000200), 0x4) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b705000000000000850000007100000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r8}, 0xc) sendmsg$NL80211_CMD_LEAVE_IBSS(0xffffffffffffffff, &(0x7f0000006dc0)={&(0x7f0000006d00)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000006d80)={&(0x7f0000006d40)={0x1c, 0x0, 0x1, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x4040800) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_P2P_DEVICE(r6, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, 0x0, 0x400, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r9}, @void}}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40001}, 0x8081) r10 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r10, 0x0, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r6, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x24, r11, 0x1, 0x70bd24, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x1002}]}, 0x24}, 0x1, 0x0, 0x0, 0x4014001}, 0x9590f6cc3ea35512) 3.456977669s ago: executing program 1 (id=1077): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)={0x74, 0xb, 0x6, 0x5, 0x0, 0x0, {0x3, 0x0, 0x1}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x4c, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_COMMENT={0x7, 0x1a, '$.\x00'}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0x9}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0x10}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @local}}}]}]}, 0x74}}, 0x40c4) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c00018006000600800a000004050280000514"], 0x528}}, 0xc000) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000000c0)={0x14, r2, 0x60b}, 0x14}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r5, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) listen(r5, 0x101) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xb8}, [@ldst={0x5}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r6 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r6, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) connect$inet(r6, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r8) sendmsg$IEEE802154_LLSEC_SETPARAMS(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000007c0)={0x30, r9, 0x1, 0x70bd2a, 0x25dfdc00, {}, [@IEEE802154_ATTR_LLSEC_SECLEVEL={0x5, 0x2a, 0x2}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_ENABLED={0x5, 0x29, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x48184}, 0x20000800) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a320000000008000440000000000900010073797a30000000000800034000000001140000001100010000000000000000000000000a99d88dc857cd7eba38772c"], 0x64}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000150ae1a8605c01020000000000000000831876491378140000001008f702400000000a00000000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x24040808) 3.211711744s ago: executing program 1 (id=1080): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@delneigh={0x24, 0x1a, 0x1, 0x0, 0xfffffffd, {0xa}, [@NDA_PORT={0x6, 0x6, 0x4e24}]}, 0x24}}, 0x0) 3.122266782s ago: executing program 3 (id=1081): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r0, &(0x7f00000001c0)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x2, [@bcast, @bcast, @default, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]}, 0x40) 2.983390597s ago: executing program 1 (id=1082): r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r0, 0x10d, 0xf4, &(0x7f0000000080), &(0x7f0000000180)=0x4) 2.983063025s ago: executing program 3 (id=1083): unshare(0x6a040000) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000700)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xca, 0xca, 0x5, [@decl_tag={0xa, 0x0, 0x0, 0x11, 0x1, 0x3}, @func={0x10, 0x0, 0x0, 0xc, 0x5}, @datasec={0xe81, 0x5, 0x0, 0xf, 0x2, [{0x1, 0x9b, 0x6c9e}, {0x4, 0x6, 0x9}, {0x5, 0xa, 0x8}, {0x3, 0x7, 0x80}, {0x1, 0x4}], "ed38"}, @fwd={0x6}, @ptr={0x3, 0x0, 0x0, 0x2, 0x5}, @union={0x10, 0x3, 0x0, 0x5, 0x1, 0x1, [{0x8, 0x2, 0xe3}, {0x4, 0x3, 0x8}, {0xa, 0x3, 0x5}]}, @int={0x10, 0x0, 0x0, 0x1, 0x0, 0x37, 0x0, 0x4d, 0x7}, @volatile={0x3, 0x0, 0x0, 0x9, 0x1}]}, {0x0, [0x2e, 0x2e, 0x0]}}, &(0x7f0000000800)=""/206, 0xe9, 0xce, 0x0, 0x10001, 0x10000, @value}, 0x28) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x18) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000002c000100000000000000000004000080450011802f"], 0x5c}], 0x1}, 0x800) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000040), 0x6) socket$can_bcm(0x1d, 0x2, 0x2) ioctl$sock_bt_hci(r3, 0x400448e6, &(0x7f0000000080)="fc") ioctl$sock_bt_hci(r3, 0x400448e7, &(0x7f0000000180)) r4 = socket$kcm(0x2, 0x3, 0x2) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}}, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) socket$inet_mptcp(0x2, 0x1, 0x106) write$tun(r0, &(0x7f0000000080)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x22, 0x0, 0x14}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, {{0x800, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x20}}}}, 0x36) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x1e, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 2.92448797s ago: executing program 1 (id=1084): ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000180)={0xffffffffffffffff}) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0x1f, &(0x7f0000000200)=@raw=[@exit, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x91}}, @tail_call, @btf_id={0x18, 0x2, 0x3, 0x0, 0x2}, @ringbuf_query, @exit, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x3}}], &(0x7f0000000340)='syzkaller\x00', 0x8, 0xa5, &(0x7f0000000380)=""/165, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0xa, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000480)=[{0x3, 0x3, 0xd, 0x3}, {0x1, 0x1, 0xd, 0x6}, {0x2, 0x4, 0x1000002, 0xb}, {0x4, 0x5, 0x5, 0x9}], 0x10, 0x1, @void, @value}, 0x94) sendmsg$nl_generic(r0, &(0x7f00000005c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000580)={&(0x7f0000000ac0)={0x220, 0x36, 0x200, 0x70bd25, 0x25dfdbfe, {0x9}, [@generic="8564c1ba75f26c3c5052c4967f8d72c4f6ef6d58a0017b197dc60a290cab3b8a2c166425b266b52cd2fd5a78053bd09a112568", @typed={0x8, 0x136, 0x0, 0x0, @ipv4=@multicast2}, @typed={0x8, 0xe0, 0x0, 0x0, @fd=r1}, @generic="cd1fc269accca6512d1bd78c02d55ac86bcfaa816577ae2211e310d1afa5bbb1730bfa6fa967dd7dee160dc9d51a6c8bdd8fe996c5bdfc9a1c6104ca9fe02e869786b65ceb3daf89eff1640b934e96108d349068559a31eff7a03e4d5f67092a863c6b36ee11d1329209269f31601b14702fe9747b3fee3eaf084de22b1218977e6925751f1158ccd2", @generic="1d25bbf308db329887c977ea3a45c07e4d3b5e7476477d97eeceb03b412f5c916166eb609cfedec90fd74731ba133f0c3b9e05b7035225b1c8aad9ea61c77226c0d654290e8d5220033eccae4628b1d8b1d28166ee697eff282d2192761712a28ec0ff6cdf47d7d60b5f7f9cc0dd7f80aad6f41499bff3e8a631dadce921e24cbbf94d169f01fe2c51eeea9d5b1032d7cb355bbf8a26449deda2c801e7a7639d44749cab1fccacfcebc2e5a3881822b804604683ef02414f4cf18ff9f594663f9b39f253efac593a7908c2", @typed={0x8, 0xcc, 0x0, 0x0, @u32=0xb4}, @typed={0x8, 0xe9, 0x0, 0x0, @u32=0x81}, @typed={0x61, 0x12d, 0x0, 0x0, @binary="bcf2264c9b842d9e5d6d3e68c57f520f53416ad2275eb7c30b93e04c922b3334082c05c5a2554fdde012c66adf821a562e4bd66e5305981791c3ca871522318cf3ceb3ed5d4e6edd738b1c3b71af7a27d7114e65bdc7f88ebf93bf6267"}]}, 0x220}}, 0x4800) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x2, [@enum={0x0, 0x1, 0x0, 0x13, 0x4, [{}]}]}}, 0x0, 0x2e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) listen(r4, 0x6) socket$inet_mptcp(0x2, 0x1, 0x106) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYRESOCT, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES8], 0x48) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000640)={'syzkaller0\x00', 0x100}) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETOFFLOAD(r7, 0x400454c9, 0xba98575a95aeb70d) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETSNDBUF(r6, 0x400454d4, &(0x7f00000003c0)=0xe3) close(r8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_devices(r6, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd) close(0x4) 2.835716094s ago: executing program 0 (id=1085): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x3, 0x40000004, 0x0, 0xffffffffffffffff, 0x47, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) r1 = epoll_create1(0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000008c0)={0x1}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) r3 = socket$packet(0x11, 0x2, 0x300) socket$rds(0x15, 0x5, 0x0) syz_80211_join_ibss(&(0x7f00000001c0)='wlan0\x00', &(0x7f0000000200)=@default_ap_ssid, 0x6, 0x0) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r3, 0x107, 0x16, &(0x7f0000000280)={0x0, 0x0}, 0x10) sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x28, 0x1404, 0x8, 0x70bd2a, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r5) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="410000000000000001000603000014000300060a0004090300f006e8ffffffffffff07000700263a0909140002"], 0x44}, 0x1, 0x1000000}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000002c00010026bd7000fedbdf250400007ae893464dea8d00f9f4b9041f0715e02cfc7ac51bc8915bc13a9661c7aa94634b93f2e52e8af11bcaf964d63d414b6a5bf9402c912abfd4ed667c"], 0x14}, 0x1, 0x0, 0x0, 0x409d}, 0x50) 2.688258781s ago: executing program 2 (id=1086): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x8c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x64, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x89}]}}}, {0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8}, @NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x100}, 0x1, 0x0, 0x0, 0x88}, 0x0) 2.017124985s ago: executing program 2 (id=1087): socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="34000000190001090000000000100000021800000000fd00"], 0x34}}, 0x4040010) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r2}, 0x4) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000c90000007b8af8ff00000000b7080000000008007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007d00000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x100000035, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r10, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r12, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r11, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) close(r11) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000016001000071b48013d030100000000001f02000000000000bc26080000000000bf67000000000000160200000fff0700670200000a000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r13 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r13, 0x107, 0x12, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x80, 0x0, 0x0) 1.962368705s ago: executing program 4 (id=1088): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001680)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r1, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32], 0x58, 0x4000094}, 0x4050801) 1.846291601s ago: executing program 0 (id=1089): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000e80)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00)={0x0, 0x0}, 0x8) r2 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=r1, 0x4) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={r2, r0, 0x0, r0}, 0x10) 1.777862166s ago: executing program 4 (id=1090): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0x104, 0x2, 0x3c8, 0x0, 0xe8, 0x1f8, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@MARK={0x28}}, {{@arp={@local, @multicast2, 0x0, 0x0, 0x0, 0x0, {@mac}, {@mac, {[0xff, 0x0, 0xff, 0x0, 0xff]}}, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 'nicvf0\x00', 'lo\x00'}, 0xc0, 0x110, 0x0, {0xb000000}}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @empty, @dev={0xac, 0x14, 0x14, 0xb}, @private=0xa010101, 0x8, 0x1}}}, {{@arp={@dev={0xac, 0x14, 0x14, 0x15}, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x9, {@empty, {[0xff, 0x0, 0x0, 0xff]}}, {@mac=@remote}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 'veth0_macvtap\x00', 'ipvlan1\x00', {}, {}, 0x0, 0x2}, 0xc0, 0xe8}, @unspec=@AUDIT={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffd}}}}, 0x418) 1.738996015s ago: executing program 3 (id=1091): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8983, &(0x7f0000006f80)={0x7, 'vlan1\x00', {0x9}, 0x1}) 1.714365791s ago: executing program 0 (id=1092): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x70, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x38, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_MASK={0x4}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x10c}}, 0x0) 1.557849758s ago: executing program 4 (id=1093): socket$inet6(0xa, 0x200000000003, 0x87) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@broadcast, @random="00005403cb00", @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "03136c", 0x8, 0x87, 0x0, @local, @mcast2, {[@srh={0x87, 0x0, 0x4, 0x0, 0x73, 0x10, 0xae8}]}}}}}, 0x0) 1.55666926s ago: executing program 0 (id=1094): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{0x0, 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) r1 = socket$inet(0x2b, 0x801, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x48f, &(0x7f0000000000)={0x11, @empty=0x11e, 0x4e24, 0x0, 'lc\x00', 0x1c, 0x2, 0x4a}, 0x2c) syz_init_net_socket$llc(0x1a, 0x1, 0x0) pselect6(0x0, 0x0, 0x0, &(0x7f0000000580)={0x7, 0xfffffffffffffffc, 0x9, 0x0, 0xffff, 0xaee3, 0x5}, 0x0, &(0x7f0000000840)={&(0x7f0000000800)={[0x2]}, 0x8}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$unix(0x1, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000001600), 0xffffffffffffffff) r4 = socket(0x1e, 0x1, 0x0) connect$tipc(r4, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000001640)={0x1c, r3, 0x1}, 0x1c}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0xffffff8a) r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r6, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c) r7 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r7, &(0x7f0000000080)="c4b33da19360b2bf9cbac674b9eeb73303927fde9113c35218bd2cec8e96288c5233e7f21dc820f06aa03b62a6010c46721dbd85d254a5bc49734fbdb05d3e39fe7a", 0x42, 0x40080, &(0x7f0000000000)={0xa, 0x0, 0x40, @dev={0xfe, 0x80, '\x00', 0x41}, 0xff, 0xfffffffd}, 0x20) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB], 0x74}}, 0x0) r9 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r6, &(0x7f0000000100)={0x10000010}) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0xf, &(0x7f0000000180)=ANY=[], 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1.48999894s ago: executing program 4 (id=1095): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002}) writev(r0, &(0x7f0000001800)=[{&(0x7f0000000540)="000300000004070022eae0a518b38c0237fa5aeea7", 0x15}], 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=ANY=[], 0x44}}, 0x20008040) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[], 0x10}}, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000040000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000030000008500000086"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, 0x0, 0x0) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, 0x0, 0x0) connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_int(r4, 0x0, 0x12, &(0x7f0000000100)=0xfffffffc, 0x4) setsockopt$inet_int(r4, 0x0, 0x6, &(0x7f0000000180)=0x40000001, 0x4) recvmmsg(r4, &(0x7f0000001640)=[{{0x0, 0x0, 0x0}, 0x7}], 0x1, 0x45833af92e4b39ff, 0x0) r5 = socket(0x10, 0x400000000080803, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f00000001c0)=@ethtool_ringparam={0x10, 0x0, 0x45, 0x7, 0x8fc1, 0x1, 0x20000, 0x0, 0xf}}) r6 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) close(r6) connect$inet(r1, 0x0, 0x0) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000080)={{{@in=@multicast2, @in6=@private0={0xfc, 0x0, '\x00', 0xfc}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x589, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in, 0x0, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x0, 0xb7, 0xae, 0xffffffff}}, 0xe8) sendmmsg(r1, &(0x7f0000000180), 0x400000000000077, 0x0) 654.39009ms ago: executing program 0 (id=1096): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000b00)=@updsa={0x138, 0x1a, 0x1, 0x70bd2a, 0x25dfdbfd, {{@in6=@private0, @in=@broadcast, 0x4e22, 0x405, 0x4e20, 0xbd, 0xa, 0x20, 0x20, 0x8}, {@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4d2, 0x2b}, @in6=@empty, {0x100000000, 0xfffffffffffffffc, 0x177d, 0x80000001, 0x5, 0x6, 0x2, 0x6}, {0x5, 0x0, 0x8, 0x8001}, {0x401, 0x2, 0x7}, 0x70bd26, 0x3504, 0xa, 0x2, 0x3, 0xc0}, [@algo_auth={0x48, 0x1, {{'sha384-ce\x00'}}}]}, 0x138}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x5, &(0x7f0000000040)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x23}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) setsockopt$sock_int(r1, 0x1, 0xa, &(0x7f00000001c0)=0x9, 0x4) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f00000005c0)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000640)=0x40) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r3, &(0x7f0000000280)={0xa, 0x4e22, 0x7ff, @dev={0xfe, 0x80, '\x00', 0x14}, 0x7}, 0x1c) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x34, r5, 0x7, 0x70bd25, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x20, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @local}}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x8081}, 0x24000800) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x80}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = socket(0x10, 0x803, 0x0) socket(0x22, 0xa, 0x8) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x388, 0x0, 0x0, 0xffffff6a, 0x180, 0x0, 0x2b8, 0x258, 0x258, 0x2b8, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [0x0, 0x0, 0x0, 0xff], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11, 0x0, 0x0, 0x77}, 0x0, 0x118, 0x180, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x9}}, @common=@unspec=@connlimit={{0x40}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x118, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@dst={{0x48}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0, 0x3d6}, {0x28}}}}, 0x3e8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000500)={'lo\x00', 0x0}) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r10, 0x0) r11 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r11, &(0x7f00000033c0)={&(0x7f0000000280)={0x2, 0x4e20, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x41040}, 0x4000000) openat$cgroup_pressure(r10, &(0x7f00000001c0)='io.pressure\x00', 0x2, 0x0) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x70bd2c, 0x25dfdbff, {0xa, 0x80, 0x0, 0x0, r9}, [@IFA_LOCAL={0x14, 0x2, @loopback}]}, 0x2c}}, 0x1400000000000000) connect$pppoe(r10, &(0x7f0000000200)={0x18, 0x0, {0x4, @multicast, 'veth0_to_hsr\x00'}}, 0x1e) 70.484714ms ago: executing program 2 (id=1097): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe55a10a000b000140020203600e41b0000900ac0006031100000016001500090002000000035c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000000008af26c8b7b55f4d2a6823a45f28fcb1d", 0xd8}], 0x1}, 0x0) 212.392Āµs ago: executing program 0 (id=1098): r0 = socket$netlink(0x10, 0x3, 0x6) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="480000001500190a20ffff7fffffff5602113e850e1de0974881030491720000de213ee23ffbf510040041feff5aff2b0000000000000700"/68, 0x44}, {&(0x7f0000000080)="c1130389", 0x4}], 0x2) close(0x3) 0s ago: executing program 3 (id=1099): unshare(0x42000000) r0 = socket$inet6(0xa, 0x806, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r0, 0x3) r1 = socket$inet_dccp(0x2, 0x6, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r3 = accept4(r0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000500), r3) sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f0000000600)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYBLOB="00042abd7000ffdbdf250900000030000180070006006c630000080009007d0000000c0007002400000018000000080008000600000008000b007369700008000500ff010000080004000100"], 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0xf6c52000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r3) syz_genetlink_get_family_id$tipc(&(0x7f0000000040), r3) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[], 0x0, 0x56, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r3) connect$inet(r1, &(0x7f00000002c0)={0x2, 0x4e20, @loopback}, 0x10) mmap(&(0x7f0000164000/0x2000)=nil, 0x2000, 0x1000005, 0x10, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$l2tp(0x2, 0x2, 0x73) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000010000000000000a20000000000a03000000000000000000070000000900010073797a30000000007c000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d38001280140001800c000100636f756e7465720004000280200001800e000100636f6e6e6c696d69740000000c000280080001"], 0xc4}}, 0x20050800) r5 = socket(0x40000000015, 0x5, 0x0) bind$inet(r5, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) kernel console output (not intermixed with test programs): 0x91/0x160 [ 129.298264][ T7355] ? __pfx_netlink_sendmsg+0x10/0x10 [ 129.298285][ T7355] __sock_sendmsg+0x221/0x270 [ 129.298312][ T7355] ____sys_sendmsg+0x53a/0x860 [ 129.298351][ T7355] ? __pfx_____sys_sendmsg+0x10/0x10 [ 129.298379][ T7355] ? __fget_files+0x2a/0x410 [ 129.298410][ T7355] ? __fget_files+0x2a/0x410 [ 129.298446][ T7355] __sys_sendmsg+0x269/0x350 [ 129.298482][ T7355] ? __pfx___sys_sendmsg+0x10/0x10 [ 129.298558][ T7355] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 129.298589][ T7355] ? do_syscall_64+0x100/0x230 [ 129.298621][ T7355] ? do_syscall_64+0xb6/0x230 [ 129.298652][ T7355] do_syscall_64+0xf3/0x230 [ 129.298680][ T7355] ? clear_bhb_loop+0x35/0x90 [ 129.298718][ T7355] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.298743][ T7355] RIP: 0033:0x7f6998d8d169 [ 129.298761][ T7355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.298777][ T7355] RSP: 002b:00007f6999c95038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 129.298797][ T7355] RAX: ffffffffffffffda RBX: 00007f6998fa6080 RCX: 00007f6998d8d169 [ 129.298811][ T7355] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000007 [ 129.298823][ T7355] RBP: 00007f6998e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 129.298835][ T7355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 129.298846][ T7355] R13: 0000000000000000 R14: 00007f6998fa6080 R15: 00007ffcf2f58e98 [ 129.298877][ T7355] [ 130.200582][ T7310] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.219225][ T7310] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.334274][ T7310] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.345340][ T7374] netlink: 'syz.0.253': attribute type 21 has an invalid length. [ 130.421969][ T7310] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.231049][ T7383] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.243146][ T7383] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.271984][ T7383] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.292996][ T7383] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.669745][ T7417] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 131.717021][ T7417] __nla_validate_parse: 9 callbacks suppressed [ 131.717039][ T7417] netlink: 4 bytes leftover after parsing attributes in process `syz.1.260'. [ 131.772077][ T7419] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 131.794292][ T7420] netlink: 8 bytes leftover after parsing attributes in process `syz.1.260'. [ 131.876787][ T7421] netlink: 4 bytes leftover after parsing attributes in process `syz.2.261'. [ 131.904851][ T7421] netlink: 8 bytes leftover after parsing attributes in process `syz.2.261'. [ 131.975929][ T7423] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 131.984263][ T7423] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 131.992459][ T7423] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 132.000778][ T7423] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 132.058943][ T7425] sysfs: cannot create duplicate filename '/class/ieee80211/!åÆæ$ūĢĢULŁvyøŚŲ¢…D£ųUDŒw˜}zR' [ 132.184119][ T7425] CPU: 0 UID: 0 PID: 7425 Comm: syz.1.263 Not tainted 6.14.0-rc4-syzkaller-00873-g3424291dd242 #0 [ 132.184145][ T7425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 132.184157][ T7425] Call Trace: [ 132.184164][ T7425] [ 132.184171][ T7425] dump_stack_lvl+0x241/0x360 [ 132.184200][ T7425] ? __pfx_dump_stack_lvl+0x10/0x10 [ 132.184220][ T7425] ? __pfx__printk+0x10/0x10 [ 132.184242][ T7425] ? __kmalloc_cache_noprof+0x243/0x390 [ 132.184268][ T7425] ? sysfs_warn_dup+0x51/0xa0 [ 132.184294][ T7425] sysfs_warn_dup+0x8e/0xa0 [ 132.184316][ T7425] sysfs_do_create_link_sd+0xbe/0x110 [ 132.184342][ T7425] device_add_class_symlinks+0x1c5/0x250 [ 132.184373][ T7425] device_add+0x553/0xbf0 [ 132.184405][ T7425] wiphy_register+0x1922/0x2650 [ 132.184436][ T7425] ? __pfx_wiphy_register+0x10/0x10 [ 132.184452][ T7425] ? minstrel_ht_alloc+0x84b/0x940 [ 132.184477][ T7425] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 132.184511][ T7425] ieee80211_register_hw+0x35d9/0x42e0 [ 132.184545][ T7425] ? ieee80211_register_hw+0x15f1/0x42e0 [ 132.184575][ T7425] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 132.184607][ T7425] ? __asan_memset+0x23/0x50 [ 132.184624][ T7425] ? __hrtimer_init+0x170/0x250 [ 132.184646][ T7425] mac80211_hwsim_new_radio+0x2ae8/0x4a40 [ 132.184693][ T7425] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 132.184712][ T7425] ? trace_kmalloc+0x1f/0xd0 [ 132.184733][ T7425] ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0 [ 132.184758][ T7425] ? kstrndup+0xbb/0x150 [ 132.184793][ T7425] hwsim_new_radio_nl+0xece/0x2290 [ 132.184825][ T7425] ? __pfx___nla_validate_parse+0x10/0x10 [ 132.184848][ T7425] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 132.184897][ T7425] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 132.184930][ T7425] genl_rcv_msg+0xb1f/0xec0 [ 132.184965][ T7425] ? __pfx_genl_rcv_msg+0x10/0x10 [ 132.185015][ T7425] ? __pfx_lock_acquire+0x10/0x10 [ 132.185041][ T7425] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 132.185061][ T7425] ? __pfx___might_resched+0x10/0x10 [ 132.185094][ T7425] netlink_rcv_skb+0x206/0x480 [ 132.185115][ T7425] ? __pfx_genl_rcv_msg+0x10/0x10 [ 132.185141][ T7425] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 132.185189][ T7425] genl_rcv+0x28/0x40 [ 132.185212][ T7425] netlink_unicast+0x7f6/0x990 [ 132.185237][ T7425] ? __pfx_netlink_unicast+0x10/0x10 [ 132.185252][ T7425] ? __virt_addr_valid+0x45f/0x530 [ 132.185270][ T7425] ? __phys_addr_symbol+0x2f/0x70 [ 132.185295][ T7425] ? __check_object_size+0x47a/0x730 [ 132.185322][ T7425] netlink_sendmsg+0x8de/0xcb0 [ 132.185353][ T7425] ? __pfx_netlink_sendmsg+0x10/0x10 [ 132.185379][ T7425] ? aa_sock_msg_perm+0x91/0x160 [ 132.185411][ T7425] ? __pfx_netlink_sendmsg+0x10/0x10 [ 132.185431][ T7425] __sock_sendmsg+0x221/0x270 [ 132.185456][ T7425] ____sys_sendmsg+0x53a/0x860 [ 132.185499][ T7425] ? __pfx_____sys_sendmsg+0x10/0x10 [ 132.185526][ T7425] ? __fget_files+0x2a/0x410 [ 132.185577][ T7425] ? __fget_files+0x2a/0x410 [ 132.185617][ T7425] __sys_sendmsg+0x269/0x350 [ 132.185648][ T7425] ? __pfx_futex_wake+0x10/0x10 [ 132.185684][ T7425] ? __pfx___sys_sendmsg+0x10/0x10 [ 132.185769][ T7425] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 132.185803][ T7425] ? do_syscall_64+0x100/0x230 [ 132.185838][ T7425] ? do_syscall_64+0xb6/0x230 [ 132.185872][ T7425] do_syscall_64+0xf3/0x230 [ 132.185903][ T7425] ? clear_bhb_loop+0x35/0x90 [ 132.185937][ T7425] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.185965][ T7425] RIP: 0033:0x7f4ab438d169 [ 132.185983][ T7425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.186000][ T7425] RSP: 002b:00007f4ab5152038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 132.186023][ T7425] RAX: ffffffffffffffda RBX: 00007f4ab45a6080 RCX: 00007f4ab438d169 [ 132.186038][ T7425] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000007 [ 132.186051][ T7425] RBP: 00007f4ab440e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 132.186064][ T7425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 132.186076][ T7425] R13: 0000000000000000 R14: 00007f4ab45a6080 R15: 00007ffefee0e898 [ 132.186109][ T7425] [ 132.652255][ T7432] dvmrp0: entered allmulticast mode [ 132.888253][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.894716][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.075667][ T7444] netlink: 4 bytes leftover after parsing attributes in process `syz.2.270'. [ 133.144613][ T7446] netlink: 20 bytes leftover after parsing attributes in process `syz.3.271'. [ 133.165008][ T7446] netlink: 40 bytes leftover after parsing attributes in process `syz.3.271'. [ 133.451437][ T7453] netlink: 40 bytes leftover after parsing attributes in process `syz.2.272'. [ 133.646183][ T7456] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 133.722299][ T7456] netlink: 4 bytes leftover after parsing attributes in process `syz.3.273'. [ 133.731845][ T7456] netlink: 8 bytes leftover after parsing attributes in process `syz.3.273'. [ 134.156771][ T7452] veth0_virt_wifi: left allmulticast mode [ 134.171429][ T7474] netlink: 'syz.0.276': attribute type 21 has an invalid length. [ 134.173226][ T7452] veth0_virt_wifi: left promiscuous mode [ 134.427127][ T7452] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.463702][ T7452] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.481262][ T7452] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.515755][ T7452] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.571469][ T7452] vlan2: left promiscuous mode [ 134.586710][ T7452] vlan2: left allmulticast mode [ 134.609560][ T7462] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 134.639609][ T7462] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.691152][ T7472] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 134.709345][ T7472] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.738543][ T7462] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 134.748723][ T7462] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.809271][ T7472] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 134.843814][ T7472] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.890857][ T7462] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 134.909841][ T7487] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 134.949964][ T7462] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.988294][ T7472] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 135.024154][ T7472] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.075929][ T7462] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 135.093016][ T7462] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.122259][ T7472] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 135.157648][ T7472] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.397640][ T7472] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 135.408598][ T7472] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.458855][ T7472] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 135.469856][ T7472] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.491173][ T7472] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 135.502653][ T7472] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.521571][ T7472] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 135.535345][ T7472] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.882509][ T7516] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 136.368036][ T7527] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 136.384811][ T7527] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.438972][ T7527] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 136.470187][ T7527] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.554101][ T7527] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 136.580757][ T7527] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.708700][ T7527] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 136.747937][ T7520] __nla_validate_parse: 8 callbacks suppressed [ 136.747953][ T7520] netlink: 8 bytes leftover after parsing attributes in process `syz.1.285'. [ 136.783812][ T7527] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.942648][ T7539] netlink: 'syz.0.289': attribute type 21 has an invalid length. [ 136.962896][ T7539] netlink: 16 bytes leftover after parsing attributes in process `syz.0.289'. [ 137.073411][ T7527] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.154103][ T7527] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.181698][ T7527] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.207485][ T7543] netlink: 8 bytes leftover after parsing attributes in process `syz.2.290'. [ 137.221557][ T7527] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.291688][ T7527] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.319405][ T7527] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.348772][ T7527] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.370483][ T7527] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.379353][ T7541] netlink: 20 bytes leftover after parsing attributes in process `syz.4.287'. [ 137.684839][ T7559] bridge_slave_0: left allmulticast mode [ 137.690713][ T7559] bridge_slave_0: left promiscuous mode [ 137.697061][ T7559] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.709452][ T7559] bridge_slave_1: left allmulticast mode [ 137.743026][ T7559] bridge_slave_1: left promiscuous mode [ 137.752177][ T7559] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.781826][ T7559] bond0: (slave bond_slave_0): Releasing backup interface [ 137.814921][ T7559] bond0: (slave bond_slave_1): Releasing backup interface [ 137.842864][ T7559] team0: Port device team_slave_0 removed [ 137.863366][ T7559] team0: Port device team_slave_1 removed [ 137.882140][ T7559] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 137.889909][ T7559] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 137.898263][ T7559] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 137.906277][ T7559] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 138.035064][ T7565] dvmrp0: entered allmulticast mode [ 138.120524][ T7561] netlink: 20 bytes leftover after parsing attributes in process `syz.0.293'. [ 138.225010][ T7572] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 138.269165][ T7572] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.567326][ T7582] netlink: 'syz.0.297': attribute type 21 has an invalid length. [ 138.599014][ T7582] netlink: 16 bytes leftover after parsing attributes in process `syz.0.297'. [ 138.895912][ T7574] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.934048][ T7574] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.963895][ T7574] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.972285][ T7574] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.116409][ T7574] netdevsim netdevsim1 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 139.125195][ T7574] netdevsim netdevsim1 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 139.133557][ T7574] netdevsim netdevsim1 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 139.142315][ T7574] netdevsim netdevsim1 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 139.155849][ T7572] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 139.166906][ T7572] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.181544][ T7591] netlink: 20 bytes leftover after parsing attributes in process `syz.4.295'. [ 139.242956][ T7595] netlink: 'syz.3.299': attribute type 10 has an invalid length. [ 139.252896][ T7572] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 139.270261][ T7572] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.301650][ T7595] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 139.331798][ T7572] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 139.354850][ T7572] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.400137][ T7596] netlink: 12 bytes leftover after parsing attributes in process `syz.3.299'. [ 139.675286][ T7612] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 139.799870][ T7622] netlink: 'syz.3.305': attribute type 21 has an invalid length. [ 139.814319][ T7617] netlink: 8 bytes leftover after parsing attributes in process `syz.2.304'. [ 139.838548][ T7622] netlink: 16 bytes leftover after parsing attributes in process `syz.3.305'. [ 140.441760][ T7628] team0: left allmulticast mode [ 140.449117][ T7628] team0: left promiscuous mode [ 140.455386][ T7628] bridge0: port 1(team0) entered disabled state [ 140.659884][ T7633] dvmrp0: entered allmulticast mode [ 140.782723][ T7637] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 140.823770][ T7637] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.847942][ T7637] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 140.887307][ T7637] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.928777][ T7637] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 140.961508][ T7637] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.062920][ T7637] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 141.086520][ T7637] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.165768][ T7572] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 141.190390][ T7572] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.235566][ T7572] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 141.249890][ T7572] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.313790][ T7572] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 141.323739][ T7572] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.378913][ T7572] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 141.414096][ T7572] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 141.879557][ T7637] __nla_validate_parse: 1 callbacks suppressed [ 141.879574][ T7637] netlink: 20 bytes leftover after parsing attributes in process `syz.3.310'. [ 141.980314][ T7663] netlink: 'syz.4.316': attribute type 11 has an invalid length. [ 142.174506][ T7643] netlink: 20 bytes leftover after parsing attributes in process `syz.2.312'. [ 142.770331][ T7676] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 142.791588][ T7674] bridge0: port 1(gretap0) entered blocking state [ 142.805327][ T7674] bridge0: port 1(gretap0) entered disabled state [ 142.823105][ T7674] gretap0: entered allmulticast mode [ 142.831821][ T7674] gretap0: entered promiscuous mode [ 142.860083][ T7674] bridge0: port 1(gretap0) entered blocking state [ 142.866734][ T7674] bridge0: port 1(gretap0) entered forwarding state [ 142.887315][ T7672] netlink: 'syz.2.318': attribute type 4 has an invalid length. [ 142.914647][ T7677] gretap0: left allmulticast mode [ 142.921635][ T7678] netlink: 8 bytes leftover after parsing attributes in process `syz.0.320'. [ 142.930713][ T7677] gretap0: left promiscuous mode [ 142.957118][ T7677] bridge0: port 1(gretap0) entered disabled state [ 143.049746][ T7681] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 143.071085][ T7681] netlink: 4 bytes leftover after parsing attributes in process `syz.4.321'. [ 143.106129][ T7681] netlink: 8 bytes leftover after parsing attributes in process `syz.4.321'. [ 143.500481][ T7690] netlink: 'syz.2.325': attribute type 21 has an invalid length. [ 143.540083][ T7690] netlink: 16 bytes leftover after parsing attributes in process `syz.2.325'. [ 143.567665][ T7688] netlink: 20 bytes leftover after parsing attributes in process `syz.1.327'. [ 144.680813][ T7715] netlink: 'syz.4.332': attribute type 10 has an invalid length. [ 144.913416][ T7724] netlink: 12 bytes leftover after parsing attributes in process `syz.4.332'. [ 144.940935][ T7705] veth0_macvtap: left allmulticast mode [ 144.963130][ T7705] macvtap0: left allmulticast mode [ 145.106743][ T7705] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.143904][ T7705] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.168440][ T7705] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.178532][ T7705] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.218193][ T7705] macvlan2: left promiscuous mode [ 145.247655][ T7705] netdevsim netdevsim3 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 145.256260][ T7705] netdevsim netdevsim3 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 145.264784][ T7705] netdevsim netdevsim3 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 145.273145][ T7705] netdevsim netdevsim3 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 145.311350][ T7705] vlan2: left allmulticast mode [ 145.448191][ T7715] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 145.467093][ T7719] netlink: 20 bytes leftover after parsing attributes in process `syz.2.328'. [ 145.774104][ T7745] netlink: 20 bytes leftover after parsing attributes in process `syz.3.334'. [ 145.940255][ T7754] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 146.506352][ T7772] netlink: 'syz.3.343': attribute type 21 has an invalid length. [ 146.827539][ T7781] netlink: 'syz.3.345': attribute type 21 has an invalid length. [ 147.139072][ T7785] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 147.216631][ T7776] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.248052][ T7776] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.271441][ T7776] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.280335][ T7792] __nla_validate_parse: 4 callbacks suppressed [ 147.280350][ T7792] netlink: 8 bytes leftover after parsing attributes in process `syz.3.346'. [ 147.311355][ T7776] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.347650][ T7776] netdevsim netdevsim4 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 147.356133][ T7776] netdevsim netdevsim4 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 147.364602][ T7776] netdevsim netdevsim4 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 147.372987][ T7776] netdevsim netdevsim4 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 147.499923][ T7797] netlink: 'syz.1.348': attribute type 21 has an invalid length. [ 147.524502][ T7797] netlink: 16 bytes leftover after parsing attributes in process `syz.1.348'. [ 147.543991][ T7794] netlink: 20 bytes leftover after parsing attributes in process `syz.2.339'. [ 147.607460][ T7799] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 147.662418][ T7799] netlink: 8 bytes leftover after parsing attributes in process `syz.4.349'. [ 147.824016][ T7801] netlink: 20 bytes leftover after parsing attributes in process `syz.1.350'. [ 148.086905][ T7814] netlink: 12 bytes leftover after parsing attributes in process `syz.3.354'. [ 148.218740][ T7815] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 148.233945][ T7815] CPU: 0 UID: 0 PID: 7815 Comm: syz.4.353 Not tainted 6.14.0-rc4-syzkaller-00873-g3424291dd242 #0 [ 148.233970][ T7815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 148.233981][ T7815] Call Trace: [ 148.233988][ T7815] [ 148.233995][ T7815] dump_stack_lvl+0x241/0x360 [ 148.234024][ T7815] ? __pfx_dump_stack_lvl+0x10/0x10 [ 148.234045][ T7815] ? __pfx__printk+0x10/0x10 [ 148.234068][ T7815] ? __kmalloc_cache_noprof+0x243/0x390 [ 148.234093][ T7815] ? sysfs_warn_dup+0x51/0xa0 [ 148.234127][ T7815] sysfs_warn_dup+0x8e/0xa0 [ 148.234148][ T7815] sysfs_do_create_link_sd+0xbe/0x110 [ 148.234173][ T7815] device_add_class_symlinks+0x1c5/0x250 [ 148.234205][ T7815] device_add+0x553/0xbf0 [ 148.234237][ T7815] wiphy_register+0x1922/0x2650 [ 148.234269][ T7815] ? __pfx_wiphy_register+0x10/0x10 [ 148.234286][ T7815] ? minstrel_ht_alloc+0x84b/0x940 [ 148.234313][ T7815] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 148.234340][ T7815] ieee80211_register_hw+0x35d9/0x42e0 [ 148.234376][ T7815] ? ieee80211_register_hw+0x15f1/0x42e0 [ 148.234406][ T7815] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 148.234440][ T7815] ? __asan_memset+0x23/0x50 [ 148.234457][ T7815] ? __hrtimer_init+0x170/0x250 [ 148.234481][ T7815] mac80211_hwsim_new_radio+0x2ae8/0x4a40 [ 148.234532][ T7815] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 148.234553][ T7815] ? trace_kmalloc+0x1f/0xd0 [ 148.234574][ T7815] ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0 [ 148.234600][ T7815] ? kstrndup+0xbb/0x150 [ 148.234636][ T7815] hwsim_new_radio_nl+0xece/0x2290 [ 148.234669][ T7815] ? __pfx___nla_validate_parse+0x10/0x10 [ 148.234693][ T7815] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 148.234746][ T7815] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 148.234784][ T7815] genl_rcv_msg+0xb1f/0xec0 [ 148.234820][ T7815] ? __pfx_genl_rcv_msg+0x10/0x10 [ 148.234876][ T7815] ? __pfx_lock_acquire+0x10/0x10 [ 148.234902][ T7815] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 148.234924][ T7815] ? __pfx___might_resched+0x10/0x10 [ 148.234959][ T7815] netlink_rcv_skb+0x206/0x480 [ 148.234981][ T7815] ? __pfx_genl_rcv_msg+0x10/0x10 [ 148.235009][ T7815] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 148.235062][ T7815] genl_rcv+0x28/0x40 [ 148.235085][ T7815] netlink_unicast+0x7f6/0x990 [ 148.235124][ T7815] ? __pfx_netlink_unicast+0x10/0x10 [ 148.235140][ T7815] ? __virt_addr_valid+0x45f/0x530 [ 148.235159][ T7815] ? __phys_addr_symbol+0x2f/0x70 [ 148.235186][ T7815] ? __check_object_size+0x47a/0x730 [ 148.235215][ T7815] netlink_sendmsg+0x8de/0xcb0 [ 148.235249][ T7815] ? __pfx_netlink_sendmsg+0x10/0x10 [ 148.235276][ T7815] ? aa_sock_msg_perm+0x91/0x160 [ 148.235309][ T7815] ? __pfx_netlink_sendmsg+0x10/0x10 [ 148.235328][ T7815] __sock_sendmsg+0x221/0x270 [ 148.235354][ T7815] ____sys_sendmsg+0x53a/0x860 [ 148.235391][ T7815] ? __pfx_____sys_sendmsg+0x10/0x10 [ 148.235417][ T7815] ? __fget_files+0x2a/0x410 [ 148.235446][ T7815] ? __fget_files+0x2a/0x410 [ 148.235481][ T7815] __sys_sendmsg+0x269/0x350 [ 148.235515][ T7815] ? __pfx___sys_sendmsg+0x10/0x10 [ 148.235615][ T7815] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 148.235650][ T7815] ? do_syscall_64+0x100/0x230 [ 148.235686][ T7815] ? do_syscall_64+0xb6/0x230 [ 148.235721][ T7815] do_syscall_64+0xf3/0x230 [ 148.235752][ T7815] ? clear_bhb_loop+0x35/0x90 [ 148.235787][ T7815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.235815][ T7815] RIP: 0033:0x7f6998d8d169 [ 148.235834][ T7815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.235851][ T7815] RSP: 002b:00007f6999c95038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 148.235874][ T7815] RAX: ffffffffffffffda RBX: 00007f6998fa6080 RCX: 00007f6998d8d169 [ 148.235890][ T7815] RDX: 0000000000000800 RSI: 0000400000000100 RDI: 0000000000000005 [ 148.235903][ T7815] RBP: 00007f6998e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 148.235917][ T7815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 148.235929][ T7815] R13: 0000000000000000 R14: 00007f6998fa6080 R15: 00007ffcf2f58e98 [ 148.235962][ T7815] [ 148.717243][ T7821] syzkaller1: entered promiscuous mode [ 148.722768][ T7821] syzkaller1: entered allmulticast mode [ 148.743273][ T7810] netlink: 20 bytes leftover after parsing attributes in process `syz.0.347'. [ 148.889927][ T7823] netlink: 'syz.2.356': attribute type 21 has an invalid length. [ 148.913162][ T7823] netlink: 16 bytes leftover after parsing attributes in process `syz.2.356'. [ 149.523899][ T7851] netlink: 12 bytes leftover after parsing attributes in process `syz.1.361'. [ 149.552853][ T7851] netlink: 4 bytes leftover after parsing attributes in process `syz.1.361'. [ 149.568494][ T7851] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 149.581309][ T7851] batman_adv: batadv0: Adding interface: ip6gretap1 [ 149.596076][ T7851] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.643907][ T7851] batman_adv: batadv0: Interface activated: ip6gretap1 [ 150.034139][ T7862] bond0: (slave wlan1): Releasing backup interface [ 150.323467][ T7870] netlink: 'syz.2.368': attribute type 10 has an invalid length. [ 150.367516][ T7870] team0: entered promiscuous mode [ 150.373398][ T7870] 8021q: adding VLAN 0 to HW filter on device team0 [ 150.390188][ T7870] bridge0: port 1(team0) entered blocking state [ 150.408178][ T7870] bridge0: port 1(team0) entered disabled state [ 150.433796][ T7870] team0: entered allmulticast mode [ 150.441729][ T7876] netlink: 'syz.0.367': attribute type 11 has an invalid length. [ 151.512633][ T7904] batman_adv: batadv0: Interface deactivated: ip6gretap1 [ 151.653074][ T7908] bridge0: port 1(gretap0) entered blocking state [ 151.699442][ T7908] bridge0: port 1(gretap0) entered disabled state [ 151.717527][ T7908] gretap0: entered allmulticast mode [ 151.795192][ T7908] gretap0: entered promiscuous mode [ 151.808252][ T7913] batadv_slave_1: entered promiscuous mode [ 151.817041][ T7914] gretap0: left allmulticast mode [ 151.833421][ T7914] gretap0: left promiscuous mode [ 151.843098][ T7914] bridge0: port 1(gretap0) entered disabled state [ 152.357785][ T7912] batadv_slave_1: left promiscuous mode [ 153.230969][ T7942] __nla_validate_parse: 4 callbacks suppressed [ 153.230989][ T7942] netlink: 12 bytes leftover after parsing attributes in process `syz.4.383'. [ 153.239569][ T7944] batman_adv: batadv0: Removing interface: ip6gretap1 [ 153.276379][ T7944] netlink: 'syz.1.381': attribute type 10 has an invalid length. [ 153.298508][ T7944] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 153.381049][ T7949] netlink: 12 bytes leftover after parsing attributes in process `syz.1.381'. [ 153.744487][ T7967] netlink: 32 bytes leftover after parsing attributes in process `syz.4.386'. [ 153.845183][ T7970] netlink: 'syz.1.389': attribute type 21 has an invalid length. [ 153.883968][ T7970] netlink: 16 bytes leftover after parsing attributes in process `syz.1.389'. [ 154.519668][ T7955] netlink: 8 bytes leftover after parsing attributes in process `syz.3.384'. [ 154.847497][ T7998] netlink: 4 bytes leftover after parsing attributes in process `syz.1.394'. [ 155.234806][ T8006] netlink: 12 bytes leftover after parsing attributes in process `syz.4.397'. [ 156.166717][ T8034] netlink: 'syz.0.401': attribute type 11 has an invalid length. [ 156.437665][ T8010] netlink: 8 bytes leftover after parsing attributes in process `syz.3.398'. [ 156.989163][ T8050] netlink: 20 bytes leftover after parsing attributes in process `syz.2.404'. [ 157.220874][ T8055] netlink: 20 bytes leftover after parsing attributes in process `syz.4.402'. [ 158.392077][ T8091] __nla_validate_parse: 2 callbacks suppressed [ 158.392096][ T8091] netlink: 20 bytes leftover after parsing attributes in process `syz.0.413'. [ 158.577033][ T8092] netlink: 20 bytes leftover after parsing attributes in process `syz.4.415'. [ 158.781390][ T8068] netlink: 8 bytes leftover after parsing attributes in process `syz.1.408'. [ 159.352574][ T8116] netlink: 4 bytes leftover after parsing attributes in process `syz.4.419'. [ 159.638386][ T8124] team0: Mode "broadcas" not found [ 159.728898][ T8126] netlink: 20 bytes leftover after parsing attributes in process `syz.3.420'. [ 159.754847][ T8132] netlink: 12 bytes leftover after parsing attributes in process `syz.2.424'. [ 160.095446][ T8145] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 160.141228][ T8148] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 160.168203][ T8148] CPU: 0 UID: 0 PID: 8148 Comm: syz.0.437 Not tainted 6.14.0-rc4-syzkaller-00873-g3424291dd242 #0 [ 160.168231][ T8148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 160.168244][ T8148] Call Trace: [ 160.168251][ T8148] [ 160.168261][ T8148] dump_stack_lvl+0x241/0x360 [ 160.168292][ T8148] ? __pfx_dump_stack_lvl+0x10/0x10 [ 160.168316][ T8148] ? __pfx__printk+0x10/0x10 [ 160.168341][ T8148] ? __kmalloc_cache_noprof+0x243/0x390 [ 160.168368][ T8148] ? sysfs_warn_dup+0x51/0xa0 [ 160.168409][ T8148] sysfs_warn_dup+0x8e/0xa0 [ 160.168432][ T8148] sysfs_do_create_link_sd+0xbe/0x110 [ 160.168470][ T8148] device_add_class_symlinks+0x1c5/0x250 [ 160.168512][ T8148] device_add+0x553/0xbf0 [ 160.168545][ T8148] wiphy_register+0x1922/0x2650 [ 160.168576][ T8148] ? __pfx_wiphy_register+0x10/0x10 [ 160.168594][ T8148] ? minstrel_ht_alloc+0x84b/0x940 [ 160.168620][ T8148] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 160.168646][ T8148] ieee80211_register_hw+0x35d9/0x42e0 [ 160.168682][ T8148] ? ieee80211_register_hw+0x15f1/0x42e0 [ 160.168713][ T8148] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 160.168746][ T8148] ? __asan_memset+0x23/0x50 [ 160.168764][ T8148] ? __hrtimer_init+0x170/0x250 [ 160.168788][ T8148] mac80211_hwsim_new_radio+0x2ae8/0x4a40 [ 160.168837][ T8148] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 160.168858][ T8148] ? trace_kmalloc+0x1f/0xd0 [ 160.168880][ T8148] ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0 [ 160.168905][ T8148] ? kstrndup+0xbb/0x150 [ 160.168941][ T8148] hwsim_new_radio_nl+0xece/0x2290 [ 160.168973][ T8148] ? __pfx___nla_validate_parse+0x10/0x10 [ 160.168997][ T8148] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 160.169049][ T8148] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 160.169085][ T8148] genl_rcv_msg+0xb1f/0xec0 [ 160.169119][ T8148] ? __pfx_genl_rcv_msg+0x10/0x10 [ 160.169173][ T8148] ? __pfx_lock_acquire+0x10/0x10 [ 160.169199][ T8148] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 160.169221][ T8148] ? __pfx___might_resched+0x10/0x10 [ 160.169255][ T8148] netlink_rcv_skb+0x206/0x480 [ 160.169278][ T8148] ? __pfx_genl_rcv_msg+0x10/0x10 [ 160.169306][ T8148] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 160.169355][ T8148] genl_rcv+0x28/0x40 [ 160.169378][ T8148] netlink_unicast+0x7f6/0x990 [ 160.169405][ T8148] ? __pfx_netlink_unicast+0x10/0x10 [ 160.169422][ T8148] ? __virt_addr_valid+0x45f/0x530 [ 160.169440][ T8148] ? __phys_addr_symbol+0x2f/0x70 [ 160.169467][ T8148] ? __check_object_size+0x47a/0x730 [ 160.169496][ T8148] netlink_sendmsg+0x8de/0xcb0 [ 160.169537][ T8148] ? __pfx_netlink_sendmsg+0x10/0x10 [ 160.169564][ T8148] ? aa_sock_msg_perm+0x91/0x160 [ 160.169597][ T8148] ? __pfx_netlink_sendmsg+0x10/0x10 [ 160.169616][ T8148] __sock_sendmsg+0x221/0x270 [ 160.169642][ T8148] ____sys_sendmsg+0x53a/0x860 [ 160.169677][ T8148] ? __pfx_____sys_sendmsg+0x10/0x10 [ 160.169703][ T8148] ? __fget_files+0x2a/0x410 [ 160.169732][ T8148] ? __fget_files+0x2a/0x410 [ 160.169766][ T8148] __sys_sendmsg+0x269/0x350 [ 160.169794][ T8148] ? __pfx_futex_wake+0x10/0x10 [ 160.169824][ T8148] ? __pfx___sys_sendmsg+0x10/0x10 [ 160.169895][ T8148] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 160.169924][ T8148] ? do_syscall_64+0x100/0x230 [ 160.169954][ T8148] ? do_syscall_64+0xb6/0x230 [ 160.169983][ T8148] do_syscall_64+0xf3/0x230 [ 160.170009][ T8148] ? clear_bhb_loop+0x35/0x90 [ 160.170037][ T8148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.170062][ T8148] RIP: 0033:0x7f6bf798d169 [ 160.170078][ T8148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.170093][ T8148] RSP: 002b:00007f6bf881e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 160.170112][ T8148] RAX: ffffffffffffffda RBX: 00007f6bf7ba6080 RCX: 00007f6bf798d169 [ 160.170125][ T8148] RDX: 0000000000000800 RSI: 0000400000000100 RDI: 0000000000000005 [ 160.170137][ T8148] RBP: 00007f6bf7a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 160.170149][ T8148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 160.170160][ T8148] R13: 0000000000000000 R14: 00007f6bf7ba6080 R15: 00007fffe07dd838 [ 160.170187][ T8148] [ 160.631855][ T8145] netlink: 8 bytes leftover after parsing attributes in process `syz.2.428'. [ 160.682742][ T8155] syzkaller1: entered promiscuous mode [ 160.688498][ T8155] syzkaller1: entered allmulticast mode [ 161.190252][ T8174] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 161.254115][ T8174] netlink: 8 bytes leftover after parsing attributes in process `syz.2.434'. [ 161.433959][ T8179] xt_connbytes: Forcing CT accounting to be enabled [ 161.460465][ T8179] Cannot find add_set index 0 as target [ 161.668502][ T8186] netlink: 12 bytes leftover after parsing attributes in process `syz.2.439'. [ 161.990638][ T8193] netlink: 'syz.2.441': attribute type 10 has an invalid length. [ 162.016027][ T8193] netlink: 2 bytes leftover after parsing attributes in process `syz.2.441'. [ 162.048983][ T8193] 8021q: adding VLAN 0 to HW filter on device team0 [ 162.126084][ T8201] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 162.905228][ T8222] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 163.498665][ T8248] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 163.623042][ T8251] __nla_validate_parse: 6 callbacks suppressed [ 163.623060][ T8251] netlink: 8 bytes leftover after parsing attributes in process `syz.2.455'. [ 164.054906][ T8264] team0: left allmulticast mode [ 164.059944][ T8264] bridge0: port 1(team0) entered disabled state [ 164.100845][ T8264] bond0: (slave wlan1): Releasing backup interface [ 164.311238][ T8269] netlink: 'syz.2.461': attribute type 10 has an invalid length. [ 164.357549][ T8269] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 164.498076][ T8277] netlink: 12 bytes leftover after parsing attributes in process `syz.2.461'. [ 164.601338][ T8256] netlink: 8 bytes leftover after parsing attributes in process `syz.4.456'. [ 164.939522][ T8285] netlink: 20 bytes leftover after parsing attributes in process `syz.2.463'. [ 165.219739][ T8292] batadv_slave_1: entered promiscuous mode [ 165.523353][ T8266] netlink: 20 bytes leftover after parsing attributes in process `syz.0.460'. [ 165.801719][ T8291] batadv_slave_1: left promiscuous mode [ 166.066052][ T8318] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 166.169758][ T8318] netlink: 8 bytes leftover after parsing attributes in process `syz.1.469'. [ 166.671294][ T8305] netlink: 8 bytes leftover after parsing attributes in process `syz.3.467'. [ 167.289960][ T8323] netlink: 20 bytes leftover after parsing attributes in process `syz.4.471'. [ 167.488171][ T8329] netlink: 20 bytes leftover after parsing attributes in process `syz.2.473'. [ 167.679745][ T8350] syzkaller0: entered promiscuous mode [ 167.734139][ T8350] syzkaller0: entered allmulticast mode [ 167.789550][ T8350] netlink: 20 bytes leftover after parsing attributes in process `syz.0.477'. [ 167.916459][ T8366] batadv_slave_1: entered promiscuous mode [ 168.700972][ T8348] netlink: 8 bytes leftover after parsing attributes in process `syz.3.476'. [ 169.196408][ T8391] netlink: 12 bytes leftover after parsing attributes in process `syz.3.482'. [ 169.231011][ T8393] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 169.375374][ T8397] netlink: 8 bytes leftover after parsing attributes in process `syz.1.483'. [ 170.194588][ T8363] netlink: 20 bytes leftover after parsing attributes in process `syz.4.478'. [ 170.207480][ T8364] batadv_slave_1: left promiscuous mode [ 170.355899][ T8401] netlink: 40 bytes leftover after parsing attributes in process `syz.1.484'. [ 171.534526][ T8434] netlink: 'syz.0.493': attribute type 21 has an invalid length. [ 171.552615][ T8434] netlink: 16 bytes leftover after parsing attributes in process `syz.0.493'. [ 171.739954][ T8416] netlink: 20 bytes leftover after parsing attributes in process `syz.2.488'. [ 171.987019][ T8426] netlink: 8 bytes leftover after parsing attributes in process `syz.1.492'. [ 172.255871][ T8451] syzkaller0: entered promiscuous mode [ 172.261579][ T8453] netlink: 12 bytes leftover after parsing attributes in process `syz.3.497'. [ 172.280983][ T8451] syzkaller0: entered allmulticast mode [ 172.409720][ T8455] netlink: 20 bytes leftover after parsing attributes in process `syz.4.495'. [ 172.831414][ T8482] netlink: 'syz.3.500': attribute type 11 has an invalid length. [ 174.495672][ T8487] __nla_validate_parse: 3 callbacks suppressed [ 174.495693][ T8487] netlink: 20 bytes leftover after parsing attributes in process `syz.3.501'. [ 174.757324][ T8493] bond0: (slave wlan1): Releasing backup interface [ 175.338517][ T8504] netlink: 'syz.3.507': attribute type 10 has an invalid length. [ 175.348896][ T8504] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 175.413314][ T8507] netlink: 12 bytes leftover after parsing attributes in process `syz.3.507'. [ 175.982919][ T8499] netlink: 20 bytes leftover after parsing attributes in process `syz.2.506'. [ 176.462235][ T8531] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 176.521156][ T8533] team0: left promiscuous mode [ 176.540110][ T8533] netlink: 40 bytes leftover after parsing attributes in process `syz.2.513'. [ 176.624378][ T8531] netlink: 8 bytes leftover after parsing attributes in process `syz.4.512'. [ 176.805798][ T8545] netlink: 12 bytes leftover after parsing attributes in process `syz.0.514'. [ 176.854569][ T8537] netlink: 8 bytes leftover after parsing attributes in process `syz.1.508'. [ 177.171028][ T8557] netlink: 'syz.3.518': attribute type 21 has an invalid length. [ 177.179338][ T8557] netlink: 16 bytes leftover after parsing attributes in process `syz.3.518'. [ 177.423950][ T8566] netlink: 20 bytes leftover after parsing attributes in process `syz.0.519'. [ 177.441590][ T8568] bond0: (slave wlan1): Releasing backup interface [ 177.458095][ T8565] netlink: 'syz.1.520': attribute type 10 has an invalid length. [ 177.531876][ T8565] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 177.572954][ T8565] netlink: 12 bytes leftover after parsing attributes in process `syz.1.520'. [ 179.871241][ T8627] __nla_validate_parse: 4 callbacks suppressed [ 179.871282][ T8627] netlink: 20 bytes leftover after parsing attributes in process `syz.4.533'. [ 180.090467][ T8633] netlink: 12 bytes leftover after parsing attributes in process `syz.1.534'. [ 180.113180][ T8607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.530'. [ 180.554284][ T8618] netlink: 8 bytes leftover after parsing attributes in process `syz.2.531'. [ 181.143785][ T8652] netlink: 20 bytes leftover after parsing attributes in process `syz.3.535'. [ 181.599000][ T8658] netlink: 12 bytes leftover after parsing attributes in process `syz.3.540'. [ 181.665613][ T8659] netlink: 40 bytes leftover after parsing attributes in process `syz.0.541'. [ 182.039143][ T8675] netlink: 12 bytes leftover after parsing attributes in process `syz.1.546'. [ 182.165662][ T8676] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 182.198751][ T8676] CPU: 0 UID: 0 PID: 8676 Comm: syz.3.544 Not tainted 6.14.0-rc4-syzkaller-00873-g3424291dd242 #0 [ 182.198775][ T8676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 182.198787][ T8676] Call Trace: [ 182.198793][ T8676] [ 182.198802][ T8676] dump_stack_lvl+0x241/0x360 [ 182.198840][ T8676] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.198861][ T8676] ? __pfx__printk+0x10/0x10 [ 182.198885][ T8676] ? __kmalloc_cache_noprof+0x243/0x390 [ 182.198911][ T8676] ? sysfs_warn_dup+0x51/0xa0 [ 182.198938][ T8676] sysfs_warn_dup+0x8e/0xa0 [ 182.198967][ T8676] sysfs_do_create_link_sd+0xbe/0x110 [ 182.198992][ T8676] device_add_class_symlinks+0x1c5/0x250 [ 182.199024][ T8676] device_add+0x553/0xbf0 [ 182.199056][ T8676] wiphy_register+0x1922/0x2650 [ 182.199087][ T8676] ? __pfx_wiphy_register+0x10/0x10 [ 182.199105][ T8676] ? minstrel_ht_alloc+0x84b/0x940 [ 182.199131][ T8676] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 182.199157][ T8676] ieee80211_register_hw+0x35d9/0x42e0 [ 182.199192][ T8676] ? ieee80211_register_hw+0x15f1/0x42e0 [ 182.199223][ T8676] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 182.199255][ T8676] ? __asan_memset+0x23/0x50 [ 182.199273][ T8676] ? __hrtimer_init+0x170/0x250 [ 182.199297][ T8676] mac80211_hwsim_new_radio+0x2ae8/0x4a40 [ 182.199345][ T8676] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 182.199366][ T8676] ? trace_kmalloc+0x1f/0xd0 [ 182.199388][ T8676] ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0 [ 182.199415][ T8676] ? kstrndup+0xbb/0x150 [ 182.199450][ T8676] hwsim_new_radio_nl+0xece/0x2290 [ 182.199483][ T8676] ? __pfx___nla_validate_parse+0x10/0x10 [ 182.199506][ T8676] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 182.199558][ T8676] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 182.199595][ T8676] genl_rcv_msg+0xb1f/0xec0 [ 182.199630][ T8676] ? __pfx_genl_rcv_msg+0x10/0x10 [ 182.199702][ T8676] ? __pfx_lock_acquire+0x10/0x10 [ 182.199731][ T8676] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 182.199754][ T8676] ? __pfx___might_resched+0x10/0x10 [ 182.199791][ T8676] netlink_rcv_skb+0x206/0x480 [ 182.199815][ T8676] ? __pfx_genl_rcv_msg+0x10/0x10 [ 182.199845][ T8676] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 182.199899][ T8676] genl_rcv+0x28/0x40 [ 182.199924][ T8676] netlink_unicast+0x7f6/0x990 [ 182.199959][ T8676] ? __pfx_netlink_unicast+0x10/0x10 [ 182.199978][ T8676] ? __virt_addr_valid+0x45f/0x530 [ 182.200009][ T8676] ? __phys_addr_symbol+0x2f/0x70 [ 182.200038][ T8676] ? __check_object_size+0x47a/0x730 [ 182.200085][ T8676] netlink_sendmsg+0x8de/0xcb0 [ 182.200122][ T8676] ? __pfx_netlink_sendmsg+0x10/0x10 [ 182.200150][ T8676] ? aa_sock_msg_perm+0x91/0x160 [ 182.200185][ T8676] ? __pfx_netlink_sendmsg+0x10/0x10 [ 182.200206][ T8676] __sock_sendmsg+0x221/0x270 [ 182.200233][ T8676] ____sys_sendmsg+0x53a/0x860 [ 182.200272][ T8676] ? __pfx_____sys_sendmsg+0x10/0x10 [ 182.200300][ T8676] ? __fget_files+0x2a/0x410 [ 182.200331][ T8676] ? __fget_files+0x2a/0x410 [ 182.200386][ T8676] __sys_sendmsg+0x269/0x350 [ 182.200424][ T8676] ? __pfx___sys_sendmsg+0x10/0x10 [ 182.200504][ T8676] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 182.200538][ T8676] ? do_syscall_64+0x100/0x230 [ 182.200574][ T8676] ? do_syscall_64+0xb6/0x230 [ 182.200609][ T8676] do_syscall_64+0xf3/0x230 [ 182.200640][ T8676] ? clear_bhb_loop+0x35/0x90 [ 182.200697][ T8676] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.200745][ T8676] RIP: 0033:0x7fce7858d169 [ 182.200773][ T8676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.200793][ T8676] RSP: 002b:00007fce793fd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 182.200825][ T8676] RAX: ffffffffffffffda RBX: 00007fce787a6080 RCX: 00007fce7858d169 [ 182.200842][ T8676] RDX: 0000000000000800 RSI: 0000400000000100 RDI: 0000000000000005 [ 182.200857][ T8676] RBP: 00007fce7860e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 182.200871][ T8676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 182.200884][ T8676] R13: 0000000000000000 R14: 00007fce787a6080 R15: 00007ffe741a3718 [ 182.200930][ T8676] [ 182.657058][ T8680] syzkaller1: entered promiscuous mode [ 182.662576][ T8680] syzkaller1: entered allmulticast mode [ 182.771908][ T8678] netlink: 20 bytes leftover after parsing attributes in process `syz.1.547'. [ 183.206272][ T8694] netlink: 40 bytes leftover after parsing attributes in process `syz.2.550'. [ 185.243393][ T8752] netlink: 'syz.1.562': attribute type 21 has an invalid length. [ 185.265674][ T8752] __nla_validate_parse: 7 callbacks suppressed [ 185.265700][ T8752] netlink: 16 bytes leftover after parsing attributes in process `syz.1.562'. [ 185.411452][ T8758] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 185.518928][ T8760] netlink: 8 bytes leftover after parsing attributes in process `syz.0.563'. [ 186.131436][ T8775] netlink: 12 bytes leftover after parsing attributes in process `syz.4.566'. [ 186.284760][ T8778] debugfs: Directory 'netdev:phy6-monitor' with parent 'phy6' already present! [ 186.329503][ T8778] netlink: 40 bytes leftover after parsing attributes in process `syz.1.567'. [ 186.623483][ T8790] netlink: 12 bytes leftover after parsing attributes in process `syz.4.569'. [ 186.747404][ T8795] netlink: 'syz.2.571': attribute type 10 has an invalid length. [ 186.759188][ T8795] netlink: 2 bytes leftover after parsing attributes in process `syz.2.571'. [ 186.834192][ T8795] team0: entered promiscuous mode [ 186.863717][ T8795] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.870754][ T8795] bridge0: port 1(team0) entered blocking state [ 186.882716][ T8795] bridge0: port 1(team0) entered disabled state [ 186.894810][ T8795] team0: entered allmulticast mode [ 187.439151][ T8788] netlink: 8 bytes leftover after parsing attributes in process `syz.0.568'. [ 187.456822][ T8814] netlink: 20 bytes leftover after parsing attributes in process `syz.3.570'. [ 187.580577][ T8797] netlink: 8 bytes leftover after parsing attributes in process `syz.1.572'. [ 188.227906][ T8806] netlink: 20 bytes leftover after parsing attributes in process `syz.4.573'. [ 188.253848][ T8829] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 188.325019][ T8823] syzkaller0: entered promiscuous mode [ 188.330523][ T8823] syzkaller0: entered allmulticast mode [ 190.922055][ T8882] netlink: 'syz.4.587': attribute type 21 has an invalid length. [ 190.953682][ T8882] __nla_validate_parse: 4 callbacks suppressed [ 190.953700][ T8882] netlink: 16 bytes leftover after parsing attributes in process `syz.4.587'. [ 191.287527][ T5840] Bluetooth: hci1: command 0x0406 tx timeout [ 191.287668][ T5838] Bluetooth: hci3: command 0x0406 tx timeout [ 191.300295][ T53] Bluetooth: hci2: command 0x0406 tx timeout [ 191.349418][ T8890] netlink: 20 bytes leftover after parsing attributes in process `syz.3.585'. [ 191.660911][ T8883] netlink: 8 bytes leftover after parsing attributes in process `syz.0.586'. [ 191.950892][ T8904] netlink: 'syz.4.592': attribute type 21 has an invalid length. [ 191.959538][ T8904] netlink: 16 bytes leftover after parsing attributes in process `syz.4.592'. [ 192.238122][ T8908] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 192.334956][ T8909] netlink: 8 bytes leftover after parsing attributes in process `syz.0.593'. [ 192.582433][ T8899] netlink: 20 bytes leftover after parsing attributes in process `syz.1.590'. [ 192.593040][ T8915] netlink: 4 bytes leftover after parsing attributes in process `syz.3.594'. [ 192.716726][ T8918] netlink: 12 bytes leftover after parsing attributes in process `syz.3.595'. [ 193.080367][ T8927] syzkaller0: entered promiscuous mode [ 193.096609][ T8927] syzkaller0: entered allmulticast mode [ 193.111931][ T6132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.130908][ T6132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.171783][ T8927] netlink: 20 bytes leftover after parsing attributes in process `syz.4.597'. [ 193.504602][ T8950] netlink: 4 bytes leftover after parsing attributes in process `syz.2.602'. [ 194.328102][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.338541][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.172047][ T8981] netlink: 'syz.4.608': attribute type 21 has an invalid length. [ 196.213772][ T8981] __nla_validate_parse: 3 callbacks suppressed [ 196.213788][ T8981] netlink: 16 bytes leftover after parsing attributes in process `syz.4.608'. [ 196.306317][ T8989] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 196.341664][ T8989] netlink: 8 bytes leftover after parsing attributes in process `syz.2.611'. [ 196.788709][ T8983] netlink: 20 bytes leftover after parsing attributes in process `syz.0.609'. [ 197.016302][ T9001] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 197.053778][ T9001] CPU: 1 UID: 0 PID: 9001 Comm: syz.1.613 Not tainted 6.14.0-rc4-syzkaller-00873-g3424291dd242 #0 [ 197.053804][ T9001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 197.053817][ T9001] Call Trace: [ 197.053824][ T9001] [ 197.053833][ T9001] dump_stack_lvl+0x241/0x360 [ 197.053863][ T9001] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.053885][ T9001] ? __pfx__printk+0x10/0x10 [ 197.053910][ T9001] ? __kmalloc_cache_noprof+0x243/0x390 [ 197.053937][ T9001] ? sysfs_warn_dup+0x51/0xa0 [ 197.053965][ T9001] sysfs_warn_dup+0x8e/0xa0 [ 197.053988][ T9001] sysfs_do_create_link_sd+0xbe/0x110 [ 197.054015][ T9001] device_add_class_symlinks+0x1c5/0x250 [ 197.054049][ T9001] device_add+0x553/0xbf0 [ 197.054085][ T9001] wiphy_register+0x1922/0x2650 [ 197.054118][ T9001] ? __pfx_wiphy_register+0x10/0x10 [ 197.054136][ T9001] ? minstrel_ht_alloc+0x84b/0x940 [ 197.054166][ T9001] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 197.054194][ T9001] ieee80211_register_hw+0x35d9/0x42e0 [ 197.054231][ T9001] ? ieee80211_register_hw+0x15f1/0x42e0 [ 197.054264][ T9001] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 197.054304][ T9001] ? __asan_memset+0x23/0x50 [ 197.054323][ T9001] ? __hrtimer_init+0x170/0x250 [ 197.054349][ T9001] mac80211_hwsim_new_radio+0x2ae8/0x4a40 [ 197.054402][ T9001] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 197.054425][ T9001] ? trace_kmalloc+0x1f/0xd0 [ 197.054449][ T9001] ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0 [ 197.054478][ T9001] ? kstrndup+0xbb/0x150 [ 197.054517][ T9001] hwsim_new_radio_nl+0xece/0x2290 [ 197.054553][ T9001] ? __pfx___nla_validate_parse+0x10/0x10 [ 197.054578][ T9001] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 197.054643][ T9001] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 197.054684][ T9001] genl_rcv_msg+0xb1f/0xec0 [ 197.054722][ T9001] ? __pfx_genl_rcv_msg+0x10/0x10 [ 197.054781][ T9001] ? __pfx_lock_acquire+0x10/0x10 [ 197.054811][ T9001] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 197.054834][ T9001] ? __pfx___might_resched+0x10/0x10 [ 197.054871][ T9001] netlink_rcv_skb+0x206/0x480 [ 197.054894][ T9001] ? __pfx_genl_rcv_msg+0x10/0x10 [ 197.054925][ T9001] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 197.054979][ T9001] genl_rcv+0x28/0x40 [ 197.055005][ T9001] netlink_unicast+0x7f6/0x990 [ 197.055034][ T9001] ? __pfx_netlink_unicast+0x10/0x10 [ 197.055052][ T9001] ? __virt_addr_valid+0x45f/0x530 [ 197.055072][ T9001] ? __phys_addr_symbol+0x2f/0x70 [ 197.055101][ T9001] ? __check_object_size+0x47a/0x730 [ 197.055132][ T9001] netlink_sendmsg+0x8de/0xcb0 [ 197.055168][ T9001] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.055197][ T9001] ? aa_sock_msg_perm+0x91/0x160 [ 197.055231][ T9001] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.055253][ T9001] __sock_sendmsg+0x221/0x270 [ 197.055280][ T9001] ____sys_sendmsg+0x53a/0x860 [ 197.055320][ T9001] ? __pfx_____sys_sendmsg+0x10/0x10 [ 197.055348][ T9001] ? __fget_files+0x2a/0x410 [ 197.055379][ T9001] ? __fget_files+0x2a/0x410 [ 197.055416][ T9001] __sys_sendmsg+0x269/0x350 [ 197.055452][ T9001] ? __pfx___sys_sendmsg+0x10/0x10 [ 197.055528][ T9001] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 197.055579][ T9001] ? do_syscall_64+0x100/0x230 [ 197.055625][ T9001] ? do_syscall_64+0xb6/0x230 [ 197.055661][ T9001] do_syscall_64+0xf3/0x230 [ 197.055695][ T9001] ? clear_bhb_loop+0x35/0x90 [ 197.055729][ T9001] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.055758][ T9001] RIP: 0033:0x7f4ab438d169 [ 197.055777][ T9001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.055795][ T9001] RSP: 002b:00007f4ab5173038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 197.055818][ T9001] RAX: ffffffffffffffda RBX: 00007f4ab45a5fa0 RCX: 00007f4ab438d169 [ 197.055834][ T9001] RDX: 0000000000000800 RSI: 0000400000000100 RDI: 0000000000000005 [ 197.055849][ T9001] RBP: 00007f4ab440e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 197.055862][ T9001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 197.055875][ T9001] R13: 0000000000000000 R14: 00007f4ab45a5fa0 R15: 00007ffefee0e898 [ 197.055909][ T9001] [ 197.294436][ T9008] netlink: 4 bytes leftover after parsing attributes in process `syz.4.614'. [ 197.650888][ T9002] syzkaller1: entered promiscuous mode [ 197.663487][ T9002] syzkaller1: entered allmulticast mode [ 197.672684][ T9017] netlink: 40 bytes leftover after parsing attributes in process `syz.3.616'. [ 197.993007][ T9025] netlink: 'syz.4.617': attribute type 21 has an invalid length. [ 198.013775][ T9025] netlink: 16 bytes leftover after parsing attributes in process `syz.4.617'. [ 198.373734][ T9041] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 198.484682][ T9043] netlink: 8 bytes leftover after parsing attributes in process `syz.3.622'. [ 198.898475][ T9031] netlink: 8 bytes leftover after parsing attributes in process `syz.1.618'. [ 198.951352][ T9056] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 198.959762][ T9056] CPU: 1 UID: 0 PID: 9056 Comm: syz.4.623 Not tainted 6.14.0-rc4-syzkaller-00873-g3424291dd242 #0 [ 198.959787][ T9056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 198.959798][ T9056] Call Trace: [ 198.959805][ T9056] [ 198.959812][ T9056] dump_stack_lvl+0x241/0x360 [ 198.959841][ T9056] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.959864][ T9056] ? __pfx__printk+0x10/0x10 [ 198.959887][ T9056] ? __kmalloc_cache_noprof+0x243/0x390 [ 198.959913][ T9056] ? sysfs_warn_dup+0x51/0xa0 [ 198.959938][ T9056] sysfs_warn_dup+0x8e/0xa0 [ 198.959959][ T9056] sysfs_do_create_link_sd+0xbe/0x110 [ 198.959984][ T9056] device_add_class_symlinks+0x1c5/0x250 [ 198.960015][ T9056] device_add+0x553/0xbf0 [ 198.960048][ T9056] wiphy_register+0x1922/0x2650 [ 198.960080][ T9056] ? __pfx_wiphy_register+0x10/0x10 [ 198.960097][ T9056] ? minstrel_ht_alloc+0x84b/0x940 [ 198.960124][ T9056] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 198.960151][ T9056] ieee80211_register_hw+0x35d9/0x42e0 [ 198.960185][ T9056] ? ieee80211_register_hw+0x15f1/0x42e0 [ 198.960216][ T9056] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 198.960249][ T9056] ? __asan_memset+0x23/0x50 [ 198.960266][ T9056] ? __hrtimer_init+0x170/0x250 [ 198.960290][ T9056] mac80211_hwsim_new_radio+0x2ae8/0x4a40 [ 198.960341][ T9056] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 198.960362][ T9056] ? trace_kmalloc+0x1f/0xd0 [ 198.960384][ T9056] ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0 [ 198.960411][ T9056] ? kstrndup+0xbb/0x150 [ 198.960446][ T9056] hwsim_new_radio_nl+0xece/0x2290 [ 198.960487][ T9056] ? __pfx___nla_validate_parse+0x10/0x10 [ 198.960512][ T9056] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 198.960566][ T9056] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 198.960603][ T9056] genl_rcv_msg+0xb1f/0xec0 [ 198.960639][ T9056] ? __pfx_genl_rcv_msg+0x10/0x10 [ 198.960693][ T9056] ? __pfx_lock_acquire+0x10/0x10 [ 198.960721][ T9056] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 198.960744][ T9056] ? __pfx___might_resched+0x10/0x10 [ 198.960780][ T9056] netlink_rcv_skb+0x206/0x480 [ 198.960802][ T9056] ? __pfx_genl_rcv_msg+0x10/0x10 [ 198.960831][ T9056] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 198.960882][ T9056] genl_rcv+0x28/0x40 [ 198.960906][ T9056] netlink_unicast+0x7f6/0x990 [ 198.960933][ T9056] ? __pfx_netlink_unicast+0x10/0x10 [ 198.960950][ T9056] ? __virt_addr_valid+0x45f/0x530 [ 198.960969][ T9056] ? __phys_addr_symbol+0x2f/0x70 [ 198.960996][ T9056] ? __check_object_size+0x47a/0x730 [ 198.961026][ T9056] netlink_sendmsg+0x8de/0xcb0 [ 198.961060][ T9056] ? __pfx_netlink_sendmsg+0x10/0x10 [ 198.961087][ T9056] ? aa_sock_msg_perm+0x91/0x160 [ 198.961120][ T9056] ? __pfx_netlink_sendmsg+0x10/0x10 [ 198.961140][ T9056] __sock_sendmsg+0x221/0x270 [ 198.961166][ T9056] ____sys_sendmsg+0x53a/0x860 [ 198.961202][ T9056] ? __pfx_____sys_sendmsg+0x10/0x10 [ 198.961229][ T9056] ? __fget_files+0x2a/0x410 [ 198.961258][ T9056] ? __fget_files+0x2a/0x410 [ 198.961292][ T9056] __sys_sendmsg+0x269/0x350 [ 198.961326][ T9056] ? __pfx___sys_sendmsg+0x10/0x10 [ 198.961395][ T9056] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 198.961426][ T9056] ? do_syscall_64+0x100/0x230 [ 198.961457][ T9056] ? do_syscall_64+0xb6/0x230 [ 198.961495][ T9056] do_syscall_64+0xf3/0x230 [ 198.961522][ T9056] ? clear_bhb_loop+0x35/0x90 [ 198.961552][ T9056] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.961577][ T9056] RIP: 0033:0x7f6998d8d169 [ 198.961593][ T9056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.961609][ T9056] RSP: 002b:00007f6999c95038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 198.961629][ T9056] RAX: ffffffffffffffda RBX: 00007f6998fa6080 RCX: 00007f6998d8d169 [ 198.961642][ T9056] RDX: 0000000000000800 RSI: 0000400000000100 RDI: 0000000000000005 [ 198.961654][ T9056] RBP: 00007f6998e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 198.961666][ T9056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 198.961676][ T9056] R13: 0000000000000000 R14: 00007f6998fa6080 R15: 00007ffcf2f58e98 [ 198.961705][ T9056] [ 199.501984][ T9056] syzkaller1: entered promiscuous mode [ 199.508840][ T9036] netlink: 8 bytes leftover after parsing attributes in process `syz.0.620'. [ 199.560530][ T9056] syzkaller1: entered allmulticast mode [ 199.753181][ T9066] bond0: (slave wlan1): Releasing backup interface [ 199.774745][ T9067] netlink: 'syz.3.624': attribute type 10 has an invalid length. [ 199.975403][ T9073] netlink: 12 bytes leftover after parsing attributes in process `syz.3.624'. [ 200.030073][ T9067] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 201.026879][ T9104] sctp: [Deprecated]: syz.4.632 (pid 9104) Use of int in maxseg socket option. [ 201.026879][ T9104] Use struct sctp_assoc_value instead [ 201.252395][ T9111] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 201.268138][ T9071] __nla_validate_parse: 3 callbacks suppressed [ 201.268153][ T9071] netlink: 20 bytes leftover after parsing attributes in process `syz.1.625'. [ 201.372630][ T9117] netlink: 8 bytes leftover after parsing attributes in process `syz.3.634'. [ 201.900143][ T9129] bond0: (slave wlan1): Releasing backup interface [ 201.909122][ T9129] netlink: 'syz.1.639': attribute type 10 has an invalid length. [ 201.920119][ T9129] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 202.009272][ T9129] netlink: 12 bytes leftover after parsing attributes in process `syz.1.639'. [ 202.041135][ T9120] netlink: 8 bytes leftover after parsing attributes in process `syz.2.636'. [ 202.301012][ T9142] netlink: 40 bytes leftover after parsing attributes in process `syz.4.642'. [ 202.315789][ T9139] netlink: 4 bytes leftover after parsing attributes in process `syz.1.640'. [ 202.850643][ T9158] syzkaller0: entered promiscuous mode [ 202.883669][ T9158] syzkaller0: entered allmulticast mode [ 202.955687][ T9158] netlink: 20 bytes leftover after parsing attributes in process `syz.2.645'. [ 203.344760][ T9140] netlink: 8 bytes leftover after parsing attributes in process `syz.3.641'. [ 203.508277][ T9181] netlink: 'syz.1.648': attribute type 21 has an invalid length. [ 203.516573][ T9181] netlink: 16 bytes leftover after parsing attributes in process `syz.1.648'. [ 203.750653][ T9185] netlink: 12 bytes leftover after parsing attributes in process `syz.3.649'. [ 205.358693][ T9198] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 205.435822][ T9200] bond0: (slave wlan1): Releasing backup interface [ 205.471783][ T9203] netlink: 'syz.3.652': attribute type 10 has an invalid length. [ 205.492613][ T9200] debugfs: Directory 'netdev:phy10-monitor' with parent 'phy10' already present! [ 205.560380][ T9203] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 205.806029][ T9212] sctp: [Deprecated]: syz.1.655 (pid 9212) Use of int in maxseg socket option. [ 205.806029][ T9212] Use struct sctp_assoc_value instead [ 205.935439][ T9217] batadv_slave_1: entered promiscuous mode [ 206.296684][ T9216] batadv_slave_1: left promiscuous mode [ 206.509848][ T9238] __nla_validate_parse: 5 callbacks suppressed [ 206.509865][ T9238] netlink: 12 bytes leftover after parsing attributes in process `syz.0.663'. [ 206.719492][ T9245] syzkaller0: entered promiscuous mode [ 206.727270][ T9223] netlink: 8 bytes leftover after parsing attributes in process `syz.1.659'. [ 206.743728][ T9245] syzkaller0: entered allmulticast mode [ 206.786911][ T9245] netlink: 20 bytes leftover after parsing attributes in process `syz.2.664'. [ 207.420393][ T9260] netlink: 4 bytes leftover after parsing attributes in process `syz.1.667'. [ 208.635860][ T9268] team0: Mode "broadcas" not found [ 208.815912][ T9271] bond0: (slave wlan1): Releasing backup interface [ 208.837689][ T9278] netlink: 'syz.1.669': attribute type 10 has an invalid length. [ 208.869050][ T9271] debugfs: Directory 'netdev:phy6-monitor' with parent 'phy6' already present! [ 208.893528][ T9278] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 208.904910][ T9282] netlink: 40 bytes leftover after parsing attributes in process `syz.3.671'. [ 208.956390][ T9275] debugfs: Directory 'netdev:phy10-monitor' with parent 'phy10' already present! [ 208.978724][ T9278] netlink: 12 bytes leftover after parsing attributes in process `syz.1.669'. [ 209.199749][ T9289] batadv_slave_1: entered promiscuous mode [ 209.415620][ T9293] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 209.423389][ T9293] CPU: 0 UID: 0 PID: 9293 Comm: syz.1.675 Not tainted 6.14.0-rc4-syzkaller-00873-g3424291dd242 #0 [ 209.423414][ T9293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 209.423427][ T9293] Call Trace: [ 209.423434][ T9293] [ 209.423443][ T9293] dump_stack_lvl+0x241/0x360 [ 209.423474][ T9293] ? __pfx_dump_stack_lvl+0x10/0x10 [ 209.423496][ T9293] ? __pfx__printk+0x10/0x10 [ 209.423522][ T9293] ? __kmalloc_cache_noprof+0x243/0x390 [ 209.423553][ T9293] ? sysfs_warn_dup+0x51/0xa0 [ 209.423581][ T9293] sysfs_warn_dup+0x8e/0xa0 [ 209.423605][ T9293] sysfs_do_create_link_sd+0xbe/0x110 [ 209.423632][ T9293] device_add_class_symlinks+0x1c5/0x250 [ 209.423666][ T9293] device_add+0x553/0xbf0 [ 209.423702][ T9293] wiphy_register+0x1922/0x2650 [ 209.423752][ T9293] ? __pfx_wiphy_register+0x10/0x10 [ 209.423788][ T9293] ? minstrel_ht_alloc+0x84b/0x940 [ 209.423821][ T9293] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 209.423852][ T9293] ieee80211_register_hw+0x35d9/0x42e0 [ 209.423895][ T9293] ? ieee80211_register_hw+0x15f1/0x42e0 [ 209.423933][ T9293] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 209.423973][ T9293] ? __asan_memset+0x23/0x50 [ 209.423994][ T9293] ? __hrtimer_init+0x170/0x250 [ 209.424029][ T9293] mac80211_hwsim_new_radio+0x2ae8/0x4a40 [ 209.424089][ T9293] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 209.424114][ T9293] ? trace_kmalloc+0x1f/0xd0 [ 209.424141][ T9293] ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0 [ 209.424173][ T9293] ? kstrndup+0xbb/0x150 [ 209.424216][ T9293] hwsim_new_radio_nl+0xece/0x2290 [ 209.424256][ T9293] ? __pfx___nla_validate_parse+0x10/0x10 [ 209.424284][ T9293] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 209.424347][ T9293] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 209.424391][ T9293] genl_rcv_msg+0xb1f/0xec0 [ 209.424433][ T9293] ? __pfx_genl_rcv_msg+0x10/0x10 [ 209.424498][ T9293] ? __pfx_lock_acquire+0x10/0x10 [ 209.424530][ T9293] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 209.424556][ T9293] ? __pfx___might_resched+0x10/0x10 [ 209.424597][ T9293] netlink_rcv_skb+0x206/0x480 [ 209.424624][ T9293] ? __pfx_genl_rcv_msg+0x10/0x10 [ 209.424657][ T9293] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 209.424718][ T9293] genl_rcv+0x28/0x40 [ 209.424746][ T9293] netlink_unicast+0x7f6/0x990 [ 209.424780][ T9293] ? __pfx_netlink_unicast+0x10/0x10 [ 209.424800][ T9293] ? __virt_addr_valid+0x45f/0x530 [ 209.424821][ T9293] ? __phys_addr_symbol+0x2f/0x70 [ 209.424854][ T9293] ? __check_object_size+0x47a/0x730 [ 209.424888][ T9293] netlink_sendmsg+0x8de/0xcb0 [ 209.424928][ T9293] ? __pfx_netlink_sendmsg+0x10/0x10 [ 209.424970][ T9293] ? aa_sock_msg_perm+0x91/0x160 [ 209.425022][ T9293] ? __pfx_netlink_sendmsg+0x10/0x10 [ 209.425043][ T9293] __sock_sendmsg+0x221/0x270 [ 209.425069][ T9293] ____sys_sendmsg+0x53a/0x860 [ 209.425107][ T9293] ? __pfx_____sys_sendmsg+0x10/0x10 [ 209.425134][ T9293] ? __fget_files+0x2a/0x410 [ 209.425163][ T9293] ? __fget_files+0x2a/0x410 [ 209.425198][ T9293] __sys_sendmsg+0x269/0x350 [ 209.425226][ T9293] ? __pfx_futex_wake+0x10/0x10 [ 209.425257][ T9293] ? __pfx___sys_sendmsg+0x10/0x10 [ 209.425328][ T9293] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 209.425359][ T9293] ? do_syscall_64+0x100/0x230 [ 209.425390][ T9293] ? do_syscall_64+0xb6/0x230 [ 209.425420][ T9293] do_syscall_64+0xf3/0x230 [ 209.425447][ T9293] ? clear_bhb_loop+0x35/0x90 [ 209.425477][ T9293] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.425502][ T9293] RIP: 0033:0x7f4ab438d169 [ 209.425523][ T9293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.425540][ T9293] RSP: 002b:00007f4ab5152038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 209.425560][ T9293] RAX: ffffffffffffffda RBX: 00007f4ab45a6080 RCX: 00007f4ab438d169 [ 209.425574][ T9293] RDX: 0000000000000800 RSI: 0000400000000100 RDI: 0000000000000005 [ 209.425587][ T9293] RBP: 00007f4ab440e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 209.425598][ T9293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 209.425609][ T9293] R13: 0000000000000000 R14: 00007f4ab45a6080 R15: 00007ffefee0e898 [ 209.425660][ T9293] [ 209.919925][ T9302] syzkaller1: entered promiscuous mode [ 209.948561][ T9302] syzkaller1: entered allmulticast mode [ 209.985060][ T9298] netlink: 8 bytes leftover after parsing attributes in process `syz.4.672'. [ 210.069386][ T9307] netlink: 20 bytes leftover after parsing attributes in process `syz.2.670'. [ 210.102302][ T9288] batadv_slave_1: left promiscuous mode [ 210.514299][ T9321] netlink: 'syz.2.679': attribute type 21 has an invalid length. [ 210.522065][ T9321] netlink: 16 bytes leftover after parsing attributes in process `syz.2.679'. [ 211.122090][ T9323] netlink: 8 bytes leftover after parsing attributes in process `syz.1.680'. [ 211.685682][ T9344] netlink: 'syz.2.683': attribute type 11 has an invalid length. [ 211.762611][ T9346] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 211.870558][ T9346] __nla_validate_parse: 1 callbacks suppressed [ 211.870577][ T9346] netlink: 8 bytes leftover after parsing attributes in process `syz.1.684'. [ 211.874217][ T9347] netlink: 20 bytes leftover after parsing attributes in process `syz.3.681'. [ 212.151677][ T9354] netlink: 40 bytes leftover after parsing attributes in process `syz.1.686'. [ 212.389109][ T9351] debugfs: Directory 'netdev:phy6-monitor' with parent 'phy6' already present! [ 213.191056][ T9383] syzkaller1: entered promiscuous mode [ 213.233841][ T9383] syzkaller1: entered allmulticast mode [ 213.260371][ T9382] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 213.294194][ T9382] CPU: 0 UID: 0 PID: 9382 Comm: syz.2.691 Not tainted 6.14.0-rc4-syzkaller-00873-g3424291dd242 #0 [ 213.294218][ T9382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 213.294229][ T9382] Call Trace: [ 213.294236][ T9382] [ 213.294244][ T9382] dump_stack_lvl+0x241/0x360 [ 213.294272][ T9382] ? __pfx_dump_stack_lvl+0x10/0x10 [ 213.294293][ T9382] ? __pfx__printk+0x10/0x10 [ 213.294317][ T9382] ? __kmalloc_cache_noprof+0x243/0x390 [ 213.294342][ T9382] ? sysfs_warn_dup+0x51/0xa0 [ 213.294368][ T9382] sysfs_warn_dup+0x8e/0xa0 [ 213.294390][ T9382] sysfs_do_create_link_sd+0xbe/0x110 [ 213.294415][ T9382] device_add_class_symlinks+0x1c5/0x250 [ 213.294446][ T9382] device_add+0x553/0xbf0 [ 213.294478][ T9382] wiphy_register+0x1922/0x2650 [ 213.294511][ T9382] ? __pfx_wiphy_register+0x10/0x10 [ 213.294528][ T9382] ? minstrel_ht_alloc+0x84b/0x940 [ 213.294555][ T9382] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 213.294583][ T9382] ieee80211_register_hw+0x35d9/0x42e0 [ 213.294618][ T9382] ? ieee80211_register_hw+0x15f1/0x42e0 [ 213.294648][ T9382] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 213.294682][ T9382] ? __asan_memset+0x23/0x50 [ 213.294701][ T9382] ? __hrtimer_init+0x170/0x250 [ 213.294724][ T9382] mac80211_hwsim_new_radio+0x2ae8/0x4a40 [ 213.294780][ T9382] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 213.294801][ T9382] ? trace_kmalloc+0x1f/0xd0 [ 213.294824][ T9382] ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0 [ 213.294851][ T9382] ? kstrndup+0xbb/0x150 [ 213.294888][ T9382] hwsim_new_radio_nl+0xece/0x2290 [ 213.294920][ T9382] ? __pfx___nla_validate_parse+0x10/0x10 [ 213.294944][ T9382] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 213.294995][ T9382] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 213.295032][ T9382] genl_rcv_msg+0xb1f/0xec0 [ 213.295064][ T9382] ? __pfx_genl_rcv_msg+0x10/0x10 [ 213.295117][ T9382] ? __pfx_lock_acquire+0x10/0x10 [ 213.295145][ T9382] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 213.295167][ T9382] ? __pfx___might_resched+0x10/0x10 [ 213.295201][ T9382] netlink_rcv_skb+0x206/0x480 [ 213.295226][ T9382] ? __pfx_genl_rcv_msg+0x10/0x10 [ 213.295254][ T9382] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 213.295304][ T9382] genl_rcv+0x28/0x40 [ 213.295329][ T9382] netlink_unicast+0x7f6/0x990 [ 213.295356][ T9382] ? __pfx_netlink_unicast+0x10/0x10 [ 213.295372][ T9382] ? __virt_addr_valid+0x45f/0x530 [ 213.295390][ T9382] ? __phys_addr_symbol+0x2f/0x70 [ 213.295418][ T9382] ? __check_object_size+0x47a/0x730 [ 213.295447][ T9382] netlink_sendmsg+0x8de/0xcb0 [ 213.295480][ T9382] ? __pfx_netlink_sendmsg+0x10/0x10 [ 213.295507][ T9382] ? aa_sock_msg_perm+0x91/0x160 [ 213.295546][ T9382] ? __pfx_netlink_sendmsg+0x10/0x10 [ 213.295585][ T9382] __sock_sendmsg+0x221/0x270 [ 213.295615][ T9382] ____sys_sendmsg+0x53a/0x860 [ 213.295658][ T9382] ? __pfx_____sys_sendmsg+0x10/0x10 [ 213.295690][ T9382] ? __fget_files+0x2a/0x410 [ 213.295724][ T9382] ? __fget_files+0x2a/0x410 [ 213.295772][ T9382] __sys_sendmsg+0x269/0x350 [ 213.295811][ T9382] ? __pfx___sys_sendmsg+0x10/0x10 [ 213.295893][ T9382] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 213.295928][ T9382] ? do_syscall_64+0x100/0x230 [ 213.295964][ T9382] ? do_syscall_64+0xb6/0x230 [ 213.296001][ T9382] do_syscall_64+0xf3/0x230 [ 213.296032][ T9382] ? clear_bhb_loop+0x35/0x90 [ 213.296068][ T9382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.296097][ T9382] RIP: 0033:0x7f617f38d169 [ 213.296116][ T9382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 213.296134][ T9382] RSP: 002b:00007f6180170038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 213.296157][ T9382] RAX: ffffffffffffffda RBX: 00007f617f5a6080 RCX: 00007f617f38d169 [ 213.296173][ T9382] RDX: 0000000000000800 RSI: 0000400000000100 RDI: 0000000000000005 [ 213.296187][ T9382] RBP: 00007f617f40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 213.296201][ T9382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 213.296215][ T9382] R13: 0000000000000000 R14: 00007f617f5a6080 R15: 00007ffd5a6065d8 [ 213.296249][ T9382] [ 214.004485][ T9389] netlink: 8 bytes leftover after parsing attributes in process `syz.4.685'. [ 214.049731][ T9377] netlink: 8 bytes leftover after parsing attributes in process `syz.0.689'. [ 214.900870][ T9424] netlink: 4 bytes leftover after parsing attributes in process `syz.4.696'. [ 215.337101][ T9408] netlink: 8 bytes leftover after parsing attributes in process `syz.3.694'. [ 215.544060][ T9438] netlink: 40 bytes leftover after parsing attributes in process `syz.1.700'. [ 215.729513][ T9416] netlink: 8 bytes leftover after parsing attributes in process `syz.0.697'. [ 216.128363][ T9453] netlink: 20 bytes leftover after parsing attributes in process `syz.2.698'. [ 216.234902][ T9452] netlink: 'syz.1.701': attribute type 11 has an invalid length. [ 217.806376][ T9469] __nla_validate_parse: 1 callbacks suppressed [ 217.806397][ T9469] netlink: 8 bytes leftover after parsing attributes in process `syz.2.706'. [ 217.870665][ T9475] netlink: 8 bytes leftover after parsing attributes in process `syz.1.708'. [ 218.734769][ T9480] netlink: 8 bytes leftover after parsing attributes in process `syz.3.709'. [ 218.999472][ T9516] netlink: 20 bytes leftover after parsing attributes in process `syz.4.711'. [ 219.476542][ T9509] netlink: 8 bytes leftover after parsing attributes in process `syz.1.713'. [ 219.755025][ T9508] netlink: 8 bytes leftover after parsing attributes in process `syz.2.712'. [ 219.889825][ T9513] netlink: 20 bytes leftover after parsing attributes in process `syz.0.714'. [ 220.170707][ T9542] netlink: 40 bytes leftover after parsing attributes in process `syz.4.719'. [ 220.474390][ T6148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.501721][ T6148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 220.769041][ T9557] netlink: 12 bytes leftover after parsing attributes in process `syz.2.724'. [ 221.012120][ T9560] netlink: 20 bytes leftover after parsing attributes in process `syz.3.718'. [ 222.867179][ T9589] __nla_validate_parse: 1 callbacks suppressed [ 222.867198][ T9589] netlink: 20 bytes leftover after parsing attributes in process `syz.3.728'. [ 223.165161][ T9599] netlink: 40 bytes leftover after parsing attributes in process `syz.2.732'. [ 223.297729][ T9605] netlink: 40 bytes leftover after parsing attributes in process `syz.3.734'. [ 223.545154][ T9616] netlink: 12 bytes leftover after parsing attributes in process `syz.1.736'. [ 223.953251][ T9595] netlink: 8 bytes leftover after parsing attributes in process `syz.4.730'. [ 224.345895][ T9632] netlink: 40 bytes leftover after parsing attributes in process `syz.4.740'. [ 224.398909][ T9634] netlink: 20 bytes leftover after parsing attributes in process `syz.3.738'. [ 225.024548][ T9659] netlink: 'syz.1.743': attribute type 11 has an invalid length. [ 225.106452][ T9662] netlink: 40 bytes leftover after parsing attributes in process `syz.4.747'. [ 225.130630][ T9660] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 225.149441][ T9660] CPU: 1 UID: 0 PID: 9660 Comm: syz.3.746 Not tainted 6.14.0-rc4-syzkaller-00873-g3424291dd242 #0 [ 225.149466][ T9660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 225.149479][ T9660] Call Trace: [ 225.149486][ T9660] [ 225.149494][ T9660] dump_stack_lvl+0x241/0x360 [ 225.149524][ T9660] ? __pfx_dump_stack_lvl+0x10/0x10 [ 225.149546][ T9660] ? __pfx__printk+0x10/0x10 [ 225.149570][ T9660] ? __kmalloc_cache_noprof+0x243/0x390 [ 225.149595][ T9660] ? sysfs_warn_dup+0x51/0xa0 [ 225.149621][ T9660] sysfs_warn_dup+0x8e/0xa0 [ 225.149644][ T9660] sysfs_do_create_link_sd+0xbe/0x110 [ 225.149669][ T9660] device_add_class_symlinks+0x1c5/0x250 [ 225.149702][ T9660] device_add+0x553/0xbf0 [ 225.149735][ T9660] wiphy_register+0x1922/0x2650 [ 225.149767][ T9660] ? __pfx_wiphy_register+0x10/0x10 [ 225.149783][ T9660] ? minstrel_ht_alloc+0x84b/0x940 [ 225.149812][ T9660] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 225.149839][ T9660] ieee80211_register_hw+0x35d9/0x42e0 [ 225.149881][ T9660] ? ieee80211_register_hw+0x15f1/0x42e0 [ 225.149912][ T9660] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 225.149944][ T9660] ? __asan_memset+0x23/0x50 [ 225.149962][ T9660] ? __hrtimer_init+0x170/0x250 [ 225.149986][ T9660] mac80211_hwsim_new_radio+0x2ae8/0x4a40 [ 225.150034][ T9660] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 225.150054][ T9660] ? trace_kmalloc+0x1f/0xd0 [ 225.150077][ T9660] ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0 [ 225.150103][ T9660] ? kstrndup+0xbb/0x150 [ 225.150139][ T9660] hwsim_new_radio_nl+0xece/0x2290 [ 225.150173][ T9660] ? __pfx___nla_validate_parse+0x10/0x10 [ 225.150197][ T9660] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 225.150249][ T9660] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 225.150291][ T9660] genl_rcv_msg+0xb1f/0xec0 [ 225.150327][ T9660] ? __pfx_genl_rcv_msg+0x10/0x10 [ 225.150382][ T9660] ? __pfx_lock_acquire+0x10/0x10 [ 225.150411][ T9660] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 225.150433][ T9660] ? __pfx___might_resched+0x10/0x10 [ 225.150468][ T9660] netlink_rcv_skb+0x206/0x480 [ 225.150491][ T9660] ? __pfx_genl_rcv_msg+0x10/0x10 [ 225.150519][ T9660] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 225.150575][ T9660] genl_rcv+0x28/0x40 [ 225.150600][ T9660] netlink_unicast+0x7f6/0x990 [ 225.150628][ T9660] ? __pfx_netlink_unicast+0x10/0x10 [ 225.150644][ T9660] ? __virt_addr_valid+0x45f/0x530 [ 225.150663][ T9660] ? __phys_addr_symbol+0x2f/0x70 [ 225.150691][ T9660] ? __check_object_size+0x47a/0x730 [ 225.150720][ T9660] netlink_sendmsg+0x8de/0xcb0 [ 225.150754][ T9660] ? __pfx_netlink_sendmsg+0x10/0x10 [ 225.150780][ T9660] ? aa_sock_msg_perm+0x91/0x160 [ 225.150814][ T9660] ? __pfx_netlink_sendmsg+0x10/0x10 [ 225.150834][ T9660] __sock_sendmsg+0x221/0x270 [ 225.150859][ T9660] ____sys_sendmsg+0x53a/0x860 [ 225.150904][ T9660] ? __pfx_____sys_sendmsg+0x10/0x10 [ 225.150931][ T9660] ? __fget_files+0x2a/0x410 [ 225.150960][ T9660] ? __fget_files+0x2a/0x410 [ 225.150993][ T9660] __sys_sendmsg+0x269/0x350 [ 225.151027][ T9660] ? __pfx___sys_sendmsg+0x10/0x10 [ 225.151099][ T9660] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 225.151128][ T9660] ? do_syscall_64+0x100/0x230 [ 225.151159][ T9660] ? do_syscall_64+0xb6/0x230 [ 225.151189][ T9660] do_syscall_64+0xf3/0x230 [ 225.151216][ T9660] ? clear_bhb_loop+0x35/0x90 [ 225.151247][ T9660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.151271][ T9660] RIP: 0033:0x7fce7858d169 [ 225.151287][ T9660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.151302][ T9660] RSP: 002b:00007fce793fd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 225.151323][ T9660] RAX: ffffffffffffffda RBX: 00007fce787a6080 RCX: 00007fce7858d169 [ 225.151336][ T9660] RDX: 0000000000000800 RSI: 0000400000000100 RDI: 0000000000000005 [ 225.151348][ T9660] RBP: 00007fce7860e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 225.151359][ T9660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 225.151370][ T9660] R13: 0000000000000000 R14: 00007fce787a6080 R15: 00007ffe741a3718 [ 225.151399][ T9660] [ 225.797914][ T9658] syzkaller1: entered promiscuous mode [ 225.814969][ T9658] syzkaller1: entered allmulticast mode [ 225.848582][ T9668] netlink: 40 bytes leftover after parsing attributes in process `syz.0.748'. [ 226.121593][ T9673] netlink: 12 bytes leftover after parsing attributes in process `syz.3.749'. [ 226.402264][ T9680] batadv_slave_1: entered promiscuous mode [ 226.680664][ T9690] netlink: 'syz.3.755': attribute type 1 has an invalid length. [ 226.695651][ T9679] batadv_slave_1: left promiscuous mode [ 226.997729][ T9701] netlink: 'syz.3.758': attribute type 10 has an invalid length. [ 227.033691][ T9701] team0: entered promiscuous mode [ 227.051709][ T9701] 8021q: adding VLAN 0 to HW filter on device team0 [ 227.084311][ T9701] bridge0: port 1(team0) entered blocking state [ 227.090718][ T9701] bridge0: port 1(team0) entered disabled state [ 227.117818][ T9701] team0: entered allmulticast mode [ 227.971018][ T9725] __nla_validate_parse: 9 callbacks suppressed [ 227.971037][ T9725] netlink: 40 bytes leftover after parsing attributes in process `syz.3.762'. [ 228.251675][ T9730] netlink: 12 bytes leftover after parsing attributes in process `syz.2.763'. [ 228.292009][ T9732] team0: left allmulticast mode [ 228.297095][ T9732] team0: left promiscuous mode [ 228.302177][ T9732] bridge0: port 1(team0) entered disabled state [ 228.336922][ T9732] bond0: (slave wlan1): Releasing backup interface [ 228.361817][ T9732] netlink: 'syz.3.764': attribute type 10 has an invalid length. [ 228.461330][ T9732] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 228.487391][ T9739] netlink: 40 bytes leftover after parsing attributes in process `syz.4.766'. [ 228.508933][ T9741] batadv_slave_1: entered promiscuous mode [ 228.561550][ T9738] netlink: 12 bytes leftover after parsing attributes in process `syz.3.764'. [ 228.802759][ T9752] netlink: 20 bytes leftover after parsing attributes in process `syz.1.761'. [ 228.839493][ T9754] xt_CT: You must specify a L4 protocol and not use inversions on it [ 228.848222][ T9740] batadv_slave_1: left promiscuous mode [ 229.203234][ T9764] lo speed is unknown, defaulting to 1000 [ 229.210003][ T9764] lo speed is unknown, defaulting to 1000 [ 229.219060][ T9764] lo speed is unknown, defaulting to 1000 [ 229.237678][ T9762] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 229.254684][ T9765] netlink: 'syz.3.772': attribute type 39 has an invalid length. [ 229.269686][ T9764] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 229.291703][ T9762] CPU: 0 UID: 0 PID: 9762 Comm: syz.4.771 Not tainted 6.14.0-rc4-syzkaller-00873-g3424291dd242 #0 [ 229.291732][ T9762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 229.291746][ T9762] Call Trace: [ 229.291753][ T9762] [ 229.291763][ T9762] dump_stack_lvl+0x241/0x360 [ 229.291794][ T9762] ? __pfx_dump_stack_lvl+0x10/0x10 [ 229.291820][ T9762] ? __pfx__printk+0x10/0x10 [ 229.291848][ T9762] ? __kmalloc_cache_noprof+0x243/0x390 [ 229.291877][ T9762] ? sysfs_warn_dup+0x51/0xa0 [ 229.291908][ T9762] sysfs_warn_dup+0x8e/0xa0 [ 229.291934][ T9762] sysfs_do_create_link_sd+0xbe/0x110 [ 229.291964][ T9762] device_add_class_symlinks+0x1c5/0x250 [ 229.292001][ T9762] device_add+0x553/0xbf0 [ 229.292042][ T9762] wiphy_register+0x1922/0x2650 [ 229.292079][ T9762] ? __pfx_wiphy_register+0x10/0x10 [ 229.292099][ T9762] ? minstrel_ht_alloc+0x84b/0x940 [ 229.292132][ T9762] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 229.292164][ T9762] ieee80211_register_hw+0x35d9/0x42e0 [ 229.292207][ T9762] ? ieee80211_register_hw+0x15f1/0x42e0 [ 229.292244][ T9762] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 229.292284][ T9762] ? __asan_memset+0x23/0x50 [ 229.292305][ T9762] ? __hrtimer_init+0x170/0x250 [ 229.292334][ T9762] mac80211_hwsim_new_radio+0x2ae8/0x4a40 [ 229.292393][ T9762] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 229.292419][ T9762] ? trace_kmalloc+0x1f/0xd0 [ 229.292444][ T9762] ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0 [ 229.292477][ T9762] ? kstrndup+0xbb/0x150 [ 229.292519][ T9762] hwsim_new_radio_nl+0xece/0x2290 [ 229.292559][ T9762] ? __pfx___nla_validate_parse+0x10/0x10 [ 229.292596][ T9762] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 229.292658][ T9762] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 229.292702][ T9762] genl_rcv_msg+0xb1f/0xec0 [ 229.292745][ T9762] ? __pfx_genl_rcv_msg+0x10/0x10 [ 229.292810][ T9762] ? __pfx_lock_acquire+0x10/0x10 [ 229.292843][ T9762] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 229.292869][ T9762] ? __pfx___might_resched+0x10/0x10 [ 229.292909][ T9762] netlink_rcv_skb+0x206/0x480 [ 229.292936][ T9762] ? __pfx_genl_rcv_msg+0x10/0x10 [ 229.292970][ T9762] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 229.293030][ T9762] genl_rcv+0x28/0x40 [ 229.293059][ T9762] netlink_unicast+0x7f6/0x990 [ 229.293091][ T9762] ? __pfx_netlink_unicast+0x10/0x10 [ 229.293111][ T9762] ? __virt_addr_valid+0x45f/0x530 [ 229.293133][ T9762] ? __phys_addr_symbol+0x2f/0x70 [ 229.293166][ T9762] ? __check_object_size+0x47a/0x730 [ 229.293200][ T9762] netlink_sendmsg+0x8de/0xcb0 [ 229.293241][ T9762] ? __pfx_netlink_sendmsg+0x10/0x10 [ 229.293273][ T9762] ? aa_sock_msg_perm+0x91/0x160 [ 229.293312][ T9762] ? __pfx_netlink_sendmsg+0x10/0x10 [ 229.293336][ T9762] __sock_sendmsg+0x221/0x270 [ 229.293366][ T9762] ____sys_sendmsg+0x53a/0x860 [ 229.293410][ T9762] ? __pfx_____sys_sendmsg+0x10/0x10 [ 229.293442][ T9762] ? __fget_files+0x2a/0x410 [ 229.293475][ T9762] ? __fget_files+0x2a/0x410 [ 229.293516][ T9762] __sys_sendmsg+0x269/0x350 [ 229.293561][ T9762] ? __pfx___sys_sendmsg+0x10/0x10 [ 229.293654][ T9762] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 229.293690][ T9762] ? do_syscall_64+0x100/0x230 [ 229.293727][ T9762] ? do_syscall_64+0xb6/0x230 [ 229.293762][ T9762] do_syscall_64+0xf3/0x230 [ 229.293793][ T9762] ? clear_bhb_loop+0x35/0x90 [ 229.293827][ T9762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.293856][ T9762] RIP: 0033:0x7f6998d8d169 [ 229.293875][ T9762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.293893][ T9762] RSP: 002b:00007f6999c95038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 229.293916][ T9762] RAX: ffffffffffffffda RBX: 00007f6998fa6080 RCX: 00007f6998d8d169 [ 229.293932][ T9762] RDX: 0000000000000800 RSI: 0000400000000100 RDI: 0000000000000005 [ 229.293946][ T9762] RBP: 00007f6998e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 229.293960][ T9762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 229.293973][ T9762] R13: 0000000000000000 R14: 00007f6998fa6080 R15: 00007ffcf2f58e98 [ 229.294008][ T9762] [ 229.759940][ T9764] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 229.862104][ T9768] syzkaller1: entered promiscuous mode [ 229.871265][ T9768] syzkaller1: entered allmulticast mode [ 229.976242][ T9764] lo speed is unknown, defaulting to 1000 [ 230.014849][ T9764] lo speed is unknown, defaulting to 1000 [ 230.021570][ T9764] lo speed is unknown, defaulting to 1000 [ 230.028350][ T9764] lo speed is unknown, defaulting to 1000 [ 230.035131][ T9764] lo speed is unknown, defaulting to 1000 [ 230.041759][ T9764] lo speed is unknown, defaulting to 1000 [ 230.144084][ T9777] netlink: 40 bytes leftover after parsing attributes in process `syz.2.774'. [ 230.303677][ T9791] netlink: 16 bytes leftover after parsing attributes in process `syz.4.775'. [ 230.321091][ T9780] team0: Mode "broadcas" not found [ 230.349183][ T9783] netlink: 12 bytes leftover after parsing attributes in process `syz.4.775'. [ 230.387364][ T9783] vlan2: entered promiscuous mode [ 230.403191][ T9783] dummy0: entered promiscuous mode [ 230.444943][ T9783] dummy0: left promiscuous mode [ 230.522150][ T9794] batadv_slave_1: entered promiscuous mode [ 230.554138][ T9798] bond0: (slave wlan1): Releasing backup interface [ 230.590874][ T9798] netlink: 'syz.1.781': attribute type 10 has an invalid length. [ 230.605303][ T9798] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 230.658710][ T9799] debugfs: Directory 'netdev:phy10-monitor' with parent 'phy10' already present! [ 230.670655][ T9801] netlink: 40 bytes leftover after parsing attributes in process `syz.3.779'. [ 230.741090][ T9805] netlink: 68 bytes leftover after parsing attributes in process `syz.4.782'. [ 230.819865][ T9793] batadv_slave_1: left promiscuous mode [ 230.940069][ T9810] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 230.971853][ T9816] lo speed is unknown, defaulting to 1000 [ 231.056705][ T9817] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 231.064706][ T9817] CPU: 1 UID: 0 PID: 9817 Comm: syz.3.785 Not tainted 6.14.0-rc4-syzkaller-00873-g3424291dd242 #0 [ 231.064731][ T9817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 231.064744][ T9817] Call Trace: [ 231.064751][ T9817] [ 231.064758][ T9817] dump_stack_lvl+0x241/0x360 [ 231.064787][ T9817] ? __pfx_dump_stack_lvl+0x10/0x10 [ 231.064828][ T9817] ? __pfx__printk+0x10/0x10 [ 231.064855][ T9817] ? __kmalloc_cache_noprof+0x243/0x390 [ 231.064881][ T9817] ? sysfs_warn_dup+0x51/0xa0 [ 231.064911][ T9817] sysfs_warn_dup+0x8e/0xa0 [ 231.064935][ T9817] sysfs_do_create_link_sd+0xbe/0x110 [ 231.064963][ T9817] device_add_class_symlinks+0x1c5/0x250 [ 231.064999][ T9817] device_add+0x553/0xbf0 [ 231.065037][ T9817] wiphy_register+0x1922/0x2650 [ 231.065073][ T9817] ? __pfx_wiphy_register+0x10/0x10 [ 231.065092][ T9817] ? minstrel_ht_alloc+0x84b/0x940 [ 231.065122][ T9817] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 231.065151][ T9817] ieee80211_register_hw+0x35d9/0x42e0 [ 231.065192][ T9817] ? ieee80211_register_hw+0x15f1/0x42e0 [ 231.065226][ T9817] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 231.065265][ T9817] ? __asan_memset+0x23/0x50 [ 231.065285][ T9817] ? __hrtimer_init+0x170/0x250 [ 231.065312][ T9817] mac80211_hwsim_new_radio+0x2ae8/0x4a40 [ 231.065369][ T9817] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 231.065392][ T9817] ? trace_kmalloc+0x1f/0xd0 [ 231.065416][ T9817] ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0 [ 231.065446][ T9817] ? kstrndup+0xbb/0x150 [ 231.065497][ T9817] hwsim_new_radio_nl+0xece/0x2290 [ 231.065536][ T9817] ? __pfx___nla_validate_parse+0x10/0x10 [ 231.065562][ T9817] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 231.065642][ T9817] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 231.065685][ T9817] genl_rcv_msg+0xb1f/0xec0 [ 231.065726][ T9817] ? __pfx_genl_rcv_msg+0x10/0x10 [ 231.065792][ T9817] ? __pfx_lock_acquire+0x10/0x10 [ 231.065823][ T9817] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 231.065848][ T9817] ? __pfx___might_resched+0x10/0x10 [ 231.065889][ T9817] netlink_rcv_skb+0x206/0x480 [ 231.065916][ T9817] ? __pfx_genl_rcv_msg+0x10/0x10 [ 231.065955][ T9817] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 231.066016][ T9817] genl_rcv+0x28/0x40 [ 231.066044][ T9817] netlink_unicast+0x7f6/0x990 [ 231.066075][ T9817] ? __pfx_netlink_unicast+0x10/0x10 [ 231.066090][ T9817] ? __virt_addr_valid+0x45f/0x530 [ 231.066108][ T9817] ? __phys_addr_symbol+0x2f/0x70 [ 231.066135][ T9817] ? __check_object_size+0x47a/0x730 [ 231.066170][ T9817] netlink_sendmsg+0x8de/0xcb0 [ 231.066206][ T9817] ? __pfx_netlink_sendmsg+0x10/0x10 [ 231.066232][ T9817] ? aa_sock_msg_perm+0x91/0x160 [ 231.066267][ T9817] ? __pfx_netlink_sendmsg+0x10/0x10 [ 231.066288][ T9817] __sock_sendmsg+0x221/0x270 [ 231.066313][ T9817] ____sys_sendmsg+0x53a/0x860 [ 231.066350][ T9817] ? __pfx_____sys_sendmsg+0x10/0x10 [ 231.066376][ T9817] ? __fget_files+0x2a/0x410 [ 231.066404][ T9817] ? __fget_files+0x2a/0x410 [ 231.066436][ T9817] __sys_sendmsg+0x269/0x350 [ 231.066477][ T9817] ? __pfx___sys_sendmsg+0x10/0x10 [ 231.066548][ T9817] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 231.066579][ T9817] ? do_syscall_64+0x100/0x230 [ 231.066611][ T9817] ? do_syscall_64+0xb6/0x230 [ 231.066641][ T9817] do_syscall_64+0xf3/0x230 [ 231.066667][ T9817] ? clear_bhb_loop+0x35/0x90 [ 231.066698][ T9817] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 231.066724][ T9817] RIP: 0033:0x7fce7858d169 [ 231.066753][ T9817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 231.066770][ T9817] RSP: 002b:00007fce793fd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 231.066791][ T9817] RAX: ffffffffffffffda RBX: 00007fce787a6080 RCX: 00007fce7858d169 [ 231.066817][ T9817] RDX: 0000000000000800 RSI: 0000400000000100 RDI: 0000000000000005 [ 231.066830][ T9817] RBP: 00007fce7860e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 231.066842][ T9817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 231.066854][ T9817] R13: 0000000000000000 R14: 00007fce787a6080 R15: 00007ffe741a3718 [ 231.066885][ T9817] [ 231.587135][ T9816] syzkaller1: entered promiscuous mode [ 231.592755][ T9816] syzkaller1: entered allmulticast mode [ 232.306319][ T9843] bond0: (slave wlan1): Releasing backup interface [ 232.507484][ T9849] team0: left allmulticast mode [ 232.522741][ T9847] netlink: 'syz.4.793': attribute type 1 has an invalid length. [ 232.537902][ T9849] team0: left promiscuous mode [ 232.553314][ T9849] bridge0: port 1(team0) entered disabled state [ 232.571872][ T5884] IPVS: starting estimator thread 0... [ 232.579057][ T9854] netlink: 'syz.2.794': attribute type 10 has an invalid length. [ 232.608400][ T9854] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 232.663978][ T9853] IPVS: using max 21 ests per chain, 50400 per kthread [ 232.760731][ T9858] debugfs: Directory 'netdev:phy6-monitor' with parent 'phy6' already present! [ 232.805680][ T9862] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 232.987572][ T9876] __nla_validate_parse: 11 callbacks suppressed [ 232.987590][ T9876] netlink: 88 bytes leftover after parsing attributes in process `syz.2.799'. [ 233.011426][ T9876] netlink: 48 bytes leftover after parsing attributes in process `syz.2.799'. [ 233.030860][ T9878] netlink: 260 bytes leftover after parsing attributes in process `syz.0.798'. [ 233.456076][ T9887] netlink: 40 bytes leftover after parsing attributes in process `syz.4.803'. [ 233.661428][ T9895] lo speed is unknown, defaulting to 1000 [ 233.809292][ T9901] netlink: 40 bytes leftover after parsing attributes in process `syz.3.806'. [ 234.606168][ T9933] openvswitch: netlink: Message has 8 unknown bytes. [ 234.779234][ T9940] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 234.818368][ T9940] netlink: 8 bytes leftover after parsing attributes in process `syz.1.810'. [ 234.919317][ T9897] netlink: 8 bytes leftover after parsing attributes in process `syz.2.805'. [ 234.956384][ T9946] netlink: 20 bytes leftover after parsing attributes in process `syz.4.807'. [ 235.049539][ T9951] netlink: 40 bytes leftover after parsing attributes in process `syz.1.811'. [ 235.816027][ T9978] lo speed is unknown, defaulting to 1000 [ 235.949981][ T9984] netlink: 40 bytes leftover after parsing attributes in process `syz.0.818'. [ 236.343394][ T9999] syzkaller1: entered promiscuous mode [ 236.358747][ T9999] syzkaller1: entered allmulticast mode [ 237.199650][T10021] netlink: 'syz.4.827': attribute type 10 has an invalid length. [ 237.912678][T10041] syzkaller0: tun_chr_ioctl cmd 1074025684 [ 237.999884][T10045] syzkaller0: create flow: hash 654429262 index 1 [ 238.097901][T10043] __nla_validate_parse: 3 callbacks suppressed [ 238.097920][T10043] netlink: 4 bytes leftover after parsing attributes in process `syz.1.833'. [ 238.216268][T10049] netlink: 20 bytes leftover after parsing attributes in process `syz.3.826'. [ 238.261622][T10040] syzkaller0: delete flow: hash 654429262 index 1 [ 238.280316][ T7466] IPVS: starting estimator thread 0... [ 238.394330][T10055] IPVS: using max 21 ests per chain, 50400 per kthread [ 238.585088][T10060] netlink: 40 bytes leftover after parsing attributes in process `syz.3.836'. [ 239.975309][T10059] lo speed is unknown, defaulting to 1000 [ 240.400282][T10085] bridge0: port 1(gretap0) entered blocking state [ 240.417904][T10085] bridge0: port 1(gretap0) entered disabled state [ 240.434698][T10085] gretap0: entered allmulticast mode [ 240.441343][T10085] gretap0: entered promiscuous mode [ 240.500256][T10085] gretap0: left allmulticast mode [ 240.512624][T10085] gretap0: left promiscuous mode [ 240.524174][T10085] bridge0: port 1(gretap0) entered disabled state [ 241.143967][T10110] netlink: 'syz.1.846': attribute type 29 has an invalid length. [ 241.411874][T10114] netlink: 'syz.1.846': attribute type 29 has an invalid length. [ 241.595106][T10114] IPv6: sit1: Disabled Multicast RS [ 241.611396][T10114] sit1: entered allmulticast mode [ 241.942291][T10131] netlink: 40 bytes leftover after parsing attributes in process `syz.3.850'. [ 242.103131][T10138] netlink: 'syz.1.851': attribute type 2 has an invalid length. [ 242.152791][T10138] netlink: 'syz.1.851': attribute type 5 has an invalid length. [ 242.301480][T10144] netlink: 4 bytes leftover after parsing attributes in process `syz.3.854'. [ 242.412589][T10146] lo speed is unknown, defaulting to 1000 [ 242.493840][T10150] netlink: 4 bytes leftover after parsing attributes in process `syz.0.857'. [ 242.530467][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.548679][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.874517][T10164] lo speed is unknown, defaulting to 1000 [ 243.050503][T10164] netlink: 16 bytes leftover after parsing attributes in process `syz.2.860'. [ 243.381637][T10183] netlink: 8 bytes leftover after parsing attributes in process `syz.0.862'. [ 243.409037][T10184] netlink: 32 bytes leftover after parsing attributes in process `syz.1.863'. [ 243.419650][T10174] netlink: 8 bytes leftover after parsing attributes in process `syz.4.856'. [ 243.459198][T10183] netlink: 'syz.0.862': attribute type 7 has an invalid length. [ 243.494583][T10183] netlink: 'syz.0.862': attribute type 8 has an invalid length. [ 244.572576][ T5844] Bluetooth: hci4: command 0x0405 tx timeout [ 245.011378][T10208] tipc: Failed to remove unknown binding: 66,3,3/0:2252407971/2252407972 [ 245.035580][T10209] netlink: 4 bytes leftover after parsing attributes in process `syz.2.869'. [ 245.340680][T10223] netlink: 16 bytes leftover after parsing attributes in process `syz.0.870'. [ 245.378556][T10224] netlink: 24 bytes leftover after parsing attributes in process `syz.2.872'. [ 245.425156][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.434943][T10224] netlink: 12 bytes leftover after parsing attributes in process `syz.2.872'. [ 245.460685][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 245.537817][T10224] netlink: 12 bytes leftover after parsing attributes in process `syz.2.872'. [ 245.580878][T10229] lo speed is unknown, defaulting to 1000 [ 245.735156][T10232] netlink: 'syz.3.874': attribute type 11 has an invalid length. [ 245.754290][T10232] netlink: 228 bytes leftover after parsing attributes in process `syz.3.874'. [ 246.277681][T10236] netlink: 40 bytes leftover after parsing attributes in process `syz.3.875'. [ 246.884405][T10242] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 248.120319][T10259] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 248.278601][T10263] lo speed is unknown, defaulting to 1000 [ 248.419489][T10263] __nla_validate_parse: 5 callbacks suppressed [ 248.419510][T10263] netlink: 24 bytes leftover after parsing attributes in process `syz.2.884'. [ 248.743469][T10272] lo speed is unknown, defaulting to 1000 [ 249.117576][T10280] lo speed is unknown, defaulting to 1000 [ 249.322342][T10283] netlink: 'syz.3.889': attribute type 22 has an invalid length. [ 249.390484][T10283] netlink: 'syz.3.889': attribute type 11 has an invalid length. [ 249.887021][T10294] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 249.989003][T10294] netlink: 8 bytes leftover after parsing attributes in process `syz.1.892'. [ 250.005600][T10298] netlink: 'syz.2.891': attribute type 10 has an invalid length. [ 250.029142][T10298] netlink: 2 bytes leftover after parsing attributes in process `syz.2.891'. [ 250.042258][T10303] xt_CT: You must specify a L4 protocol and not use inversions on it [ 250.077502][T10298] team0: entered promiscuous mode [ 250.104914][T10298] 8021q: adding VLAN 0 to HW filter on device team0 [ 250.111820][T10298] bridge0: port 1(team0) entered blocking state [ 250.150138][T10298] bridge0: port 1(team0) entered disabled state [ 250.157359][T10298] team0: entered allmulticast mode [ 250.317772][T10284] netlink: 8 bytes leftover after parsing attributes in process `syz.0.888'. [ 250.452092][T10313] netlink: 8 bytes leftover after parsing attributes in process `syz.4.896'. [ 250.632770][T10317] netlink: 24 bytes leftover after parsing attributes in process `syz.4.897'. [ 250.650995][T10317] netlink: 24 bytes leftover after parsing attributes in process `syz.4.897'. [ 250.753806][T10319] lo speed is unknown, defaulting to 1000 [ 250.778548][T10322] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 250.838977][T10322] netlink: 8 bytes leftover after parsing attributes in process `syz.4.899'. [ 250.988251][T10325] netlink: 4 bytes leftover after parsing attributes in process `syz.2.901'. [ 251.040548][T10332] lo speed is unknown, defaulting to 1000 [ 251.055948][T10332] lo speed is unknown, defaulting to 1000 [ 251.083520][T10332] lo speed is unknown, defaulting to 1000 [ 251.138136][T10332] infiniband s›z0: RDMA CMA: cma_listen_on_dev, error -98 [ 251.177900][T10333] netlink: 16 bytes leftover after parsing attributes in process `syz.3.898'. [ 251.232998][T10332] lo speed is unknown, defaulting to 1000 [ 251.242184][T10332] lo speed is unknown, defaulting to 1000 [ 251.260487][T10332] lo speed is unknown, defaulting to 1000 [ 251.318667][T10332] lo speed is unknown, defaulting to 1000 [ 251.353108][T10332] lo speed is unknown, defaulting to 1000 [ 251.375810][T10332] lo speed is unknown, defaulting to 1000 [ 251.570655][T10343] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 251.649502][T10345] xt_CT: You must specify a L4 protocol and not use inversions on it [ 253.024588][T10375] lo speed is unknown, defaulting to 1000 [ 253.038835][T10375] lo speed is unknown, defaulting to 1000 [ 253.215468][T10382] netlink: 'syz.0.915': attribute type 10 has an invalid length. [ 253.224396][T10383] lo speed is unknown, defaulting to 1000 [ 253.239273][T10382] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 253.258179][T10383] lo speed is unknown, defaulting to 1000 [ 253.536181][T10395] netlink: 'syz.0.916': attribute type 1 has an invalid length. [ 253.558878][T10395] __nla_validate_parse: 4 callbacks suppressed [ 253.558895][T10395] netlink: 16 bytes leftover after parsing attributes in process `syz.0.916'. [ 253.781757][T10376] netlink: 8 bytes leftover after parsing attributes in process `syz.3.911'. [ 253.950944][T10411] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 253.981109][T10383] netlink: 8 bytes leftover after parsing attributes in process `syz.1.914'. [ 254.028888][T10412] netlink: 8 bytes leftover after parsing attributes in process `syz.0.917'. [ 254.187202][T10416] netlink: 40 bytes leftover after parsing attributes in process `syz.3.919'. [ 254.467828][T10427] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 254.547033][T10426] team0: Mode "broadcas" not found [ 254.562967][T10427] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 254.646258][T10431] netlink: 4 bytes leftover after parsing attributes in process `syz.4.920'. [ 254.742784][T10433] lo speed is unknown, defaulting to 1000 [ 254.755278][T10433] lo speed is unknown, defaulting to 1000 [ 255.083899][T10446] lo speed is unknown, defaulting to 1000 [ 255.128101][T10446] lo speed is unknown, defaulting to 1000 [ 255.240228][T10448] smc: net device bond0 applied user defined pnetid SYZ2 [ 255.488208][T10456] netlink: 20 bytes leftover after parsing attributes in process `syz.1.925'. [ 255.582963][T10455] sch_tbf: peakrate 64 is lower than or equals to rate 9416279242649327955 ! [ 255.759420][T10467] xt_nfacct: accounting object `syz1' does not exists [ 255.774593][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.782554][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.004278][T10476] xt_NFQUEUE: number of total queues is 0 [ 256.304194][T10481] lo speed is unknown, defaulting to 1000 [ 256.338738][T10481] lo speed is unknown, defaulting to 1000 [ 256.648945][T10489] team0: Mode "broadcas" not found [ 256.713488][T10487] netlink: 20 bytes leftover after parsing attributes in process `syz.4.930'. [ 256.780800][T10495] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 256.800077][T10495] netlink: 8 bytes leftover after parsing attributes in process `syz.2.936'. [ 256.833342][T10497] lo speed is unknown, defaulting to 1000 [ 256.853648][T10497] lo speed is unknown, defaulting to 1000 [ 257.144849][T10508] netlink: 16 bytes leftover after parsing attributes in process `syz.3.937'. [ 257.162979][T10510] syzkaller1: entered promiscuous mode [ 257.199541][T10510] syzkaller1: entered allmulticast mode [ 257.292420][T10512] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 257.301169][T10512] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 257.309601][T10512] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 257.317830][T10512] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 257.356797][T10512] vxlan1: entered promiscuous mode [ 257.369461][T10512] vxlan1: entered allmulticast mode [ 258.467109][T10537] netlink: 'syz.4.945': attribute type 10 has an invalid length. [ 258.490404][T10537] team0: entered promiscuous mode [ 258.521653][T10537] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.552319][T10537] bridge0: port 1(team0) entered blocking state [ 258.559810][T10537] bridge0: port 1(team0) entered disabled state [ 258.598159][T10537] team0: entered allmulticast mode [ 258.675435][T10542] team0: Mode "broadcas" not found [ 258.702647][T10545] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 258.747855][T10545] __nla_validate_parse: 5 callbacks suppressed [ 258.747870][T10545] netlink: 8 bytes leftover after parsing attributes in process `syz.1.948'. [ 258.773418][T10547] team0: left allmulticast mode [ 258.778735][T10547] bridge0: port 1(team0) entered disabled state [ 258.797824][T10547] bond0: (slave wlan1): Releasing backup interface [ 258.819308][T10547] debugfs: Directory 'netdev:phy4-monitor' with parent 'phy4' already present! [ 258.889449][T10552] netlink: 148 bytes leftover after parsing attributes in process `syz.3.949'. [ 258.925977][T10552] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check. [ 259.122556][T10559] bridge0: port 1(macsec1) entered blocking state [ 259.154142][T10559] bridge0: port 1(macsec1) entered disabled state [ 259.179797][T10559] macsec1: entered allmulticast mode [ 259.195131][T10559] bridge0: entered allmulticast mode [ 259.221530][T10559] macsec1: left allmulticast mode [ 259.264021][T10559] bridge0: left allmulticast mode [ 259.493373][T10571] lo speed is unknown, defaulting to 1000 [ 259.502317][T10571] lo speed is unknown, defaulting to 1000 [ 259.509676][T10571] lo speed is unknown, defaulting to 1000 [ 259.812690][T10572] netlink: 20 bytes leftover after parsing attributes in process `syz.1.950'. [ 259.935032][T10582] team0: Mode "broadcas" not found [ 259.993496][T10586] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 260.021698][T10571] infiniband syz0: set down [ 260.030460][ T7463] lo speed is unknown, defaulting to 1000 [ 260.071113][T10571] infiniband syz0: added lo [ 260.085042][T10587] netlink: 4 bytes leftover after parsing attributes in process `syz.3.960'. [ 260.114456][T10587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.960'. [ 260.177142][T10591] netlink: 24 bytes leftover after parsing attributes in process `syz.2.961'. [ 260.258886][T10571] RDS/IB: syz0: added [ 260.342977][T10571] smc: adding ib device syz0 with port count 1 [ 260.350985][T10571] smc: ib device syz0 port 1 has pnetid [ 260.362014][ T7463] lo speed is unknown, defaulting to 1000 [ 260.374834][T10571] lo speed is unknown, defaulting to 1000 [ 260.382645][T10596] netlink: 'syz.1.963': attribute type 4 has an invalid length. [ 260.396328][T10596] netlink: 20 bytes leftover after parsing attributes in process `syz.1.963'. [ 260.425555][T10596] netlink: 'syz.1.963': attribute type 1 has an invalid length. [ 260.443883][T10596] netlink: 224 bytes leftover after parsing attributes in process `syz.1.963'. [ 260.641482][T10571] lo speed is unknown, defaulting to 1000 [ 260.710881][T10599] xt_CT: You must specify a L4 protocol and not use inversions on it [ 260.807504][T10571] lo speed is unknown, defaulting to 1000 [ 261.211923][T10613] lo speed is unknown, defaulting to 1000 [ 261.324041][T10571] lo speed is unknown, defaulting to 1000 [ 261.632398][T10613] lo speed is unknown, defaulting to 1000 [ 261.645367][T10620] netlink: 8 bytes leftover after parsing attributes in process `syz.1.969'. [ 261.662007][T10620] netlink: 4 bytes leftover after parsing attributes in process `syz.1.969'. [ 261.681806][T10620] netlink: 'syz.1.969': attribute type 1 has an invalid length. [ 261.717051][ T5834] block nbd0: Receive control failed (result -107) [ 262.034605][T10630] team0: Mode "broadcas" not found [ 262.060779][T10571] lo speed is unknown, defaulting to 1000 [ 262.115201][T10633] lo speed is unknown, defaulting to 1000 [ 262.301837][T10571] lo speed is unknown, defaulting to 1000 [ 263.122478][T10652] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 263.187354][T10657] team0: left allmulticast mode [ 263.235663][T10657] bridge0: port 1(team0) entered disabled state [ 263.254322][T10651] netlink: 'syz.4.979': attribute type 10 has an invalid length. [ 263.332058][T10651] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 263.998120][T10672] __nla_validate_parse: 9 callbacks suppressed [ 263.998140][T10672] netlink: 40 bytes leftover after parsing attributes in process `syz.0.983'. [ 264.506612][T10692] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 264.569152][T10692] netlink: 4 bytes leftover after parsing attributes in process `syz.1.990'. [ 264.583223][T10699] netlink: 20 bytes leftover after parsing attributes in process `syz.4.981'. [ 264.592951][T10692] netlink: 8 bytes leftover after parsing attributes in process `syz.1.990'. [ 264.643229][T10696] bond0: (slave wlan1): Releasing backup interface [ 264.697377][T10701] netlink: 'syz.3.991': attribute type 10 has an invalid length. [ 264.721932][T10701] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 264.811392][T10701] netlink: 12 bytes leftover after parsing attributes in process `syz.3.991'. [ 264.825173][T10709] netlink: 24 bytes leftover after parsing attributes in process `syz.1.995'. [ 265.049674][T10721] openvswitch: netlink: Message has 8 unknown bytes. [ 265.212087][T10705] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 265.248536][T10705] bond0 (unregistering): Released all slaves [ 265.442735][T10730] netlink: 104 bytes leftover after parsing attributes in process `syz.4.999'. [ 265.527282][T10732] xt_CT: You must specify a L4 protocol and not use inversions on it [ 265.740256][T10743] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 265.760465][T10743] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1005'. [ 265.786808][T10743] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1005'. [ 265.960693][T10752] netlink: 'syz.2.1009': attribute type 10 has an invalid length. [ 266.005930][T10752] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 266.087102][T10758] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1009'. [ 266.093773][T10757] openvswitch: netlink: IP tunnel TTL not specified. [ 266.511596][T10768] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 267.027191][T10787] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 267.414760][T10799] xt_CT: You must specify a L4 protocol and not use inversions on it [ 267.825194][T10818] lo speed is unknown, defaulting to 1000 [ 267.837604][T10818] lo speed is unknown, defaulting to 1000 [ 268.110497][T10823] netlink: 'syz.3.1034': attribute type 10 has an invalid length. [ 268.154370][T10823] batman_adv: batadv0: Adding interface: team0 [ 268.165241][T10824] netlink: 'syz.3.1034': attribute type 10 has an invalid length. [ 268.170893][T10823] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 268.254388][T10823] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 268.297974][T10824] team0: entered promiscuous mode [ 268.304535][T10824] 8021q: adding VLAN 0 to HW filter on device team0 [ 268.342636][T10824] batman_adv: batadv0: Interface activated: team0 [ 268.372906][T10824] batman_adv: batadv0: Interface deactivated: team0 [ 268.444871][T10824] batman_adv: batadv0: Removing interface: team0 [ 268.452383][T10824] bridge0: port 1(team0) entered blocking state [ 268.465517][T10824] bridge0: port 1(team0) entered disabled state [ 268.483765][T10824] team0: entered allmulticast mode [ 268.549138][T10826] bridge0: port 1(macsec1) entered blocking state [ 268.556198][T10826] bridge0: port 1(macsec1) entered disabled state [ 268.564195][T10826] macsec1: entered allmulticast mode [ 268.570100][T10826] bridge0: entered allmulticast mode [ 268.579081][T10826] macsec1: left allmulticast mode [ 268.585963][T10826] bridge0: left allmulticast mode [ 268.722369][T10842] xt_CT: You must specify a L4 protocol and not use inversions on it [ 269.076959][T10818] __nla_validate_parse: 14 callbacks suppressed [ 269.076977][T10818] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1032'. [ 269.092588][T10854] debugfs: Directory 'netdev:phy10-monitor' with parent 'phy10' already present! [ 269.836305][T10873] lo speed is unknown, defaulting to 1000 [ 269.845729][T10873] lo speed is unknown, defaulting to 1000 [ 269.862272][T10875] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1046'. [ 269.922970][T10857] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1043'. [ 270.475800][T10890] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 270.568157][T10895] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1051'. [ 270.577827][T10895] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1051'. [ 270.662045][T10898] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1055'. [ 270.702282][T10898] batadv0: entered promiscuous mode [ 271.533502][T10936] team0: left promiscuous mode [ 271.541164][T10936] debugfs: Directory 'netdev:phy4-monitor' with parent 'phy4' already present! [ 271.622048][T10941] batadv_slave_1: entered promiscuous mode [ 271.697230][ T6134] wlan0: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 271.804057][T10946] xt_CT: You must specify a L4 protocol and not use inversions on it [ 271.857017][T10940] batadv_slave_1: left promiscuous mode [ 271.935110][T10950] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 271.946411][T10951] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1074'. [ 272.025367][T10950] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 272.154339][T10959] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 272.169418][T10950] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 272.187045][T10959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1077'. [ 272.208162][T10959] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1077'. [ 272.314934][T10950] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 272.368116][T10964] netlink: 'syz.1.1080': attribute type 6 has an invalid length. [ 272.413391][T10950] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 272.511273][T10950] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 272.591924][T10950] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 272.669193][T10950] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 272.715209][T10970] lo speed is unknown, defaulting to 1000 [ 272.721844][T10970] lo speed is unknown, defaulting to 1000 [ 272.750494][T10971] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 272.783031][T10971] CPU: 0 UID: 0 PID: 10971 Comm: syz.3.1083 Not tainted 6.14.0-rc4-syzkaller-00873-g3424291dd242 #0 [ 272.783055][T10971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 272.783067][T10971] Call Trace: [ 272.783074][T10971] [ 272.783082][T10971] dump_stack_lvl+0x241/0x360 [ 272.783109][T10971] ? __pfx_dump_stack_lvl+0x10/0x10 [ 272.783130][T10971] ? __pfx__printk+0x10/0x10 [ 272.783153][T10971] ? __kmalloc_cache_noprof+0x243/0x390 [ 272.783178][T10971] ? sysfs_warn_dup+0x51/0xa0 [ 272.783203][T10971] sysfs_warn_dup+0x8e/0xa0 [ 272.783225][T10971] sysfs_do_create_link_sd+0xbe/0x110 [ 272.783249][T10971] device_add_class_symlinks+0x1c5/0x250 [ 272.783284][T10971] device_add+0x553/0xbf0 [ 272.783311][T10971] wiphy_register+0x1922/0x2650 [ 272.783338][T10971] ? __pfx_wiphy_register+0x10/0x10 [ 272.783352][T10971] ? minstrel_ht_alloc+0x84b/0x940 [ 272.783374][T10971] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 272.783396][T10971] ieee80211_register_hw+0x35d9/0x42e0 [ 272.783426][T10971] ? ieee80211_register_hw+0x15f1/0x42e0 [ 272.783452][T10971] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 272.783479][T10971] ? __asan_memset+0x23/0x50 [ 272.783494][T10971] ? __hrtimer_init+0x170/0x250 [ 272.783513][T10971] mac80211_hwsim_new_radio+0x2ae8/0x4a40 [ 272.783567][T10971] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 272.783588][T10971] ? trace_kmalloc+0x1f/0xd0 [ 272.783610][T10971] ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0 [ 272.783635][T10971] ? kstrndup+0xbb/0x150 [ 272.783670][T10971] hwsim_new_radio_nl+0xece/0x2290 [ 272.783703][T10971] ? __pfx___nla_validate_parse+0x10/0x10 [ 272.783727][T10971] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 272.783779][T10971] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 272.783817][T10971] genl_rcv_msg+0xb1f/0xec0 [ 272.783851][T10971] ? __pfx_genl_rcv_msg+0x10/0x10 [ 272.783906][T10971] ? __pfx_lock_acquire+0x10/0x10 [ 272.783932][T10971] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 272.783954][T10971] ? __pfx___might_resched+0x10/0x10 [ 272.783988][T10971] netlink_rcv_skb+0x206/0x480 [ 272.784010][T10971] ? __pfx_genl_rcv_msg+0x10/0x10 [ 272.784038][T10971] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 272.784088][T10971] genl_rcv+0x28/0x40 [ 272.784111][T10971] netlink_unicast+0x7f6/0x990 [ 272.784138][T10971] ? __pfx_netlink_unicast+0x10/0x10 [ 272.784154][T10971] ? __virt_addr_valid+0x45f/0x530 [ 272.784173][T10971] ? __phys_addr_symbol+0x2f/0x70 [ 272.784201][T10971] ? __check_object_size+0x47a/0x730 [ 272.784230][T10971] netlink_sendmsg+0x8de/0xcb0 [ 272.784264][T10971] ? __pfx_netlink_sendmsg+0x10/0x10 [ 272.784298][T10971] ? aa_sock_msg_perm+0x91/0x160 [ 272.784331][T10971] ? __pfx_netlink_sendmsg+0x10/0x10 [ 272.784352][T10971] __sock_sendmsg+0x221/0x270 [ 272.784378][T10971] ____sys_sendmsg+0x53a/0x860 [ 272.784414][T10971] ? __pfx_____sys_sendmsg+0x10/0x10 [ 272.784440][T10971] ? __fget_files+0x2a/0x410 [ 272.784470][T10971] ? __fget_files+0x2a/0x410 [ 272.784504][T10971] __sys_sendmsg+0x269/0x350 [ 272.784537][T10971] ? __pfx___sys_sendmsg+0x10/0x10 [ 272.784607][T10971] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 272.784637][T10971] ? do_syscall_64+0x100/0x230 [ 272.784667][T10971] ? do_syscall_64+0xb6/0x230 [ 272.784697][T10971] do_syscall_64+0xf3/0x230 [ 272.784724][T10971] ? clear_bhb_loop+0x35/0x90 [ 272.784753][T10971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.784777][T10971] RIP: 0033:0x7fce7858d169 [ 272.784793][T10971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.784808][T10971] RSP: 002b:00007fce793fd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 272.784828][T10971] RAX: ffffffffffffffda RBX: 00007fce787a6080 RCX: 00007fce7858d169 [ 272.784841][T10971] RDX: 0000000000000800 RSI: 0000400000000100 RDI: 0000000000000005 [ 272.784853][T10971] RBP: 00007fce7860e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 272.784864][T10971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 272.784875][T10971] R13: 0000000000000000 R14: 00007fce787a6080 R15: 00007ffe741a3718 [ 272.784903][T10971] [ 273.212617][T10975] syzkaller1: entered promiscuous mode [ 273.218835][T10975] syzkaller1: entered allmulticast mode [ 273.261846][T10973] syzkaller0: tun_chr_ioctl cmd 1074025684 [ 273.369349][T10978] syzkaller0: create flow: hash 654429262 index 1 [ 273.385702][ T51] syzkaller0: tun_net_xmit 76 [ 273.391031][ T51] syzkaller0: tun_net_xmit 48 [ 273.400892][ T6134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 273.412875][ T6134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 273.423888][ T7466] syzkaller0: tun_net_xmit 76 [ 273.632876][ T7478] syzkaller0: tun_net_xmit 76 [ 273.639432][T10995] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1087'. [ 273.656352][T10972] syzkaller0: delete flow: hash 654429262 index 1 [ 274.905343][T11018] xt_CT: You must specify a L4 protocol and not use inversions on it [ 275.513836][T11021] netlink: 'syz.2.1097': attribute type 11 has an invalid length. [ 275.542383][T11021] [ 275.544739][T11021] ===================================== [ 275.550291][T11021] WARNING: bad unlock balance detected! [ 275.555837][T11021] 6.14.0-rc4-syzkaller-00873-g3424291dd242 #0 Not tainted [ 275.562943][T11021] ------------------------------------- [ 275.568476][T11021] syz.2.1097/11021 is trying to release lock (rtnl_mutex) at: [ 275.575941][T11021] [] __rtnl_unlock+0x6c/0xf0 [ 275.582108][T11021] but there are no more locks to release! [ 275.587813][T11021] [ 275.587813][T11021] other info that might help us debug this: [ 275.595862][T11021] no locks held by syz.2.1097/11021. [ 275.601138][T11021] [ 275.601138][T11021] stack backtrace: [ 275.607017][T11021] CPU: 0 UID: 0 PID: 11021 Comm: syz.2.1097 Not tainted 6.14.0-rc4-syzkaller-00873-g3424291dd242 #0 [ 275.607034][T11021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 275.607044][T11021] Call Trace: [ 275.607050][T11021] [ 275.607056][T11021] dump_stack_lvl+0x241/0x360 [ 275.607082][T11021] ? __pfx_dump_stack_lvl+0x10/0x10 [ 275.607098][T11021] ? __pfx__printk+0x10/0x10 [ 275.607115][T11021] ? __rtnl_unlock+0x6c/0xf0 [ 275.607136][T11021] print_unlock_imbalance_bug+0x25b/0x2d0 [ 275.607156][T11021] ? __pfx_print_unlock_imbalance_bug+0x10/0x10 [ 275.607172][T11021] ? preempt_schedule+0xe1/0xf0 [ 275.607207][T11021] ? _printk+0xd5/0x120 [ 275.607223][T11021] lock_release+0x47e/0xa30 [ 275.607245][T11021] ? __lock_acquire+0x1397/0x2100 [ 275.607267][T11021] ? __rtnl_unlock+0x6c/0xf0 [ 275.607288][T11021] ? __pfx_lock_release+0x10/0x10 [ 275.607314][T11021] ? __rtnl_unlock+0x6c/0xf0 [ 275.607336][T11021] __mutex_unlock_slowpath+0xec/0x800 [ 275.607362][T11021] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 275.607385][T11021] ? __pfx_lock_release+0x10/0x10 [ 275.607406][T11021] ? validate_chain+0x11e/0x5920 [ 275.607424][T11021] ? lwtunnel_valid_encap_type+0x8a/0x5f0 [ 275.607446][T11021] __rtnl_unlock+0x6c/0xf0 [ 275.607466][T11021] lwtunnel_valid_encap_type+0x38a/0x5f0 [ 275.607488][T11021] ? lwtunnel_valid_encap_type+0x8a/0x5f0 [ 275.607511][T11021] lwtunnel_valid_encap_type_attr+0x113/0x270 [ 275.607535][T11021] rtm_to_fib_config+0x949/0x14e0 [ 275.607564][T11021] inet_rtm_newroute+0xf6/0x2a0 [ 275.607587][T11021] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 275.607614][T11021] ? __pfx_inet_rtm_newroute+0x10/0x10 [ 275.607637][T11021] rtnetlink_rcv_msg+0x791/0xcf0 [ 275.607654][T11021] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 275.607671][T11021] ? __lock_acquire+0x1397/0x2100 [ 275.607693][T11021] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 275.607715][T11021] netlink_rcv_skb+0x206/0x480 [ 275.607732][T11021] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 275.607750][T11021] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 275.607773][T11021] ? netlink_deliver_tap+0x2e/0x1b0 [ 275.607791][T11021] netlink_unicast+0x7f6/0x990 [ 275.607808][T11021] ? __pfx_netlink_unicast+0x10/0x10 [ 275.607822][T11021] ? __virt_addr_valid+0x45f/0x530 [ 275.607836][T11021] ? __phys_addr_symbol+0x2f/0x70 [ 275.607859][T11021] ? __check_object_size+0x47a/0x730 [ 275.607879][T11021] netlink_sendmsg+0x8de/0xcb0 [ 275.607900][T11021] ? __pfx_netlink_sendmsg+0x10/0x10 [ 275.607919][T11021] ? aa_sock_msg_perm+0x91/0x160 [ 275.607943][T11021] ? __pfx_netlink_sendmsg+0x10/0x10 [ 275.607959][T11021] __sock_sendmsg+0x221/0x270 [ 275.607978][T11021] ____sys_sendmsg+0x53a/0x860 [ 275.608003][T11021] ? __pfx_____sys_sendmsg+0x10/0x10 [ 275.608026][T11021] ? __fget_files+0x2a/0x410 [ 275.608048][T11021] ? __fget_files+0x2a/0x410 [ 275.608071][T11021] __sys_sendmsg+0x269/0x350 [ 275.608100][T11021] ? __pfx___sys_sendmsg+0x10/0x10 [ 275.608137][T11021] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 275.608160][T11021] ? do_syscall_64+0x100/0x230 [ 275.608183][T11021] ? do_syscall_64+0xb6/0x230 [ 275.608207][T11021] do_syscall_64+0xf3/0x230 [ 275.608229][T11021] ? clear_bhb_loop+0x35/0x90 [ 275.608252][T11021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.608273][T11021] RIP: 0033:0x7f617f38d169 [ 275.608286][T11021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 275.608299][T11021] RSP: 002b:00007f6180191038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 275.608315][T11021] RAX: ffffffffffffffda RBX: 00007f617f5a5fa0 RCX: 00007f617f38d169 [ 275.608327][T11021] RDX: 0000000000000000 RSI: 0000400000000000 RDI: 0000000000000003 [ 275.608338][T11021] RBP: 00007f617f40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 275.608348][T11021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 275.608357][T11021] R13: 0000000000000000 R14: 00007f617f5a5fa0 R15: 00007ffd5a6065d8 [ 275.608372][T11021] [ 276.012489][T11025] lo speed is unknown, defaulting to 1000 [ 276.018927][T11025] lo speed is unknown, defaulting to 1000 [ 276.157973][T11029] ================================================================== [ 276.166071][T11029] BUG: KASAN: slab-use-after-free in __mutex_lock+0xf97/0x1010 [ 276.173632][T11029] Read of size 4 at addr ffff88804b903c34 by task syz.1.1100/11029 [ 276.181516][T11029] [ 276.183837][T11029] CPU: 1 UID: 0 PID: 11029 Comm: syz.1.1100 Not tainted 6.14.0-rc4-syzkaller-00873-g3424291dd242 #0 [ 276.183855][T11029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 276.183865][T11029] Call Trace: [ 276.183870][T11029] [ 276.183877][T11029] dump_stack_lvl+0x241/0x360 [ 276.183897][T11029] ? __pfx_dump_stack_lvl+0x10/0x10 [ 276.183913][T11029] ? __pfx__printk+0x10/0x10 [ 276.183929][T11029] ? _printk+0xd5/0x120 [ 276.183942][T11029] ? __virt_addr_valid+0x183/0x530 [ 276.183956][T11029] ? __virt_addr_valid+0x183/0x530 [ 276.183971][T11029] print_report+0x16e/0x5b0 [ 276.183990][T11029] ? __virt_addr_valid+0x183/0x530 [ 276.184003][T11029] ? __virt_addr_valid+0x183/0x530 [ 276.184016][T11029] ? __virt_addr_valid+0x45f/0x530 [ 276.184029][T11029] ? __phys_addr+0xba/0x170 [ 276.184053][T11029] ? __mutex_lock+0xf97/0x1010 [ 276.184074][T11029] kasan_report+0x143/0x180 [ 276.184093][T11029] ? __mutex_lock+0xf97/0x1010 [ 276.184134][T11029] __mutex_lock+0xf97/0x1010 [ 276.184157][T11029] ? rcu_is_watching+0x15/0xb0 [ 276.184175][T11029] ? rcu_is_watching+0x15/0xb0 [ 276.184193][T11029] ? rcu_is_watching+0x15/0xb0 [ 276.184209][T11029] ? __kvmalloc_node_noprof+0x72/0x190 [ 276.184234][T11029] ? ieee80211_register_hw+0x30fe/0x42e0 [ 276.184255][T11029] ? __pfx___mutex_lock+0x10/0x10 [ 276.184285][T11029] ieee80211_register_hw+0x30fe/0x42e0 [ 276.184313][T11029] ? ieee80211_register_hw+0x17f1/0x42e0 [ 276.184334][T11029] ? ieee80211_register_hw+0x15f1/0x42e0 [ 276.184356][T11029] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 276.184378][T11029] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 276.184404][T11029] ? __asan_memset+0x23/0x50 [ 276.184418][T11029] ? __hrtimer_init+0x170/0x250 [ 276.184436][T11029] mac80211_hwsim_new_radio+0x2ae8/0x4a40 [ 276.184465][T11029] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 276.184484][T11029] ? __asan_memset+0x23/0x50 [ 276.184501][T11029] hwsim_new_radio_nl+0xece/0x2290 [ 276.184522][T11029] ? __pfx___nla_validate_parse+0x10/0x10 [ 276.184541][T11029] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 276.184569][T11029] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 276.184598][T11029] genl_rcv_msg+0xb1f/0xec0 [ 276.184624][T11029] ? __pfx_genl_rcv_msg+0x10/0x10 [ 276.184646][T11029] ? stack_trace_save+0x118/0x1d0 [ 276.184667][T11029] ? __pfx_stack_trace_save+0x10/0x10 [ 276.184688][T11029] ? stack_depot_save_flags+0x37/0x940 [ 276.184717][T11029] ? __pfx_lock_acquire+0x10/0x10 [ 276.184740][T11029] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 276.184758][T11029] ? __pfx___might_resched+0x10/0x10 [ 276.184779][T11029] ? rcu_is_watching+0x15/0xb0 [ 276.184796][T11029] ? lock_acquire+0xe3/0x550 [ 276.184821][T11029] netlink_rcv_skb+0x206/0x480 [ 276.184839][T11029] ? __pfx_genl_rcv_msg+0x10/0x10 [ 276.184863][T11029] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 276.184880][T11029] ? lock_release+0xbf/0xa30 [ 276.184907][T11029] ? __pfx___netlink_lookup+0x10/0x10 [ 276.184929][T11029] ? net_generic+0x1f/0x240 [ 276.184954][T11029] genl_rcv+0x28/0x40 [ 276.184975][T11029] netlink_unicast+0x7f6/0x990 [ 276.184994][T11029] ? __pfx_netlink_unicast+0x10/0x10 [ 276.185009][T11029] ? __virt_addr_valid+0x45f/0x530 [ 276.185023][T11029] ? __phys_addr_symbol+0x2f/0x70 [ 276.185049][T11029] ? __check_object_size+0x47a/0x730 [ 276.185072][T11029] netlink_sendmsg+0x8de/0xcb0 [ 276.185094][T11029] ? __pfx_netlink_sendmsg+0x10/0x10 [ 276.185114][T11029] ? aa_sock_msg_perm+0x91/0x160 [ 276.185139][T11029] ? __pfx_netlink_sendmsg+0x10/0x10 [ 276.185158][T11029] __sock_sendmsg+0x221/0x270 [ 276.185178][T11029] ____sys_sendmsg+0x53a/0x860 [ 276.185205][T11029] ? __pfx_____sys_sendmsg+0x10/0x10 [ 276.185229][T11029] ? __fget_files+0x2a/0x410 [ 276.185252][T11029] ? __fget_files+0x2a/0x410 [ 276.185277][T11029] __sys_sendmsg+0x269/0x350 [ 276.185305][T11029] ? __pfx_futex_wake+0x10/0x10 [ 276.185339][T11029] ? __pfx___sys_sendmsg+0x10/0x10 [ 276.185362][T11029] ? lock_release+0xbf/0xa30 [ 276.185396][T11029] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 276.185419][T11029] ? rcu_is_watching+0x15/0xb0 [ 276.185436][T11029] ? rcu_is_watching+0x15/0xb0 [ 276.185453][T11029] do_syscall_64+0xf3/0x230 [ 276.185475][T11029] ? clear_bhb_loop+0x35/0x90 [ 276.185498][T11029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.185519][T11029] RIP: 0033:0x7f4ab438d169 [ 276.185531][T11029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 276.185548][T11029] RSP: 002b:00007f4ab5152038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 276.185565][T11029] RAX: ffffffffffffffda RBX: 00007f4ab45a6080 RCX: 00007f4ab438d169 [ 276.185577][T11029] RDX: 0000000000000050 RSI: 0000400000000140 RDI: 0000000000000009 [ 276.185606][T11029] RBP: 00007f4ab440e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 276.185617][T11029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 276.185629][T11029] R13: 0000000000000000 R14: 00007f4ab45a6080 R15: 00007ffefee0e898 [ 276.185647][T11029] [ 276.185654][T11029] [ 276.671041][T11029] Allocated by task 11020: [ 276.675452][T11029] kasan_save_track+0x3f/0x80 [ 276.680131][T11029] __kasan_slab_alloc+0x66/0x80 [ 276.684984][T11029] kmem_cache_alloc_node_noprof+0x1d9/0x380 [ 276.690874][T11029] dup_task_struct+0x57/0x8c0 [ 276.695540][T11029] copy_process+0x5d1/0x3cf0 [ 276.700155][T11029] kernel_clone+0x226/0x8e0 [ 276.704654][T11029] __se_sys_clone3+0x2ee/0x380 [ 276.709409][T11029] do_syscall_64+0xf3/0x230 [ 276.713914][T11029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.719820][T11029] [ 276.722136][T11029] Freed by task 11029: [ 276.726190][T11029] kasan_save_track+0x3f/0x80 [ 276.730864][T11029] kasan_save_free_info+0x40/0x50 [ 276.735890][T11029] __kasan_slab_free+0x59/0x70 [ 276.740652][T11029] kmem_cache_free+0x195/0x410 [ 276.745407][T11029] delayed_put_task_struct+0x125/0x300 [ 276.750862][T11029] rcu_core+0xaaa/0x17a0 [ 276.755097][T11029] handle_softirqs+0x2d4/0x9b0 [ 276.759860][T11029] do_softirq+0x11b/0x1e0 [ 276.764185][T11029] __local_bh_enable_ip+0x1bb/0x200 [ 276.769376][T11029] netlink_insert+0xd5/0x14e0 [ 276.774043][T11029] netlink_autobind+0x221/0x2f0 [ 276.778882][T11029] netlink_sendmsg+0x7b0/0xcb0 [ 276.783636][T11029] __sock_sendmsg+0x221/0x270 [ 276.788304][T11029] __sys_sendto+0x363/0x4c0 [ 276.792802][T11029] __x64_sys_sendto+0xde/0x100 [ 276.797560][T11029] do_syscall_64+0xf3/0x230 [ 276.802057][T11029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.807949][T11029] [ 276.810264][T11029] Last potentially related work creation: [ 276.815969][T11029] kasan_save_stack+0x3f/0x60 [ 276.820642][T11029] kasan_record_aux_stack+0xaa/0xc0 [ 276.825838][T11029] call_rcu+0x168/0xac0 [ 276.829991][T11029] __schedule+0x1916/0x4c90 [ 276.834488][T11029] preempt_schedule_common+0x84/0xd0 [ 276.839767][T11029] preempt_schedule+0xe1/0xf0 [ 276.844436][T11029] preempt_schedule_thunk+0x1a/0x30 [ 276.849630][T11029] _raw_spin_unlock_irq+0x44/0x50 [ 276.854651][T11029] do_group_exit+0x1f7/0x2c0 [ 276.859253][T11029] __x64_sys_exit_group+0x3f/0x40 [ 276.864274][T11029] x64_sys_call+0x26a8/0x26b0 [ 276.868941][T11029] do_syscall_64+0xf3/0x230 [ 276.873437][T11029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.879327][T11029] [ 276.881642][T11029] Second to last potentially related work creation: [ 276.888215][T11029] kasan_save_stack+0x3f/0x60 [ 276.892898][T11029] kasan_record_aux_stack+0xaa/0xc0 [ 276.898092][T11029] task_work_add+0xb8/0x450 [ 276.902587][T11029] sched_tick+0x327/0x660 [ 276.906910][T11029] update_process_times+0x276/0x2f0 [ 276.912109][T11029] tick_nohz_handler+0x37c/0x500 [ 276.917043][T11029] __hrtimer_run_queues+0x551/0xd30 [ 276.922253][T11029] hrtimer_interrupt+0x403/0xa40 [ 276.927203][T11029] __sysvec_apic_timer_interrupt+0x110/0x420 [ 276.933245][T11029] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 276.938873][T11029] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 276.944851][T11029] [ 276.947164][T11029] The buggy address belongs to the object at ffff88804b903c00 [ 276.947164][T11029] which belongs to the cache task_struct of size 7424 [ 276.961293][T11029] The buggy address is located 52 bytes inside of [ 276.961293][T11029] freed 7424-byte region [ffff88804b903c00, ffff88804b905900) [ 276.975080][T11029] [ 276.977401][T11029] The buggy address belongs to the physical page: [ 276.983816][T11029] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4b900 [ 276.992571][T11029] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 277.001061][T11029] memcg:ffff88807e21db81 [ 277.005291][T11029] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 277.012831][T11029] page_type: f5(slab) [ 277.016825][T11029] raw: 00fff00000000040 ffff88801c282500 dead000000000100 dead000000000122 [ 277.025404][T11029] raw: 0000000000000000 0000000000040004 00000000f5000000 ffff88807e21db81 [ 277.033995][T11029] head: 00fff00000000040 ffff88801c282500 dead000000000100 dead000000000122 [ 277.042662][T11029] head: 0000000000000000 0000000000040004 00000000f5000000 ffff88807e21db81 [ 277.051326][T11029] head: 00fff00000000003 ffffea00012e4001 ffffffffffffffff 0000000000000000 [ 277.059995][T11029] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 277.068674][T11029] page dumped because: kasan: bad access detected [ 277.075102][T11029] page_owner tracks the page as allocated [ 277.080805][T11029] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 10179, tgid 10179 (syz.1.863), ts 243328550962, free_ts 243326135272 [ 277.102245][T11029] post_alloc_hook+0x1f4/0x240 [ 277.107009][T11029] get_page_from_freelist+0x365c/0x37a0 [ 277.112557][T11029] __alloc_frozen_pages_noprof+0x292/0x710 [ 277.118374][T11029] alloc_pages_mpol+0x311/0x660 [ 277.123227][T11029] allocate_slab+0x8f/0x3a0 [ 277.127734][T11029] ___slab_alloc+0xc27/0x14a0 [ 277.132414][T11029] __slab_alloc+0x58/0xa0 [ 277.136756][T11029] kmem_cache_alloc_node_noprof+0x269/0x380 [ 277.142669][T11029] dup_task_struct+0x57/0x8c0 [ 277.147346][T11029] copy_process+0x5d1/0x3cf0 [ 277.151927][T11029] kernel_clone+0x226/0x8e0 [ 277.156426][T11029] __se_sys_clone3+0x2ee/0x380 [ 277.161198][T11029] do_syscall_64+0xf3/0x230 [ 277.165705][T11029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.171606][T11029] page last free pid 10180 tgid 10180 stack trace: [ 277.178094][T11029] free_frozen_pages+0xe0d/0x10e0 [ 277.183116][T11029] __put_partials+0x160/0x1c0 [ 277.187789][T11029] put_cpu_partial+0x17c/0x250 [ 277.192543][T11029] __slab_free+0x290/0x380 [ 277.196954][T11029] qlist_free_all+0x9a/0x140 [ 277.201533][T11029] kasan_quarantine_reduce+0x14f/0x170 [ 277.206986][T11029] __kasan_slab_alloc+0x23/0x80 [ 277.211829][T11029] kmem_cache_alloc_noprof+0x1d9/0x380 [ 277.217280][T11029] vm_area_dup+0x27/0x290 [ 277.221599][T11029] __split_vma+0x1bf/0xbf0 [ 277.226025][T11029] vms_gather_munmap_vmas+0x4c1/0x1600 [ 277.231482][T11029] mmap_region+0xa50/0x2fa0 [ 277.235984][T11029] do_mmap+0xecc/0x13a0 [ 277.240158][T11029] vm_mmap_pgoff+0x214/0x430 [ 277.244740][T11029] ksys_mmap_pgoff+0x4eb/0x720 [ 277.249496][T11029] do_syscall_64+0xf3/0x230 [ 277.253994][T11029] [ 277.256308][T11029] Memory state around the buggy address: [ 277.261929][T11029] ffff88804b903b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 277.269985][T11029] ffff88804b903b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 277.278035][T11029] >ffff88804b903c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 277.286086][T11029] ^ [ 277.291707][T11029] ffff88804b903c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 277.299763][T11029] ffff88804b903d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 277.307816][T11029] ================================================================== [ 277.316547][T11029] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 277.323760][T11029] CPU: 1 UID: 0 PID: 11029 Comm: syz.1.1100 Not tainted 6.14.0-rc4-syzkaller-00873-g3424291dd242 #0 [ 277.334510][T11029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 277.344557][T11029] Call Trace: [ 277.347836][T11029] [ 277.350759][T11029] dump_stack_lvl+0x241/0x360 [ 277.355432][T11029] ? __pfx_dump_stack_lvl+0x10/0x10 [ 277.360624][T11029] ? __pfx__printk+0x10/0x10 [ 277.365206][T11029] ? rcu_is_watching+0x15/0xb0 [ 277.369964][T11029] ? vscnprintf+0x5d/0x90 [ 277.374287][T11029] panic+0x349/0x880 [ 277.378174][T11029] ? check_panic_on_warn+0x21/0xb0 [ 277.383288][T11029] ? __pfx_panic+0x10/0x10 [ 277.387693][T11029] ? trace_irq_enable+0x2c/0x120 [ 277.392626][T11029] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 277.398513][T11029] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 277.404402][T11029] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 277.410724][T11029] ? print_report+0x519/0x5b0 [ 277.415404][T11029] check_panic_on_warn+0x86/0xb0 [ 277.420343][T11029] ? __mutex_lock+0xf97/0x1010 [ 277.425110][T11029] end_report+0x77/0x160 [ 277.429352][T11029] kasan_report+0x154/0x180 [ 277.433849][T11029] ? __mutex_lock+0xf97/0x1010 [ 277.438612][T11029] __mutex_lock+0xf97/0x1010 [ 277.443197][T11029] ? rcu_is_watching+0x15/0xb0 [ 277.447951][T11029] ? rcu_is_watching+0x15/0xb0 [ 277.452706][T11029] ? rcu_is_watching+0x15/0xb0 [ 277.457459][T11029] ? __kvmalloc_node_noprof+0x72/0x190 [ 277.462914][T11029] ? ieee80211_register_hw+0x30fe/0x42e0 [ 277.468543][T11029] ? __pfx___mutex_lock+0x10/0x10 [ 277.473578][T11029] ieee80211_register_hw+0x30fe/0x42e0 [ 277.479045][T11029] ? ieee80211_register_hw+0x17f1/0x42e0 [ 277.484684][T11029] ? ieee80211_register_hw+0x15f1/0x42e0 [ 277.490315][T11029] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 277.496122][T11029] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 277.501936][T11029] ? __asan_memset+0x23/0x50 [ 277.506520][T11029] ? __hrtimer_init+0x170/0x250 [ 277.511369][T11029] mac80211_hwsim_new_radio+0x2ae8/0x4a40 [ 277.517089][T11029] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 277.523167][T11029] ? __asan_memset+0x23/0x50 [ 277.527759][T11029] hwsim_new_radio_nl+0xece/0x2290 [ 277.532868][T11029] ? __pfx___nla_validate_parse+0x10/0x10 [ 277.538581][T11029] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 277.544132][T11029] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 277.550486][T11029] genl_rcv_msg+0xb1f/0xec0 [ 277.554994][T11029] ? __pfx_genl_rcv_msg+0x10/0x10 [ 277.560023][T11029] ? stack_trace_save+0x118/0x1d0 [ 277.565051][T11029] ? __pfx_stack_trace_save+0x10/0x10 [ 277.570425][T11029] ? stack_depot_save_flags+0x37/0x940 [ 277.575898][T11029] ? __pfx_lock_acquire+0x10/0x10 [ 277.580932][T11029] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 277.586478][T11029] ? __pfx___might_resched+0x10/0x10 [ 277.591769][T11029] ? rcu_is_watching+0x15/0xb0 [ 277.596528][T11029] ? lock_acquire+0xe3/0x550 [ 277.601127][T11029] netlink_rcv_skb+0x206/0x480 [ 277.605891][T11029] ? __pfx_genl_rcv_msg+0x10/0x10 [ 277.610931][T11029] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 277.616216][T11029] ? lock_release+0xbf/0xa30 [ 277.620817][T11029] ? __pfx___netlink_lookup+0x10/0x10 [ 277.626188][T11029] ? net_generic+0x1f/0x240 [ 277.630700][T11029] genl_rcv+0x28/0x40 [ 277.634679][T11029] netlink_unicast+0x7f6/0x990 [ 277.639436][T11029] ? __pfx_netlink_unicast+0x10/0x10 [ 277.644712][T11029] ? __virt_addr_valid+0x45f/0x530 [ 277.649812][T11029] ? __phys_addr_symbol+0x2f/0x70 [ 277.654836][T11029] ? __check_object_size+0x47a/0x730 [ 277.660130][T11029] netlink_sendmsg+0x8de/0xcb0 [ 277.664909][T11029] ? __pfx_netlink_sendmsg+0x10/0x10 [ 277.670191][T11029] ? aa_sock_msg_perm+0x91/0x160 [ 277.675127][T11029] ? __pfx_netlink_sendmsg+0x10/0x10 [ 277.680410][T11029] __sock_sendmsg+0x221/0x270 [ 277.685078][T11029] ____sys_sendmsg+0x53a/0x860 [ 277.689845][T11029] ? __pfx_____sys_sendmsg+0x10/0x10 [ 277.695158][T11029] ? __fget_files+0x2a/0x410 [ 277.699750][T11029] ? __fget_files+0x2a/0x410 [ 277.704358][T11029] __sys_sendmsg+0x269/0x350 [ 277.708974][T11029] ? __pfx_futex_wake+0x10/0x10 [ 277.713825][T11029] ? __pfx___sys_sendmsg+0x10/0x10 [ 277.718953][T11029] ? lock_release+0xbf/0xa30 [ 277.723565][T11029] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 277.729907][T11029] ? rcu_is_watching+0x15/0xb0 [ 277.734672][T11029] ? rcu_is_watching+0x15/0xb0 [ 277.739466][T11029] do_syscall_64+0xf3/0x230 [ 277.743984][T11029] ? clear_bhb_loop+0x35/0x90 [ 277.748661][T11029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.754549][T11029] RIP: 0033:0x7f4ab438d169 [ 277.758973][T11029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 277.778582][T11029] RSP: 002b:00007f4ab5152038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 277.786994][T11029] RAX: ffffffffffffffda RBX: 00007f4ab45a6080 RCX: 00007f4ab438d169 [ 277.794976][T11029] RDX: 0000000000000050 RSI: 0000400000000140 RDI: 0000000000000009 [ 277.802944][T11029] RBP: 00007f4ab440e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 277.810923][T11029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 277.818912][T11029] R13: 0000000000000000 R14: 00007f4ab45a6080 R15: 00007ffefee0e898 [ 277.826914][T11029] [ 277.830294][T11029] Kernel Offset: disabled [ 277.834611][T11029] Rebooting in 86400 seconds..