last executing test programs: 1m29.903223227s ago: executing program 1 (id=1837): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x17, 0x0, 0x8400, 0x1, 0x0, 0x1}, 0x48) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r1, 0x400448e1, &(0x7f0000000240)={0x0, 0x0, "957008"}) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r0, 0x0, 0x20000000}, 0x20) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000380)={r0, 0x0, 0x20000000, 0x2}, 0x20) bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000500)={r0, 0x0, 0x20000000}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0, 0xffffffffffffffff}, 0x0, &(0x7f0000000040)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r2, 0x0, &(0x7f0000001780)=""/4096}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@var={0x1, 0x0, 0x0, 0xe, 0x1000002}, @enum]}, {0x0, [0x2e, 0x0]}}, &(0x7f0000000240)=""/214, 0x38, 0xd6, 0x1}, 0x20) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet6(0xa, 0x3, 0x200) sendmmsg$inet6(r4, &(0x7f00000001c0)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x1, @mcast1, 0x189}, 0x1c, &(0x7f0000000740)=[{&(0x7f00000000c0)="a4497fdbb200cb904e94bb508ed82c68ffd21d13d833bea1b2c1543ace649f4604", 0x21}, {&(0x7f0000000180)="9805da9cf0afb05d9a17fe", 0xb}, {&(0x7f0000000480)="c45148f97fa396fb2d3ea218dae97902f9430fe3ad14431de249d67f8f52a941250bcc0d75b4358605383a4e3e1063f78ce03044900c040f4628d4cd0328950bc5b0603adc4342f22eb38eebe2b244bdeb93e3d071ddcc6067b799a0ee5887d3448816469b45b22baa5c0f2e2605467f9738", 0x72}, {&(0x7f0000000540)="ef64d846b3a306dd8d0b14edf9020780b97c0586d84e5cbd4cee77d3f1737a0b31c5c253251a25f298420be15f7bb5015cd56caf2ec56d95f50671e833d7975cce8219f261d1c072d5d8cf00a98bdd9fe0f6905d9bb51a9f11ab8770f6083e296393eafe5035de1faf08443ff251c8df7a006bed7197a82b4422275c6142946a2e1e9f6d96456f121a3f4f692c51a232a2ccf2e4ae59a925d63851f5ffa58ffdf75dd07941905a4a54e4d503648f19c5cc1cf4a6a73d491eba8bf8d40dc7", 0xbe}, {&(0x7f0000000680)="0cd11b8df3ffd659d26053f4e9e8f1d51620bd78a88c21e4caa6a917ddf448738a7c50b5ed08e2c2c16e84eb0cdca0896cbe50e870285f27f508d1bfac8337dd3c75e08c9a2fb357923df17d1a70e62aa13caaa7fff60824b370117ce2701848d4a6d7cfd898226bbffbc81712473c60d6281bf43c85573fab71b7b9d5cca9f1de2909cd61c755d13cfa363f3154a58dc41b2e900864fa6925319f173ca2", 0x9e}], 0x5}}], 0x1, 0x1) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000800000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="48003300d0000000ffffffffffff08021100000050505050505000000f"], 0x64}}, 0x0) 1m27.435751473s ago: executing program 3 (id=1015): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) writev(r0, &(0x7f0000000540)=[{&(0x7f0000000c00)="89e7ee2c7cdad9b4b47380c90800", 0xe}, {&(0x7f0000000600)="9b1266926bac6fe17589a03ea03dd982ae36633c", 0x14}, {0x0}], 0x3) 1m15.086019766s ago: executing program 1 (id=1837): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x17, 0x0, 0x8400, 0x1, 0x0, 0x1}, 0x48) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r1, 0x400448e1, &(0x7f0000000240)={0x0, 0x0, "957008"}) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r0, 0x0, 0x20000000}, 0x20) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000380)={r0, 0x0, 0x20000000, 0x2}, 0x20) bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000500)={r0, 0x0, 0x20000000}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0, 0xffffffffffffffff}, 0x0, &(0x7f0000000040)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r2, 0x0, &(0x7f0000001780)=""/4096}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@var={0x1, 0x0, 0x0, 0xe, 0x1000002}, @enum]}, {0x0, [0x2e, 0x0]}}, &(0x7f0000000240)=""/214, 0x38, 0xd6, 0x1}, 0x20) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet6(0xa, 0x3, 0x200) sendmmsg$inet6(r4, &(0x7f00000001c0)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x1, @mcast1, 0x189}, 0x1c, &(0x7f0000000740)=[{&(0x7f00000000c0)="a4497fdbb200cb904e94bb508ed82c68ffd21d13d833bea1b2c1543ace649f4604", 0x21}, {&(0x7f0000000180)="9805da9cf0afb05d9a17fe", 0xb}, {&(0x7f0000000480)="c45148f97fa396fb2d3ea218dae97902f9430fe3ad14431de249d67f8f52a941250bcc0d75b4358605383a4e3e1063f78ce03044900c040f4628d4cd0328950bc5b0603adc4342f22eb38eebe2b244bdeb93e3d071ddcc6067b799a0ee5887d3448816469b45b22baa5c0f2e2605467f9738", 0x72}, {&(0x7f0000000540)="ef64d846b3a306dd8d0b14edf9020780b97c0586d84e5cbd4cee77d3f1737a0b31c5c253251a25f298420be15f7bb5015cd56caf2ec56d95f50671e833d7975cce8219f261d1c072d5d8cf00a98bdd9fe0f6905d9bb51a9f11ab8770f6083e296393eafe5035de1faf08443ff251c8df7a006bed7197a82b4422275c6142946a2e1e9f6d96456f121a3f4f692c51a232a2ccf2e4ae59a925d63851f5ffa58ffdf75dd07941905a4a54e4d503648f19c5cc1cf4a6a73d491eba8bf8d40dc7", 0xbe}, {&(0x7f0000000680)="0cd11b8df3ffd659d26053f4e9e8f1d51620bd78a88c21e4caa6a917ddf448738a7c50b5ed08e2c2c16e84eb0cdca0896cbe50e870285f27f508d1bfac8337dd3c75e08c9a2fb357923df17d1a70e62aa13caaa7fff60824b370117ce2701848d4a6d7cfd898226bbffbc81712473c60d6281bf43c85573fab71b7b9d5cca9f1de2909cd61c755d13cfa363f3154a58dc41b2e900864fa6925319f173ca2", 0x9e}], 0x5}}], 0x1, 0x1) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000800000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="48003300d0000000ffffffffffff08021100000050505050505000000f"], 0x64}}, 0x0) 1m13.347516435s ago: executing program 3 (id=1015): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) writev(r0, &(0x7f0000000540)=[{&(0x7f0000000c00)="89e7ee2c7cdad9b4b47380c90800", 0xe}, {&(0x7f0000000600)="9b1266926bac6fe17589a03ea03dd982ae36633c", 0x14}, {0x0}], 0x3) 58.224046585s ago: executing program 1 (id=1837): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x17, 0x0, 0x8400, 0x1, 0x0, 0x1}, 0x48) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r1, 0x400448e1, &(0x7f0000000240)={0x0, 0x0, "957008"}) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r0, 0x0, 0x20000000}, 0x20) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000380)={r0, 0x0, 0x20000000, 0x2}, 0x20) bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000500)={r0, 0x0, 0x20000000}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0, 0xffffffffffffffff}, 0x0, &(0x7f0000000040)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r2, 0x0, &(0x7f0000001780)=""/4096}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@var={0x1, 0x0, 0x0, 0xe, 0x1000002}, @enum]}, {0x0, [0x2e, 0x0]}}, &(0x7f0000000240)=""/214, 0x38, 0xd6, 0x1}, 0x20) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet6(0xa, 0x3, 0x200) sendmmsg$inet6(r4, &(0x7f00000001c0)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x1, @mcast1, 0x189}, 0x1c, &(0x7f0000000740)=[{&(0x7f00000000c0)="a4497fdbb200cb904e94bb508ed82c68ffd21d13d833bea1b2c1543ace649f4604", 0x21}, {&(0x7f0000000180)="9805da9cf0afb05d9a17fe", 0xb}, {&(0x7f0000000480)="c45148f97fa396fb2d3ea218dae97902f9430fe3ad14431de249d67f8f52a941250bcc0d75b4358605383a4e3e1063f78ce03044900c040f4628d4cd0328950bc5b0603adc4342f22eb38eebe2b244bdeb93e3d071ddcc6067b799a0ee5887d3448816469b45b22baa5c0f2e2605467f9738", 0x72}, {&(0x7f0000000540)="ef64d846b3a306dd8d0b14edf9020780b97c0586d84e5cbd4cee77d3f1737a0b31c5c253251a25f298420be15f7bb5015cd56caf2ec56d95f50671e833d7975cce8219f261d1c072d5d8cf00a98bdd9fe0f6905d9bb51a9f11ab8770f6083e296393eafe5035de1faf08443ff251c8df7a006bed7197a82b4422275c6142946a2e1e9f6d96456f121a3f4f692c51a232a2ccf2e4ae59a925d63851f5ffa58ffdf75dd07941905a4a54e4d503648f19c5cc1cf4a6a73d491eba8bf8d40dc7", 0xbe}, {&(0x7f0000000680)="0cd11b8df3ffd659d26053f4e9e8f1d51620bd78a88c21e4caa6a917ddf448738a7c50b5ed08e2c2c16e84eb0cdca0896cbe50e870285f27f508d1bfac8337dd3c75e08c9a2fb357923df17d1a70e62aa13caaa7fff60824b370117ce2701848d4a6d7cfd898226bbffbc81712473c60d6281bf43c85573fab71b7b9d5cca9f1de2909cd61c755d13cfa363f3154a58dc41b2e900864fa6925319f173ca2", 0x9e}], 0x5}}], 0x1, 0x1) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000800000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="48003300d0000000ffffffffffff08021100000050505050505000000f"], 0x64}}, 0x0) 54.992512803s ago: executing program 3 (id=1015): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) writev(r0, &(0x7f0000000540)=[{&(0x7f0000000c00)="89e7ee2c7cdad9b4b47380c90800", 0xe}, {&(0x7f0000000600)="9b1266926bac6fe17589a03ea03dd982ae36633c", 0x14}, {0x0}], 0x3) 42.555656089s ago: executing program 1 (id=1837): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x17, 0x0, 0x8400, 0x1, 0x0, 0x1}, 0x48) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r1, 0x400448e1, &(0x7f0000000240)={0x0, 0x0, "957008"}) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r0, 0x0, 0x20000000}, 0x20) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000380)={r0, 0x0, 0x20000000, 0x2}, 0x20) bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000500)={r0, 0x0, 0x20000000}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0, 0xffffffffffffffff}, 0x0, &(0x7f0000000040)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r2, 0x0, &(0x7f0000001780)=""/4096}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@var={0x1, 0x0, 0x0, 0xe, 0x1000002}, @enum]}, {0x0, [0x2e, 0x0]}}, &(0x7f0000000240)=""/214, 0x38, 0xd6, 0x1}, 0x20) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet6(0xa, 0x3, 0x200) sendmmsg$inet6(r4, &(0x7f00000001c0)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x1, @mcast1, 0x189}, 0x1c, &(0x7f0000000740)=[{&(0x7f00000000c0)="a4497fdbb200cb904e94bb508ed82c68ffd21d13d833bea1b2c1543ace649f4604", 0x21}, {&(0x7f0000000180)="9805da9cf0afb05d9a17fe", 0xb}, {&(0x7f0000000480)="c45148f97fa396fb2d3ea218dae97902f9430fe3ad14431de249d67f8f52a941250bcc0d75b4358605383a4e3e1063f78ce03044900c040f4628d4cd0328950bc5b0603adc4342f22eb38eebe2b244bdeb93e3d071ddcc6067b799a0ee5887d3448816469b45b22baa5c0f2e2605467f9738", 0x72}, {&(0x7f0000000540)="ef64d846b3a306dd8d0b14edf9020780b97c0586d84e5cbd4cee77d3f1737a0b31c5c253251a25f298420be15f7bb5015cd56caf2ec56d95f50671e833d7975cce8219f261d1c072d5d8cf00a98bdd9fe0f6905d9bb51a9f11ab8770f6083e296393eafe5035de1faf08443ff251c8df7a006bed7197a82b4422275c6142946a2e1e9f6d96456f121a3f4f692c51a232a2ccf2e4ae59a925d63851f5ffa58ffdf75dd07941905a4a54e4d503648f19c5cc1cf4a6a73d491eba8bf8d40dc7", 0xbe}, {&(0x7f0000000680)="0cd11b8df3ffd659d26053f4e9e8f1d51620bd78a88c21e4caa6a917ddf448738a7c50b5ed08e2c2c16e84eb0cdca0896cbe50e870285f27f508d1bfac8337dd3c75e08c9a2fb357923df17d1a70e62aa13caaa7fff60824b370117ce2701848d4a6d7cfd898226bbffbc81712473c60d6281bf43c85573fab71b7b9d5cca9f1de2909cd61c755d13cfa363f3154a58dc41b2e900864fa6925319f173ca2", 0x9e}], 0x5}}], 0x1, 0x1) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000800000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="48003300d0000000ffffffffffff08021100000050505050505000000f"], 0x64}}, 0x0) 41.009037178s ago: executing program 3 (id=1015): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) writev(r0, &(0x7f0000000540)=[{&(0x7f0000000c00)="89e7ee2c7cdad9b4b47380c90800", 0xe}, {&(0x7f0000000600)="9b1266926bac6fe17589a03ea03dd982ae36633c", 0x14}, {0x0}], 0x3) 26.382494347s ago: executing program 1 (id=1837): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x17, 0x0, 0x8400, 0x1, 0x0, 0x1}, 0x48) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r1, 0x400448e1, &(0x7f0000000240)={0x0, 0x0, "957008"}) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r0, 0x0, 0x20000000}, 0x20) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000380)={r0, 0x0, 0x20000000, 0x2}, 0x20) bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000500)={r0, 0x0, 0x20000000}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0, 0xffffffffffffffff}, 0x0, &(0x7f0000000040)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r2, 0x0, &(0x7f0000001780)=""/4096}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@var={0x1, 0x0, 0x0, 0xe, 0x1000002}, @enum]}, {0x0, [0x2e, 0x0]}}, &(0x7f0000000240)=""/214, 0x38, 0xd6, 0x1}, 0x20) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet6(0xa, 0x3, 0x200) sendmmsg$inet6(r4, &(0x7f00000001c0)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x1, @mcast1, 0x189}, 0x1c, &(0x7f0000000740)=[{&(0x7f00000000c0)="a4497fdbb200cb904e94bb508ed82c68ffd21d13d833bea1b2c1543ace649f4604", 0x21}, {&(0x7f0000000180)="9805da9cf0afb05d9a17fe", 0xb}, {&(0x7f0000000480)="c45148f97fa396fb2d3ea218dae97902f9430fe3ad14431de249d67f8f52a941250bcc0d75b4358605383a4e3e1063f78ce03044900c040f4628d4cd0328950bc5b0603adc4342f22eb38eebe2b244bdeb93e3d071ddcc6067b799a0ee5887d3448816469b45b22baa5c0f2e2605467f9738", 0x72}, {&(0x7f0000000540)="ef64d846b3a306dd8d0b14edf9020780b97c0586d84e5cbd4cee77d3f1737a0b31c5c253251a25f298420be15f7bb5015cd56caf2ec56d95f50671e833d7975cce8219f261d1c072d5d8cf00a98bdd9fe0f6905d9bb51a9f11ab8770f6083e296393eafe5035de1faf08443ff251c8df7a006bed7197a82b4422275c6142946a2e1e9f6d96456f121a3f4f692c51a232a2ccf2e4ae59a925d63851f5ffa58ffdf75dd07941905a4a54e4d503648f19c5cc1cf4a6a73d491eba8bf8d40dc7", 0xbe}, {&(0x7f0000000680)="0cd11b8df3ffd659d26053f4e9e8f1d51620bd78a88c21e4caa6a917ddf448738a7c50b5ed08e2c2c16e84eb0cdca0896cbe50e870285f27f508d1bfac8337dd3c75e08c9a2fb357923df17d1a70e62aa13caaa7fff60824b370117ce2701848d4a6d7cfd898226bbffbc81712473c60d6281bf43c85573fab71b7b9d5cca9f1de2909cd61c755d13cfa363f3154a58dc41b2e900864fa6925319f173ca2", 0x9e}], 0x5}}], 0x1, 0x1) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000800000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="48003300d0000000ffffffffffff08021100000050505050505000000f"], 0x64}}, 0x0) 25.912879595s ago: executing program 3 (id=1015): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) writev(r0, &(0x7f0000000540)=[{&(0x7f0000000c00)="89e7ee2c7cdad9b4b47380c90800", 0xe}, {&(0x7f0000000600)="9b1266926bac6fe17589a03ea03dd982ae36633c", 0x14}, {0x0}], 0x3) 12.151899263s ago: executing program 1 (id=1837): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x17, 0x0, 0x8400, 0x1, 0x0, 0x1}, 0x48) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r1, 0x400448e1, &(0x7f0000000240)={0x0, 0x0, "957008"}) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r0, 0x0, 0x20000000}, 0x20) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000380)={r0, 0x0, 0x20000000, 0x2}, 0x20) bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000500)={r0, 0x0, 0x20000000}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0, 0xffffffffffffffff}, 0x0, &(0x7f0000000040)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r2, 0x0, &(0x7f0000001780)=""/4096}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@var={0x1, 0x0, 0x0, 0xe, 0x1000002}, @enum]}, {0x0, [0x2e, 0x0]}}, &(0x7f0000000240)=""/214, 0x38, 0xd6, 0x1}, 0x20) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet6(0xa, 0x3, 0x200) sendmmsg$inet6(r4, &(0x7f00000001c0)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x1, @mcast1, 0x189}, 0x1c, &(0x7f0000000740)=[{&(0x7f00000000c0)="a4497fdbb200cb904e94bb508ed82c68ffd21d13d833bea1b2c1543ace649f4604", 0x21}, {&(0x7f0000000180)="9805da9cf0afb05d9a17fe", 0xb}, {&(0x7f0000000480)="c45148f97fa396fb2d3ea218dae97902f9430fe3ad14431de249d67f8f52a941250bcc0d75b4358605383a4e3e1063f78ce03044900c040f4628d4cd0328950bc5b0603adc4342f22eb38eebe2b244bdeb93e3d071ddcc6067b799a0ee5887d3448816469b45b22baa5c0f2e2605467f9738", 0x72}, {&(0x7f0000000540)="ef64d846b3a306dd8d0b14edf9020780b97c0586d84e5cbd4cee77d3f1737a0b31c5c253251a25f298420be15f7bb5015cd56caf2ec56d95f50671e833d7975cce8219f261d1c072d5d8cf00a98bdd9fe0f6905d9bb51a9f11ab8770f6083e296393eafe5035de1faf08443ff251c8df7a006bed7197a82b4422275c6142946a2e1e9f6d96456f121a3f4f692c51a232a2ccf2e4ae59a925d63851f5ffa58ffdf75dd07941905a4a54e4d503648f19c5cc1cf4a6a73d491eba8bf8d40dc7", 0xbe}, {&(0x7f0000000680)="0cd11b8df3ffd659d26053f4e9e8f1d51620bd78a88c21e4caa6a917ddf448738a7c50b5ed08e2c2c16e84eb0cdca0896cbe50e870285f27f508d1bfac8337dd3c75e08c9a2fb357923df17d1a70e62aa13caaa7fff60824b370117ce2701848d4a6d7cfd898226bbffbc81712473c60d6281bf43c85573fab71b7b9d5cca9f1de2909cd61c755d13cfa363f3154a58dc41b2e900864fa6925319f173ca2", 0x9e}], 0x5}}], 0x1, 0x1) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000800000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="48003300d0000000ffffffffffff08021100000050505050505000000f"], 0x64}}, 0x0) 9.496624669s ago: executing program 3 (id=1015): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) writev(r0, &(0x7f0000000540)=[{&(0x7f0000000c00)="89e7ee2c7cdad9b4b47380c90800", 0xe}, {&(0x7f0000000600)="9b1266926bac6fe17589a03ea03dd982ae36633c", 0x14}, {0x0}], 0x3) 4.96159539s ago: executing program 0 (id=2766): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x19, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x63, 0x11, 0x18}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, '\x00', 0x0, 0x16}, 0x70) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x270}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="000000000000000010010c"], 0x270}}, 0x0) r3 = socket(0x15, 0x5, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) bind$inet(r4, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendmsg$xdp(r4, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) getsockopt(r3, 0x200000000114, 0x2715, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x18ff9) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r5, 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001a80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e74657200500000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002400038020000080080003400000000214000b"], 0xe4}}, 0x0) write$binfmt_script(r6, &(0x7f0000000200), 0xfffffd9d) close(r7) r8 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r8, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x41, 0x3, 0x200, 0x0, 0x0, 0x0, 0x168, 0x0, 0x168, 0x1f0, 0x1f0, 0x168, 0x1f0, 0x3, 0x0, {[{{@ip={@dev, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'wlan1\x00', 'wg1\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0xffffffffa0028000}}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'vlan0\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x260) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000040)='htcp\x00', 0x5) unshare(0x22020600) sendfile(r5, r6, 0x0, 0x8000002b) 4.334390989s ago: executing program 0 (id=2768): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)={{0x14, 0x12}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x10}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x16}, @NFTA_BITWISE_DATA={0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0) 3.651207288s ago: executing program 0 (id=2772): r0 = socket$igmp6(0xa, 0x3, 0x2) sendmmsg$inet6(r0, &(0x7f0000005180)=[{{&(0x7f0000000100)={0xa, 0x0, 0xffff0000, @dev, 0x2}, 0x1c, 0x0}}, {{&(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x800}, 0x1c, 0x0}}], 0x2, 0x0) 3.631327569s ago: executing program 0 (id=2773): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) socket$tipc(0x1e, 0x5, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_opts(r2, 0x29, 0x13, 0x0, 0x4) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000061122c000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040), 0x208e24b) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r4, &(0x7f00000001c0)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @dev}, 0x10) recvmmsg(r4, &(0x7f0000005280)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff00003f00}}, {{0x0, 0x0, 0x0}, 0xe}, {{&(0x7f00000038c0)=@sco, 0x80, &(0x7f0000005180)=[{&(0x7f00000007c0)=""/4096, 0x1000}, {0x0}, {&(0x7f0000005080)=""/223, 0xdf}], 0x3, &(0x7f0000005200)=""/79, 0x4f}, 0x6}], 0x3, 0x40002006, 0x0) sendfile(r4, r3, 0x0, 0xffefffff) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000280)=0x0) write$cgroup_pid(r5, &(0x7f0000000040)=r6, 0x12) ioctl$SIOCSIFHWADDR(r3, 0x4030582b, &(0x7f0000003400)={'pim6reg1\x00', @random="b68dbcbd15dc"}) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x1f, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e23, 0xcb, @private2, 0x100}}, 0x4}, &(0x7f0000000140)=0x90) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000002000000080001"], 0x28}, 0x1, 0x0, 0x0, 0x20000195}, 0x0) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) write$cgroup_pid(r5, &(0x7f00000003c0), 0x12) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r9}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r9}, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) 3.341000787s ago: executing program 4 (id=2776): getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e22, 0x10001, @dev={0xfe, 0x80, '\x00', 0x2a}, 0x9}}, 0x200, 0x4}, &(0x7f00000000c0)=0x90) (async) r0 = socket$nl_audit(0x10, 0x3, 0x9) (async) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETVNETHDRSZ(r1, 0x400454d8, &(0x7f0000000140)=0x6) (async) r2 = epoll_create(0x7ff) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000180)={0x1}) (async) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000001c0)={r0, 0x6, 0x498, 0x9}) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r3, 0x84, 0x65, &(0x7f0000000200)=[@in6={0xa, 0x4e21, 0x3, @mcast1, 0xba2}, @in={0x2, 0x4e23, @loopback}, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e20, @empty}, @in={0x2, 0x4e23, @loopback}], 0x5c) read(r1, &(0x7f0000000280)=""/50, 0x32) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f00000002c0)=[@timestamp, @timestamp, @sack_perm, @timestamp, @mss={0x2, 0x5}, @sack_perm, @mss={0x2, 0x9}, @timestamp], 0x8) getsockname$packet(r3, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14) ioctl$sock_SIOCOUTQ(r3, 0x5411, &(0x7f0000000380)) clock_gettime(0x1, &(0x7f00000003c0)) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x7, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xf2a}, [@generic={0x6, 0xc, 0x1, 0xe0c7, 0x100}, @map_fd={0x18, 0x1, 0x1, 0x0, r3}, @call={0x85, 0x0, 0x0, 0xb6}]}, &(0x7f0000000440)='syzkaller\x00', 0x200, 0x7e, &(0x7f0000000480)=""/126, 0x41100, 0x22, '\x00', r4, 0x0, r3, 0x8, &(0x7f0000000500)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000540)={0x1, 0x6, 0x9, 0x7ff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000580)=[r3], 0x0, 0x10, 0x3}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r3, 0xffffffffffffffff}, &(0x7f0000000680), &(0x7f00000006c0)=r5}, 0x20) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000840)={@map=r6, 0x30, 0x1, 0x40, &(0x7f0000000740)=[0x0], 0x1, 0x0, &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000007c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000800)=[0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000880)=""/108, 0x6c, 0x0, &(0x7f0000000900)={0x11, 0x17, r4, 0x1, 0xd6}, 0x14) (async) r8 = socket$inet(0x2, 0x5, 0x9) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000009c0)={{r7}, &(0x7f0000000940), &(0x7f0000000980)=r5}, 0x20) (async) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)=@getrule={0x14, 0x22, 0x400, 0x70bd2c, 0x25dfdbfe, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x4000095) (async) sendmsg$TIPC_CMD_SET_LINK_PRI(r3, &(0x7f0000000c00)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b40)={0x68, 0x0, 0x0, 0x70bd29, 0x25dfdbfe, {{}, {}, {0x4c, 0x18, {0x86d, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0xc044}, 0x20004800) accept4$inet(r8, &(0x7f0000000c40)={0x2, 0x0, @broadcast}, &(0x7f0000000c80)=0x10, 0x80000) r10 = socket$nl_generic(0x10, 0x3, 0x10) (async) r11 = syz_genetlink_get_family_id$devlink(&(0x7f0000000d00), r3) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r10, &(0x7f0000000e80)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000e40)={&(0x7f0000000d40)={0xfc, r11, 0xd05, 0x70bd29, 0x25dfdbfe, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x401}, {0x6, 0x16, 0xba}, {0x5}, {0x6, 0x11, 0x3}, {0x8, 0xb, 0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xfffffff7}, {0x6, 0x16, 0x2}, {0x5}, {0x6, 0x11, 0x8001}, {0x8, 0xb, 0x2}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0xb}, {0x6, 0x16, 0x5}, {0x5, 0x12, 0x1}, {0x6, 0x11, 0x4}, {0x8, 0xb, 0xa3bc}}]}, 0xfc}, 0x1, 0x0, 0x0, 0x40010}, 0x80) (async) socket$inet_smc(0x2b, 0x1, 0x0) sendmsg$nl_route(r3, &(0x7f0000000f80)={&(0x7f0000000ec0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000f40)={&(0x7f0000000f00)=@bridge_getvlan={0x28, 0x72, 0x400, 0x70bd2d, 0x25dfdbfe, {0x7, 0x0, 0x0, r4}, [@BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}]}, 0x28}}, 0x800) write$ppp(r3, &(0x7f0000000fc0)="b5423767fcc9b7f984b74b5107aa84", 0xf) (async) sendmsg$DEVLINK_CMD_TRAP_SET(r10, &(0x7f0000001100)={&(0x7f0000001000)={0x10, 0x0, 0x0, 0x40000600}, 0xc, &(0x7f00000010c0)={&(0x7f0000001040)={0x58, r11, 0x200, 0x70bd25, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}]}, 0x58}, 0x1, 0x0, 0x0, 0xc1}, 0x10) 2.868521708s ago: executing program 2 (id=2777): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket(0x10, 0x3, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002380)=ANY=[@ANYBLOB="b702000006000000bfa300000000000007030000407effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca7ebfcd0cd00006ed3d09a6175037958e271b60dedf8937f02008b6d83923dd29c034055d47dafe6c8dc3d5d78c07f34e4d5b3185b310efd4989147a00000000f110026e6d2ef831ab7ea0c34f17e3adeef3bb622003b538dfd8e012e71f6420b90adddff61b5b0a341a2d7cbdb90000bdb2ca76050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132658555cf476619f28d9961b626c57c2691208171656d60a17e3c1c4b751ca532e6ea09c346df3d7cb4ebd31a08b32808b80200000000000000334d83239d1d2e9ff10ff2d27080e71113610e10c358e8327e7050b6c860dac12233f9a1fb9c2aec61ce63a38d316ef49b66d6e42fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a5f3d74ca891c4594e8a4399e01eadd3964663e88535c133f7130856f75643619f567d2e24f29e5dad9326edb697a6ea0182babc18cefd07e002cab5ebfcaad34732181feb215139f15eadddcb0c7cbe31fbae7c34d5ac5e7e64c21add9191eadd6e1795ad6a0f7f8cd3fccbdc3dec04b25dfc17975238345d4f71af35910b158e56657b7218baaa7cbf781c0a99bd50499ccff0f000000000000c7beba3da8223fe5308e4e2833baace04f4087c4f0da0d9a88f9dbb593ddeb3f0932a4d0175b889b8eccf707882042e716df9b57b290c661d4e85031086e97bcc5ca0e221a0e34323c129102b7b7a643e82e88a1940b3c02ed9c92d6f64b1282dc519b00159830d7617001154c46bd3ca96318c570f0721fc7aa2a580900000000000000b4f22cdf550ef091a78098534f0d973058594119d06d5ea9a8d085734000000000000000c12346e47ad97f4ead7cf754a52e4b2d0f22d428bd705414888700a30e2366c6a06b3367a389ca39059787790017b0689a1f3db9c24db65c1e00015c1d573dab18fd0600885f1ea8f2fd299fc3cdafda323e9c7080397bc49d70c060d57bc88fbe09baa058b040360ab9261503d2f363fb099408885afc2bf9a4f8c3506b669e889f5e4be1b8e0d634ebc1057b7e98186fc5141bd670dba6f43279f73db9dec75070cd9ab0fd969169ef6d2857b6bf955012cf7fe50d133da86e0477e42b98a6cc999dc21c3ef408e633dfa35f14d6e734837d365e63845f3c1092f8e34fc7eac9e8af3904ea0f3698cd9492794b82649b50d726bff873339c4cad4ead1348474250eda2c8067ab730c1d85969b95a2a5687f2ed690000522a0b7426000000000000000000000000000000000000000093fc7a82b98f99d9dedf7ba17f5f0b6d15e552fbd21f7eecff10243a43af03eea84c4304a5d3f93c02000000000000000043e1ed82b9aa0ae92a499984a009000000937523f5292d12659906005cde64f903c3415c458a2b32c2318f0858f19c6def80e1481e8e1c0098fc3f38b7a57211adb15d824cfdcf229628c0de49860a44286fe0e257cfa4ce50f3d10763d442824414a73c06837fe08de62f8710ca977960b74d0000ce73da6022a8671d1a3575b4e18c28c73203bf134686dd65808452cb6b76fcb134252c78de9b240de7b4cd015a77f76bb6470c05fc980b3d8f3f964f432a4bf6cddd6222c2da006b6fdb9c8468ae1d986a893b9519444d16a6dfa92c04331a6698507048fab5ae402acd05fe621f22712dfd09004770b4278fa14547d8ce3c21188e5e4e2baacd98e8e451d6aaaf090000006ed1d9018000008dd952595d78e9583bf4ea5de36099e3cddcb24ebb6eddb9e87c9ece87a42c0000abdfc6ea55887dfa18d0aea1b6eca5a883702b0bf3aeebb225895db90e237157a34e9f447237ea5b391bddd1290f7ce987a0e36b8e71b1779bbe95ffa9c3e0f6ba66e4d48e75253e3d633811e4b3220616aafbe7a3a18375ae593eb58fd500426286472466823cb8e1800aaaa0d9463c0c4ea5541a55df6eeffec0b66482228816cdfccb98374c644eea45de7867a0efbad0ab2bc33b350440a90b791b2b33f74a112a3b91b40bed8db2df8633207f8387e04ca52ab0f3f7b058b13523b896800b992972d9609551c27a5916ea16069c5bf55b98d926d3c27e7945b2999600000000f857bc1332d200194f658b930780603134ae6b7f5092772bd5d880dbe21b790c475b14b7fe4fe002dffd651faa79bb0cee0cdac23c3218f2ddaa6f7ba04b696a30d313bed30ba8f35569a9b07ee7308da09c01a4b827aa17bc2213fc1572b0204dd456b11a454d1f3f14179974aae624ea59500f5e048b2780666de81a040663c57f49af25be909984aea1b81f33426f86b4b941c08dfe2bc8ec246ec1aae120c42405e428923f3a83d9ba5c373f5e8a54120b451e2806370f1ed60c9fd5d9af4d16cb0f413c324da52d4bd2e01d3ac2d578d72e2d63322dfc9245ce3e3a097fb82f4e3b61a57094616020f72f1c55ee3d325c7496a7c2f10cfea516ae436751227378f00ca0f1f6c1dcf879700dd90b96a330f92bff736c83ca53e7f02b734d1a9292896f5d7f244bfab4946c7042e88206f641eafcc5b4ba7a7880533cdeac995d1caf6936f356ecf07a0084e7adc2dc12417997b03087c7b3b44b06f6158a2a18ce0e56ffbeb22f40521dd9972583d413098aa80db98ef324a2bfb7961c07b47521973cf0bb6f5530f6216b447b35d6e06b72b22b29de42bb1bc8ce0a0e3500000000000000000000000000b92eb197e4149627920000008000000000801792756f90b37f0858efc387f559203f314a4b0ed750fa72e5948ac3fe5921c14ef578d413e7b2a9e2f87f7b44949fe14c00000000000047030c09f62d444b4981db81799776eeb444000000009705fa8b56779bc876ad4f8d8c8e50815c4c3b27487996c09121caf47f76158362c74904f89cbc588aae84567a83571ff72bb65c082b5a8dee145ff221159aed2768edc05a3167d84205d5af86553c21e1f023a51c0e179fccfbc201982e3ddcaa45613899d19082453b180ca0c525b8d3cfaf7d0bcddeb5d5c7166038f276a92941393ba5e51f77172822bd903d9f8b436656771774ed88daab0d0cfdd1bf4d30ab566e1a4cb3ad66d830e10f7c1de13218aea21e7def613204c2b7c1ad48b01c208f4032e93408000000000000e96db049b92fc32ee34fe7a3419c8fbf03d61c159dc5864e030000a2c55b614d622b8de966c97e1940026f96db3c78ca18c9f08d1c47edf1a4d7298109f31b6078711ee72eacab84213bf50000000000000000000000000000001217887d0452aa6d26e4614d511710abeec84b78c027c160ba375dfa55a49b832ce4dfb91122193d514ed992c07f8cd6d897b314907e15642da228dbc03429e6e0e7ac118ed351c3b0c44bf5d8b58be573f8333aa8cc2ec5b5e305b3dee2562d415b4b9ed530797f55f9fe8510423409629a09000000000000009a35d9ca93e4b4591679547b8de8af1782451f7b8e1de508f1e9e525210d62bc850f8035040ad9e562be58797515b737bfb21d35ac560f99dbd18dad5e6345a464955e8141d75b6177e4fa176a020b0000000000006e76f0294fee7d19a0f327f8796d77b6e24b8df4bb438b527d10e657d49b844198ea9f93c4fd6fd2daa9bd87fd1e02ecc8075dca1280c201043257e9bd3c9a7aa150eb1711632b76d4dc0555d4bfcfd057980136d6e9000003b24fa300ef90bfe4ad364256937796f941c2faad94785f48777941f0cd3dba54ab6a5d5e91e90ac9ae994c3d4108b2fe7eca9413ac9bc138c74800487eb19c48db3f79be964808f109b5e36fc7fdd41def361427b6b9c118e5c9a0a1d5ca24886e33a7f81b2188ec75a5fc9302e3695bdcc9ab11201ef940569c995c21eeaefe2e8fc02e0433dc7371d1f72124ba263e554c30fdd7cd8c2da1e8706417da9ad8916551a1182fac08603dfc2f2279ba161c13984cd753b54a85e6f3010975e9ff51318b09fa13e2d38ce013aab41524c298c3719e31bcb1f102eaeee69a19e006bcdb1acc2664efa949a1a07bb3d7848d5e1381fbe63c522053a3bb32eb6345e10f7a12bf84e0e196a00833f464dd2f6547f14ebf137fce33efeb813211f31ff24d7dbb00f2574ccda59b3ea068fc2a18c37ee579f5a9ecc47da73684bcadd209ae5bbb7147df74d027d8d0adcdb54182c9de8053fc8b1b9d19c16c53d34db6e26f6a88d449f6abf3010100007e206a758a3f02816b4e097cfa3d46e45e7949c5b10691d49b9693a798a330a1ccb32d49772e80862df36dc0156b3f72cd85083f8e96ca1697457ec722766bd46ee2424975a38149bd57e5c0eb4087fc243e7e51b0aca9f0ab0668d7f2ee9ad9f267d8804417aa7e36a64d489bb84a1483fd3c3ecb024060002858cbb1f7708f5b41fca2fee7c03b1f862ce88dc313d913e041dd7583a1ac41c466757c5dd07ea2c5d62a000000000000000019a4e9a9c2cbc906f97fd6eb71b18d09a5df123ebbdb2827b43aed6a29e9942e402c1ae52e9cb98f3019d364fc21ea12023db91ced3c2f06550cef8a79ed39091e4776001187d0ab2f82478431d36470cc008d745ce8fd64c9aa64da230bb080945a557081b767beb75b1ea856a55c71b8fda672289aa6088630d48ac8039f19fec3acbcc5944a4e6fd44af8f10110db730a8d0d41b4ea36f9510f843a471963bd4621b9e43f08d341bb69df430ac6398c1b28bdd33b69b4b86d7c5f30cf728294e8ea1861ce50c367498945285f73c94d91210652eb4f3077cab6be2a3512eddbcb63d091d69fb1b26c8ada9a9f9355aea34fe55fd0d3011cb83ac03268dc66dd108a4e9944241e1d4ba69212ee0e7526e72c19346d08d3c3c82cb987f1bd2fd9ce2c88082ea23abbf23c6bd43fc9f9f8ea7656e25d3d73cd056b1f782de1fe349fc33546558366ed99940c0fda039272d277a3576d4e0469779d711e10b6bf040f7274fd9577c1c33326d2e60ee611ae226ef00e2944fb727832dc8dad36a6072aacfc4bcefb808ab7b3b95e0f60616320b2a9e1f8fac812daac9983639b35184803b7d192ce1f226e97fa23c37df95d067a54a8b412644cad9ecc251fbe418a81aaf00cc8d15758ff0eb885a40630396ba76b8fadc09e62ef70c8a0121e7e8322cb8bc0f50ad33a17143a29c14ecadd1b6244e31b888d8f3fa03208d3e9a4826a98f31995509015ebdc89f2f3106e54d5898d3758b9bfc9e4924e9cedf7f8fd584e7185703cc5f23741ffb480b5a87cd7efcceb409d354bdab211ebd50ab12b13c1b8ce93093a59a0f952153c2efd10e72ec9ee5fa2a00f9637851ddb81d059f9a363c4ada68dd25f19ee9e4841acee7c1b35ad6f9d54cf4939ce78a55a04e655d7746a3989c6f33b02f8497aacb6bfca7456111900000000000000000048d35af24acb66fdd4d1fb150138f0ee6abfc7049c94346868ed76d3a5df7335184386a5c532d425f1a098ff93efd05e5dd8b765121fbdfe5ef44f6472b939c31883f45889142e82086c2448da60d7a40774d71c2da2e7f6d4fe5d36923213cc7b7d71a1c90006e8f8d84953f284b0eb4366beff5df5595827dcd736e8cfab28cfa416e83c06213ca7fd21af56e3de1d80e77060447e20a8b317a4c06e24e99239824d08abf670a685bc46c8168bee4cfc30cc6d0dc030a592925bad3e0f805f0d4b2b600dc3f0c4c6f75bb4e49982f4198ac90ab77c5572c956d415858bad5ee117b3e5f1507bbd0d7a30388865deb11106a93225a81feb08f5"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002300)={r2, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000140)="b9ff0300600d698cff9e14f008004d", 0x0, 0xe00, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f00000000c0), 0x12) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) sendfile(r6, r6, 0x0, 0x40001) readv(r6, &(0x7f0000000340)=[{&(0x7f0000001740)=""/153, 0x99}], 0x1) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_DEL_DAEMON(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000d00)=ANY=[@ANYBLOB="80000000", @ANYRES16=r7, @ANYBLOB="010c26bd7000fbdbdf250a00000008000600ffffffff04000180100001800c0007000000000020000000080005"], 0x80}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000330a03000000000000000000020000000900020073797a310000000208000340000000010900810073797a3000000000"], 0x34}}, 0x0) sendmsg$kcm(r1, &(0x7f0000000440)={&(0x7f0000000000)=@generic={0x29, "89bc1e1f53286a9195804ee37750f1cc7fd9c451b1dce444121caf84d4f48808bfcd9e8dc9f74722809dfcf439af4893e096a037a86427233f243c33b281fa63f396e49036c3b503d231fa66c4ed4af2656b74223d889eacde5e20543c4c7863c01885e5f9215fb321b3a7751156b666c9c1edddd8b358e720317fb145aa"}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000080)="794a97b06f79fbc8f735d664f79d00320993bc69103b80bfae167d571dc4260057f87a683df6917ce22187f168818e6f045a17300046d466054cd822d47f05004b09e8d073e881d4d306e5058ff77edc12971a77b5ba5dd553b12a316ef957d2cdee150bfa3fd8351ecc32a60d2c05317463c5834b66088911a06972c1e117b72d6267f978", 0x85}, {&(0x7f00000001c0)="9a030d429acea97301d6d21e469f990ac0b10e13396709e76665b2affda0f529c13ef40fdad781ebcc0ffce1dee9413cc3b83a4f80d75f268e8b4a201a827c8d07c1a3ed8598c25c806911", 0x4b}, {&(0x7f0000000240)="ceb4d7fe2566d58794a9b904be97", 0xe}], 0x3, &(0x7f00000002c0)=[{0xe0, 0x118, 0x7, "86f00bd5461ff8134d73f2d1779571676b5bdfaee257d3b019447d89cf37a7109dca76af4bd4ec3e5e37a64a2adaa7fd4476bd33f3563ce5bd91301ab66e0e88839b7a08c48818235c0ad3b060494f7525894d8e13ee873e3aeed3bd7c1d50ec2f249253c161f40dedbfb1fd0b1eb0639ae58bbdec999aac9f73d07aa625624c4c3798b048bb33dc608452707208d0a494499d3cc098d079edbc6511aaf607fe4754a08541c90cbdf67e48f5284da5e69af5db67dd88b25756a70b6496bf3cc466f5df79c8a1474a8a404c6c5a9018"}], 0xe0}, 0x80) socket$nl_netfilter(0x10, 0x3, 0xc) (async) socket(0x10, 0x3, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002380)=ANY=[@ANYBLOB="b702000006000000bfa300000000000007030000407effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca7ebfcd0cd00006ed3d09a6175037958e271b60dedf8937f02008b6d83923dd29c034055d47dafe6c8dc3d5d78c07f34e4d5b3185b310efd4989147a00000000f110026e6d2ef831ab7ea0c34f17e3adeef3bb622003b538dfd8e012e71f6420b90adddff61b5b0a341a2d7cbdb90000bdb2ca76050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132658555cf476619f28d9961b626c57c2691208171656d60a17e3c1c4b751ca532e6ea09c346df3d7cb4ebd31a08b32808b80200000000000000334d83239d1d2e9ff10ff2d27080e71113610e10c358e8327e7050b6c860dac12233f9a1fb9c2aec61ce63a38d316ef49b66d6e42fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a5f3d74ca891c4594e8a4399e01eadd3964663e88535c133f7130856f75643619f567d2e24f29e5dad9326edb697a6ea0182babc18cefd07e002cab5ebfcaad34732181feb215139f15eadddcb0c7cbe31fbae7c34d5ac5e7e64c21add9191eadd6e1795ad6a0f7f8cd3fccbdc3dec04b25dfc17975238345d4f71af35910b158e56657b7218baaa7cbf781c0a99bd50499ccff0f000000000000c7beba3da8223fe5308e4e2833baace04f4087c4f0da0d9a88f9dbb593ddeb3f0932a4d0175b889b8eccf707882042e716df9b57b290c661d4e85031086e97bcc5ca0e221a0e34323c129102b7b7a643e82e88a1940b3c02ed9c92d6f64b1282dc519b00159830d7617001154c46bd3ca96318c570f0721fc7aa2a580900000000000000b4f22cdf550ef091a78098534f0d973058594119d06d5ea9a8d085734000000000000000c12346e47ad97f4ead7cf754a52e4b2d0f22d428bd705414888700a30e2366c6a06b3367a389ca39059787790017b0689a1f3db9c24db65c1e00015c1d573dab18fd0600885f1ea8f2fd299fc3cdafda323e9c7080397bc49d70c060d57bc88fbe09baa058b040360ab9261503d2f363fb099408885afc2bf9a4f8c3506b669e889f5e4be1b8e0d634ebc1057b7e98186fc5141bd670dba6f43279f73db9dec75070cd9ab0fd969169ef6d2857b6bf955012cf7fe50d133da86e0477e42b98a6cc999dc21c3ef408e633dfa35f14d6e734837d365e63845f3c1092f8e34fc7eac9e8af3904ea0f3698cd9492794b82649b50d726bff873339c4cad4ead1348474250eda2c8067ab730c1d85969b95a2a5687f2ed690000522a0b7426000000000000000000000000000000000000000093fc7a82b98f99d9dedf7ba17f5f0b6d15e552fbd21f7eecff10243a43af03eea84c4304a5d3f93c02000000000000000043e1ed82b9aa0ae92a499984a009000000937523f5292d12659906005cde64f903c3415c458a2b32c2318f0858f19c6def80e1481e8e1c0098fc3f38b7a57211adb15d824cfdcf229628c0de49860a44286fe0e257cfa4ce50f3d10763d442824414a73c06837fe08de62f8710ca977960b74d0000ce73da6022a8671d1a3575b4e18c28c73203bf134686dd65808452cb6b76fcb134252c78de9b240de7b4cd015a77f76bb6470c05fc980b3d8f3f964f432a4bf6cddd6222c2da006b6fdb9c8468ae1d986a893b9519444d16a6dfa92c04331a6698507048fab5ae402acd05fe621f22712dfd09004770b4278fa14547d8ce3c21188e5e4e2baacd98e8e451d6aaaf090000006ed1d9018000008dd952595d78e9583bf4ea5de36099e3cddcb24ebb6eddb9e87c9ece87a42c0000abdfc6ea55887dfa18d0aea1b6eca5a883702b0bf3aeebb225895db90e237157a34e9f447237ea5b391bddd1290f7ce987a0e36b8e71b1779bbe95ffa9c3e0f6ba66e4d48e75253e3d633811e4b3220616aafbe7a3a18375ae593eb58fd500426286472466823cb8e1800aaaa0d9463c0c4ea5541a55df6eeffec0b66482228816cdfccb98374c644eea45de7867a0efbad0ab2bc33b350440a90b791b2b33f74a112a3b91b40bed8db2df8633207f8387e04ca52ab0f3f7b058b13523b896800b992972d9609551c27a5916ea16069c5bf55b98d926d3c27e7945b2999600000000f857bc1332d200194f658b930780603134ae6b7f5092772bd5d880dbe21b790c475b14b7fe4fe002dffd651faa79bb0cee0cdac23c3218f2ddaa6f7ba04b696a30d313bed30ba8f35569a9b07ee7308da09c01a4b827aa17bc2213fc1572b0204dd456b11a454d1f3f14179974aae624ea59500f5e048b2780666de81a040663c57f49af25be909984aea1b81f33426f86b4b941c08dfe2bc8ec246ec1aae120c42405e428923f3a83d9ba5c373f5e8a54120b451e2806370f1ed60c9fd5d9af4d16cb0f413c324da52d4bd2e01d3ac2d578d72e2d63322dfc9245ce3e3a097fb82f4e3b61a57094616020f72f1c55ee3d325c7496a7c2f10cfea516ae436751227378f00ca0f1f6c1dcf879700dd90b96a330f92bff736c83ca53e7f02b734d1a9292896f5d7f244bfab4946c7042e88206f641eafcc5b4ba7a7880533cdeac995d1caf6936f356ecf07a0084e7adc2dc12417997b03087c7b3b44b06f6158a2a18ce0e56ffbeb22f40521dd9972583d413098aa80db98ef324a2bfb7961c07b47521973cf0bb6f5530f6216b447b35d6e06b72b22b29de42bb1bc8ce0a0e3500000000000000000000000000b92eb197e4149627920000008000000000801792756f90b37f0858efc387f559203f314a4b0ed750fa72e5948ac3fe5921c14ef578d413e7b2a9e2f87f7b44949fe14c00000000000047030c09f62d444b4981db81799776eeb444000000009705fa8b56779bc876ad4f8d8c8e50815c4c3b27487996c09121caf47f76158362c74904f89cbc588aae84567a83571ff72bb65c082b5a8dee145ff221159aed2768edc05a3167d84205d5af86553c21e1f023a51c0e179fccfbc201982e3ddcaa45613899d19082453b180ca0c525b8d3cfaf7d0bcddeb5d5c7166038f276a92941393ba5e51f77172822bd903d9f8b436656771774ed88daab0d0cfdd1bf4d30ab566e1a4cb3ad66d830e10f7c1de13218aea21e7def613204c2b7c1ad48b01c208f4032e93408000000000000e96db049b92fc32ee34fe7a3419c8fbf03d61c159dc5864e030000a2c55b614d622b8de966c97e1940026f96db3c78ca18c9f08d1c47edf1a4d7298109f31b6078711ee72eacab84213bf50000000000000000000000000000001217887d0452aa6d26e4614d511710abeec84b78c027c160ba375dfa55a49b832ce4dfb91122193d514ed992c07f8cd6d897b314907e15642da228dbc03429e6e0e7ac118ed351c3b0c44bf5d8b58be573f8333aa8cc2ec5b5e305b3dee2562d415b4b9ed530797f55f9fe8510423409629a09000000000000009a35d9ca93e4b4591679547b8de8af1782451f7b8e1de508f1e9e525210d62bc850f8035040ad9e562be58797515b737bfb21d35ac560f99dbd18dad5e6345a464955e8141d75b6177e4fa176a020b0000000000006e76f0294fee7d19a0f327f8796d77b6e24b8df4bb438b527d10e657d49b844198ea9f93c4fd6fd2daa9bd87fd1e02ecc8075dca1280c201043257e9bd3c9a7aa150eb1711632b76d4dc0555d4bfcfd057980136d6e9000003b24fa300ef90bfe4ad364256937796f941c2faad94785f48777941f0cd3dba54ab6a5d5e91e90ac9ae994c3d4108b2fe7eca9413ac9bc138c74800487eb19c48db3f79be964808f109b5e36fc7fdd41def361427b6b9c118e5c9a0a1d5ca24886e33a7f81b2188ec75a5fc9302e3695bdcc9ab11201ef940569c995c21eeaefe2e8fc02e0433dc7371d1f72124ba263e554c30fdd7cd8c2da1e8706417da9ad8916551a1182fac08603dfc2f2279ba161c13984cd753b54a85e6f3010975e9ff51318b09fa13e2d38ce013aab41524c298c3719e31bcb1f102eaeee69a19e006bcdb1acc2664efa949a1a07bb3d7848d5e1381fbe63c522053a3bb32eb6345e10f7a12bf84e0e196a00833f464dd2f6547f14ebf137fce33efeb813211f31ff24d7dbb00f2574ccda59b3ea068fc2a18c37ee579f5a9ecc47da73684bcadd209ae5bbb7147df74d027d8d0adcdb54182c9de8053fc8b1b9d19c16c53d34db6e26f6a88d449f6abf3010100007e206a758a3f02816b4e097cfa3d46e45e7949c5b10691d49b9693a798a330a1ccb32d49772e80862df36dc0156b3f72cd85083f8e96ca1697457ec722766bd46ee2424975a38149bd57e5c0eb4087fc243e7e51b0aca9f0ab0668d7f2ee9ad9f267d8804417aa7e36a64d489bb84a1483fd3c3ecb024060002858cbb1f7708f5b41fca2fee7c03b1f862ce88dc313d913e041dd7583a1ac41c466757c5dd07ea2c5d62a000000000000000019a4e9a9c2cbc906f97fd6eb71b18d09a5df123ebbdb2827b43aed6a29e9942e402c1ae52e9cb98f3019d364fc21ea12023db91ced3c2f06550cef8a79ed39091e4776001187d0ab2f82478431d36470cc008d745ce8fd64c9aa64da230bb080945a557081b767beb75b1ea856a55c71b8fda672289aa6088630d48ac8039f19fec3acbcc5944a4e6fd44af8f10110db730a8d0d41b4ea36f9510f843a471963bd4621b9e43f08d341bb69df430ac6398c1b28bdd33b69b4b86d7c5f30cf728294e8ea1861ce50c367498945285f73c94d91210652eb4f3077cab6be2a3512eddbcb63d091d69fb1b26c8ada9a9f9355aea34fe55fd0d3011cb83ac03268dc66dd108a4e9944241e1d4ba69212ee0e7526e72c19346d08d3c3c82cb987f1bd2fd9ce2c88082ea23abbf23c6bd43fc9f9f8ea7656e25d3d73cd056b1f782de1fe349fc33546558366ed99940c0fda039272d277a3576d4e0469779d711e10b6bf040f7274fd9577c1c33326d2e60ee611ae226ef00e2944fb727832dc8dad36a6072aacfc4bcefb808ab7b3b95e0f60616320b2a9e1f8fac812daac9983639b35184803b7d192ce1f226e97fa23c37df95d067a54a8b412644cad9ecc251fbe418a81aaf00cc8d15758ff0eb885a40630396ba76b8fadc09e62ef70c8a0121e7e8322cb8bc0f50ad33a17143a29c14ecadd1b6244e31b888d8f3fa03208d3e9a4826a98f31995509015ebdc89f2f3106e54d5898d3758b9bfc9e4924e9cedf7f8fd584e7185703cc5f23741ffb480b5a87cd7efcceb409d354bdab211ebd50ab12b13c1b8ce93093a59a0f952153c2efd10e72ec9ee5fa2a00f9637851ddb81d059f9a363c4ada68dd25f19ee9e4841acee7c1b35ad6f9d54cf4939ce78a55a04e655d7746a3989c6f33b02f8497aacb6bfca7456111900000000000000000048d35af24acb66fdd4d1fb150138f0ee6abfc7049c94346868ed76d3a5df7335184386a5c532d425f1a098ff93efd05e5dd8b765121fbdfe5ef44f6472b939c31883f45889142e82086c2448da60d7a40774d71c2da2e7f6d4fe5d36923213cc7b7d71a1c90006e8f8d84953f284b0eb4366beff5df5595827dcd736e8cfab28cfa416e83c06213ca7fd21af56e3de1d80e77060447e20a8b317a4c06e24e99239824d08abf670a685bc46c8168bee4cfc30cc6d0dc030a592925bad3e0f805f0d4b2b600dc3f0c4c6f75bb4e49982f4198ac90ab77c5572c956d415858bad5ee117b3e5f1507bbd0d7a30388865deb11106a93225a81feb08f5"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002300)={r2, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000140)="b9ff0300600d698cff9e14f008004d", 0x0, 0xe00, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_procs(r3, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0) (async) write$cgroup_pid(r4, &(0x7f00000000c0), 0x12) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) openat$cgroup_procs(r5, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) (async) sendfile(r6, r6, 0x0, 0x40001) (async) readv(r6, &(0x7f0000000340)=[{&(0x7f0000001740)=""/153, 0x99}], 0x1) (async) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), 0xffffffffffffffff) (async) sendmsg$IPVS_CMD_DEL_DAEMON(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000d00)=ANY=[@ANYBLOB="80000000", @ANYRES16=r7, @ANYBLOB="010c26bd7000fbdbdf250a00000008000600ffffffff04000180100001800c0007000000000020000000080005"], 0x80}}, 0x0) (async) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000330a03000000000000000000020000000900020073797a310000000208000340000000010900810073797a3000000000"], 0x34}}, 0x0) (async) sendmsg$kcm(r1, &(0x7f0000000440)={&(0x7f0000000000)=@generic={0x29, "89bc1e1f53286a9195804ee37750f1cc7fd9c451b1dce444121caf84d4f48808bfcd9e8dc9f74722809dfcf439af4893e096a037a86427233f243c33b281fa63f396e49036c3b503d231fa66c4ed4af2656b74223d889eacde5e20543c4c7863c01885e5f9215fb321b3a7751156b666c9c1edddd8b358e720317fb145aa"}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000080)="794a97b06f79fbc8f735d664f79d00320993bc69103b80bfae167d571dc4260057f87a683df6917ce22187f168818e6f045a17300046d466054cd822d47f05004b09e8d073e881d4d306e5058ff77edc12971a77b5ba5dd553b12a316ef957d2cdee150bfa3fd8351ecc32a60d2c05317463c5834b66088911a06972c1e117b72d6267f978", 0x85}, {&(0x7f00000001c0)="9a030d429acea97301d6d21e469f990ac0b10e13396709e76665b2affda0f529c13ef40fdad781ebcc0ffce1dee9413cc3b83a4f80d75f268e8b4a201a827c8d07c1a3ed8598c25c806911", 0x4b}, {&(0x7f0000000240)="ceb4d7fe2566d58794a9b904be97", 0xe}], 0x3, &(0x7f00000002c0)=[{0xe0, 0x118, 0x7, "86f00bd5461ff8134d73f2d1779571676b5bdfaee257d3b019447d89cf37a7109dca76af4bd4ec3e5e37a64a2adaa7fd4476bd33f3563ce5bd91301ab66e0e88839b7a08c48818235c0ad3b060494f7525894d8e13ee873e3aeed3bd7c1d50ec2f249253c161f40dedbfb1fd0b1eb0639ae58bbdec999aac9f73d07aa625624c4c3798b048bb33dc608452707208d0a494499d3cc098d079edbc6511aaf607fe4754a08541c90cbdf67e48f5284da5e69af5db67dd88b25756a70b6496bf3cc466f5df79c8a1474a8a404c6c5a9018"}], 0xe0}, 0x80) (async) 2.510701439s ago: executing program 2 (id=2778): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x19, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x63, 0x11, 0x18}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, '\x00', 0x0, 0x16}, 0x70) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x270}}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="000000000000000010010c"], 0x270}}, 0x0) r3 = socket(0x15, 0x5, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) bind$inet(r4, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendmsg$xdp(r4, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) getsockopt(r3, 0x200000000114, 0x2715, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x18ff9) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r5, 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001a80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e74657200500000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002400038020000080080003400000000214000b"], 0xe4}}, 0x0) write$binfmt_script(r6, &(0x7f0000000200), 0xfffffd9d) close(r7) r8 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r8, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x41, 0x3, 0x200, 0x0, 0x0, 0x0, 0x168, 0x0, 0x168, 0x1f0, 0x1f0, 0x168, 0x1f0, 0x3, 0x0, {[{{@ip={@dev, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'wlan1\x00', 'wg1\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98, 0x0, {0x0, 0xffffffffa0028000}}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'vlan0\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x260) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000040)='htcp\x00', 0x5) unshare(0x22020600) sendfile(r5, r6, 0x0, 0x8000002b) 870.779217ms ago: executing program 2 (id=2779): connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000140), 0x4) getsockopt$bt_hci(0xffffffffffffffff, 0x11a, 0x3, 0x0, &(0x7f0000000000)) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x800448d4, &(0x7f0000000080)={0x0, 0x200, "408b7c"}) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1f00030007"], 0xd) 707.172425ms ago: executing program 4 (id=2780): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x18, 0x2a, 0x9, 0x0, 0x1600, {0x4, 0x0, 0x2c00}, [@nested={0x4, 0x16}]}, 0x18}, 0x1, 0x3000000}, 0x0) 554.875337ms ago: executing program 0 (id=2781): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) syz_emit_ethernet(0x7e, &(0x7f00000000c0)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa0486dd601200b00048000000000000000000000000000000000000ff02000000007c7b4602a63eada311416ce0010000000000000000000103009078000000006027738200002c00fc0100fcff010000000000000000000000005a84ff1c39117daecb621c0000012f01000000000000070822ebffff0000000000000000000037bcef00"/153], 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000b80)={'batadv_slave_1\x00', 0x0}) setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001600)=ANY=[@ANYBLOB="300000004a00010000000000000000000a008000", @ANYRES32=r6, @ANYBLOB="0000000014000100"/18, @ANYRES32], 0x30}}, 0x0) setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000300)={@remote, r4}, 0x14) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x7}, [@map_val={0x18, 0x1, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x9}]}, &(0x7f0000000180)='syzkaller\x00', 0x5d, 0xe9, &(0x7f0000000380)=""/233, 0x40f00, 0x1, '\x00', r4, 0x25, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000001c0)={0x3, 0x1, 0x1ff, 0x4}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7f}, 0x90) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000240), r7) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r7, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x10801013}, 0xc, &(0x7f0000000580)={&(0x7f00000006c0)={0xc0, 0x0, 0x100, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IE={0x58, 0x2a, [@prep={0x83, 0x25, {{0x0, 0x1}, 0xf9, 0x4, @device_b, 0x9f, @value=@device_b, 0xd, 0xbf, @device_b, 0x6}}, @chsw_timing={0x68, 0x4, {0x81, 0x2}}, @gcr_ga={0xbd, 0x6, @broadcast}, @channel_switch={0x25, 0x3, {0x1, 0xc, 0x9}}, @rann={0x7e, 0x15, {{0x1, 0x1}, 0x7, 0x6, @device_a, 0x1ff, 0xdc, 0x80}}, @challenge={0x10, 0x1, 0x4b}]}, @fils_params=[@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x9}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6}, @NL80211_ATTR_FILS_ERP_RRK={0x31, 0xfc, "10f94ee1068148a407a11fcb96111525add849f152dcbabbc6f76c3e9ee50d70c3c6b7886b88260ace1d0ca700"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x4b}]]}, 0xc0}}, 0x40) sendmsg$BATADV_CMD_SET_HARDIF(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000680)={0x34, r8, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r9}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r10}, @BATADV_ATTR_ELP_INTERVAL={0x8}]}, 0x34}}, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f00000005c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x34, r8, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x34}}, 0x20048046) ioctl$SIOCSIFHWADDR(r1, 0x8b14, &(0x7f0000000200)={'veth0_vlan\x00', @random}) bind$802154_dgram(r1, &(0x7f0000000240), 0x14) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c00000010000304000000fee05645a5c5339d00", @ANYRES32=0x0, @ANYBLOB="00030000000000001c0012800900010069706970000000000c00028008000f00ffffffff"], 0x3c}, 0x1, 0xff7f, 0x0, 0x401}, 0x0) 554.628821ms ago: executing program 4 (id=2782): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@func_proto={0x2, 0x0, 0x0, 0x13, 0x2}]}, {0x0, [0x0, 0x61, 0x61, 0x2e]}}, 0x0, 0x2a, 0xfffff}, 0x20) 518.277172ms ago: executing program 4 (id=2783): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = accept4$x25(0xffffffffffffffff, &(0x7f0000000080)={0x9, @remote}, &(0x7f00000000c0)=0x12, 0x800) connect$x25(r1, &(0x7f0000000100), 0x12) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000040000000160a01010000000000000000010000000900010073797a30000000000900020073797a300000000014000380080002400000000008000140000000002c000000180a05000000000000000000010000000900010073797a30000000000c000540000000000000000114000000020a01"], 0xc8}}, 0x0) 493.7258ms ago: executing program 2 (id=2784): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x40, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x2219}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @multicast}]}, 0x40}}, 0x0) r1 = socket(0x15, 0x5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000711227000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x90) getsockopt(r1, 0x200000000114, 0x2718, 0x0, &(0x7f0000000040)) 346.981131ms ago: executing program 4 (id=2785): r0 = socket$packet(0x11, 0x3, 0x300) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="200000005e00010000000000000000000c00000001000000000000e6"], 0x20}], 0x1}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x8000}]}, 0x28}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000100), 0x1001) ioctl$SIOCSIFHWADDR(r2, 0x4030582b, &(0x7f0000000000)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}}) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000480)={{{@in=@empty, @in6=@remote}}, {{@in=@loopback}, 0x0, @in6=@local}}, &(0x7f0000000300)=0xe8) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x2, '\x00', 0x0, r2, 0x3, 0x2, 0x4}, 0x48) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000440)={0x0, 0x8005}, 0x4) socket$inet6(0xa, 0x2, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r2, 0x80047213, &(0x7f0000000180)) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='8', @ANYRES16=r4, @ANYBLOB="1506000000000000004c0100000024000180060005004e22000008000300ac1414bb060001000200000008000600a7"], 0x38}}, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000380), r2) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r5, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)={0x30, r6, 0x1, 0x0, 0x0, {{}, {}, {0x14, 0x18, {0x0, @bearer=@l2={'ib', 0x3a, 'batadv0\x00'}}}}}, 0x30}}, 0x0) sendmsg$TIPC_CMD_SET_LINK_TOL(r3, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r6, 0x4, 0x70bd2a, 0x25dfdbfc, {{}, {}, {0x4c, 0x18, {0xbef, @media='udp\x00'}}}, ["", "", "", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x40}, 0x4) 193.292438ms ago: executing program 4 (id=2786): socket$nl_route(0x10, 0x3, 0x0) (async) r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000000040), &(0x7f0000000080)=0xc) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0x0, '.\x00'}}) r1 = socket$netlink(0x10, 0x3, 0x0) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x10, r0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000004c0)={'wlan0\x00'}) (async) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000004c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_BSS(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x2c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_BSS_CTS_PROT={0x5}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5}]}, 0x2c}}, 0x0) sendmsg$NFNL_MSG_CTHELPER_NEW(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000005c0)={0x58, 0x0, 0x9, 0x3, 0x0, 0x0, {}, [@NFCTH_PRIV_DATA_LEN={0x8}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8}}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x24, 0x2, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @rand_addr=0x64010102}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}]}, 0x58}}, 0x0) socket(0x10, 0x803, 0x0) (async) r6 = socket(0x10, 0x803, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000300), &(0x7f0000000540)=0x8) (async) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000300), &(0x7f0000000540)=0x8) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, &(0x7f00000003c0)={0x0, 0x42ee}, &(0x7f00000006c0)=0xd) (async) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, &(0x7f00000003c0)={0x0, 0x42ee}, &(0x7f00000006c0)=0xd) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = socket$unix(0x1, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000180), r7) (async) r10 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000180), r7) sendmsg$NLBL_UNLABEL_C_ACCEPT(r8, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x3c, r10, 0x800, 0x70bd2d, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast2}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @loopback}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4010}, 0x80) connect$can_bcm(0xffffffffffffffff, &(0x7f0000000000), 0x10) r11 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000580), r8) openat$cgroup(0xffffffffffffffff, &(0x7f0000000700)='syz1\x00', 0x200002, 0x0) sendmsg$NLBL_CIPSOV4_C_LIST(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r11, @ANYBLOB="0100000008000000000002000000080001"], 0x1c}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="4000000010000300"/20, @ANYRES32=r12, @ANYBLOB="0000000000000000140012800b00010067656e6576650000040002800c001a80"], 0x40}, 0x1, 0x2}, 0x0) socket$inet6(0xa, 0x6, 0x47f0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@delqdisc={0x34, 0x25, 0x0, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r12, {0x0, 0xfff2}, {0xe, 0x9}, {0xfff2, 0xfff3}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x8}}, @TCA_RATE={0x6, 0x5, {0x5}}]}, 0x34}}, 0x800) (async) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@delqdisc={0x34, 0x25, 0x0, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r12, {0x0, 0xfff2}, {0xe, 0x9}, {0xfff2, 0xfff3}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x8}}, @TCA_RATE={0x6, 0x5, {0x5}}]}, 0x34}}, 0x800) 144.540244ms ago: executing program 2 (id=2787): r0 = socket$igmp6(0xa, 0x3, 0x2) getsockopt$inet6_int(r0, 0x29, 0xa, 0x0, 0x0) 23.049505ms ago: executing program 2 (id=2788): ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f00000001c0)={0xffffffffffffffff, 0x1, 0x5, 0xd3}) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$SEG6_CMD_DUMPHMAC(r0, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x4c, r1, 0x108, 0x70bd28, 0x25dfdbfd, {}, [@SEG6_ATTR_DST={0x14, 0x1, @mcast1}, @SEG6_ATTR_HMACKEYID={0x8}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x10001}, @SEG6_ATTR_DST={0x14, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40012}, 0x8044) r2 = socket(0x10, 0x803, 0x0) sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_MON_GET(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x6c, 0x0, 0x800, 0x70bd27, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xc45}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x34fab27b}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9dd}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4004}, 0x1) recvmmsg(r2, &(0x7f00000037c0), 0x0, 0x2, &(0x7f0000000140)={0x0, 0x3938700}) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) 0s ago: executing program 0 (id=2789): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x1ac, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_RATE={0x6, 0x5, {0x9d}}, @filter_kind_options=@f_fw={{0x7}, {0x170, 0x2, [@TCA_FW_CLASSID={0x8}, @TCA_FW_INDEV={0x14, 0x3, 'batadv_slave_1\x00'}, @TCA_FW_INDEV={0x14, 0x3, 'veth0_to_bond\x00'}, @TCA_FW_ACT={0x4}, @TCA_FW_CLASSID={0x8}, @TCA_FW_POLICE={0x18, 0x2, [@TCA_POLICE_AVRATE={0x8}, @TCA_POLICE_RATE64={0xc}]}, @TCA_FW_CLASSID={0x8}, @TCA_FW_INDEV={0x14, 0x3, 'pimreg1\x00'}, @TCA_FW_ACT={0xfc, 0x4, [@m_simple={0xf8, 0x0, 0x0, 0x0, {{0xb}, {0x64, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18}, @TCA_DEF_PARMS={0x18}, @TCA_DEF_DATA={0xb, 0x3, 'skbmod\x00'}, @TCA_DEF_PARMS={0x18}, @TCA_DEF_DATA={0x9, 0x3, 'fd/3\x00'}]}, {0x69, 0x6, "4609dc63a7e2c1e8d8f3947bfe64049bafc10942cf56376c73961c5ee06f3a38e48c1a286e545dd4a521f2869b54fbcf1c7958eb636e54a910cbe3d0b34b67c9400d92c4bd68f2a5e196d558cfa1c8440806e82a3b539579ffad8fa8a57d9e0f03a55d685c"}, {0xc}, {0xc}}}]}]}}]}, 0x1ac}}, 0x0) sendto(0xffffffffffffffff, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) syz_emit_ethernet(0x6a, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558, 0x0, 0x0, [0x0, 0x0]}, {0x0, 0x0, 0x0, 0x0, 0x11}}}}}}, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000010040)}, 0x38) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000600)) sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x20, 0x0, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc, 0x99, {0x1}}}}}, 0x20}}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r1}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) close(r3) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000300)={'batadv_slave_1\x00', 0x0}) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000a00)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0503020000000000140012800c0001006d616376746170000400028009000500f9cb3bcbdcb803d6925e762430ba9eed6e17fd92901f62287ce78539872b73558530ae75d5e7ef042cec39175d60a115affc43b3b1d5ee5e35abcbc47210d5100647ddcdf1f0038d1b3bd24b25f441120d2101c691003ea98881e821a9ed1ae8eee4166f100c7fce9a3a8107f3cba466e787c3d70856", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r7, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$inet(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000540)="cbf2f7df1ba7b55c981319d156b7e86d8854aeecfed7024afc61554427fdd367d4bf1d3dc0e8d4a00698ee04883dfbce356233f2b6dfd580f3813b39cfb8cc229ae4b866b372", 0x46}, {&(0x7f0000000880)="edc0f1667d32a766b9a9bb6e4fa068ef2107a140d048198f0dbf4268d9a53a5af5c0f2090dbf495f72cdb112928603a4a1dc0011483611067e00ff5b06725f58f62cafb36fe9dd6fb4b8eb5b17ee46c757664c5833846ae87591c3c1d8fd0253f4bbe5707a5abcd6f116021d01a07a4422733382983d13c76f017de8da5ff48afb26362564ee3117a02a79c3cccdacee5a9b2ed36b2f30598fc61d3de14641c35e615652b3c6f5188d1e26cbb95032de11efdb", 0xb3}], 0x2, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @private=0xa010102, @loopback}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x6}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @remote, @broadcast}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x125}}], 0x70}, 0x4008880) r9 = socket$inet(0x2, 0x2, 0x1) setsockopt$SO_BINDTODEVICE_wg(r9, 0x1, 0x19, &(0x7f0000000080)='wg0\x00', 0x4) sendmsg$inet(r9, &(0x7f0000000100)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb58", 0x6}], 0x2}, 0x0) socket$kcm(0x2, 0x3, 0x106) ioctl$SIOCSIFHWADDR(r3, 0x8b26, &(0x7f0000000000)={'wlan1\x00', @random="0202000400"}) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x7e}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0xb00}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) kernel console output (not intermixed with test programs): strongly recommended to keep mac addresses unique to avoid problems! [ 452.034210][T12433] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 452.056776][T12758] FAULT_INJECTION: forcing a failure. [ 452.056776][T12758] name failslab, interval 1, probability 0, space 0, times 0 [ 452.092459][T12758] CPU: 0 UID: 0 PID: 12758 Comm: syz.0.2388 Not tainted 6.11.0-rc6-syzkaller-00178-gd759ee240d3c #0 [ 452.103283][T12758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 452.113365][T12758] Call Trace: [ 452.116656][T12758] [ 452.119616][T12758] dump_stack_lvl+0x241/0x360 [ 452.124340][T12758] ? __pfx_dump_stack_lvl+0x10/0x10 [ 452.129569][T12758] ? __pfx__printk+0x10/0x10 [ 452.134196][T12758] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 452.139694][T12758] ? __pfx___might_resched+0x10/0x10 [ 452.145019][T12758] should_fail_ex+0x3b0/0x4e0 [ 452.149731][T12758] should_failslab+0xac/0x100 [ 452.154444][T12758] ? rtnl_newlink+0xf2/0x20a0 [ 452.159220][T12758] __kmalloc_cache_noprof+0x6c/0x2c0 [ 452.164539][T12758] rtnl_newlink+0xf2/0x20a0 [ 452.169084][T12758] ? __pfx_lock_acquire+0x10/0x10 [ 452.174312][T12758] ? __mutex_lock+0x99b/0xd70 [ 452.176547][T12764] netlink: 84 bytes leftover after parsing attributes in process `syz.2.2390'. [ 452.178991][T12758] ? __pfx_lock_release+0x10/0x10 [ 452.179023][T12758] ? do_raw_spin_lock+0x14f/0x370 [ 452.198000][T12758] ? __pfx_rtnl_newlink+0x10/0x10 [ 452.203064][T12758] ? do_raw_spin_unlock+0x13c/0x8b0 [ 452.208311][T12758] ? __mutex_lock+0x9a5/0xd70 [ 452.213030][T12758] ? __mutex_lock+0x527/0xd70 [ 452.217820][T12758] ? rtnetlink_rcv_msg+0x6e6/0xcf0 [ 452.222965][T12758] ? __pfx___mutex_lock+0x10/0x10 [ 452.228032][T12758] ? __pfx_rtnl_newlink+0x10/0x10 [ 452.233093][T12758] rtnetlink_rcv_msg+0x73f/0xcf0 [ 452.238055][T12758] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 452.243197][T12758] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 452.248778][T12758] ? ref_tracker_free+0x643/0x7e0 [ 452.253831][T12758] netlink_rcv_skb+0x1e3/0x430 [ 452.258622][T12758] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 452.264148][T12758] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 452.269482][T12758] ? netlink_deliver_tap+0x2e/0x1b0 [ 452.274705][T12758] netlink_unicast+0x7f6/0x990 [ 452.279508][T12758] ? __pfx_netlink_unicast+0x10/0x10 [ 452.284830][T12758] ? __virt_addr_valid+0x183/0x530 [ 452.289973][T12758] ? __check_object_size+0x49c/0x900 [ 452.295295][T12758] ? bpf_lsm_netlink_send+0x9/0x10 [ 452.300434][T12758] netlink_sendmsg+0x8e4/0xcb0 [ 452.305247][T12758] ? __pfx_netlink_sendmsg+0x10/0x10 [ 452.310566][T12758] ? __import_iovec+0x536/0x820 [ 452.315492][T12758] ? aa_sock_msg_perm+0x91/0x160 [ 452.320556][T12758] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 452.325869][T12758] ? security_socket_sendmsg+0x87/0xb0 [ 452.331361][T12758] ? __pfx_netlink_sendmsg+0x10/0x10 [ 452.336679][T12758] __sock_sendmsg+0x221/0x270 [ 452.341393][T12758] ____sys_sendmsg+0x525/0x7d0 [ 452.346198][T12758] ? __pfx_____sys_sendmsg+0x10/0x10 [ 452.351537][T12758] __sys_sendmsg+0x2b0/0x3a0 [ 452.356158][T12758] ? __pfx___sys_sendmsg+0x10/0x10 [ 452.361291][T12758] ? vfs_write+0x7c4/0xc90 [ 452.365774][T12758] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 452.372132][T12758] ? do_syscall_64+0x100/0x230 [ 452.376928][T12758] ? do_syscall_64+0xb6/0x230 [ 452.381655][T12758] do_syscall_64+0xf3/0x230 [ 452.386188][T12758] ? clear_bhb_loop+0x35/0x90 [ 452.390900][T12758] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.396822][T12758] RIP: 0033:0x7fd29477cef9 [ 452.401256][T12758] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 452.420892][T12758] RSP: 002b:00007fd295548038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 452.429342][T12758] RAX: ffffffffffffffda RBX: 00007fd294935f80 RCX: 00007fd29477cef9 [ 452.437346][T12758] RDX: 0000000000000010 RSI: 0000000020000280 RDI: 0000000000000003 [ 452.445393][T12758] RBP: 00007fd295548090 R08: 0000000000000000 R09: 0000000000000000 [ 452.453396][T12758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 452.461396][T12758] R13: 0000000000000000 R14: 00007fd294935f80 R15: 00007ffcc1fcfbe8 [ 452.469495][T12758] [ 452.484301][T12772] netlink: 'syz.2.2392': attribute type 10 has an invalid length. [ 452.498684][T12762] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2389'. [ 452.519389][T12762] (unnamed net_device) (uninitialized): option xmit_hash_policy: invalid value (64) [ 452.562303][T12433] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.571041][T12433] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.613809][T12433] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.631481][T12433] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.654784][T12480] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 452.677272][T12778] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2395'. [ 452.854995][ T1125] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 452.885315][ T1125] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 452.983274][T12788] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2400'. [ 453.014934][T12480] veth0_vlan: entered promiscuous mode [ 453.022898][T11539] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 453.042481][T11539] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 453.044355][T12788] netlink: 'syz.0.2400': attribute type 1 has an invalid length. [ 453.084586][T12480] veth1_vlan: entered promiscuous mode [ 453.146673][T12480] veth0_macvtap: entered promiscuous mode [ 453.189236][T12480] veth1_macvtap: entered promiscuous mode [ 453.218434][T12480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 453.229215][T12480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.241615][T12480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 453.270526][T12480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.298857][T12480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 453.311999][T12480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.322405][T12480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 453.333914][T12480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.370898][T12480] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 453.405864][T12480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 453.420222][T12480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.442945][T12480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 453.471486][T12480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.496014][T12480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 453.511524][T12480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.531524][T12480] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 453.542604][T12480] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.563984][T12480] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 453.613753][T12809] netlink: 'syz.4.2408': attribute type 10 has an invalid length. [ 453.638347][T12809] team0: Port device netdevsim0 added [ 453.656441][T12480] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.686315][T12480] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.701470][T12480] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.710327][T12480] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.908461][T12819] FAULT_INJECTION: forcing a failure. [ 453.908461][T12819] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 453.919667][ T1125] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 453.935530][ T1125] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 453.951975][T12819] CPU: 0 UID: 0 PID: 12819 Comm: syz.0.2413 Not tainted 6.11.0-rc6-syzkaller-00178-gd759ee240d3c #0 [ 453.962791][T12819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 453.972866][T12819] Call Trace: [ 453.976193][T12819] [ 453.979136][T12819] dump_stack_lvl+0x241/0x360 [ 453.983852][T12819] ? __pfx_dump_stack_lvl+0x10/0x10 [ 453.986851][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 453.989054][T12819] ? __pfx__printk+0x10/0x10 [ 453.989084][T12819] ? __pfx_lock_release+0x10/0x10 [ 454.006555][T12819] should_fail_ex+0x3b0/0x4e0 [ 454.011268][T12819] _copy_from_user+0x2f/0xe0 [ 454.015877][T12819] do_sock_getsockopt+0x1d1/0x7e0 [ 454.020928][T12819] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 454.026478][T12819] ? __fget_files+0x3f6/0x470 [ 454.031159][T12819] __sys_getsockopt+0x271/0x330 [ 454.036022][T12819] ? __pfx___sys_getsockopt+0x10/0x10 [ 454.041402][T12819] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 454.047732][T12819] ? do_syscall_64+0x100/0x230 [ 454.052492][T12819] __x64_sys_getsockopt+0xb5/0xd0 [ 454.057519][T12819] do_syscall_64+0xf3/0x230 [ 454.062016][T12819] ? clear_bhb_loop+0x35/0x90 [ 454.066693][T12819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.072594][T12819] RIP: 0033:0x7fd29477cef9 [ 454.077004][T12819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.096637][T12819] RSP: 002b:00007fd295548038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 454.105132][T12819] RAX: ffffffffffffffda RBX: 00007fd294935f80 RCX: 00007fd29477cef9 [ 454.113108][T12819] RDX: 0000000000002721 RSI: 0000200000000114 RDI: 0000000000000003 [ 454.121071][T12819] RBP: 00007fd295548090 R08: 0000000020000040 R09: 0000000000000000 [ 454.129310][T12819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 454.137464][T12819] R13: 0000000000000000 R14: 00007fd294935f80 R15: 00007ffcc1fcfbe8 [ 454.145726][T12819] [ 454.150435][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 454.411939][T12832] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 454.627344][ T1125] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.425521][ T1125] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.542561][T12844] __nla_validate_parse: 7 callbacks suppressed [ 455.542580][T12844] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2422'. [ 455.630486][ T1125] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.729541][ T1125] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.780636][T12854] netem: incorrect ge model size [ 455.801604][T12854] netem: change failed [ 455.819672][T12854] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2426'. [ 455.859346][ T5233] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 455.869474][ T5233] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 455.877869][ T5233] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 455.891763][ T5233] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 455.901081][ T5233] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 455.910989][ T5233] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 455.911662][T12858] FAULT_INJECTION: forcing a failure. [ 455.911662][T12858] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 455.939186][T12858] CPU: 0 UID: 0 PID: 12858 Comm: syz.0.2427 Not tainted 6.11.0-rc6-syzkaller-00178-gd759ee240d3c #0 [ 455.949992][T12858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 455.960080][T12858] Call Trace: [ 455.963391][T12858] [ 455.966339][T12858] dump_stack_lvl+0x241/0x360 [ 455.971043][T12858] ? __pfx_dump_stack_lvl+0x10/0x10 [ 455.976352][T12858] ? __pfx__printk+0x10/0x10 [ 455.980977][T12858] should_fail_ex+0x3b0/0x4e0 [ 455.985689][T12858] prepare_alloc_pages+0x1da/0x5d0 [ 455.990844][T12858] __alloc_pages_noprof+0x166/0x6c0 [ 455.996076][T12858] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 456.002623][T12858] ? __pfx_validate_chain+0x10/0x10 [ 456.007862][T12858] alloc_pages_mpol_noprof+0x3e8/0x680 [ 456.013379][T12858] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 456.019400][T12858] vma_alloc_folio_noprof+0x12e/0x230 [ 456.024807][T12858] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 456.030735][T12858] ? __lock_acquire+0x137a/0x2040 [ 456.035790][T12858] folio_prealloc+0x31/0x170 [ 456.040411][T12858] handle_pte_fault+0x255e/0x6fc0 [ 456.045478][T12858] ? __pfx_lock_acquire+0x10/0x10 [ 456.050540][T12858] ? __pfx_handle_pte_fault+0x10/0x10 [ 456.055934][T12858] ? do_raw_spin_lock+0x14f/0x370 [ 456.061005][T12858] ? follow_page_pte+0x29a/0x1ee0 [ 456.066059][T12858] ? follow_page_pte+0x83f/0x1ee0 [ 456.071109][T12858] ? __pfx_lock_release+0x10/0x10 [ 456.076164][T12858] ? do_raw_spin_unlock+0x13c/0x8b0 [ 456.081393][T12858] handle_mm_fault+0x1109/0x1bc0 [ 456.086383][T12858] ? __pfx_handle_mm_fault+0x10/0x10 [ 456.091709][T12858] ? __pfx_find_vma+0x10/0x10 [ 456.096409][T12858] ? vma_is_secretmem+0xd/0x50 [ 456.101192][T12858] ? check_vma_flags+0x531/0x5a0 [ 456.106159][T12858] __get_user_pages+0x6ec/0x16a0 [ 456.111158][T12858] ? __pfx___get_user_pages+0x10/0x10 [ 456.116567][T12858] __gup_longterm_locked+0xed7/0x17d0 [ 456.121985][T12858] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 456.128344][T12858] ? sanity_check_pinned_pages+0x12c2/0x13c0 [ 456.134363][T12858] ? gup_fast_fallback+0x221d/0x2b50 [ 456.139686][T12858] gup_fast_fallback+0x2742/0x2b50 [ 456.144860][T12858] ? __pfx_gup_fast_fallback+0x10/0x10 [ 456.150349][T12858] ? __sys_getsockopt+0x271/0x330 [ 456.155398][T12858] ? __x64_sys_getsockopt+0xb5/0xd0 [ 456.160616][T12858] ? do_syscall_64+0xf3/0x230 [ 456.165354][T12858] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.171568][T12858] ? is_valid_gup_args+0x124/0x200 [ 456.176707][T12858] pin_user_pages_fast+0xcc/0x160 [ 456.181769][T12858] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 456.187426][T12858] ? rds_info_getsockopt+0x20c/0x600 [ 456.192733][T12858] ? rds_info_getsockopt+0x20c/0x600 [ 456.198126][T12858] ? rds_info_getsockopt+0x20c/0x600 [ 456.203523][T12858] ? __kmalloc_noprof+0x21a/0x400 [ 456.208586][T12858] rds_info_getsockopt+0x22e/0x600 [ 456.213731][T12858] ? __might_fault+0xaa/0x120 [ 456.218460][T12858] ? __pfx_lock_release+0x10/0x10 [ 456.223521][T12858] ? __pfx_rds_info_getsockopt+0x10/0x10 [ 456.229193][T12858] ? __might_fault+0xc6/0x120 [ 456.233914][T12858] ? rds_getsockopt+0x2c2/0x530 [ 456.238880][T12858] ? __pfx_rds_getsockopt+0x10/0x10 [ 456.244211][T12858] do_sock_getsockopt+0x3c4/0x7e0 [ 456.249284][T12858] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 456.254860][T12858] ? __fget_files+0x3f6/0x470 [ 456.259581][T12858] __sys_getsockopt+0x271/0x330 [ 456.261479][T12855] chnl_net:caif_netlink_parms(): no params data found [ 456.264444][T12858] ? __pfx___sys_getsockopt+0x10/0x10 [ 456.264474][T12858] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 456.282946][T12858] ? do_syscall_64+0x100/0x230 [ 456.287738][T12858] __x64_sys_getsockopt+0xb5/0xd0 [ 456.292791][T12858] do_syscall_64+0xf3/0x230 [ 456.297324][T12858] ? clear_bhb_loop+0x35/0x90 [ 456.302039][T12858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.307958][T12858] RIP: 0033:0x7fd29477cef9 [ 456.312395][T12858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 456.332023][T12858] RSP: 002b:00007fd295548038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 456.340458][T12858] RAX: ffffffffffffffda RBX: 00007fd294935f80 RCX: 00007fd29477cef9 [ 456.348536][T12858] RDX: 0000000000002711 RSI: 0000200000000114 RDI: 0000000000000003 [ 456.356531][T12858] RBP: 00007fd295548090 R08: 0000000020000040 R09: 0000000000000000 [ 456.364526][T12858] R10: 0000000020005ec0 R11: 0000000000000246 R12: 0000000000000002 [ 456.372521][T12858] R13: 0000000000000000 R14: 00007fd294935f80 R15: 00007ffcc1fcfbe8 [ 456.380534][T12858] [ 456.399165][ T1125] bridge_slave_1: left allmulticast mode [ 456.405021][ T1125] bridge_slave_1: left promiscuous mode [ 456.413232][ T1125] bridge0: port 2(bridge_slave_1) entered disabled state [ 456.428914][ T1125] bridge_slave_0: left allmulticast mode [ 456.448099][ T1125] bridge_slave_0: left promiscuous mode [ 456.454123][ T1125] bridge0: port 1(bridge_slave_0) entered disabled state [ 456.607236][T12876] netlink: 84 bytes leftover after parsing attributes in process `syz.2.2432'. [ 457.181144][ T1125] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 457.195259][ T1125] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 457.207130][ T1125] bond0 (unregistering): Released all slaves [ 457.386777][T12855] bridge0: port 1(bridge_slave_0) entered blocking state [ 457.394780][T12855] bridge0: port 1(bridge_slave_0) entered disabled state [ 457.404688][T12855] bridge_slave_0: entered allmulticast mode [ 457.421883][T12855] bridge_slave_0: entered promiscuous mode [ 457.430257][T12899] netlink: 'syz.2.2439': attribute type 10 has an invalid length. [ 457.459274][T12899] team0: Port device netdevsim0 added [ 457.506642][T12855] bridge0: port 2(bridge_slave_1) entered blocking state [ 457.514662][T12855] bridge0: port 2(bridge_slave_1) entered disabled state [ 457.525097][T12855] bridge_slave_1: entered allmulticast mode [ 457.532664][T12855] bridge_slave_1: entered promiscuous mode [ 457.545656][T12904] netlink: 592 bytes leftover after parsing attributes in process `syz.0.2441'. [ 457.553764][T12906] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 457.709846][T12855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 457.723164][T12855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 457.808706][T12855] team0: Port device team_slave_0 added [ 457.836694][ T1125] hsr_slave_0: left promiscuous mode [ 457.853537][ T1125] hsr_slave_1: left promiscuous mode [ 457.867892][ T1125] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 457.881712][ T1125] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 457.900244][ T1125] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 457.911261][ T1125] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 457.939215][ T1125] veth1_macvtap: left promiscuous mode [ 457.945947][ T1125] veth0_macvtap: left promiscuous mode [ 457.951854][ T1125] veth1_vlan: left promiscuous mode [ 457.957229][ T1125] veth0_vlan: left promiscuous mode [ 457.991555][ T5233] Bluetooth: hci1: command tx timeout [ 458.598790][ T1125] team0 (unregistering): Port device team_slave_1 removed [ 458.651168][ T1125] team0 (unregistering): Port device team_slave_0 removed [ 459.188002][T12855] team0: Port device team_slave_1 added [ 459.248506][T12855] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 459.258521][T12855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 459.288262][T12855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 459.302266][T12855] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 459.309286][T12855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 459.338300][T12855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 459.557888][T12855] hsr_slave_0: entered promiscuous mode [ 459.581882][T12926] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2448'. [ 459.609302][T12855] hsr_slave_1: entered promiscuous mode [ 459.646355][T12928] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2449'. [ 459.658511][T12855] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 459.674223][T12855] Cannot create hsr debugfs directory [ 459.712941][T12931] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2450'. [ 459.811538][T12935] FAULT_INJECTION: forcing a failure. [ 459.811538][T12935] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 459.842461][T12935] CPU: 0 UID: 0 PID: 12935 Comm: syz.0.2452 Not tainted 6.11.0-rc6-syzkaller-00178-gd759ee240d3c #0 [ 459.853373][T12935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 459.863535][T12935] Call Trace: [ 459.866836][T12935] [ 459.869778][T12935] dump_stack_lvl+0x241/0x360 [ 459.874480][T12935] ? __pfx_dump_stack_lvl+0x10/0x10 [ 459.879704][T12935] ? __pfx__printk+0x10/0x10 [ 459.884325][T12935] ? __pfx_lock_release+0x10/0x10 [ 459.888040][ T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 459.889372][T12935] should_fail_ex+0x3b0/0x4e0 [ 459.889413][T12935] _copy_from_user+0x2f/0xe0 [ 459.899761][ T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 459.901185][T12935] copy_msghdr_from_user+0xae/0x680 [ 459.901227][T12935] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 459.913059][ T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 459.918005][T12935] __sys_sendmsg+0x23d/0x3a0 [ 459.918046][T12935] ? __pfx___sys_sendmsg+0x10/0x10 [ 459.927605][ T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 459.930741][T12935] ? vfs_write+0x7c4/0xc90 [ 459.930809][T12935] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 459.936373][ T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 459.940451][T12935] ? do_syscall_64+0x100/0x230 [ 459.940483][T12935] ? do_syscall_64+0xb6/0x230 [ 459.948239][ T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 459.951809][T12935] do_syscall_64+0xf3/0x230 [ 459.951839][T12935] ? clear_bhb_loop+0x35/0x90 [ 459.951864][T12935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.951886][T12935] RIP: 0033:0x7fd29477cef9 [ 459.951903][T12935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 459.951919][T12935] RSP: 002b:00007fd295548038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 459.951940][T12935] RAX: ffffffffffffffda RBX: 00007fd294935f80 RCX: 00007fd29477cef9 [ 459.951954][T12935] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000000000003 [ 459.951966][T12935] RBP: 00007fd295548090 R08: 0000000000000000 R09: 0000000000000000 [ 459.951979][T12935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 459.951991][T12935] R13: 0000000000000000 R14: 00007fd294935f80 R15: 00007ffcc1fcfbe8 [ 459.952022][T12935] [ 459.957735][T12940] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 460.072134][ T54] Bluetooth: hci1: command tx timeout [ 460.090609][T12937] netlink: 592 bytes leftover after parsing attributes in process `syz.4.2453'. [ 460.299112][ T1125] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.406392][ T1125] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.489452][ T1125] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.584958][ T1125] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.625845][T12938] chnl_net:caif_netlink_parms(): no params data found [ 460.708404][T12957] FAULT_INJECTION: forcing a failure. [ 460.708404][T12957] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 460.724499][T12957] CPU: 0 UID: 0 PID: 12957 Comm: syz.2.2457 Not tainted 6.11.0-rc6-syzkaller-00178-gd759ee240d3c #0 [ 460.735307][T12957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 460.745393][T12957] Call Trace: [ 460.748666][T12957] [ 460.751676][T12957] dump_stack_lvl+0x241/0x360 [ 460.756368][T12957] ? __pfx_dump_stack_lvl+0x10/0x10 [ 460.761601][T12957] ? __pfx__printk+0x10/0x10 [ 460.766232][T12957] should_fail_ex+0x3b0/0x4e0 [ 460.770948][T12957] prepare_alloc_pages+0x1da/0x5d0 [ 460.776106][T12957] __alloc_pages_noprof+0x166/0x6c0 [ 460.781438][T12957] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 460.787218][T12957] ? __pfx_validate_chain+0x10/0x10 [ 460.792423][T12957] alloc_pages_mpol_noprof+0x3e8/0x680 [ 460.797901][T12957] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 460.803893][T12957] vma_alloc_folio_noprof+0x12e/0x230 [ 460.809273][T12957] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 460.815181][T12957] ? __lock_acquire+0x137a/0x2040 [ 460.820213][T12957] folio_prealloc+0x31/0x170 [ 460.824800][T12957] handle_pte_fault+0x255e/0x6fc0 [ 460.829833][T12957] ? __pfx_lock_acquire+0x10/0x10 [ 460.834863][T12957] ? __pfx_handle_pte_fault+0x10/0x10 [ 460.840228][T12957] ? do_raw_spin_lock+0x14f/0x370 [ 460.845260][T12957] ? follow_page_pte+0x29a/0x1ee0 [ 460.850280][T12957] ? follow_page_pte+0x83f/0x1ee0 [ 460.855388][T12957] ? __pfx_lock_release+0x10/0x10 [ 460.860586][T12957] ? do_raw_spin_unlock+0x13c/0x8b0 [ 460.866131][T12957] handle_mm_fault+0x1109/0x1bc0 [ 460.871083][T12957] ? __pfx_handle_mm_fault+0x10/0x10 [ 460.876372][T12957] ? __pfx_find_vma+0x10/0x10 [ 460.881152][T12957] ? vma_is_secretmem+0xd/0x50 [ 460.885911][T12957] ? check_vma_flags+0x531/0x5a0 [ 460.890937][T12957] __get_user_pages+0x6ec/0x16a0 [ 460.895884][T12957] ? __pfx___get_user_pages+0x10/0x10 [ 460.901348][T12957] __gup_longterm_locked+0xed7/0x17d0 [ 460.906832][T12957] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 460.913156][T12957] ? sanity_check_pinned_pages+0x12c2/0x13c0 [ 460.919135][T12957] ? gup_fast_fallback+0x221d/0x2b50 [ 460.924516][T12957] gup_fast_fallback+0x2742/0x2b50 [ 460.929653][T12957] ? __pfx_gup_fast_fallback+0x10/0x10 [ 460.935112][T12957] ? __sys_getsockopt+0x271/0x330 [ 460.940132][T12957] ? __x64_sys_getsockopt+0xb5/0xd0 [ 460.945324][T12957] ? do_syscall_64+0xf3/0x230 [ 460.950019][T12957] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 460.956111][T12957] ? is_valid_gup_args+0x124/0x200 [ 460.961219][T12957] pin_user_pages_fast+0xcc/0x160 [ 460.966243][T12957] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 460.971871][T12957] ? rds_info_getsockopt+0x20c/0x600 [ 460.977152][T12957] ? rds_info_getsockopt+0x20c/0x600 [ 460.982436][T12957] ? rds_info_getsockopt+0x20c/0x600 [ 460.987850][T12957] ? __kmalloc_noprof+0x21a/0x400 [ 460.992884][T12957] rds_info_getsockopt+0x22e/0x600 [ 460.997993][T12957] ? __might_fault+0xaa/0x120 [ 461.002704][T12957] ? __pfx_lock_release+0x10/0x10 [ 461.007727][T12957] ? __pfx_rds_info_getsockopt+0x10/0x10 [ 461.013364][T12957] ? __might_fault+0xc6/0x120 [ 461.018038][T12957] ? rds_getsockopt+0x2c2/0x530 [ 461.022877][T12957] ? __pfx_rds_getsockopt+0x10/0x10 [ 461.028067][T12957] do_sock_getsockopt+0x3c4/0x7e0 [ 461.033097][T12957] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 461.038643][T12957] ? __fget_files+0x3f6/0x470 [ 461.043322][T12957] __sys_getsockopt+0x271/0x330 [ 461.048169][T12957] ? __pfx___sys_getsockopt+0x10/0x10 [ 461.053536][T12957] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 461.060034][T12957] __x64_sys_getsockopt+0xb5/0xd0 [ 461.065067][T12957] do_syscall_64+0xf3/0x230 [ 461.069568][T12957] ? clear_bhb_loop+0x35/0x90 [ 461.074243][T12957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.080126][T12957] RIP: 0033:0x7f1095b7cef9 [ 461.084561][T12957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 461.104155][T12957] RSP: 002b:00007f1096975038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 461.112561][T12957] RAX: ffffffffffffffda RBX: 00007f1095d35f80 RCX: 00007f1095b7cef9 [ 461.120612][T12957] RDX: 0000000000002711 RSI: 0000200000000114 RDI: 0000000000000003 [ 461.128605][T12957] RBP: 00007f1096975090 R08: 0000000020000040 R09: 0000000000000000 [ 461.136571][T12957] R10: 0000000020005ec0 R11: 0000000000000246 R12: 0000000000000002 [ 461.144534][T12957] R13: 0000000000000000 R14: 00007f1095d35f80 R15: 00007ffedf4a76a8 [ 461.152602][T12957] [ 461.317549][T12938] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.340018][T12938] bridge0: port 1(bridge_slave_0) entered disabled state [ 461.358260][T12938] bridge_slave_0: entered allmulticast mode [ 461.365709][T12938] bridge_slave_0: entered promiscuous mode [ 461.379073][T12938] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.387978][T12938] bridge0: port 2(bridge_slave_1) entered disabled state [ 461.398827][T12938] bridge_slave_1: entered allmulticast mode [ 461.417009][T12938] bridge_slave_1: entered promiscuous mode [ 461.502543][ T1125] bridge_slave_1: left allmulticast mode [ 461.508324][ T1125] bridge_slave_1: left promiscuous mode [ 461.537114][ T1125] bridge0: port 2(bridge_slave_1) entered disabled state [ 461.559738][T12976] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2463'. [ 461.572047][ T1125] bridge_slave_0: left allmulticast mode [ 461.579058][T12978] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2462'. [ 461.591982][ T1125] bridge_slave_0: left promiscuous mode [ 461.597793][ T1125] bridge0: port 1(bridge_slave_0) entered disabled state [ 461.619142][T12980] netlink: 'syz.2.2463': attribute type 1 has an invalid length. [ 461.632372][T12980] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2463'. [ 462.083344][ T5233] Bluetooth: hci3: command tx timeout [ 462.126455][ T1125] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 462.139228][ T1125] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 462.150903][ T1125] bond0 (unregistering): Released all slaves [ 462.162852][ T5233] Bluetooth: hci1: command tx timeout [ 462.298142][T12987] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2466'. [ 462.318154][T12938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 462.375972][T12938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 462.398878][T12855] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 462.413805][T12989] netlink: 592 bytes leftover after parsing attributes in process `syz.4.2465'. [ 462.497541][T12989] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 462.537060][T12855] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 462.634640][T12855] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 462.726435][T12938] team0: Port device team_slave_0 added [ 462.749447][T12855] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 462.780017][T12938] team0: Port device team_slave_1 added [ 462.862338][T12938] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 462.869348][T12938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 462.961353][T12938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 462.992329][ T1125] hsr_slave_0: left promiscuous mode [ 462.998427][ T1125] hsr_slave_1: left promiscuous mode [ 463.011568][ T1125] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 463.019215][ T1125] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 463.038166][ T1125] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 463.046247][ T1125] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 463.123865][ T1125] veth1_macvtap: left promiscuous mode [ 463.135073][ T1125] veth0_macvtap: left promiscuous mode [ 463.156698][ T1125] veth1_vlan: left promiscuous mode [ 463.162442][ T1125] veth0_vlan: left promiscuous mode [ 463.338037][T13017] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2477'. [ 463.405854][T13018] netlink: 'syz.4.2477': attribute type 1 has an invalid length. [ 463.426848][T13018] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2477'. [ 463.458730][T13020] netlink: 4552 bytes leftover after parsing attributes in process `syz.2.2478'. [ 463.470313][T13020] netlink: 4552 bytes leftover after parsing attributes in process `syz.2.2478'. [ 463.540771][T13020] xt_CT: No such helper "syz0" [ 464.000205][ T1125] team0 (unregistering): Port device team_slave_1 removed [ 464.067516][ T1125] team0 (unregistering): Port device team_slave_0 removed [ 464.154115][ T5233] Bluetooth: hci3: command tx timeout [ 464.241559][ T5233] Bluetooth: hci1: command tx timeout [ 464.628949][T12938] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 464.637154][T12938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 464.663470][T12938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 464.680818][T13020] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2478'. [ 464.900425][T13030] Bluetooth: MGMT ver 1.23 [ 464.906115][T13030] Bluetooth: hci3: unsupported parameter 64512 [ 464.912784][T13030] Bluetooth: hci3: invalid length 0, exp 2 for type 29 [ 464.948642][T13026] netem: incorrect ge model size [ 465.065108][T12938] hsr_slave_0: entered promiscuous mode [ 465.091158][T12938] hsr_slave_1: entered promiscuous mode [ 465.110593][T12938] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 465.130265][T12938] Cannot create hsr debugfs directory [ 465.499494][T13043] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 465.598475][T12855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 465.736754][T12855] 8021q: adding VLAN 0 to HW filter on device team0 [ 465.806392][ T2964] bridge0: port 1(bridge_slave_0) entered blocking state [ 465.813742][ T2964] bridge0: port 1(bridge_slave_0) entered forwarding state [ 465.900112][T11539] bridge0: port 2(bridge_slave_1) entered blocking state [ 465.907315][T11539] bridge0: port 2(bridge_slave_1) entered forwarding state [ 466.099040][T12855] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 466.244676][ T5233] Bluetooth: hci3: command tx timeout [ 466.430576][T12938] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 466.522438][T12938] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 466.539313][T12938] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 466.566008][T12938] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 466.589227][T12855] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 466.769601][T12855] veth0_vlan: entered promiscuous mode [ 466.840039][T12855] veth1_vlan: entered promiscuous mode [ 466.859081][T13097] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 466.886409][T12938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 466.948106][T12938] 8021q: adding VLAN 0 to HW filter on device team0 [ 466.973632][T13099] __nla_validate_parse: 6 callbacks suppressed [ 466.973652][T13099] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2502'. [ 466.992837][T12855] veth0_macvtap: entered promiscuous mode [ 467.008155][T13099] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2502'. [ 467.034651][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 467.041960][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 467.063561][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 467.070790][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 467.095416][T12855] veth1_macvtap: entered promiscuous mode [ 467.215811][T12855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 467.227603][T12855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 467.237988][T12855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 467.250202][T12855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 467.272807][T12855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 467.283700][T12855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 467.305697][T12855] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 467.327327][T12855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 467.350506][T12855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 467.371248][T12855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 467.387795][T12855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 467.398656][T12855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 467.409372][T12855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 467.409493][T13101] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2503'. [ 467.421751][T12855] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 467.485528][T12855] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.507999][T12855] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.527314][T12855] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.552719][T12855] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.622914][T13106] netlink: 'syz.2.2505': attribute type 10 has an invalid length. [ 467.657054][T13106] team0: Port device netdevsim0 removed [ 467.727449][T13108] netlink: 592 bytes leftover after parsing attributes in process `syz.0.2506'. [ 467.853334][T13115] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 467.878745][ T1125] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 467.901558][ T1125] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 467.987693][ T2964] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 468.031013][ T2964] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 468.107150][T13122] netlink: 'syz.4.2510': attribute type 1 has an invalid length. [ 468.127922][T13122] netlink: 'syz.4.2510': attribute type 2 has an invalid length. [ 468.199198][T12938] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 468.311686][ T5233] Bluetooth: hci3: command tx timeout [ 468.468734][T12938] veth0_vlan: entered promiscuous mode [ 468.495500][T12938] veth1_vlan: entered promiscuous mode [ 468.592296][T12938] veth0_macvtap: entered promiscuous mode [ 468.617358][T12938] veth1_macvtap: entered promiscuous mode [ 468.684437][T12938] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.709412][T13140] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 468.711351][T12938] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.749519][T12938] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.771773][T12938] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.790443][T12938] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.805965][T12938] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.807500][T13142] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2515'. [ 468.823890][T12938] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 468.845410][T12938] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.864236][T12938] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 468.899051][T12938] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.919894][T12938] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.935687][T12938] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.951817][T12938] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 468.967652][T12938] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 468.996600][T12938] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.010281][T12938] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 469.021409][T12938] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 469.033662][T13145] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2516'. [ 469.034030][T12938] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 469.057970][T12938] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.067735][T12938] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.077545][T12938] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.087599][T12938] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 469.103664][T13146] netlink: 'syz.0.2516': attribute type 1 has an invalid length. [ 469.114327][T13146] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2516'. [ 469.126462][T13145] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2516'. [ 469.294001][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 469.307447][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 469.355172][ T1125] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 469.391398][ T1125] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 469.477365][T13151] FAULT_INJECTION: forcing a failure. [ 469.477365][T13151] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 469.513360][T13151] CPU: 0 UID: 0 PID: 13151 Comm: syz.0.2519 Not tainted 6.11.0-rc6-syzkaller-00178-gd759ee240d3c #0 [ 469.524354][T13151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 469.534442][T13151] Call Trace: [ 469.537737][T13151] [ 469.540705][T13151] dump_stack_lvl+0x241/0x360 [ 469.545414][T13151] ? __pfx_dump_stack_lvl+0x10/0x10 [ 469.550653][T13151] ? __pfx__printk+0x10/0x10 [ 469.555276][T13151] ? __pfx_lock_release+0x10/0x10 [ 469.560343][T13151] should_fail_ex+0x3b0/0x4e0 [ 469.565060][T13151] _copy_from_user+0x2f/0xe0 [ 469.569689][T13151] copy_msghdr_from_user+0xae/0x680 [ 469.574936][T13151] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 469.580785][T13151] __sys_sendmsg+0x23d/0x3a0 [ 469.585403][T13151] ? __pfx___sys_sendmsg+0x10/0x10 [ 469.590539][T13151] ? vfs_write+0x7c4/0xc90 [ 469.595024][T13151] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 469.601387][T13151] ? do_syscall_64+0x100/0x230 [ 469.606177][T13151] ? do_syscall_64+0xb6/0x230 [ 469.610877][T13151] do_syscall_64+0xf3/0x230 [ 469.615403][T13151] ? clear_bhb_loop+0x35/0x90 [ 469.620114][T13151] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 469.626036][T13151] RIP: 0033:0x7fd29477cef9 [ 469.630471][T13151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 469.650461][T13151] RSP: 002b:00007fd295548038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 469.658906][T13151] RAX: ffffffffffffffda RBX: 00007fd294935f80 RCX: 00007fd29477cef9 [ 469.667001][T13151] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 469.675004][T13151] RBP: 00007fd295548090 R08: 0000000000000000 R09: 0000000000000000 [ 469.683007][T13151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 469.691091][T13151] R13: 0000000000000000 R14: 00007fd294935f80 R15: 00007ffcc1fcfbe8 [ 469.699108][T13151] [ 469.960368][T13172] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2526'. [ 469.983388][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 470.006238][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 470.270008][ T2964] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.309156][T13182] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2532'. [ 470.863476][ T2964] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.935999][ T2964] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.011070][ T2964] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.154929][ T2964] bridge_slave_1: left allmulticast mode [ 471.160637][ T2964] bridge_slave_1: left promiscuous mode [ 471.192122][ T2964] bridge0: port 2(bridge_slave_1) entered disabled state [ 471.224252][ T2964] bridge_slave_0: left allmulticast mode [ 471.240252][ T2964] bridge_slave_0: left promiscuous mode [ 471.249721][ T2964] bridge0: port 1(bridge_slave_0) entered disabled state [ 471.298605][T13195] nbd: couldn't find a device at index 0 [ 471.568795][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 471.584238][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 471.594142][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 471.605442][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 471.615517][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 471.623312][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 472.005096][ T2964] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 472.032274][ T2964] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 472.055993][ T2964] bond0 (unregistering): Released all slaves [ 472.074691][T13192] __nla_validate_parse: 1 callbacks suppressed [ 472.074723][T13192] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2535'. [ 472.354600][T13206] chnl_net:caif_netlink_parms(): no params data found [ 472.447489][T13206] bridge0: port 1(bridge_slave_0) entered blocking state [ 472.454948][T13206] bridge0: port 1(bridge_slave_0) entered disabled state [ 472.464309][T13206] bridge_slave_0: entered allmulticast mode [ 472.471147][T13206] bridge_slave_0: entered promiscuous mode [ 472.486948][ T2964] hsr_slave_0: left promiscuous mode [ 472.493204][ T2964] hsr_slave_1: left promiscuous mode [ 472.499310][ T2964] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 472.508017][ T2964] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 472.516359][ T2964] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 472.524109][ T2964] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 472.546771][ T2964] veth1_macvtap: left promiscuous mode [ 472.552464][ T2964] veth0_macvtap: left promiscuous mode [ 472.558115][ T2964] veth1_vlan: left promiscuous mode [ 472.563527][ T2964] veth0_vlan: left promiscuous mode [ 473.155954][ T2964] team0 (unregistering): Port device team_slave_1 removed [ 473.212363][ T2964] team0 (unregistering): Port device team_slave_0 removed [ 473.694424][ T54] Bluetooth: hci1: command tx timeout [ 473.832181][ T5233] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 473.845357][ T5233] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 473.863627][ T5233] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 473.872109][ T5233] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 473.888724][ T5233] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 473.898159][ T5233] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 474.090610][T13206] bridge0: port 2(bridge_slave_1) entered blocking state [ 474.098366][T13206] bridge0: port 2(bridge_slave_1) entered disabled state [ 474.106124][T13206] bridge_slave_1: entered allmulticast mode [ 474.116342][T13206] bridge_slave_1: entered promiscuous mode [ 474.143479][T13219] netlink: 'syz.0.2538': attribute type 10 has an invalid length. [ 474.162933][T13219] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 474.175230][T13219] netdevsim netdevsim0 netdevsim0: left allmulticast mode [ 474.190526][T13219] team0: Port device netdevsim0 removed [ 474.229758][T13206] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 474.275943][T13206] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 474.418245][T13206] team0: Port device team_slave_0 added [ 474.426224][T13232] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 232 [ 474.444532][T13234] Bluetooth: MGMT ver 1.23 [ 474.482819][T13206] team0: Port device team_slave_1 added [ 474.551756][T13206] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 474.571446][T13206] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 474.617226][T13206] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 474.652001][T13206] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 474.681227][T13206] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 474.729204][T13206] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 474.805506][T13248] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2548'. [ 474.876826][T13250] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2549'. [ 474.935262][T13206] hsr_slave_0: entered promiscuous mode [ 474.953282][T13206] hsr_slave_1: entered promiscuous mode [ 474.966701][T13206] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 474.982430][T13206] Cannot create hsr debugfs directory [ 475.205445][ T2964] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.357984][ T2964] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.382771][T13270] bridge0: port 1(bridge_slave_0) entered disabled state [ 475.447074][T13271] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 475.496300][ T2964] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.660964][ T2964] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.736523][T13225] chnl_net:caif_netlink_parms(): no params data found [ 475.751813][ T54] Bluetooth: hci1: command tx timeout [ 475.852803][T13280] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2558'. [ 475.992694][ T54] Bluetooth: hci3: command tx timeout [ 476.071670][T13285] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2560'. [ 476.090394][T13285] netlink: 'syz.2.2560': attribute type 1 has an invalid length. [ 476.143362][T13285] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2560'. [ 476.223290][T13225] bridge0: port 1(bridge_slave_0) entered blocking state [ 476.252454][T13225] bridge0: port 1(bridge_slave_0) entered disabled state [ 476.271938][T13225] bridge_slave_0: entered allmulticast mode [ 476.279346][T13225] bridge_slave_0: entered promiscuous mode [ 476.303945][ T2964] bridge_slave_1: left allmulticast mode [ 476.314908][ T2964] bridge_slave_1: left promiscuous mode [ 476.320674][ T2964] bridge0: port 2(bridge_slave_1) entered disabled state [ 476.372196][ T2964] bridge_slave_0: left allmulticast mode [ 476.401516][ T2964] bridge_slave_0: left promiscuous mode [ 476.407311][ T2964] bridge0: port 1(bridge_slave_0) entered disabled state [ 476.621934][T13307] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 477.069423][ T2964] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 477.082937][ T2964] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 477.096050][ T2964] bond0 (unregistering): Released all slaves [ 477.112166][T13225] bridge0: port 2(bridge_slave_1) entered blocking state [ 477.119863][T13225] bridge0: port 2(bridge_slave_1) entered disabled state [ 477.143300][T13225] bridge_slave_1: entered allmulticast mode [ 477.154910][T13225] bridge_slave_1: entered promiscuous mode [ 477.178269][T13305] netlink: 592 bytes leftover after parsing attributes in process `syz.4.2566'. [ 477.315190][T13225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 477.467076][T13225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 477.559363][T13319] IPVS: set_ctl: invalid protocol: 29 172.20.20.170:0 [ 477.594882][T13225] team0: Port device team_slave_0 added [ 477.694314][T13225] team0: Port device team_slave_1 added [ 477.702441][T13318] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 477.802507][ T2964] hsr_slave_0: left promiscuous mode [ 477.831425][ T54] Bluetooth: hci1: command tx timeout [ 477.836993][ T2964] hsr_slave_1: left promiscuous mode [ 477.847865][ T2964] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 477.871097][ T2964] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 477.895519][ T2964] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 477.912855][ T2964] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 477.973012][ T2964] veth1_macvtap: left promiscuous mode [ 477.987410][ T2964] veth0_macvtap: left promiscuous mode [ 477.998557][ T2964] veth1_vlan: left promiscuous mode [ 478.016530][ T2964] veth0_vlan: left promiscuous mode [ 478.072026][ T54] Bluetooth: hci3: command tx timeout [ 478.783394][ T2964] team0 (unregistering): Port device team_slave_1 removed [ 478.839708][ T2964] team0 (unregistering): Port device team_slave_0 removed [ 479.409230][T13206] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 479.434361][T13206] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 479.455430][T13206] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 479.499506][T13331] netlink: 372 bytes leftover after parsing attributes in process `syz.0.2575'. [ 479.522275][T13331] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2575'. [ 479.538157][T13225] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 479.547398][T13335] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2576'. [ 479.558131][T13225] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 479.581184][T13335] FAULT_INJECTION: forcing a failure. [ 479.581184][T13335] name failslab, interval 1, probability 0, space 0, times 0 [ 479.609813][T13335] CPU: 0 UID: 0 PID: 13335 Comm: syz.2.2576 Not tainted 6.11.0-rc6-syzkaller-00178-gd759ee240d3c #0 [ 479.618390][T13225] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 479.620867][T13335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 479.641942][T13335] Call Trace: [ 479.645253][T13335] [ 479.648203][T13335] dump_stack_lvl+0x241/0x360 [ 479.652996][T13335] ? __pfx_dump_stack_lvl+0x10/0x10 [ 479.658176][T13225] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 479.658214][T13335] ? __pfx__printk+0x10/0x10 [ 479.666071][T13225] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 479.670362][T13335] ? kmem_cache_alloc_noprof+0x44/0x2a0 [ 479.701966][T13335] ? __pfx___might_resched+0x10/0x10 [ 479.703722][T13225] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 479.707280][T13335] should_fail_ex+0x3b0/0x4e0 [ 479.722564][T13335] ? skb_clone+0x20c/0x390 [ 479.727017][T13335] should_failslab+0xac/0x100 [ 479.731734][T13335] ? skb_clone+0x20c/0x390 [ 479.736214][T13335] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 479.741698][T13335] skb_clone+0x20c/0x390 [ 479.745984][T13335] nfnetlink_rcv+0x575/0x2ad0 [ 479.750702][T13335] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 479.756439][T13335] ? __dev_queue_xmit+0x1763/0x3e90 [ 479.761648][T13335] ? kasan_save_track+0x51/0x80 [ 479.766532][T13335] ? do_syscall_64+0xf3/0x230 [ 479.771244][T13335] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 479.776396][T13335] ? ref_tracker_free+0x643/0x7e0 [ 479.781698][T13335] ? __asan_memcpy+0x40/0x70 [ 479.786302][T13335] ? __pfx_ref_tracker_free+0x10/0x10 [ 479.791743][T13335] ? netlink_deliver_tap+0x2e/0x1b0 [ 479.797066][T13335] ? skb_clone+0x240/0x390 [ 479.801507][T13335] ? __pfx_lock_release+0x10/0x10 [ 479.806559][T13335] ? __netlink_deliver_tap+0x77e/0x7c0 [ 479.812036][T13335] ? netlink_deliver_tap+0x2e/0x1b0 [ 479.817256][T13335] netlink_unicast+0x7f6/0x990 [ 479.822051][T13335] ? __pfx_netlink_unicast+0x10/0x10 [ 479.827341][T13335] ? __virt_addr_valid+0x183/0x530 [ 479.832458][T13335] ? __check_object_size+0x49c/0x900 [ 479.837751][T13335] ? bpf_lsm_netlink_send+0x9/0x10 [ 479.842873][T13335] netlink_sendmsg+0x8e4/0xcb0 [ 479.847723][T13335] ? __pfx_netlink_sendmsg+0x10/0x10 [ 479.853045][T13335] ? __import_iovec+0x536/0x820 [ 479.857985][T13335] ? aa_sock_msg_perm+0x91/0x160 [ 479.862947][T13335] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 479.868254][T13335] ? security_socket_sendmsg+0x87/0xb0 [ 479.873929][T13335] ? __pfx_netlink_sendmsg+0x10/0x10 [ 479.879220][T13335] __sock_sendmsg+0x221/0x270 [ 479.883915][T13335] ____sys_sendmsg+0x525/0x7d0 [ 479.888728][T13335] ? __pfx_____sys_sendmsg+0x10/0x10 [ 479.894062][T13335] __sys_sendmsg+0x2b0/0x3a0 [ 479.898656][T13335] ? __pfx___sys_sendmsg+0x10/0x10 [ 479.903788][T13335] ? vfs_write+0x7c4/0xc90 [ 479.908219][T13335] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 479.914639][T13335] ? do_syscall_64+0x100/0x230 [ 479.919420][T13335] ? do_syscall_64+0xb6/0x230 [ 479.924090][T13335] do_syscall_64+0xf3/0x230 [ 479.928585][T13335] ? clear_bhb_loop+0x35/0x90 [ 479.933428][T13335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.939311][T13335] RIP: 0033:0x7f1095b7cef9 [ 479.941669][ T5233] Bluetooth: hci1: command tx timeout [ 479.943708][T13335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 479.943729][T13335] RSP: 002b:00007f1096975038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 479.977096][T13335] RAX: ffffffffffffffda RBX: 00007f1095d35f80 RCX: 00007f1095b7cef9 [ 479.985157][T13335] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000000000003 [ 479.993142][T13335] RBP: 00007f1096975090 R08: 0000000000000000 R09: 0000000000000000 [ 480.001146][T13335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 480.009135][T13335] R13: 0000000000000000 R14: 00007f1095d35f80 R15: 00007ffedf4a76a8 [ 480.017153][T13335] [ 480.063197][T13206] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 480.151643][ T5233] Bluetooth: hci3: command tx timeout [ 480.179308][T13346] netlink: 592 bytes leftover after parsing attributes in process `syz.2.2579'. [ 480.260553][T13225] hsr_slave_0: entered promiscuous mode [ 480.278883][T13225] hsr_slave_1: entered promiscuous mode [ 480.300084][T13351] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 480.339462][T13225] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 480.372198][T13225] Cannot create hsr debugfs directory [ 480.804242][T13367] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2587'. [ 480.940915][T13206] 8021q: adding VLAN 0 to HW filter on device bond0 [ 481.016782][T13371] IPVS: set_ctl: invalid protocol: 29 172.20.20.170:0 [ 481.057692][T13206] 8021q: adding VLAN 0 to HW filter on device team0 [ 481.128647][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 481.136096][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 481.197087][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 481.204588][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 481.303233][T13376] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 481.517744][T13225] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 481.528786][T13225] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 481.554803][T13225] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 481.583148][T13225] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 481.596172][T13390] Cannot find map_set index 4 as target [ 481.604611][T13391] FAULT_INJECTION: forcing a failure. [ 481.604611][T13391] name failslab, interval 1, probability 0, space 0, times 0 [ 481.618240][T13391] CPU: 1 UID: 0 PID: 13391 Comm: syz.2.2593 Not tainted 6.11.0-rc6-syzkaller-00178-gd759ee240d3c #0 [ 481.629116][T13391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 481.639282][T13391] Call Trace: [ 481.642596][T13391] [ 481.645581][T13391] dump_stack_lvl+0x241/0x360 [ 481.650305][T13391] ? __pfx_dump_stack_lvl+0x10/0x10 [ 481.655587][T13391] ? __pfx__printk+0x10/0x10 [ 481.660223][T13391] should_fail_ex+0x3b0/0x4e0 [ 481.664917][T13391] ? skb_clone+0x20c/0x390 [ 481.669345][T13391] should_failslab+0xac/0x100 [ 481.674040][T13391] ? skb_clone+0x20c/0x390 [ 481.678564][T13391] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 481.683971][T13391] skb_clone+0x20c/0x390 [ 481.688389][T13391] ? dev_queue_xmit_nit+0x220/0xc10 [ 481.693586][T13391] dev_queue_xmit_nit+0x419/0xc10 [ 481.698695][T13391] ? dev_queue_xmit_nit+0x2b/0xc10 [ 481.703809][T13391] ? validate_xmit_skb+0x9f9/0x1120 [ 481.709009][T13391] dev_hard_start_xmit+0x15f/0x7e0 [ 481.714119][T13391] ? __pfx_validate_xmit_skb+0x10/0x10 [ 481.719579][T13391] __dev_queue_xmit+0x1b63/0x3e90 [ 481.724594][T13391] ? kasan_save_track+0x51/0x80 [ 481.729443][T13391] ? do_syscall_64+0xf3/0x230 [ 481.734122][T13391] ? __dev_queue_xmit+0x2da/0x3e90 [ 481.740278][T13391] ? __pfx___dev_queue_xmit+0x10/0x10 [ 481.745660][T13391] ? __copy_skb_header+0x437/0x5b0 [ 481.750773][T13391] ? __asan_memcpy+0x40/0x70 [ 481.755357][T13391] ? __copy_skb_header+0x437/0x5b0 [ 481.760461][T13391] ? __skb_clone+0x454/0x6c0 [ 481.765158][T13391] ? skb_clone+0x240/0x390 [ 481.769598][T13391] __netlink_deliver_tap+0x54d/0x7c0 [ 481.774903][T13391] ? netlink_deliver_tap+0x2e/0x1b0 [ 481.780183][T13391] netlink_deliver_tap+0x19d/0x1b0 [ 481.785289][T13391] netlink_unicast+0x7c4/0x990 [ 481.790078][T13391] ? __pfx_netlink_unicast+0x10/0x10 [ 481.795356][T13391] ? __virt_addr_valid+0x183/0x530 [ 481.800462][T13391] ? __check_object_size+0x49c/0x900 [ 481.805749][T13391] ? bpf_lsm_netlink_send+0x9/0x10 [ 481.810867][T13391] netlink_sendmsg+0x8e4/0xcb0 [ 481.815637][T13391] ? __pfx_netlink_sendmsg+0x10/0x10 [ 481.820912][T13391] ? __import_iovec+0x536/0x820 [ 481.825754][T13391] ? aa_sock_msg_perm+0x91/0x160 [ 481.830719][T13391] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 481.836017][T13391] ? security_socket_sendmsg+0x87/0xb0 [ 481.841523][T13391] ? __pfx_netlink_sendmsg+0x10/0x10 [ 481.846822][T13391] __sock_sendmsg+0x221/0x270 [ 481.851510][T13391] ____sys_sendmsg+0x525/0x7d0 [ 481.856283][T13391] ? __pfx_____sys_sendmsg+0x10/0x10 [ 481.861666][T13391] __sys_sendmsg+0x2b0/0x3a0 [ 481.866255][T13391] ? __pfx___sys_sendmsg+0x10/0x10 [ 481.871359][T13391] ? vfs_write+0x7c4/0xc90 [ 481.875872][T13391] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 481.882232][T13391] ? do_syscall_64+0x100/0x230 [ 481.887028][T13391] ? do_syscall_64+0xb6/0x230 [ 481.891794][T13391] do_syscall_64+0xf3/0x230 [ 481.896295][T13391] ? clear_bhb_loop+0x35/0x90 [ 481.900994][T13391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 481.906985][T13391] RIP: 0033:0x7f1095b7cef9 [ 481.911574][T13391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 481.931193][T13391] RSP: 002b:00007f1096975038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 481.939737][T13391] RAX: ffffffffffffffda RBX: 00007f1095d35f80 RCX: 00007f1095b7cef9 [ 481.947767][T13391] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000000000003 [ 481.955743][T13391] RBP: 00007f1096975090 R08: 0000000000000000 R09: 0000000000000000 [ 481.963724][T13391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 481.971731][T13391] R13: 0000000000000000 R14: 00007f1095d35f80 R15: 00007ffedf4a76a8 [ 481.979710][T13391] [ 482.021402][T13391] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2593'. [ 482.041610][T13393] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2592'. [ 482.097471][T13206] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 482.171199][T13225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 482.242318][ T5233] Bluetooth: hci3: command tx timeout [ 482.249452][T13225] 8021q: adding VLAN 0 to HW filter on device team0 [ 482.296652][T13403] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2596'. [ 482.322779][T11541] bridge0: port 1(bridge_slave_0) entered blocking state [ 482.330105][T11541] bridge0: port 1(bridge_slave_0) entered forwarding state [ 482.347369][T13206] veth0_vlan: entered promiscuous mode [ 482.384539][T11539] bridge0: port 2(bridge_slave_1) entered blocking state [ 482.391752][T11539] bridge0: port 2(bridge_slave_1) entered forwarding state [ 482.506858][T13206] veth1_vlan: entered promiscuous mode [ 482.593327][T13413] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2600'. [ 482.597832][T13225] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 482.669528][T13413] netlink: 'syz.0.2600': attribute type 1 has an invalid length. [ 482.694413][T13413] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2600'. [ 482.727526][T13419] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2602'. [ 482.739012][T13206] veth0_macvtap: entered promiscuous mode [ 482.747810][T13413] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2600'. [ 482.792920][T13206] veth1_macvtap: entered promiscuous mode [ 482.839548][T13206] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 482.880947][T13206] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.901705][T13206] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 482.927427][T13206] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.941407][T13206] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 482.952637][T13206] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.964358][T13206] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 482.979204][T13206] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 482.992825][T13206] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.002849][T13206] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 483.013327][T13206] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.025160][T13206] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 483.036251][T13206] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.049535][T13206] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 483.058413][T13428] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2605'. [ 483.115383][T13206] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.145701][T13206] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.171421][T13206] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.182008][T13206] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.244255][T13436] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2608'. [ 483.267488][T13225] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 483.295088][T13439] FAULT_INJECTION: forcing a failure. [ 483.295088][T13439] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 483.315943][T13439] CPU: 1 UID: 0 PID: 13439 Comm: syz.4.2609 Not tainted 6.11.0-rc6-syzkaller-00178-gd759ee240d3c #0 [ 483.326771][T13439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 483.336856][T13439] Call Trace: [ 483.340174][T13439] [ 483.343167][T13439] dump_stack_lvl+0x241/0x360 [ 483.347880][T13439] ? __pfx_dump_stack_lvl+0x10/0x10 [ 483.353111][T13439] ? __pfx__printk+0x10/0x10 [ 483.357751][T13439] ? snprintf+0xda/0x120 [ 483.362031][T13439] should_fail_ex+0x3b0/0x4e0 [ 483.366752][T13439] _copy_to_user+0x2f/0xb0 [ 483.371204][T13439] simple_read_from_buffer+0xca/0x150 [ 483.376622][T13439] proc_fail_nth_read+0x1ec/0x260 [ 483.381770][T13439] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 483.387346][T13439] ? rw_verify_area+0x520/0x6b0 [ 483.392227][T13439] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 483.397856][T13439] vfs_read+0x204/0xbc0 [ 483.402012][T13439] ? __pfx_lock_release+0x10/0x10 [ 483.407045][T13439] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 483.413124][T13439] ? __pfx_vfs_read+0x10/0x10 [ 483.417830][T13439] ? __fget_files+0x29/0x470 [ 483.422424][T13439] ? __fget_files+0x3f6/0x470 [ 483.427291][T13439] ksys_read+0x1a0/0x2c0 [ 483.431639][T13439] ? __pfx_ksys_read+0x10/0x10 [ 483.436453][T13439] ? do_syscall_64+0x100/0x230 [ 483.441231][T13439] ? do_syscall_64+0xb6/0x230 [ 483.445910][T13439] do_syscall_64+0xf3/0x230 [ 483.450408][T13439] ? clear_bhb_loop+0x35/0x90 [ 483.455089][T13439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.461061][T13439] RIP: 0033:0x7f007297b93c [ 483.465478][T13439] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 483.485350][T13439] RSP: 002b:00007f007385b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 483.493871][T13439] RAX: ffffffffffffffda RBX: 00007f0072b35f80 RCX: 00007f007297b93c [ 483.501953][T13439] RDX: 000000000000000f RSI: 00007f007385b0a0 RDI: 0000000000000004 [ 483.510027][T13439] RBP: 00007f007385b090 R08: 0000000000000000 R09: 0000000000000000 [ 483.518105][T13439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 483.526268][T13439] R13: 0000000000000000 R14: 00007f0072b35f80 R15: 00007ffdd1be8d78 [ 483.534281][T13439] [ 483.648651][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 483.665970][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 483.703477][T13225] veth0_vlan: entered promiscuous mode [ 483.721753][T13442] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2610'. [ 483.761033][T11541] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 483.781632][T13225] veth1_vlan: entered promiscuous mode [ 483.796656][T11541] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 483.877653][T13225] veth0_macvtap: entered promiscuous mode [ 483.894026][T13225] veth1_macvtap: entered promiscuous mode [ 483.930696][T13225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.944543][T13225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.958068][T13225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.969526][T13225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.979722][T13225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.990614][T13225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.002086][T13225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 484.012925][T13225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.033670][T13225] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 484.050831][T13225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 484.070195][T13225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.087042][T13225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 484.107251][T13225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.119948][T13225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 484.132210][T13225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.142262][T13225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 484.153214][T13457] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2614'. [ 484.165446][T13225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 484.198161][T13225] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 484.219968][T13457] bridge0: entered allmulticast mode [ 484.289548][T13225] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.301730][T13225] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.310477][T13225] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.320328][T13225] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.343469][T13457] pim6reg: entered allmulticast mode [ 484.350726][T13457] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2614'. [ 484.449922][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88807bc05c00: rx timeout, send abort [ 484.488247][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 484.505199][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 484.555470][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 484.572373][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 484.583601][T13464] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 484.958320][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88807bc05c00: abort rx timeout. Force session deactivation [ 485.052548][T13471] FAULT_INJECTION: forcing a failure. [ 485.052548][T13471] name failslab, interval 1, probability 0, space 0, times 0 [ 485.072328][T13471] CPU: 1 UID: 0 PID: 13471 Comm: syz.0.2618 Not tainted 6.11.0-rc6-syzkaller-00178-gd759ee240d3c #0 [ 485.083313][T13471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 485.093393][T13471] Call Trace: [ 485.096700][T13471] [ 485.099652][T13471] dump_stack_lvl+0x241/0x360 [ 485.104451][T13471] ? __pfx_dump_stack_lvl+0x10/0x10 [ 485.109696][T13471] ? __pfx__printk+0x10/0x10 [ 485.114320][T13471] ? ref_tracker_alloc+0x332/0x490 [ 485.119444][T13471] should_fail_ex+0x3b0/0x4e0 [ 485.124140][T13471] ? skb_clone+0x20c/0x390 [ 485.128553][T13471] should_failslab+0xac/0x100 [ 485.133345][T13471] ? skb_clone+0x20c/0x390 [ 485.137752][T13471] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 485.143121][T13471] skb_clone+0x20c/0x390 [ 485.147459][T13471] __netlink_deliver_tap+0x3cc/0x7c0 [ 485.152750][T13471] ? netlink_deliver_tap+0x2e/0x1b0 [ 485.157937][T13471] netlink_deliver_tap+0x19d/0x1b0 [ 485.163127][T13471] netlink_unicast+0x7c4/0x990 [ 485.167898][T13471] ? __pfx_netlink_unicast+0x10/0x10 [ 485.173180][T13471] ? __virt_addr_valid+0x183/0x530 [ 485.178308][T13471] ? __check_object_size+0x49c/0x900 [ 485.183599][T13471] ? bpf_lsm_netlink_send+0x9/0x10 [ 485.188721][T13471] netlink_sendmsg+0x8e4/0xcb0 [ 485.193498][T13471] ? __pfx_netlink_sendmsg+0x10/0x10 [ 485.198781][T13471] ? __import_iovec+0x536/0x820 [ 485.203631][T13471] ? aa_sock_msg_perm+0x91/0x160 [ 485.208594][T13471] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 485.213883][T13471] ? security_socket_sendmsg+0x87/0xb0 [ 485.219397][T13471] ? __pfx_netlink_sendmsg+0x10/0x10 [ 485.224701][T13471] __sock_sendmsg+0x221/0x270 [ 485.229415][T13471] ____sys_sendmsg+0x525/0x7d0 [ 485.234203][T13471] ? __pfx_____sys_sendmsg+0x10/0x10 [ 485.239586][T13471] __sys_sendmsg+0x2b0/0x3a0 [ 485.244190][T13471] ? __pfx___sys_sendmsg+0x10/0x10 [ 485.249337][T13471] ? vfs_write+0x7c4/0xc90 [ 485.253792][T13471] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 485.260206][T13471] ? do_syscall_64+0x100/0x230 [ 485.264975][T13471] ? do_syscall_64+0xb6/0x230 [ 485.269714][T13471] do_syscall_64+0xf3/0x230 [ 485.274330][T13471] ? clear_bhb_loop+0x35/0x90 [ 485.279195][T13471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.285181][T13471] RIP: 0033:0x7fd29477cef9 [ 485.289730][T13471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 485.309566][T13471] RSP: 002b:00007fd295548038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 485.318071][T13471] RAX: ffffffffffffffda RBX: 00007fd294935f80 RCX: 00007fd29477cef9 [ 485.326037][T13471] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 485.333999][T13471] RBP: 00007fd295548090 R08: 0000000000000000 R09: 0000000000000000 [ 485.341967][T13471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 485.350016][T13471] R13: 0000000000000000 R14: 00007fd294935f80 R15: 00007ffcc1fcfbe8 [ 485.357998][T13471] [ 485.818966][T13498] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 486.203627][T13512] tipc: Failed to remove unknown binding: 66,1,1/0:3879828974/3879828976 [ 486.223191][T13512] tipc: Failed to remove unknown binding: 66,1,1/0:3879828974/3879828976 [ 486.239746][T13512] tipc: Failed to remove unknown binding: 66,1,1/0:3879828974/3879828976 [ 486.493448][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 487.024640][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 487.038803][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 487.047784][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 487.057736][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 487.066160][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 487.078494][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 487.226379][T13527] chnl_net:caif_netlink_parms(): no params data found [ 487.316332][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 487.331286][T13527] bridge0: port 1(bridge_slave_0) entered blocking state [ 487.340063][T13527] bridge0: port 1(bridge_slave_0) entered disabled state [ 487.349431][T13527] bridge_slave_0: entered allmulticast mode [ 487.356973][T13527] bridge_slave_0: entered promiscuous mode [ 487.394459][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 487.408912][T13527] bridge0: port 2(bridge_slave_1) entered blocking state [ 487.416262][T13527] bridge0: port 2(bridge_slave_1) entered disabled state [ 487.423863][T13527] bridge_slave_1: entered allmulticast mode [ 487.430712][T13527] bridge_slave_1: entered promiscuous mode [ 487.467677][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 487.508111][T13527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 487.525803][T13527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 487.568534][T13527] team0: Port device team_slave_0 added [ 487.580355][T13527] team0: Port device team_slave_1 added [ 487.626609][T13527] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 487.639320][T13527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 487.666373][T13527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 487.690352][T13527] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 487.697805][T13527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 487.724244][T13527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 487.760114][ T11] bridge_slave_1: left allmulticast mode [ 487.768377][ T11] bridge_slave_1: left promiscuous mode [ 487.774555][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 487.785410][ T11] bridge_slave_0: left allmulticast mode [ 487.791082][ T11] bridge_slave_0: left promiscuous mode [ 487.797630][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 488.249177][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 488.260884][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 488.277211][ T11] bond0 (unregistering): Released all slaves [ 488.326248][T13527] hsr_slave_0: entered promiscuous mode [ 488.336486][T13527] hsr_slave_1: entered promiscuous mode [ 488.359562][T13527] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 488.370877][T13527] Cannot create hsr debugfs directory [ 488.504245][T13539] __nla_validate_parse: 7 callbacks suppressed [ 488.504266][T13539] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2642'. [ 488.579658][T13541] netem: incorrect ge model size [ 488.581913][T13542] netlink: 'syz.2.2642': attribute type 1 has an invalid length. [ 488.604990][T13541] netem: change failed [ 488.611645][T13542] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2642'. [ 488.632504][T13544] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2641'. [ 488.657861][T13537] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 488.965475][ T5233] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 488.977282][ T5233] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 489.002614][ T5233] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 489.030305][ T5233] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 489.041098][ T5233] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 489.048748][ T5233] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 489.111610][ T5233] Bluetooth: hci1: command tx timeout [ 489.201910][ T11] hsr_slave_0: left promiscuous mode [ 489.218745][ T11] hsr_slave_1: left promiscuous mode [ 489.235167][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 489.257724][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 489.281629][T13561] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 489.283525][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 489.313124][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 489.376157][ T11] veth1_macvtap: left promiscuous mode [ 489.382931][ T11] veth0_macvtap: left promiscuous mode [ 489.388994][ T11] veth1_vlan: left promiscuous mode [ 489.394408][ T11] veth0_vlan: left promiscuous mode [ 489.789056][T13567] FAULT_INJECTION: forcing a failure. [ 489.789056][T13567] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 489.811618][T13567] CPU: 1 UID: 0 PID: 13567 Comm: syz.4.2649 Not tainted 6.11.0-rc6-syzkaller-00178-gd759ee240d3c #0 [ 489.822529][T13567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 489.832620][T13567] Call Trace: [ 489.835999][T13567] [ 489.838938][T13567] dump_stack_lvl+0x241/0x360 [ 489.843642][T13567] ? __pfx_dump_stack_lvl+0x10/0x10 [ 489.849475][T13567] ? __pfx__printk+0x10/0x10 [ 489.854095][T13567] should_fail_ex+0x3b0/0x4e0 [ 489.858805][T13567] prepare_alloc_pages+0x1da/0x5d0 [ 489.863938][T13567] __alloc_pages_noprof+0x166/0x6c0 [ 489.869182][T13567] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 489.874939][T13567] ? __pfx_validate_chain+0x10/0x10 [ 489.880158][T13567] alloc_pages_mpol_noprof+0x3e8/0x680 [ 489.885646][T13567] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 489.891690][T13567] vma_alloc_folio_noprof+0x12e/0x230 [ 489.897132][T13567] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 489.903064][T13567] ? __lock_acquire+0x137a/0x2040 [ 489.908105][T13567] folio_prealloc+0x31/0x170 [ 489.912723][T13567] handle_pte_fault+0x255e/0x6fc0 [ 489.917794][T13567] ? __pfx_lock_acquire+0x10/0x10 [ 489.922852][T13567] ? __pfx_handle_pte_fault+0x10/0x10 [ 489.928274][T13567] ? do_raw_spin_lock+0x14f/0x370 [ 489.933433][T13567] ? follow_page_pte+0x29a/0x1ee0 [ 489.938485][T13567] ? follow_page_pte+0x83f/0x1ee0 [ 489.943523][T13567] ? __pfx_lock_release+0x10/0x10 [ 489.948568][T13567] ? do_raw_spin_unlock+0x13c/0x8b0 [ 489.953790][T13567] handle_mm_fault+0x1109/0x1bc0 [ 489.958769][T13567] ? __pfx_handle_mm_fault+0x10/0x10 [ 489.964083][T13567] ? __pfx_find_vma+0x10/0x10 [ 489.968873][T13567] ? vma_is_secretmem+0xd/0x50 [ 489.973740][T13567] ? check_vma_flags+0x531/0x5a0 [ 489.978742][T13567] __get_user_pages+0x6ec/0x16a0 [ 489.983723][T13567] ? __pfx___get_user_pages+0x10/0x10 [ 489.989142][T13567] __gup_longterm_locked+0xed7/0x17d0 [ 489.994902][T13567] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 490.001287][T13567] ? sanity_check_pinned_pages+0x12c2/0x13c0 [ 490.007308][T13567] ? gup_fast_fallback+0x221d/0x2b50 [ 490.012639][T13567] gup_fast_fallback+0x2742/0x2b50 [ 490.017833][T13567] ? __pfx_gup_fast_fallback+0x10/0x10 [ 490.023489][T13567] ? __sys_getsockopt+0x271/0x330 [ 490.028547][T13567] ? __x64_sys_getsockopt+0xb5/0xd0 [ 490.033758][T13567] ? do_syscall_64+0xf3/0x230 [ 490.038456][T13567] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.044689][T13567] ? is_valid_gup_args+0x124/0x200 [ 490.049829][T13567] pin_user_pages_fast+0xcc/0x160 [ 490.054893][T13567] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 490.060647][T13567] ? rds_info_getsockopt+0x20c/0x600 [ 490.065936][T13567] ? rds_info_getsockopt+0x20c/0x600 [ 490.071228][T13567] ? rds_info_getsockopt+0x20c/0x600 [ 490.076545][T13567] ? __kmalloc_noprof+0x21a/0x400 [ 490.081685][T13567] rds_info_getsockopt+0x22e/0x600 [ 490.086850][T13567] ? __might_fault+0xaa/0x120 [ 490.091535][T13567] ? __pfx_lock_release+0x10/0x10 [ 490.096584][T13567] ? __pfx_rds_info_getsockopt+0x10/0x10 [ 490.102246][T13567] ? __might_fault+0xc6/0x120 [ 490.106942][T13567] ? rds_getsockopt+0x2c2/0x530 [ 490.111796][T13567] ? __pfx_rds_getsockopt+0x10/0x10 [ 490.117177][T13567] do_sock_getsockopt+0x3c4/0x7e0 [ 490.122215][T13567] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 490.127776][T13567] ? __fget_files+0x3f6/0x470 [ 490.132567][T13567] __sys_getsockopt+0x271/0x330 [ 490.137431][T13567] ? __pfx___sys_getsockopt+0x10/0x10 [ 490.142818][T13567] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 490.149164][T13567] ? do_syscall_64+0x100/0x230 [ 490.153931][T13567] __x64_sys_getsockopt+0xb5/0xd0 [ 490.158969][T13567] do_syscall_64+0xf3/0x230 [ 490.163473][T13567] ? clear_bhb_loop+0x35/0x90 [ 490.168169][T13567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.174064][T13567] RIP: 0033:0x7f007297cef9 [ 490.178493][T13567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 490.198094][T13567] RSP: 002b:00007f007385b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 490.206580][T13567] RAX: ffffffffffffffda RBX: 00007f0072b35f80 RCX: 00007f007297cef9 [ 490.214563][T13567] RDX: 0000000000002711 RSI: 0000200000000114 RDI: 0000000000000003 [ 490.222554][T13567] RBP: 00007f007385b090 R08: 0000000020000040 R09: 0000000000000000 [ 490.230557][T13567] R10: 0000000020005ec0 R11: 0000000000000246 R12: 0000000000000002 [ 490.238525][T13567] R13: 0000000000000000 R14: 00007f0072b35f80 R15: 00007ffdd1be8d78 [ 490.246504][T13567] [ 490.686460][ T11] team0 (unregistering): Port device team_slave_1 removed [ 490.749143][ T11] team0 (unregistering): Port device team_slave_0 removed [ 491.113001][ T5233] Bluetooth: hci3: command tx timeout [ 491.194884][ T5233] Bluetooth: hci1: command tx timeout [ 491.300815][T13559] netlink: 592 bytes leftover after parsing attributes in process `syz.0.2646'. [ 491.390554][T13570] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2650'. [ 491.636259][T13580] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2653'. [ 491.691866][T13582] netlink: 'syz.4.2653': attribute type 1 has an invalid length. [ 491.729919][T13582] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2653'. [ 492.079298][T13594] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2657'. [ 492.330547][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.360417][T13548] chnl_net:caif_netlink_parms(): no params data found [ 492.395194][T13610] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2661'. [ 492.448643][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.653848][T13622] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2664'. [ 492.693612][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.764513][T13548] bridge0: port 1(bridge_slave_0) entered blocking state [ 492.778434][T13548] bridge0: port 1(bridge_slave_0) entered disabled state [ 492.789800][T13548] bridge_slave_0: entered allmulticast mode [ 492.799670][T13548] bridge_slave_0: entered promiscuous mode [ 492.838850][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.852940][T13630] netlink: 'syz.0.2666': attribute type 1 has an invalid length. [ 492.888427][T13548] bridge0: port 2(bridge_slave_1) entered blocking state [ 492.905549][T13548] bridge0: port 2(bridge_slave_1) entered disabled state [ 492.913303][T13548] bridge_slave_1: entered allmulticast mode [ 492.923357][T13548] bridge_slave_1: entered promiscuous mode [ 493.055643][T13548] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 493.069966][T13527] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 493.104375][T13548] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 493.130976][T13527] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 493.172640][T13527] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 493.191603][ T5233] Bluetooth: hci3: command tx timeout [ 493.256307][T13642] netem: incorrect ge model size [ 493.272001][ T5233] Bluetooth: hci1: command tx timeout [ 493.279653][T13642] netem: change failed [ 493.306567][T13527] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 493.415385][T13548] team0: Port device team_slave_0 added [ 493.451281][T13548] team0: Port device team_slave_1 added [ 493.470546][T13651] tipc: Enabling of bearer rejected, media not registered [ 493.665068][T13548] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 493.680078][T13548] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 493.707776][T13548] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 493.730447][T13548] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 493.741596][T13548] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 493.787634][T13548] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 493.855660][ T11] bridge_slave_1: left allmulticast mode [ 493.864541][ T11] bridge_slave_1: left promiscuous mode [ 493.877110][T13673] __nla_validate_parse: 4 callbacks suppressed [ 493.877120][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 493.877131][T13673] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2680'. [ 493.877159][T13673] openvswitch: netlink: IP tunnel attribute has 3056 unknown bytes. [ 493.912522][ T11] bridge_slave_0: left allmulticast mode [ 493.924747][ T11] bridge_slave_0: left promiscuous mode [ 493.937319][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 494.468553][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 494.480821][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 494.496414][ T11] bond0 (unregistering): Released all slaves [ 494.537838][T13548] hsr_slave_0: entered promiscuous mode [ 494.545212][T13548] hsr_slave_1: entered promiscuous mode [ 494.557983][T13548] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 494.570941][T13548] Cannot create hsr debugfs directory [ 494.852323][T13527] 8021q: adding VLAN 0 to HW filter on device bond0 [ 494.947803][T13684] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2686'. [ 495.120586][ T11] hsr_slave_0: left promiscuous mode [ 495.146377][ T11] hsr_slave_1: left promiscuous mode [ 495.161015][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 495.169140][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 495.180044][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 495.188153][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 495.238641][ T11] veth1_macvtap: left promiscuous mode [ 495.247597][ T11] veth0_macvtap: left promiscuous mode [ 495.257285][ T11] veth1_vlan: left promiscuous mode [ 495.263128][ T11] veth0_vlan: left promiscuous mode [ 495.271577][ T5233] Bluetooth: hci3: command tx timeout [ 495.323588][T13699] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 495.353295][ T5233] Bluetooth: hci1: command tx timeout [ 496.081706][ T11] team0 (unregistering): Port device team_slave_1 removed [ 496.141010][ T11] team0 (unregistering): Port device team_slave_0 removed [ 496.798453][T13527] 8021q: adding VLAN 0 to HW filter on device team0 [ 496.932422][ T2964] bridge0: port 1(bridge_slave_0) entered blocking state [ 496.939594][ T2964] bridge0: port 1(bridge_slave_0) entered forwarding state [ 497.006316][T11539] bridge0: port 2(bridge_slave_1) entered blocking state [ 497.013498][T11539] bridge0: port 2(bridge_slave_1) entered forwarding state [ 497.087730][T13710] netlink: 'syz.4.2693': attribute type 10 has an invalid length. [ 497.136982][T13712] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 497.352786][ T5233] Bluetooth: hci3: command tx timeout [ 497.551037][T13728] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2702'. [ 497.566148][T13548] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 497.577176][T13548] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 497.585771][T13728] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2702'. [ 497.591929][T13548] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 497.642156][T13548] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 497.723110][T13527] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 497.976913][T13527] veth0_vlan: entered promiscuous mode [ 498.028434][T13527] veth1_vlan: entered promiscuous mode [ 498.057352][T13548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 498.158406][T13548] 8021q: adding VLAN 0 to HW filter on device team0 [ 498.183182][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 498.190379][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 498.230717][T13527] veth0_macvtap: entered promiscuous mode [ 498.249343][T13527] veth1_macvtap: entered promiscuous mode [ 498.263187][T13756] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2712'. [ 498.291028][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 498.298249][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 498.329054][T13527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 498.332500][T13756] netlink: 'syz.0.2712': attribute type 1 has an invalid length. [ 498.353600][T13527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 498.368911][T13527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 498.368940][T13756] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2712'. [ 498.388199][T13527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 498.407456][T13527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 498.418097][T13527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 498.434951][T13527] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 498.445568][T13761] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2714'. [ 498.517663][T13527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 498.535351][T13527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 498.546578][T13527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 498.558829][T13527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 498.569006][T13527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 498.579953][T13527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 498.606455][T13527] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 498.628456][T13527] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 498.637675][T13527] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 498.663944][T13766] FAULT_INJECTION: forcing a failure. [ 498.663944][T13766] name failslab, interval 1, probability 0, space 0, times 0 [ 498.667481][T13527] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 498.697017][T13766] CPU: 1 UID: 0 PID: 13766 Comm: syz.2.2716 Not tainted 6.11.0-rc6-syzkaller-00178-gd759ee240d3c #0 [ 498.706130][T13527] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 498.707869][T13766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 498.726612][T13766] Call Trace: [ 498.729926][T13766] [ 498.732880][T13766] dump_stack_lvl+0x241/0x360 [ 498.737680][T13766] ? __pfx_dump_stack_lvl+0x10/0x10 [ 498.742922][T13766] ? __pfx__printk+0x10/0x10 [ 498.747739][T13766] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 498.749100][T13548] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 498.753205][T13766] ? __pfx___might_resched+0x10/0x10 [ 498.753232][T13766] ? lockdep_init_map_type+0xa1/0x910 [ 498.753258][T13766] should_fail_ex+0x3b0/0x4e0 [ 498.753289][T13766] should_failslab+0xac/0x100 [ 498.753315][T13766] ? nft_trans_table_add+0x57/0x400 [ 498.753335][T13766] __kmalloc_cache_noprof+0x6c/0x2c0 [ 498.753362][T13766] nft_trans_table_add+0x57/0x400 [ 498.753390][T13766] nf_tables_newtable+0x10f6/0x1dc0 [ 498.753431][T13766] ? __pfx_nf_tables_newtable+0x10/0x10 [ 498.753467][T13766] ? __nla_parse+0x40/0x60 [ 498.753494][T13766] nfnetlink_rcv+0x14dc/0x2ad0 [ 498.753555][T13766] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 498.753635][T13766] ? netlink_deliver_tap+0x2e/0x1b0 [ 498.753654][T13766] ? skb_clone+0x240/0x390 [ 498.753679][T13766] ? __pfx_lock_release+0x10/0x10 [ 498.753721][T13766] ? netlink_deliver_tap+0x2e/0x1b0 [ 498.753745][T13766] netlink_unicast+0x7f6/0x990 [ 498.753780][T13766] ? __pfx_netlink_unicast+0x10/0x10 [ 498.753804][T13766] ? __virt_addr_valid+0x183/0x530 [ 498.753835][T13766] ? __check_object_size+0x49c/0x900 [ 498.753860][T13766] ? bpf_lsm_netlink_send+0x9/0x10 [ 498.753887][T13766] netlink_sendmsg+0x8e4/0xcb0 [ 498.753922][T13766] ? __pfx_netlink_sendmsg+0x10/0x10 [ 498.753945][T13766] ? __import_iovec+0x536/0x820 [ 498.753966][T13766] ? aa_sock_msg_perm+0x91/0x160 [ 498.769581][T13548] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 498.770036][T13766] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 498.907560][T13766] ? security_socket_sendmsg+0x87/0xb0 [ 498.913066][T13766] ? __pfx_netlink_sendmsg+0x10/0x10 [ 498.918383][T13766] __sock_sendmsg+0x221/0x270 [ 498.923098][T13766] ____sys_sendmsg+0x525/0x7d0 [ 498.927904][T13766] ? __pfx_____sys_sendmsg+0x10/0x10 [ 498.933245][T13766] __sys_sendmsg+0x2b0/0x3a0 [ 498.937872][T13766] ? __pfx___sys_sendmsg+0x10/0x10 [ 498.943010][T13766] ? vfs_write+0x7c4/0xc90 [ 498.947762][T13766] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 498.954142][T13766] ? do_syscall_64+0x100/0x230 [ 498.958951][T13766] ? do_syscall_64+0xb6/0x230 [ 498.963667][T13766] do_syscall_64+0xf3/0x230 [ 498.968206][T13766] ? clear_bhb_loop+0x35/0x90 [ 498.972948][T13766] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 498.978874][T13766] RIP: 0033:0x7f1095b7cef9 [ 498.983319][T13766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 499.003050][T13766] RSP: 002b:00007f1096975038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 499.011462][T13766] RAX: ffffffffffffffda RBX: 00007f1095d35f80 RCX: 00007f1095b7cef9 [ 499.019513][T13766] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 499.027479][T13766] RBP: 00007f1096975090 R08: 0000000000000000 R09: 0000000000000000 [ 499.035446][T13766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 499.043673][T13766] R13: 0000000000000000 R14: 00007f1095d35f80 R15: 00007ffedf4a76a8 [ 499.051745][T13766] [ 499.243860][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 499.259651][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 499.299421][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 499.308047][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 499.344886][T13548] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 499.583712][T13548] veth0_vlan: entered promiscuous mode [ 499.614601][T13548] veth1_vlan: entered promiscuous mode [ 499.630877][T13798] FAULT_INJECTION: forcing a failure. [ 499.630877][T13798] name failslab, interval 1, probability 0, space 0, times 0 [ 499.656584][T13798] CPU: 1 UID: 0 PID: 13798 Comm: syz.0.2725 Not tainted 6.11.0-rc6-syzkaller-00178-gd759ee240d3c #0 [ 499.667584][T13798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 499.677665][T13798] Call Trace: [ 499.680993][T13798] [ 499.683962][T13798] dump_stack_lvl+0x241/0x360 [ 499.688676][T13798] ? __pfx_dump_stack_lvl+0x10/0x10 [ 499.693259][T13548] veth0_macvtap: entered promiscuous mode [ 499.693913][T13798] ? __pfx__printk+0x10/0x10 [ 499.704231][T13798] ? mark_lock+0x9a/0x350 [ 499.708172][T13548] veth1_macvtap: entered promiscuous mode [ 499.708586][T13798] should_fail_ex+0x3b0/0x4e0 [ 499.718991][T13798] should_failslab+0xac/0x100 [ 499.723711][T13798] ? __alloc_skb+0x1c3/0x440 [ 499.728340][T13798] kmem_cache_alloc_node_noprof+0x71/0x320 [ 499.734245][T13798] __alloc_skb+0x1c3/0x440 [ 499.738664][T13798] ? __pfx___alloc_skb+0x10/0x10 [ 499.743682][T13798] ? aa_get_newest_label+0xff/0x6f0 [ 499.748986][T13798] create_monitor_ctrl_open+0x20c/0xc50 [ 499.754528][T13798] ? __pfx_lock_release+0x10/0x10 [ 499.759554][T13798] ? __pfx_create_monitor_ctrl_open+0x10/0x10 [ 499.765613][T13798] ? bpf_lsm_capable+0x9/0x10 [ 499.770286][T13798] ? security_capable+0x90/0xb0 [ 499.775139][T13798] hci_sock_ioctl+0x3b1/0xa40 [ 499.779826][T13798] sock_do_ioctl+0x158/0x460 [ 499.784429][T13798] ? __pfx_sock_do_ioctl+0x10/0x10 [ 499.789568][T13798] sock_ioctl+0x629/0x8e0 [ 499.793904][T13798] ? __pfx_sock_ioctl+0x10/0x10 [ 499.798837][T13798] ? __fget_files+0x29/0x470 [ 499.803424][T13798] ? __fget_files+0x3f6/0x470 [ 499.808089][T13798] ? __fget_files+0x29/0x470 [ 499.812675][T13798] ? bpf_lsm_file_ioctl+0x9/0x10 [ 499.817606][T13798] ? security_file_ioctl+0x87/0xb0 [ 499.822731][T13798] ? __pfx_sock_ioctl+0x10/0x10 [ 499.827581][T13798] __se_sys_ioctl+0xfc/0x170 [ 499.832165][T13798] do_syscall_64+0xf3/0x230 [ 499.836660][T13798] ? clear_bhb_loop+0x35/0x90 [ 499.841429][T13798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.847443][T13798] RIP: 0033:0x7fd29477cef9 [ 499.851867][T13798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 499.871648][T13798] RSP: 002b:00007fd295548038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 499.880230][T13798] RAX: ffffffffffffffda RBX: 00007fd294935f80 RCX: 00007fd29477cef9 [ 499.888278][T13798] RDX: 00000000200000c0 RSI: 00000000800448f0 RDI: 0000000000000004 [ 499.896499][T13798] RBP: 00007fd295548090 R08: 0000000000000000 R09: 0000000000000000 [ 499.904547][T13798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 499.912695][T13798] R13: 0000000000000000 R14: 00007fd294935f80 R15: 00007ffcc1fcfbe8 [ 499.920758][T13798] [ 499.963978][T13548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 499.990000][T13548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.014346][T13548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 500.047622][T13548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.069320][T13548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 500.080878][T13548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.104639][T13548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 500.118676][T13806] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2729'. [ 500.135354][T13548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.165164][T13548] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 500.204249][T13548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.224952][T13548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.242742][T13548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.267336][T13548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.282182][T13548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.301264][T13548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.311818][T13548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 500.331634][T13548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 500.344784][T13548] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 500.394444][T13548] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.412009][T13548] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.431080][T13548] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.448730][T13548] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.737371][ T2964] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 500.859188][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 500.873617][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 500.898978][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 500.907103][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 501.154344][ T2964] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 501.535019][ T2964] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 501.619569][ T2964] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 501.772760][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.789930][ T2964] bridge_slave_1: left allmulticast mode [ 501.795963][ T2964] bridge_slave_1: left promiscuous mode [ 501.805537][ T2964] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.834528][ T2964] bridge_slave_0: left allmulticast mode [ 501.850485][ T2964] bridge_slave_0: left promiscuous mode [ 501.860807][ T2964] bridge0: port 1(bridge_slave_0) entered disabled state [ 502.024004][T13840] netlink: 'syz.2.2740': attribute type 1 has an invalid length. [ 502.035863][T13841] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2738'. [ 502.061513][T13840] netlink: 9372 bytes leftover after parsing attributes in process `syz.2.2740'. [ 502.091155][T13840] netlink: 11 bytes leftover after parsing attributes in process `syz.2.2740'. [ 502.132793][T13840] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2740'. [ 502.154827][T13846] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 502.290024][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 502.321078][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 502.337459][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 502.353232][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 502.381434][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 502.389714][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 502.767584][ T2964] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 502.779806][ T2964] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 502.791122][ T2964] bond0 (unregistering): Released all slaves [ 502.809777][T13837] netlink: 592 bytes leftover after parsing attributes in process `syz.0.2739'. [ 503.496310][ T2964] hsr_slave_0: left promiscuous mode [ 503.504882][ T2964] hsr_slave_1: left promiscuous mode [ 503.522415][ T2964] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 503.531259][ T2964] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 503.542226][ T2964] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 503.549676][ T2964] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 503.610256][ T2964] veth1_macvtap: left promiscuous mode [ 503.619344][ T2964] veth0_macvtap: left promiscuous mode [ 503.630657][ T2964] veth1_vlan: left promiscuous mode [ 503.640654][ T2964] veth0_vlan: left promiscuous mode [ 504.472813][ T5233] Bluetooth: hci1: command tx timeout [ 504.735346][ T2964] team0 (unregistering): Port device team_slave_1 removed [ 504.849936][ T2964] team0 (unregistering): Port device team_slave_0 removed [ 505.802995][ T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 505.825004][ T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 505.834485][ T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 505.860784][ T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 505.881276][ T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 505.888921][ T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 506.254359][T13847] chnl_net:caif_netlink_parms(): no params data found [ 506.401911][T13887] netem: incorrect ge model size [ 506.460198][T13887] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2749'. [ 506.516837][T13898] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2752'. [ 506.551637][ T5233] Bluetooth: hci1: command tx timeout [ 506.559813][T13847] bridge0: port 1(bridge_slave_0) entered blocking state [ 506.568628][T13847] bridge0: port 1(bridge_slave_0) entered disabled state [ 506.576269][T13847] bridge_slave_0: entered allmulticast mode [ 506.584056][T13847] bridge_slave_0: entered promiscuous mode [ 506.606000][T13847] bridge0: port 2(bridge_slave_1) entered blocking state [ 506.632719][T13847] bridge0: port 2(bridge_slave_1) entered disabled state [ 506.640009][T13847] bridge_slave_1: entered allmulticast mode [ 506.679160][T13847] bridge_slave_1: entered promiscuous mode [ 506.714503][T13906] sctp: [Deprecated]: syz.0.2754 (pid 13906) Use of int in max_burst socket option. [ 506.714503][T13906] Use struct sctp_assoc_value instead [ 506.741231][T13907] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2755'. [ 506.770044][T13911] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 506.822569][T13902] netlink: 592 bytes leftover after parsing attributes in process `syz.4.2753'. [ 506.839670][T13847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 506.986126][T13847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 507.079817][T13918] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2758'. [ 507.157382][T13847] team0: Port device team_slave_0 added [ 507.189271][T13847] team0: Port device team_slave_1 added [ 507.504982][ T2964] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.577869][T13847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 507.590603][T13847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 507.630373][T13847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 507.765137][ T2964] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.801942][T13878] chnl_net:caif_netlink_parms(): no params data found [ 507.853605][T13847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 507.870901][T13847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 507.901713][T13847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 507.912426][ T5233] Bluetooth: hci3: command tx timeout [ 507.968944][ T2964] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.002084][T13939] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 508.124710][ T2964] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.196514][T13944] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2767'. [ 508.316589][T13847] hsr_slave_0: entered promiscuous mode [ 508.327235][T13847] hsr_slave_1: entered promiscuous mode [ 508.336205][T13847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 508.349587][T13847] Cannot create hsr debugfs directory [ 508.359856][T13878] bridge0: port 1(bridge_slave_0) entered blocking state [ 508.381642][T13878] bridge0: port 1(bridge_slave_0) entered disabled state [ 508.389392][T13878] bridge_slave_0: entered allmulticast mode [ 508.423129][T13878] bridge_slave_0: entered promiscuous mode [ 508.485564][T13878] bridge0: port 2(bridge_slave_1) entered blocking state [ 508.495784][T13878] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.503333][T13878] bridge_slave_1: entered allmulticast mode [ 508.511745][T13878] bridge_slave_1: entered promiscuous mode [ 508.518459][T13951] FAULT_INJECTION: forcing a failure. [ 508.518459][T13951] name failslab, interval 1, probability 0, space 0, times 0 [ 508.548309][T13951] CPU: 0 UID: 0 PID: 13951 Comm: syz.4.2769 Not tainted 6.11.0-rc6-syzkaller-00178-gd759ee240d3c #0 [ 508.559211][T13951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 508.569391][T13951] Call Trace: [ 508.572707][T13951] [ 508.575669][T13951] dump_stack_lvl+0x241/0x360 [ 508.580380][T13951] ? __pfx_dump_stack_lvl+0x10/0x10 [ 508.585696][T13951] ? __pfx__printk+0x10/0x10 [ 508.590333][T13951] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 508.595824][T13951] ? __pfx___might_resched+0x10/0x10 [ 508.601239][T13951] should_fail_ex+0x3b0/0x4e0 [ 508.605954][T13951] should_failslab+0xac/0x100 [ 508.610677][T13951] ? nft_delflowtable+0x57/0x470 [ 508.615800][T13951] __kmalloc_cache_noprof+0x6c/0x2c0 [ 508.621209][T13951] nft_delflowtable+0x57/0x470 [ 508.625994][T13951] ? nla_memcpy+0x8b/0xc0 [ 508.630331][T13951] nf_tables_delflowtable+0x1498/0x1ac0 [ 508.635900][T13951] ? __pfx_nf_tables_delflowtable+0x10/0x10 [ 508.641789][T13951] ? nfnl_pernet+0x23/0x240 [ 508.646295][T13951] ? __pfx_lock_release+0x10/0x10 [ 508.651348][T13951] ? __nla_parse+0x40/0x60 [ 508.655770][T13951] nfnetlink_rcv+0x14dc/0x2ad0 [ 508.660639][T13951] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 508.665786][T13951] ? netlink_deliver_tap+0x2e/0x1b0 [ 508.671069][T13951] ? skb_clone+0x240/0x390 [ 508.675479][T13951] ? __pfx_lock_release+0x10/0x10 [ 508.680539][T13951] ? netlink_deliver_tap+0x2e/0x1b0 [ 508.685761][T13951] netlink_unicast+0x7f6/0x990 [ 508.690543][T13951] ? __pfx_netlink_unicast+0x10/0x10 [ 508.695919][T13951] ? __virt_addr_valid+0x183/0x530 [ 508.701039][T13951] ? __check_object_size+0x49c/0x900 [ 508.706326][T13951] ? bpf_lsm_netlink_send+0x9/0x10 [ 508.711547][T13951] netlink_sendmsg+0x8e4/0xcb0 [ 508.716314][T13951] ? __pfx_netlink_sendmsg+0x10/0x10 [ 508.721682][T13951] ? __import_iovec+0x536/0x820 [ 508.726527][T13951] ? aa_sock_msg_perm+0x91/0x160 [ 508.731544][T13951] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 508.736854][T13951] ? security_socket_sendmsg+0x87/0xb0 [ 508.742398][T13951] ? __pfx_netlink_sendmsg+0x10/0x10 [ 508.747674][T13951] __sock_sendmsg+0x221/0x270 [ 508.752352][T13951] ____sys_sendmsg+0x525/0x7d0 [ 508.757113][T13951] ? __pfx_____sys_sendmsg+0x10/0x10 [ 508.762401][T13951] __sys_sendmsg+0x2b0/0x3a0 [ 508.766989][T13951] ? __pfx___sys_sendmsg+0x10/0x10 [ 508.772098][T13951] ? vfs_write+0x7c4/0xc90 [ 508.776536][T13951] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 508.782873][T13951] ? do_syscall_64+0x100/0x230 [ 508.787631][T13951] ? do_syscall_64+0xb6/0x230 [ 508.792307][T13951] do_syscall_64+0xf3/0x230 [ 508.796808][T13951] ? clear_bhb_loop+0x35/0x90 [ 508.801487][T13951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.807391][T13951] RIP: 0033:0x7f007297cef9 [ 508.811887][T13951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 508.832263][T13951] RSP: 002b:00007f007385b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 508.840759][T13951] RAX: ffffffffffffffda RBX: 00007f0072b35f80 RCX: 00007f007297cef9 [ 508.848812][T13951] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 508.856967][T13951] RBP: 00007f007385b090 R08: 0000000000000000 R09: 0000000000000000 [ 508.865027][T13951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 508.873002][T13951] R13: 0000000000000000 R14: 00007f0072b35f80 R15: 00007ffdd1be8d78 [ 508.880993][T13951] [ 508.915693][ T5233] Bluetooth: hci1: command tx timeout [ 509.079120][T13878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 509.124488][T13878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 509.329125][T13878] team0: Port device team_slave_0 added [ 509.359292][ T2964] bridge_slave_1: left allmulticast mode [ 509.370130][ T2964] bridge_slave_1: left promiscuous mode [ 509.387875][ T2964] bridge0: port 2(bridge_slave_1) entered disabled state [ 509.418148][ T2964] bridge_slave_0: left allmulticast mode [ 509.429651][ T2964] bridge_slave_0: left promiscuous mode [ 509.436565][ T2964] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.446141][T13975] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2773'. [ 509.463493][ T2964] bridge_slave_1: left allmulticast mode [ 509.469347][ T2964] bridge_slave_1: left promiscuous mode [ 509.475715][ T2964] bridge0: port 2(bridge_slave_1) entered disabled state [ 509.498505][ T2964] bridge_slave_0: left allmulticast mode [ 509.526016][ T2964] bridge_slave_0: left promiscuous mode [ 509.538575][ T2964] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.804332][ T2964] bond2: left allmulticast mode [ 509.832313][ T2964] ip6gretap1: left allmulticast mode [ 509.839044][ T2964] bond2: left promiscuous mode [ 509.991559][ T5233] Bluetooth: hci3: command tx timeout [ 510.132941][ T2964] bond2 (unregistering): (slave ip6gretap1): Releasing active interface [ 510.453435][T13994] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 510.951632][ T5233] Bluetooth: hci1: command tx timeout [ 511.253006][ T2964] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 511.266930][ T2964] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 511.282300][ T2964] bond0 (unregistering): Released all slaves [ 511.462570][ T2964] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 511.479045][ T2964] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 511.493513][ T2964] bond0 (unregistering): Released all slaves [ 511.517902][ T2964] bond1 (unregistering): Released all slaves [ 511.722693][ T2964] bond2 (unregistering): Released all slaves [ 511.759029][T13878] team0: Port device team_slave_1 added [ 512.063846][T13878] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 512.070854][T13878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 512.124322][ T5233] Bluetooth: hci3: command tx timeout [ 512.129990][T13878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 512.141252][T13997] Bluetooth: MGMT ver 1.23 [ 512.338356][T13878] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 512.358604][T13878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 512.393402][T13878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 512.410764][T14004] batadv1: entered allmulticast mode [ 512.444026][T14007] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2785'. [ 512.598426][T14011] netlink: 'syz.0.2781': attribute type 15 has an invalid length. [ 512.665655][T14014] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 512.674822][T14014] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 512.684205][T14014] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 512.730754][T14017] netlink: 'syz.4.2786': attribute type 1 has an invalid length. [ 512.743639][ C1] ------------[ cut here ]------------ [ 512.749213][ C1] WARNING: CPU: 1 PID: 14021 at net/hsr/hsr_forward.c:602 hsr_fill_frame_info+0x3da/0x570 [ 512.756495][T14017] netlink: 'syz.4.2786': attribute type 2 has an invalid length. [ 512.759167][ C1] Modules linked in: [ 512.770869][ C1] CPU: 1 UID: 0 PID: 14021 Comm: syz.0.2789 Not tainted 6.11.0-rc6-syzkaller-00178-gd759ee240d3c #0 [ 512.781689][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 512.792011][ C1] RIP: 0010:hsr_fill_frame_info+0x3da/0x570 [ 512.797946][ C1] Code: 00 31 c0 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 e5 16 f9 f5 90 0f 0b 90 e9 09 ff ff ff e8 d7 16 f9 f5 90 <0f> 0b 90 eb 93 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c a3 fc ff ff 48 [ 512.817622][ C1] RSP: 0018:ffffc90000a18278 EFLAGS: 00010246 [ 512.823772][ C1] RAX: ffffffff8b9a75d9 RBX: 0000000000000000 RCX: ffff8880203a9e00 [ 512.831852][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 512.839842][ C1] RBP: ffff8880623a0cc0 R08: ffffffff8b9a7429 R09: 0000000000000000 [ 512.847869][ C1] R10: ffffc90000a183c8 R11: fffff5200014307b R12: dffffc0000000000 [ 512.855893][ C1] R13: 0000000000000008 R14: ffff888051827020 R15: ffffc90000a183c0 [ 512.863934][ C1] FS: 00007fd2955486c0(0000) GS:ffff8880b8900000(0000) knlGS:0000000000000000 [ 512.873126][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 512.879750][ C1] CR2: 000000110c31e49b CR3: 000000004f5d2000 CR4: 00000000003506f0 [ 512.887799][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 512.895842][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 512.903885][ C1] Call Trace: [ 512.907172][ C1] [ 512.910011][ C1] ? __warn+0x163/0x4e0 [ 512.914188][ C1] ? hsr_fill_frame_info+0x3da/0x570 [ 512.919702][ C1] ? report_bug+0x2b3/0x500 [ 512.924254][ C1] ? hsr_fill_frame_info+0x3da/0x570 [ 512.929598][ C1] ? handle_bug+0x3e/0x70 [ 512.933991][ C1] ? exc_invalid_op+0x1a/0x50 [ 512.938716][ C1] ? asm_exc_invalid_op+0x1a/0x20 [ 512.943817][ C1] ? hsr_fill_frame_info+0x229/0x570 [ 512.949165][ C1] ? hsr_fill_frame_info+0x3d9/0x570 [ 512.954517][ C1] ? hsr_fill_frame_info+0x3da/0x570 [ 512.959838][ C1] ? hsr_fill_frame_info+0x3d9/0x570 [ 512.965194][ C1] hsr_forward_skb+0x847/0x2b60 [ 512.970088][ C1] ? validate_chain+0x11e/0x5900 [ 512.975088][ C1] ? hsr_forward_skb+0xaf/0x2b60 [ 512.980049][ C1] ? __pfx_hsr_forward_skb+0x10/0x10 [ 512.985401][ C1] ? migrate_enable+0x3b5/0x520 [ 512.990301][ C1] ? skb_push+0x97/0x100 [ 512.994625][ C1] hsr_handle_frame+0x51b/0x7d0 [ 512.999616][ C1] ? __pfx_hsr_handle_frame+0x10/0x10 [ 513.005059][ C1] __netif_receive_skb_core+0x13e8/0x4570 [ 513.010835][ C1] ? validate_chain+0x11e/0x5900 [ 513.015842][ C1] ? __pfx_validate_chain+0x10/0x10 [ 513.021076][ C1] ? validate_chain+0x11e/0x5900 [ 513.026089][ C1] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 513.032252][ C1] ? mark_lock+0x9a/0x350 [ 513.036630][ C1] __netif_receive_skb_list_core+0x2b7/0x980 [ 513.042673][ C1] ? mark_lock+0x9a/0x350 [ 513.047050][ C1] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 513.053632][ C1] ? netif_receive_skb_list_internal+0x4e8/0xe30 [ 513.060005][ C1] netif_receive_skb_list_internal+0xa51/0xe30 [ 513.066257][ C1] ? netif_receive_skb_list_internal+0x4e8/0xe30 [ 513.072651][ C1] ? dev_gro_receive+0x108f/0x24b0 [ 513.077798][ C1] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 513.084562][ C1] napi_complete_done+0x310/0x8e0 [ 513.089626][ C1] ? __pfx_napi_complete_done+0x10/0x10 [ 513.095254][ C1] ? rcu_is_watching+0x15/0xb0 [ 513.100053][ C1] ? napi_gro_receive+0x6f3/0xc90 [ 513.105149][ C1] gro_cell_poll+0x19a/0x1c0 [ 513.109784][ C1] __napi_poll+0xcb/0x490 [ 513.114197][ C1] net_rx_action+0x89b/0x1240 [ 513.118930][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 513.124207][ C1] ? sched_clock+0x4a/0x70 [ 513.128664][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 513.135066][ C1] handle_softirqs+0x2c4/0x970 [ 513.140299][ C1] ? do_softirq+0x11b/0x1e0 [ 513.144882][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 513.150228][ C1] do_softirq+0x11b/0x1e0 [ 513.154809][ C1] [ 513.157769][ C1] [ 513.160711][ C1] ? __pfx_do_softirq+0x10/0x10 [ 513.165611][ C1] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 513.171265][ C1] ? rcu_is_watching+0x15/0xb0 [ 513.176090][ C1] __local_bh_enable_ip+0x1bb/0x200 [ 513.181352][ C1] ? __pfx_netif_receive_skb+0x10/0x10 [ 513.186829][ C1] ? tun_rx_batched+0x160/0x8f0 [ 513.191721][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 513.197484][ C1] ? tun_rx_batched+0x160/0x8f0 [ 513.202404][ C1] tun_rx_batched+0x732/0x8f0 [ 513.207151][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 513.213524][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 513.218584][ C1] ? __pfx_tun_rx_batched+0x10/0x10 [ 513.223876][ C1] tun_get_user+0x2f84/0x4720 [ 513.228579][ C1] ? tun_get_user+0x2a78/0x4720 [ 513.233530][ C1] ? __lock_acquire+0x137a/0x2040 [ 513.238587][ C1] ? __pfx_tun_get_user+0x10/0x10 [ 513.243678][ C1] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 513.249169][ C1] ? tun_get+0x1e/0x2f0 [ 513.253374][ C1] ? __pfx_lock_release+0x10/0x10 [ 513.258461][ C1] ? tun_get+0x1e/0x2f0 [ 513.262685][ C1] ? tun_get+0x27d/0x2f0 [ 513.266961][ C1] tun_chr_write_iter+0x113/0x1f0 [ 513.272062][ C1] vfs_write+0xa72/0xc90 [ 513.276373][ C1] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 513.282079][ C1] ? __pfx_vfs_write+0x10/0x10 [ 513.286860][ C1] ? do_futex+0x33b/0x560 [ 513.291201][ C1] ksys_write+0x1a0/0x2c0 [ 513.295587][ C1] ? __pfx_ksys_write+0x10/0x10 [ 513.300461][ C1] ? do_syscall_64+0x100/0x230 [ 513.305372][ C1] ? do_syscall_64+0xb6/0x230 [ 513.310140][ C1] do_syscall_64+0xf3/0x230 [ 513.314735][ C1] ? clear_bhb_loop+0x35/0x90 [ 513.319445][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.325388][ C1] RIP: 0033:0x7fd29477b9df [ 513.329919][ C1] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 513.349843][ C1] RSP: 002b:00007fd295548000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 513.358449][ C1] RAX: ffffffffffffffda RBX: 00007fd294935f80 RCX: 00007fd29477b9df [ 513.366481][ C1] RDX: 000000000000006a RSI: 0000000020000000 RDI: 00000000000000c8 [ 513.374612][ C1] RBP: 00007fd2947ef01e R08: 0000000000000000 R09: 0000000000000000 [ 513.382739][ C1] R10: 000000000000006a R11: 0000000000000293 R12: 0000000000000000 [ 513.390742][ C1] R13: 0000000000000000 R14: 00007fd294935f80 R15: 00007ffcc1fcfbe8 [ 513.398804][ C1] [ 513.401884][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 513.409456][ C1] CPU: 1 UID: 0 PID: 14021 Comm: syz.0.2789 Not tainted 6.11.0-rc6-syzkaller-00178-gd759ee240d3c #0 [ 513.420314][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 513.430414][ C1] Call Trace: [ 513.433776][ C1] [ 513.436632][ C1] dump_stack_lvl+0x241/0x360 [ 513.441341][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 513.446576][ C1] ? __pfx__printk+0x10/0x10 [ 513.451186][ C1] ? _printk+0xd5/0x120 [ 513.455366][ C1] ? vscnprintf+0x5d/0x90 [ 513.459723][ C1] panic+0x349/0x860 [ 513.463642][ C1] ? __warn+0x172/0x4e0 [ 513.467824][ C1] ? __pfx_panic+0x10/0x10 [ 513.472267][ C1] ? show_trace_log_lvl+0x4e6/0x520 [ 513.477530][ C1] __warn+0x346/0x4e0 [ 513.481642][ C1] ? hsr_fill_frame_info+0x3da/0x570 [ 513.486966][ C1] report_bug+0x2b3/0x500 [ 513.491341][ C1] ? hsr_fill_frame_info+0x3da/0x570 [ 513.496661][ C1] handle_bug+0x3e/0x70 [ 513.500836][ C1] exc_invalid_op+0x1a/0x50 [ 513.505364][ C1] asm_exc_invalid_op+0x1a/0x20 [ 513.510248][ C1] RIP: 0010:hsr_fill_frame_info+0x3da/0x570 [ 513.516158][ C1] Code: 00 31 c0 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 e5 16 f9 f5 90 0f 0b 90 e9 09 ff ff ff e8 d7 16 f9 f5 90 <0f> 0b 90 eb 93 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c a3 fc ff ff 48 [ 513.535770][ C1] RSP: 0018:ffffc90000a18278 EFLAGS: 00010246 [ 513.541836][ C1] RAX: ffffffff8b9a75d9 RBX: 0000000000000000 RCX: ffff8880203a9e00 [ 513.549804][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 513.557769][ C1] RBP: ffff8880623a0cc0 R08: ffffffff8b9a7429 R09: 0000000000000000 [ 513.565825][ C1] R10: ffffc90000a183c8 R11: fffff5200014307b R12: dffffc0000000000 [ 513.573791][ C1] R13: 0000000000000008 R14: ffff888051827020 R15: ffffc90000a183c0 [ 513.581763][ C1] ? hsr_fill_frame_info+0x229/0x570 [ 513.587049][ C1] ? hsr_fill_frame_info+0x3d9/0x570 [ 513.592329][ C1] ? hsr_fill_frame_info+0x3d9/0x570 [ 513.597611][ C1] hsr_forward_skb+0x847/0x2b60 [ 513.602487][ C1] ? validate_chain+0x11e/0x5900 [ 513.607426][ C1] ? hsr_forward_skb+0xaf/0x2b60 [ 513.612372][ C1] ? __pfx_hsr_forward_skb+0x10/0x10 [ 513.617665][ C1] ? migrate_enable+0x3b5/0x520 [ 513.622636][ C1] ? skb_push+0x97/0x100 [ 513.626879][ C1] hsr_handle_frame+0x51b/0x7d0 [ 513.631828][ C1] ? __pfx_hsr_handle_frame+0x10/0x10 [ 513.637198][ C1] __netif_receive_skb_core+0x13e8/0x4570 [ 513.643013][ C1] ? validate_chain+0x11e/0x5900 [ 513.647941][ C1] ? __pfx_validate_chain+0x10/0x10 [ 513.653147][ C1] ? validate_chain+0x11e/0x5900 [ 513.658167][ C1] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 513.664253][ C1] ? mark_lock+0x9a/0x350 [ 513.668706][ C1] __netif_receive_skb_list_core+0x2b7/0x980 [ 513.674832][ C1] ? mark_lock+0x9a/0x350 [ 513.679190][ C1] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 513.685716][ C1] ? netif_receive_skb_list_internal+0x4e8/0xe30 [ 513.692051][ C1] netif_receive_skb_list_internal+0xa51/0xe30 [ 513.698212][ C1] ? netif_receive_skb_list_internal+0x4e8/0xe30 [ 513.704535][ C1] ? dev_gro_receive+0x108f/0x24b0 [ 513.709647][ C1] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 513.716335][ C1] napi_complete_done+0x310/0x8e0 [ 513.721370][ C1] ? __pfx_napi_complete_done+0x10/0x10 [ 513.726918][ C1] ? rcu_is_watching+0x15/0xb0 [ 513.731692][ C1] ? napi_gro_receive+0x6f3/0xc90 [ 513.736715][ C1] gro_cell_poll+0x19a/0x1c0 [ 513.741392][ C1] __napi_poll+0xcb/0x490 [ 513.745721][ C1] net_rx_action+0x89b/0x1240 [ 513.750413][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 513.755534][ C1] ? sched_clock+0x4a/0x70 [ 513.759959][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 513.766296][ C1] handle_softirqs+0x2c4/0x970 [ 513.771061][ C1] ? do_softirq+0x11b/0x1e0 [ 513.775560][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 513.780844][ C1] do_softirq+0x11b/0x1e0 [ 513.785169][ C1] [ 513.788089][ C1] [ 513.791039][ C1] ? __pfx_do_softirq+0x10/0x10 [ 513.795892][ C1] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 513.801576][ C1] ? rcu_is_watching+0x15/0xb0 [ 513.806514][ C1] __local_bh_enable_ip+0x1bb/0x200 [ 513.811709][ C1] ? __pfx_netif_receive_skb+0x10/0x10 [ 513.817166][ C1] ? tun_rx_batched+0x160/0x8f0 [ 513.822009][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 513.827734][ C1] ? tun_rx_batched+0x160/0x8f0 [ 513.832617][ C1] tun_rx_batched+0x732/0x8f0 [ 513.837290][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 513.843623][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 513.848647][ C1] ? __pfx_tun_rx_batched+0x10/0x10 [ 513.853988][ C1] tun_get_user+0x2f84/0x4720 [ 513.858745][ C1] ? tun_get_user+0x2a78/0x4720 [ 513.863598][ C1] ? __lock_acquire+0x137a/0x2040 [ 513.868629][ C1] ? __pfx_tun_get_user+0x10/0x10 [ 513.873682][ C1] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 513.879168][ C1] ? tun_get+0x1e/0x2f0 [ 513.883331][ C1] ? __pfx_lock_release+0x10/0x10 [ 513.888374][ C1] ? tun_get+0x1e/0x2f0 [ 513.892526][ C1] ? tun_get+0x27d/0x2f0 [ 513.896881][ C1] tun_chr_write_iter+0x113/0x1f0 [ 513.901915][ C1] vfs_write+0xa72/0xc90 [ 513.906160][ C1] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 513.911714][ C1] ? __pfx_vfs_write+0x10/0x10 [ 513.916495][ C1] ? do_futex+0x33b/0x560 [ 513.920842][ C1] ksys_write+0x1a0/0x2c0 [ 513.925262][ C1] ? __pfx_ksys_write+0x10/0x10 [ 513.930115][ C1] ? do_syscall_64+0x100/0x230 [ 513.934878][ C1] ? do_syscall_64+0xb6/0x230 [ 513.939576][ C1] do_syscall_64+0xf3/0x230 [ 513.944093][ C1] ? clear_bhb_loop+0x35/0x90 [ 513.948775][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.954673][ C1] RIP: 0033:0x7fd29477b9df [ 513.959090][ C1] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 513.978693][ C1] RSP: 002b:00007fd295548000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 513.987121][ C1] RAX: ffffffffffffffda RBX: 00007fd294935f80 RCX: 00007fd29477b9df [ 513.995091][ C1] RDX: 000000000000006a RSI: 0000000020000000 RDI: 00000000000000c8 [ 514.003149][ C1] RBP: 00007fd2947ef01e R08: 0000000000000000 R09: 0000000000000000 [ 514.011108][ C1] R10: 000000000000006a R11: 0000000000000293 R12: 0000000000000000 [ 514.019067][ C1] R13: 0000000000000000 R14: 00007fd294935f80 R15: 00007ffcc1fcfbe8 [ 514.027042][ C1] [ 514.030315][ C1] Kernel Offset: disabled [ 514.034679][ C1] Rebooting in 86400 seconds..