last executing test programs: 2.775616669s ago: executing program 3 (id=3622): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)={0x14, 0x1, 0x1, 0x301, 0x0, 0x0, {0x0, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4008004}, 0x8000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) r2 = socket$inet(0x2, 0xa, 0x808) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f0000000200)=[{0x94}]}, 0x10) 2.490911569s ago: executing program 1 (id=3625): r0 = socket$kcm(0x29, 0x2, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000200)=0xffffff02, 0x4) setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000001840)=0x6, 0x4) syz_emit_ethernet(0x3e, &(0x7f0000000140)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb080045000030000000000001060000000000000014aa2b0090780300000045000000003500000000000000ac1414aaac1414aab402354d2a0f7b0fef2d4dcb362ef1f438829b6e2e763a46eb89c3bda1b9fc791e0fbcad224ad4549879a72b7d5e51d7cbf859b990"], 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(twofish))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000005d00)=[{0x0, 0x0, &(0x7f0000001700)=[{&(0x7f00000000c0)="4ebd88e8c64c", 0x6}], 0x1, 0x0, 0x0, 0x80000}], 0x1, 0x4008000) syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r4) sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000600)=@newtaction={0x9c, 0x30, 0xb, 0x0, 0x0, {}, [{0x88, 0x1, [@m_ct={0x84, 0x1, 0x0, 0x0, {{0x7}, {0x5c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x7c}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @dev}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @dev}, @TCA_CT_NAT_PORT_MIN={0x6}, @TCA_CT_NAT_PORT_MAX={0x6}, @TCA_CT_ACTION={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x9c}}, 0x0) setsockopt$inet_int(r1, 0x0, 0x33, &(0x7f0000000000)=0x7, 0x4) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@struct={0x0, 0x0, 0x0, 0xe, 0x1}, @enum]}}, 0x0, 0x32}, 0x20) getsockopt$inet_int(r5, 0x0, 0xe, 0x0, &(0x7f000000eb40)) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r6, 0x6, 0x11, 0x0, &(0x7f0000002580)) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) listen(r1, 0xe) setsockopt$inet_int(r7, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4) bind$l2tp(r7, &(0x7f0000000080)={0x2, 0x0, @broadcast, 0x2}, 0x10) 2.392313457s ago: executing program 3 (id=3626): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000007c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x318, 0x0, 0x1170, 0x1170, 0x160, 0x1170, 0x248, 0x1398, 0x1398, 0x248, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [0x0, 0x0, 0x0, 0xffffff00], [], 'veth0_vlan\x00', 'veth0_to_hsr\x00', {}, {}, 0x0, 0x0, 0x0, 0x71}, 0x0, 0xf8, 0x160, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}, {0x2}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x14, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@ipv6={@private1, @mcast2, [], [], 'veth1_to_hsr\x00', 'ipvlan0\x00', {}, {0xff}}, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x17, 0x5, 0xc, 0x1, 0x6, 0x45, 0x7, 0x10001]}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x378) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r1, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000280)=""/258, 0x102}], 0x1}, 0x1f00) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x40000000) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0xa, 0x3032, 0xffffffffffffffff, 0xe08b8000) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xd}, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x3, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010300, @local}, @info_reply={0xd, 0x0, 0x0, 0xfffe, 0x9}}}}}, 0x0) 2.343563816s ago: executing program 2 (id=3629): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000500)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x80000000, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x1}, 0x50) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f00000005c0)={r1, 0x9, 0x2, 0x887}) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xd, 0x8, &(0x7f0000000580)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xd8}, [@ldst={0x5}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x2}, @cb_func={0x18, 0x6, 0x4, 0x0, 0xfffffffffffffffa}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x11, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000040)={&(0x7f0000000980)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELOBJ={0x20, 0x14, 0xa, 0x801, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELSET={0x3c, 0xb, 0xa, 0x3, 0x0, 0x0, {0x5, 0x0, 0xa}, [@NFTA_SET_EXPRESSIONS={0x14, 0x12, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @xfrm={{0x9}, @void}}]}, @NFTA_SET_EXPR={0xc, 0x11, 0x0, 0x1, @ct={{0x7}, @void}}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x80}]}, @NFT_MSG_DELFLOWTABLE={0x28, 0x18, 0xa, 0x3, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELSETELEM={0x1ec, 0xe, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0xa}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x198, 0x3, 0x0, 0x1, [{0x194, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_USERDATA={0xb3, 0x6, 0x1, 0x0, "9fdb0fc5c865f1711c504743944ba4bb6c51bd7129e5b1967162d2099a63a7947556cc2e204b81d2416673fd9d275b961a92596def13ef1ab6da100f894e1ffb17a766dd0e038c4ad1d9ce9fb49f172de7ff271dcac6fbcc26be61c56e398033b49632d8ba623956fcd47f344f3fe20ee40c08282a14362c618ef76cf5bb800fd3701048fc7545cecdbfc2110530ccc9c7b707f9ab055894d1b38190b498b2d7b4c2d043168725045a6e8452604b6b"}, @NFTA_SET_ELEM_OBJREF={0x9, 0x9, 'syz2\x00'}, @NFTA_SET_ELEM_USERDATA={0x9e, 0x6, 0x1, 0x0, "06aefbc1a5787f10a4f8bf64aac7fdd8856f20331c67e2fb35a06bdbf380c29c79fe59915759a17bdc9bd73be8fb6bcd96c10f92b1693c6910428940893dbe909962715963b5965fd63be886f875ca71e49644ff711d8486a08b3cc41bc2550a17f9887529c91775bc052ec8de3a560f1d379b685b62ef052c93156fb7db4aedef6c1ab693946d19e524f250949b3dfe4b78eb3083ec0d133db7"}, @NFTA_SET_ELEM_EXPR={0x10, 0x7, 0x0, 0x1, @objref={{0xb}, @void}}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x5}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0xfffffffffffff9a5}]}]}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x298}, 0x1, 0x0, 0x0, 0x4000004}, 0x2400003d) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f00000000c0)=ANY=[@ANYBLOB="61106f000000000095"], &(0x7f0000000200)='GPL\x00'}, 0x94) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000100)="d8000000100081046881f782db44b904021d080b01000000e8fe55a11800150006001400000000120800040043000000a80016000a00014006000d00036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88ac417898516277ce06bbace80177ccbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d0080000000000000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd6c769ad809d52a9ecbee", 0xd8}], 0x1}, 0x20000000) 2.12440366s ago: executing program 1 (id=3631): r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x34, r2, 0x5, 0x0, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_IE={0x4}, @NL80211_ATTR_DISABLE_HT={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000010}, 0x404c0d0) setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000040)=0x3, 0x2) r4 = socket(0x22, 0x2, 0x6) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r4, 0x6a, 0x3, 0x0, &(0x7f0000000000)) 2.124060271s ago: executing program 0 (id=3632): unshare(0x20400) (async) r0 = socket(0x10, 0x3, 0x0) vmsplice(r0, &(0x7f0000000200)=[{&(0x7f0000000080)="e36835172ceb06a89f2b86ad2c331e24dbb2acb48a4a0c572fb0e1b8ff122c2f1944162d32c8617e2bf903ec09483a26128fd80a7ebda546f9bc9cf630e342f8b5d6245a2814ac24f5c1093fa66865a388cdde785b92e0e7bd93ad56102de971a6f77d2f644e8786fe91fd74908d499cc4fd228841ec97b28352a745cd7760", 0x7f}, {&(0x7f0000000100)="84ea64d61fd8a51afdd973a42fbbadfe117cc443aa3c31470c7e1b38cdf5c3d3b5b0ad393c0ed15d5ba69b9eb12a3614818c98adf7b115b0f6bd64b8a8714ec3ae888594626e8e54c9c1cf4e46825236d3bc255fbde7983868026339fac9180b650011997b1950cc970e17d40130c24bde45f0ab11ddbe992fbaf1ebbdc57b46b9b9775e00e39d6617f0064100a5e00f296b7ef70d8edf930cd7a540f4586bd1ce4bea83af1be7f531eab8b1e5851b952abada0e5f5ea468f1644f30c2b9c444ae72cadf213c4068043305fccc", 0xcd}], 0x2, 0xb) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) (rerun: 64) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="872885c997287becbf8d24", @ANYRES16=r2, @ANYBLOB="0100000000000000000001000000"], 0x14}}, 0x0) 2.123700203s ago: executing program 2 (id=3633): r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c20006cccdf0005c2e58f7a8a40552e300045357605573c71d500000000307237e353acbc2f7a73f0a990f1bf75aaf71d76f00fc812158c49fa17c36e65076a1ad8c16122ac0b2eeb10474e57da383e8031a27243c1ff29567f82b498515da747679b00"/113, @ANYRES16=r0, @ANYBLOB="010000000000fbdbdf25410000000e0001006e657464657673696d0000000f0002006e657464657673696d300000cdfe87006c325f64726f7073000000000800870000000000"], 0x4c}}, 0x0) 2.003308696s ago: executing program 2 (id=3634): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, 0x0, 0x0, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10) sendmmsg(r1, &(0x7f00000057c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000004c0)="6b093db1947bc296cf697e335c7aa0e9afc07b5f0c819e3522eaad2a74224b7a5bed182fec91c96271033eec5d14ede20a6d1c36c3e7a445ccb5b158ffaec30b8b846de0d5b327a6b1d322a80d00b5c08428fb6ef0d6bdfef436fd9a0027a7cce11f65f633449199149e065a48b3f6bb51b5e305aa20ec347027ace732178271cb92f3e4bdda6732a10715efe7a7eae23413207a9cd1c24ea5ad8f333bfedf8e93e880fc51fb9051917d5488a13c22f1a575b1767424074c84444b29becb98de0e479ae50c12711cc5e26973d496458de4969e51dd5aee7ae9ca5da879f96737d626b447cdf675bc4af3e1ffec688c6945d0786b8ff146cab2e441e3438f3ddd2832b9ac4c9693141785b844f706c8137d0ebf12347ee82f9bd1968c51803a81998a149178952f712f57c09038a8f8a2e871a1f3b026ec617a77cb2163cea2164504b5ae989034b7ceb91545c2d968b9852181505afb7422606d1db2982240a7583260c32f5e3ea677edfeffc6cb30ef79c96938f7b571a3747042c4db17296ea799f65205b5cc2bf60f5921db65d28ae0a3ce76601fb0dfc04c7fa3900aff36af6c018df195fe6e97e6aa3a81c06130489c24b82c920681d3efb1fc33c73f8645ff0baa0be3a9a92b601f9602a2ef119e527c156bd8d8c91ec92baed92c43bc153fb5c7a5b08f8c8c03b0d266bcadbb061ae5e0f15eab9ba116923a27d961377383fae7b837a448e786371140ee20733f1fc82b565f4f1dc3859c49c5e9e18180e8511ddf854609ed7fcb50ca1c43934883488c9689e0de4f05ee35a254c900b2dee53673e959ae5adbc3f793917ad556654e4df993f2bbd4b9b9259efdcbd3c3c2d315cb1c92438cdea1792c390cef68d3926d44cd9361912518732211458bdc92f855c9c018e3a7b35da0d8c8f934dbc3cfba39a9fa99e1a76759d09e705e0e4d84a32987c661b2e3f58ca446ca835fabdaf163ae94f2a59481ab62298d4350ae9358fdbd2b1b20da4afaaf2982903c2805b6caf71719d0d74852ae8414baa491363af0d20a7ad133b81356c30e77d036ba519867fe35391c36ecd0464b40a3871637dc81af3c19f59f347749cb07ac25f96e0cbf84288d32aff6dcd9cd2ebbd905d53dc87b14002cf971df0b76c5171e392f78cd002fd34a28454a32531ab9fccb16820b462bd13005da9d2fbd0ed02a4a7527b9b40b939bbf0686d16fa3070f129ae48da709408dfdb12c661148e282d50794b34b2e15236bf2f967bba67a7c650a02743ec3b852b5511c1ab32efc7d85a97bb622935b72d5c06e7bde3f389172684a6e61c852f6ec2a323858f67f8f9dde9f9eaa26cfcf958dafe5ed23b6c06f094fa1550ce0a39447769218060cb9e78a0e6f61a08b629e2512d8972a2a337b0b6b97220d292af823b8800ef45e72089659a0b1cbc750d6491d55f9bde4d1c4abe796d6951be456b8ad327794ddc74042c9e303832ccbf2d2fcb6d01007b8cf0552b568af89adc9b198cbea6b8137ef70ad16919ade2bdbd29d23c78c04cce6dedf07598d33841d8f02f7ed5a349fddbc742ea7e742636a2cb4ff663192cb1102adcc019b92caac00f5a644afc2d03b68f933aa6b8eddd6c39a0de8913034a0b48ddabd39aee173350f3dfa0329c308fb94e3528e", 0x498}, {&(0x7f00000002c0)="e4d561e97441d69db45de9b4ec081c8eb4534bc5a9284f843e2bc71745", 0x1d}, {&(0x7f0000000300)="d05d67afc746cff8fa10e483e9eaae867d31e22831b4bea09d2b9e867d06ab0eccd98dee45bbd11af441dc93334d0270f6527428cf0d1bef4f5789bf5acf2e44d415c2e774b8af25275915bdd38fe5a74b87a4d9a1848ed513f92bb0672d88425bcf9fdc7b07cdeb96451ccf522215e76dae12391d3fc0258ca86ea22eb857bfc7f9dc565f3e2dd741206042", 0x8c}], 0x3}}], 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000040), 0x4) writev(r1, &(0x7f00000003c0)=[{0x0}, {&(0x7f0000000e40)="f94d453e379690d00b5c826a5b133d8d00cb0f9c51ec4a1cad08e70731a5cd980c1c203faa894893008da1ec1559c5225401cd01442d3b0022b4db2b948506401c7223bfc8ab2140952d75cdf80ead380797d2bb893ae3ae1e311c93bf0fe386894daeae846ab70ff5b2cec56ebdc94dc524ce8901c290575b1d52a9291323836ce1cbffa93855719378061c3bde24f3bd85e6ca02519dcae4a04367f1032985e0fcafdf18fa7b3a787b180ad297d252a219f34c286b62b9cf9e14bc87bb2d8ac8f550a0425add0ffca029866517da58c9d2adcc9d7220b6ea70c1b885cd03ff3c7a2defb587de9d6bd0df0baf8a9cd2703fc18ca11156e6048c27c3037a24020fcd1c2a83ba08a626f7c817abac191cbd3954ad027a7f87388bd2105bfc11eb884133a9a61e39cb54da800b3d2ef362f3c646ffdf96f9a1b30fbec5fdde6f4a49fa9136c27f107bda90ff80a4a4acd38ee7bd7a2c000759567fafcd171b96a4630afd68256d7d6407102b211889fce0a4dcc719bc67fcb12b1ab3eaadf151e1b2983bdfb6447ce6f6ea712b8b28aced2eb4ed8c88a2610ddc706197bcffa73ade20a6fe5ebe0a8281417fdb169f747a5df5e6b0dbaf092dfbeae3b945974f33978a9af7b2885857e0b024a3d2e66d4bd1ef7dc60de8cdc3d197a5eef0dabdbb12013add533d3eed8a5d2711ca48eb899b17c65142800a6696527a10b273da896006547b3ee9ea5e561cd0d0cf7a5445284ad962f3b533d34a3b2a32145461d157549e68be107e0fdc02c5dd3eb6e8d470d87a5be86c033abc91a52b55cd252aeb85a3b3073be5ca0d7da9b3d99ea62a56d670667ed22e4a32797670aeb702a521d326f510bdd112b6d9ea0be054a8976f72a64f5470892a6cee175cc7e62208fdc41b72a304fbfd3ecc06c8447214a6e27f9a7f0df2459e9bd11505b19168c8605173b638a9e2f73a523d5aa66937afd2b1dc2f38426c28b39dd53eeaf925fec80ba46b1a93beffdfcaaf52770ee5145765139cb942e0b475335a4db6f66ad92d9def27ff635a603cd8b3e0cc14cd7a40f9cb3d2ff108228dcdc41915f4cecb854af6df4bbebb82e1ae5c4ca885c67ca254537ce7a1a2bafd6ad9578cfd041d3a79ea1cbdd1c42f7474c18f49efac2ba305213bdadec769809ebb4aab41b6254f9ec72fe3c6096e0a9c9c54b6f1a09569ad1144c45e21ea563441ac2dfea0b6f87200f32087785541fa90221cc8d4bfdf7581296f9044099d88ea4507f24031d8a31c4d6d8d3bde05edfa558bba4815cf43c3fb089ca6af0cfd9203a7b3bd5da073b65dff1d6e1f2f9b52baa95e65f7b01ecca0b63f033976ea1f55763d0e9ab9cf19029cb5a77339dfbfeec7e7dacada902461d21744ea1993b55d43c9ef97ac9345cae03629d69ee65ee57562e4988e1b2977c9607136d19e7070df744fac9be7f72afb397389640da8dbb88a6f2bc16cfad28e55ecb66cc568a1e4f7b85d073d4c050440f8826b210dab3ef949d60cb83ff8048a9495c71962b16a06aabf2ddee2747819cc51c7a8af869396cb513d16ef0ab0ed2d9fc184ad4fc8907a019cbd29502eafbc7707270510278243c900d2d5f3a9545bc3916c2da4767e992b147ddd3f39ee9f210c626628fcf0c7b10952ff04b970c7f86fab195023b0e5349a73f6cb36ee67b32cb6b06ba14ede133310da352f2d68a098a60b0171ac0386cad613dd5d8852ba1360f600aa1fd57e0d5f1e6d7226e01462513b87d4e9f0d78ef602c765cd1483b71f5cf9cf576fd117471252bc25d5c5a8b4ec1077de2b44e902d16220ac58ac890ff816da1723215e7817306c67612727394c93d4de88373765d715654d54cb811c17dfafc90b10c31ad90548e4f46eb5c56fc4a1a8d37673fbe03f5b5eebd16e7bfa", 0x54b}], 0x2) shutdown(r1, 0x1) listen(r0, 0xfff) connect$inet(0xffffffffffffffff, 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r5 = socket$packet(0x11, 0x3, 0x300) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r6) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008044}, 0x0) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000001c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r7, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r8, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffff"], 0x398}}, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r4, @ANYBLOB="08002600940900000800b700"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000024c0)=ANY=[@ANYBLOB='h', @ANYBLOB="010026bd7000000000", @ANYRES32=r4, @ANYBLOB="0600cd00000000004200330000a810000802110000010802110000"], 0x68}, 0x1, 0x0, 0x0, 0xc0}, 0x0) socket(0x10, 0x3, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0f00000004000000040000000400000000000000", @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000063165b41ddca5f318202e255b441fcbfd747b529e7125593329f28a852cfc3a203006444d799129979a6ecaeb0ce7a60531d411b5d24187aaac162472b87304afc8ea12c8e3e341b44b7", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x23}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.86884945s ago: executing program 0 (id=3635): r0 = socket$igmp(0x2, 0x3, 0x2) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x5c, &(0x7f0000000040)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x44}}, @in6={0xa, 0x4e23, 0x7ff, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x42}}, 0x1}, @in={0x2, 0x4e23, @multicast1}, @in={0x2, 0x4e24, @private=0xa010100}, @in={0x2, 0x4e20, @rand_addr=0x64010100}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000140)={r3, @in={{0x2, 0x4e20, @rand_addr=0x64010100}}}, 0x84) (async) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x6c}}, 0x0) (async, rerun: 64) sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f0000001040)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000001000)={0x0}, 0x1, 0x0, 0x0, 0x4008800}, 0x4000040) (rerun: 64) 1.764184277s ago: executing program 1 (id=3636): unshare(0x6a040000) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) (async) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a3100000000e8010000030a01020000000000000000010000000900030073797a3200000000280004800800024000000000080001400000000514000300626174616476300000000000000000000900010073797a31000000000900010073797a3100000000340008800c00024000000000000080010c00024000000000000000040c00014000000000000000000c00014000000000000000014c000480080002404c82f47c080001400000000008000140000000010800014000000003080002404f32945f080001400000000308000140000000020800024019885f270800014000000003fd000c00a03ac330bf11a2145946e6d945deece8485ee69dbc29a8dd5dbce127f829a3adf5c4171b4bedbbc9b913a67b9ee679020f0200000064419faae0136b893d91d95b1174f115798a1abfdc06983fb83f2116a85a00dd35cdf9d8f81683e5e2ebcca132a712e0be44c12c02ac92fbbb86ed717ce0cbd6a0134f899e23ca6d2f063d26be86555cc0e9c7a25d77e6c0f4217794be96b5d797e3116d874c3adfb096e0567ec28bd1e4d8d6713109695f1f3a877d89d20e19304501aeb851d14c4f9b2d769d554fe5308810d19bb040c1977bce50b894f2c45a1f0e80c8256b6dcb072f9d91d94a67bba9f62eb2f192fa4b3786d9a774b99aa332dfbb000000080007006e6174"], 0x25c}}, 0x0) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x21, 0x7fff, 0x0, 0xc0e5, 0x4100, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x1}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x4, 0x7}, 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r2, 0x0, &(0x7f0000001700)=""/53}, 0x20) (async) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r2, 0x0, &(0x7f0000001700)=""/53}, 0x20) (async) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', 0x0}) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) (async) setsockopt$XDP_UMEM_COMPLETION_RING(r5, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) (async) setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) (async) setsockopt$XDP_UMEM_FILL_RING(r5, 0x11b, 0x5, &(0x7f0000000340)=0x8000, 0x4) (async) bind$xdp(r5, &(0x7f0000000100)={0x2c, 0x10, r4}, 0x10) (async) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x19, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xfa, 0x0, 0x0, 0x0, 0xc722168}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@alu={0x4, 0x0, 0x7, 0x9, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffc}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000280)='GPL\x00', 0x6, 0xf5, &(0x7f00000004c0)=""/245, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x3, 0xc, 0x3ff, 0x5}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000600)=[0x1, 0x1], &(0x7f0000000640)=[{0x1, 0x2, 0x0, 0xa}], 0x10, 0x1}, 0x94) (async) r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000740)={0xffffffffffffffff, 0x7e2, 0x10}, 0xc) (async) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0xe, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000380)={r8, &(0x7f00000007c0)="0ff764", &(0x7f00000002c0)=@tcp6, 0x1}, 0x20) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r9, &(0x7f0000000080), &(0x7f0000000680)=""/171}, 0x20) (async) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={r9, &(0x7f00000000c0), &(0x7f0000000380)=""/75}, 0x20) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0), &(0x7f0000000240), 0xc30, r10}, 0x38) (async) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r10}, 0x38) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r10}, 0x4) (async) r11 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000009c0)={0xffffffffffffffff, 0x7, 0x10}, 0xc) (async) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a80)=@bpf_tracing={0x1a, 0x17, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@map_val={0x18, 0x9, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x2}, @alu={0x4, 0x0, 0x6, 0x0, 0xa, 0x1}, @exit, @ldst={0x1, 0x0, 0x3, 0xa, 0x3, 0x80}, @map_val={0x18, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0xc}, @func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0xc7}}}, &(0x7f0000000200)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x7a, '\x00', r4, 0x1c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000240)={0x1, 0x8, 0x2, 0xfffffffe}, 0x10, 0x71cb, r6, 0x1, &(0x7f0000000a00)=[0xffffffffffffffff, r7, r8, r9, r10, r11, r12, 0xffffffffffffffff, 0xffffffffffffffff, 0x1], &(0x7f0000000a40)=[{0x4, 0x5, 0xc, 0xc}], 0x10, 0x1}, 0x94) 1.686470385s ago: executing program 2 (id=3638): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000000), 0x1, 0x0, 0x1d}, 0x4002018) 1.44543812s ago: executing program 2 (id=3640): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x4, 0x70bd26, 0x25dfdbfc, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x400c080}, 0x4) sendmsg$NL80211_CMD_ABORT_SCAN(r0, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r1, 0x100, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x4) sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r0, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x20, r1, 0x400, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x914, 0x1}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x48050}, 0x20004000) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x3c, r1, 0x400, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x46}}}}, [@NL80211_ATTR_PRIVACY={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x248}]]}, 0x3c}, 0x1, 0x0, 0x0, 0x20}, 0x40000) r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000004c0), r0) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x44, r3, 0x8, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x43e14f43}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x3}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x81}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xd}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x11}, 0x1) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000007c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000780)={&(0x7f0000000640)={0x11c, r1, 0x8, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, "0f"}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x8000}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x9}, @NL80211_ATTR_FRAME_MATCH={0xe6, 0x5b, "6e0c2b5ee30107c721bee724e2a0ad1160385843035e55b45ec3b238817de37f9c40ce6afbc7970a67da62d15c7b19d90d161804b815718d74f0bb6e49ed5ede50d8f5a05dd55762016cc92586e438837e011a4a738ccf2df4ec9eeb6a95690fc5f8184f17ff33bbb84b1252203df51707d902604e37ede29521db8d84dbb239778f63feccd6ebcb82f27bf9247343098448c5ea412a1e4a1caaf31d0c0b1b277f1a16459868ad2fa220dfac481764d603ae634aff5dde29c0a08c49f427cc2c2acdf5bdce991bc3ad89baff5ba170fe6a5d4b93af6b83ebdd9f33aaaa35f41d22a4"}]}, 0x11c}, 0x1, 0x0, 0x0, 0x8840}, 0x8000) r5 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_GET_FEATURE(r5, &(0x7f00000008c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x10, 0x3fb, 0x400, 0x70bd26, 0x25dfdbfb, "", ["", "", "", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20048058}, 0x40c4) sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f0000000a80)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000a40)={&(0x7f0000000940)={0xd8, 0x0, 0x7, 0x3, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFACCT_FILTER={0x34, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x2}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x6}, @NFACCT_FILTER_VALUE={0x8}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x3}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x46b00000}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x2}]}, @NFACCT_PKTS={0xc}, @NFACCT_FILTER={0x3c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x8000}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x4}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x8}, @NFACCT_FILTER_MASK={0x8}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x3ff}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x9}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0xf}]}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0xcf0}, @NFACCT_FILTER={0x3c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x100}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x8}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x7}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x3}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0xfffffc00}, @NFACCT_FILTER_MASK={0x8}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x3}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40000}, 0x20040800) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(0xffffffffffffffff, 0x84, 0x65, &(0x7f0000000ac0)=[@in={0x2, 0x4e22, @rand_addr=0x64010102}, @in={0x2, 0x4e21, @local}, @in6={0xa, 0x4e20, 0x2a20000, @empty, 0x5}, @in={0x2, 0x4e22, @loopback}, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xf}}, @in6={0xa, 0x4e23, 0x1, @remote, 0x80000000}, @in6={0xa, 0x4e20, 0x3, @local, 0xfff}], 0x94) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000bc0), r0) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r0, &(0x7f0000000cc0)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c00)={0x5c, r6, 0x100, 0x70bd2c, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x4000000) sendmsg$DEVLINK_CMD_SB_GET(0xffffffffffffffff, &(0x7f0000000f00)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x40000001}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000d40)={0x16c, r6, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x400}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x6}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x1ff}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x6}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x5ee3}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x5}}]}, 0x16c}, 0x1, 0x0, 0x0, 0xc0}, 0x805) r7 = socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_sctp_SIOCINQ(r7, 0x541b, &(0x7f0000000f40)) sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000001080)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001040)={&(0x7f0000000fc0)={0x44, r6, 0x2, 0x70bd2c, 0x25dfdbfb, {}, [@DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x2}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x5}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xe}]}, 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x20004010) r8 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r8, 0x84, 0x1c, &(0x7f00000010c0), &(0x7f0000001100)=0x4) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r4, &(0x7f0000001240)={&(0x7f0000001140)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001200)={&(0x7f0000001180)={0x50, r1, 0x100, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x3c}, @void, @void}}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x5a}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x67}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x49}, @NL80211_ATTR_PID={0x8, 0x52, 0xffffffffffffffff}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x56}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x9, 0x47}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0xc0) sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r0, &(0x7f0000001340)={&(0x7f0000001280)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000001300)={&(0x7f00000012c0)={0x14, r1, 0x8, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x1) sendmsg$DEVLINK_CMD_TRAP_SET(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f0000001380)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001440)={&(0x7f00000013c0)={0x54, r6, 0x2, 0x70bd2c, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4040}, 0x20001080) r9 = syz_genetlink_get_family_id$wireguard(&(0x7f0000001500), r4) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000015c0)={'syztnl0\x00', &(0x7f0000001540)={'syztnl2\x00', 0x0, 0x29, 0xf8, 0x8, 0xd, 0x33, @private0={0xfc, 0x0, '\x00', 0x1}, @empty, 0x8, 0x1, 0x400, 0x3}}) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000001680)={&(0x7f00000014c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001640)={&(0x7f0000001600)={0x38, r9, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@WGDEVICE_A_PEERS={0x4}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r10}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e21}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x1}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x81}]}, 0x38}, 0x1, 0x0, 0x0, 0x44000}, 0x24008010) sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f00000017c0)={&(0x7f00000016c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000001780)={&(0x7f0000001740)={0x2c, 0x0, 0x8, 0x70bd2c, 0x25dfdbfd, {}, [@NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xf76a}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x2d}, @NL80211_ATTR_WIPHY_RTS_THRESHOLD={0x8, 0x40, 0x10001}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x810) 1.350298495s ago: executing program 4 (id=3641): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1, 0x31, 0xffffffffffffffff, 0x8871b000) (async) r0 = socket$inet_tcp(0x2, 0x1, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000011c0)=@newtaction={0x98, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x84, 0x1, [@m_tunnel_key={0x80, 0x1, 0x0, 0x0, {{0xf}, {0x50, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @ipv4={'\x00', '\xff\xff', @private}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @remote}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}}, 0x0) getsockopt$sock_buf(r0, 0x1, 0x19, 0x0, &(0x7f0000000280)) 1.132172731s ago: executing program 0 (id=3642): r0 = socket(0x1e, 0x805, 0x0) syz_init_net_socket$ax25(0x3, 0x2, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) socket$tipc(0x1e, 0x2, 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000004100)=[{&(0x7f0000002740)={0x14, 0x1e, 0x101, 0x0, 0x0, "", [@typed={0x11c}]}, 0x14}], 0x1}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=ANY=[@ANYBLOB="380000003c0007010000000000000000017c00000800fc80040008808c00018006000600800a0000080002800400728008000500", @ANYRES32=r2, @ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0xc000}, 0xc000) connect$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{}, 0x2}}, 0x10) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000a00000004000100"/24], 0x18}}, 0x0) 1.131232924s ago: executing program 3 (id=3643): r0 = socket$igmp(0x2, 0x3, 0x2) getsockopt$inet_opts(r0, 0x0, 0x6, 0x0, &(0x7f0000000140)) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYRESDEC=r1, @ANYRES32=0x0, @ANYBLOB="01480000195301001c00128009000100626f6e64000000000c00028005000d0002000000"], 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000001) (async, rerun: 64) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0) (rerun: 64) connect$qrtr(r2, &(0x7f0000000040)={0x2a, 0xffffffff, 0x7ffe}, 0xc) (async) sendmsg$nl_route_sched(r2, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)=@gettaction={0x114, 0x32, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_gd=@TCA_ACT_TAB={0x3c, 0x1, [{0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0xc, 0x3, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0x10, 0x1e, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x6, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x67d9}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x15, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0xd, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}]}, @action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x8, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0x14, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}]}, @action_gd=@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x1a, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xf78c6529}}]}, @action_gd=@TCA_ACT_TAB={0x44, 0x1, [{0xc, 0x4, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0x10, 0x16, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0x12, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xfffffffa}}, {0xc, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}]}, 0x114}, 0x1, 0x0, 0x0, 0x8000}, 0x4) 1.130590203s ago: executing program 4 (id=3644): r0 = socket(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000000)={@rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty}, 0xc) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001cc0)=@newtaction={0x18, 0x31, 0x1, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) syz_emit_ethernet(0x6d, &(0x7f0000000040)={@broadcast, @dev, @void, {@mpls_uc={0x8847, {[], @generic="1346b661c6884d25ba296dd3503959e8123cd977fc66f2714beb9693b21f9f6990b735a37b7ac068ba677cf23f799baa16fe9da082d8e91275aa95498ee4689a96aad3ecf4a6b92de8ed80a3c9d03ded6c80fbc9c28f95f44a975c3643e281"}}}}, 0x0) socket(0x10, 0x3, 0x0) (async) socket$netlink(0x10, 0x3, 0x0) (async) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000000)={@rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty}, 0xc) (async) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001cc0)=@newtaction={0x18, 0x31, 0x1, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) (async) syz_emit_ethernet(0x6d, &(0x7f0000000040)={@broadcast, @dev, @void, {@mpls_uc={0x8847, {[], @generic="1346b661c6884d25ba296dd3503959e8123cd977fc66f2714beb9693b21f9f6990b735a37b7ac068ba677cf23f799baa16fe9da082d8e91275aa95498ee4689a96aad3ecf4a6b92de8ed80a3c9d03ded6c80fbc9c28f95f44a975c3643e281"}}}}, 0x0) (async) 926.944931ms ago: executing program 2 (id=3645): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYRES8=r0], 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x0) recvmmsg(r3, &(0x7f0000001440)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000011c0)=""/70, 0x46}, {&(0x7f00000000c0)=""/43, 0x21}, {&(0x7f0000003c80)=""/4106, 0x104d}, {&(0x7f00000015c0)=""/4096, 0x1000}], 0x4}, 0x1801}], 0x1, 0x10020, 0x0) r4 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000380)={0x1d, r5, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18) sendmsg$unix(r4, &(0x7f0000000b80)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000440)="0344", 0x2}], 0x1, 0x0, 0x0, 0x80}, 0x11) r6 = socket(0x18, 0x3, 0x6) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00'}) r7 = socket(0x10, 0x80003, 0x0) r8 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000100000e00"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000000}, 0x0) ioctl$SIOCGETSGCNT_IN6(r6, 0x89e1, &(0x7f0000000400)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @empty}) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0xfffffffe, @local, 0x13}, 0x1c) sendmsg$nl_generic(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=ANY=[], 0x78}}, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x670, 0x5, 0x350, 0xa8, 0x0, 0xfbffffff, 0x0, 0x140, 0x2b8, 0x2b8, 0xffffffff, 0x2b8, 0x2b8, 0x5, 0x0, {[{{@ip={@broadcast, @local, 0x0, 0x0, 'geneve1\x00', 'geneve0\x00'}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x2, {0x3, @empty, @local, @port, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0x98, 0x0, {0x0, 0x7}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xa8}}, {{@uncond, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x0, @local, @local, @gre_key, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @multicast}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b0) r10 = socket$pppl2tp(0x18, 0x1, 0x1) r11 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r10, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r11, {0x2, 0x1, @empty}, 0x0, 0xffff, 0x3}}, 0x26) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=@newqdisc={0xd8, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xfff2}}, [@TCA_STAB={0xb4, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x5, 0x10, 0x81, 0x669, 0x1, 0x400, 0x9, 0x3}}, {0xa, 0x2, [0x8000, 0x3, 0x80]}}, {{0x1c, 0x1, {0x5, 0x2, 0x4, 0x8001, 0x1, 0x8000, 0x2, 0x6}}, {0x10, 0x2, [0x5000, 0x0, 0x800, 0x680, 0x3, 0x8001]}}, {{0x1c, 0x1, {0xfc, 0x7, 0x7, 0x8, 0x3, 0x0, 0x80, 0x3}}, {0xa, 0x2, [0x6, 0x8, 0x8]}}, {{0x1c, 0x1, {0x8, 0x6, 0xff, 0x5, 0x1, 0x1, 0x4, 0xa}}, {0x18, 0x2, [0x0, 0x9, 0x6, 0x7, 0x7, 0x5, 0x6, 0x9, 0x800, 0xb]}}]}]}, 0xd8}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newtfilter={0x64, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffff, 0x9}, {}, {0x1, 0x6}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x34, 0x2, [@TCA_CGROUP_EMATCHES={0x30, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x24, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x20, 0x1, 0x0, 0x0, {{0x3, 0x9, 0x80}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x3}, @TCA_EM_IPT_MATCH_NAME={0xb}]}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}]}]}}]}, 0x64}}, 0x1) 903.986468ms ago: executing program 3 (id=3646): sendmsg$kcm(0xffffffffffffffff, 0x0, 0x48002) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10, &(0x7f0000000600)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$inet_opts(r0, 0x0, 0x1, &(0x7f0000000980)="9f", 0x1) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0), 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) connect$inet(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x14) r2 = accept(r1, &(0x7f0000000580)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000040)=0x80) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth1_virt_wifi\x00', 0x0}) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}]}}}, @IFLA_LINK={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x600}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r6}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x6a, 0xa, 0xff00}, [@call={0xc}, @exit, @map_fd, @jmp]}, &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@getchain={0x24, 0x11, 0x839, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r5, {0xfff1}, {0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x40000) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000001c0)=0x0, &(0x7f0000000200)=0x4) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000240)={0x0, @loopback}, &(0x7f0000000280)=0xc) getsockopt$IP_VS_SO_GET_DESTS(r8, 0x0, 0x484, &(0x7f0000000480)=""/80, &(0x7f0000000500)=0x50) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r2, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x44, r3, 0x0, 0x70bd28, 0x25dfdbff, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x11}, 0x4008810) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'virt_wifi0\x00', 0x8}) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r11, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)={0x20, 0x7, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x7}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4008800}, 0x40) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000780)={&(0x7f0000000d00)=ANY=[@ANYBLOB="9feb010018000000000000006400000064000000080000000100000000000008010000000100000000000008030000000e0000000000000c030000000100000005000006e09e00000b000000ff01000004000000070000000f00000007000900000000000000ffff1000000000000000080000000000000905000000005f5f303f"], 0x0, 0x84}, 0x20) 836.39211ms ago: executing program 0 (id=3647): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4000000010000000000000000000000000cf0000", @ANYRES32=0x0, @ANYBLOB="fd8938ddf449663a000000000000000020001280080001"], 0x40}}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="340000e312000100000000000000000007000000", @ANYRESOCT=r0, @ANYRES64=r0], 0x34}}, 0x440d0) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r2) recvfrom$l2tp(r2, &(0x7f0000000240)=""/211, 0xd3, 0x0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) 835.594014ms ago: executing program 4 (id=3648): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001000000ff7f0000000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\b\x00', @ANYRES32=r2], 0x24}}, 0x0) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x9, &(0x7f0000000000)=@raw=[@map_idx={0x18, 0x9, 0x5, 0x0, 0x10}, @ldst={0x0, 0x0, 0x1, 0xb, 0xa, 0xc}, @map_idx={0x18, 0xa, 0x5, 0x0, 0xf}, @generic={0x8, 0xe, 0x3, 0x3ff, 0x1}, @map_fd={0x18, 0x9, 0x1, 0x0, 0x1}, @exit], &(0x7f0000000140)='GPL\x00', 0x4, 0xc3, &(0x7f0000000180)=""/195, 0x40f00, 0x2, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x0, 0xc, 0x80000000}, 0x10, 0x0, 0x0, 0x1, &(0x7f00000002c0)=[0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000300)=[{0x3, 0x5, 0x3}], 0x10, 0x30000}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x10, 0x10, &(0x7f0000000480)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6a6740e4, 0x0, 0x0, 0x0, 0x1ff}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@exit], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000400)='syzkaller\x00', 0xffff, 0x47, &(0x7f0000000500)=""/71, 0x40f00, 0x39, '\x00', r1, @fallback=0x2a, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x8, 0x4}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, &(0x7f0000000600)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1], &(0x7f0000000640)=[{0x5, 0x3, 0x6, 0xa}], 0x10, 0xffff}, 0x94) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x1e, &(0x7f0000000740)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xd}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @map_fd={0x18, 0x8}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x4c5}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000840)='syzkaller\x00', 0x0, 0x22, &(0x7f0000000880)=""/34, 0x41100, 0x25, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000008c0)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000000900)={0x0, 0x0, 0x3, 0x8}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000940)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0x1], &(0x7f0000000980)=[{0x2, 0x4, 0xa, 0xb}, {0x2, 0x5, 0xf, 0x7}, {0x2, 0x3, 0xf, 0x6}], 0x10, 0x75}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0x22, 0x0, &(0x7f00000006c0)="f6f4e9a1d78ad62ceef1884366a578bb3fb7dbfc", 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000700)="0102", 0x0}, 0x50) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000a80)=@newlink={0x5c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0x300}, [@IFLA_XDP={0x2c, 0x2b, 0x0, 0x1, [@IFLA_XDP_EXPECTED_FD={0x8, 0x8, r3}, @IFLA_XDP_EXPECTED_FD={0x8}, @IFLA_XDP_FD={0x8, 0x1, r4}, @IFLA_XDP_EXPECTED_FD={0x8, 0x8, r5}, @IFLA_XDP_FD={0x8, 0x1, r5}]}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_OPERSTATE={0x5, 0x10, 0x5}]}, 0x5c}}, 0x0) 690.167378ms ago: executing program 0 (id=3649): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket(0x2a, 0x2, 0x4000) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) setsockopt$IP_VS_SO_SET_TIMEOUT(r3, 0x0, 0x48a, &(0x7f0000000040)={0xff, 0x7, 0x60}, 0xc) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'rose0\x00', 0x0}) syz_emit_ethernet(0x3b6, &(0x7f0000000940)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x380, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0xaab53b1d40238ebc, 0x0, 0x3f, 0x0, 0x0, [{0x3, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1902"}, {0x0, 0x1, "000000050000000026000400"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x0, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "b8a3e100908f6164000000020000000000000000000000ffff008879e66485201a0047bbda207357a02745000400"/55}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c"}, {0x0, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r4], 0x20}}, 0x0) 536.336201ms ago: executing program 1 (id=3650): bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)='%+9llu \x00'}, 0x20) (async, rerun: 32) r2 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100), 0x2, 0x0) (rerun: 32) write$cgroup_subtree(r2, &(0x7f0000000140)={[{0x0, 'net'}, {0x2d, 'blkio'}, {0x2d, 'blkio'}, {0x2d, 'memory'}]}, 0x1b) (async) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) (async) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='host1x_channel_submitted\x00', 0xffffffffffffffff, 0x0, 0x100000000}, 0x18) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, r4, 0x0, 0x6, &(0x7f0000000200)='memory'}, 0x30) (async) r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x4}, 0x50) (async, rerun: 64) r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400)=0xffffffffffffffff, 0x4) (async, rerun: 64) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={0xffffffffffffffff, 0xe0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000440)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x9, &(0x7f0000000480)=[0x0], &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x97, &(0x7f0000000500)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000540), &(0x7f0000000580), 0x8, 0xfa, 0x8, 0x8, &(0x7f00000005c0)}}, 0x10) (async, rerun: 32) r9 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000780)=@generic={&(0x7f0000000740)='./file0\x00', 0x0, 0x8}, 0x18) (rerun: 32) r10 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000800)=@generic={&(0x7f00000007c0)='./file0\x00', 0x0, 0x10}, 0x18) (async) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000008c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000840), &(0x7f0000000880)='%-010d \x00'}, 0x20) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x8, 0x3, &(0x7f0000000300)=@raw=[@alu={0x4, 0x0, 0x6aefdfeef4391c7d, 0x7, 0x9, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7}], &(0x7f0000000340)='GPL\x00', 0x0, 0x6c, &(0x7f0000000380)=""/108, 0x41000, 0x10, '\x00', 0x0, @fallback=0xf, r6, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r8, 0xffffffffffffffff, 0x9, &(0x7f0000000900)=[r9, r1, r10, r11, r0, r1, r0], &(0x7f0000000940)=[{0x3, 0x1, 0x9, 0xb}, {0x1, 0x2, 0xd, 0x5}, {0x5, 0x3, 0xb, 0x2}, {0x4, 0x4, 0x8, 0x2}, {0x0, 0x0, 0x3, 0x5}, {0x0, 0x5, 0x10, 0x7}, {0x0, 0x4, 0x1, 0xb}, {0x4, 0x5, 0x4, 0xb}, {0x3, 0x2, 0x3, 0x3}]}, 0x94) (async) r13 = bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x0, 0xffffffff, 0x7, 0x7, 0x40040, r9, 0x1, '\x00', r7, r6, 0x2, 0x0, 0x2}, 0x50) r14 = bpf$ITER_CREATE(0x21, &(0x7f0000000b40), 0x8) (async, rerun: 32) r15 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000bc0), 0xffffffffffffffff) (rerun: 32) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r14, &(0x7f0000000d00)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c00)={0xb8, r15, 0x400, 0x70bd29, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @broadcast}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @private=0xa010101}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}, @MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r7}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}]}, @MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}]}, @MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x1}, 0x20008800) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000f40)={r12, 0x0, 0xa, 0xff, &(0x7f0000000d40)="29027ea098374db44a26", &(0x7f0000000d80)=""/255, 0x0, 0x0, 0x62, 0x32, &(0x7f0000000e80)="1be8ee8ba1dc19bbb45ebd2cc201f0219e870c76d21b6849033a77f3adb16337281866635a61d624625f7001975835b5cf29875c6d89df7376843f6a26a6aa9899b2f3978a99548b1f15ad7da35bfa12b50c17f58d3bf0cc9c3bc151f30fd51acac5", &(0x7f0000000f00)="bf4d7516a76777d577775d0ca1f579e4e645f7e04dbfd8b9465ce6935325f38b8e213289d6a87b67defb2aabf4d7e8950192", 0x4, 0x0, 0x5}, 0x50) (async) r16 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001000), r14) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000001040)={'wlan0\x00', 0x0}) (rerun: 32) sendmsg$NL80211_CMD_REGISTER_FRAME(r14, &(0x7f0000001100)={&(0x7f0000000fc0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000010c0)={&(0x7f0000001080)={0x2c, r16, 0x20, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r17}, @void}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4048804}, 0x800) (async) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001380)={{r1, 0xffffffffffffffff}, &(0x7f0000001300), &(0x7f0000001340)='%ps \x00'}, 0x20) (async) r19 = bpf$MAP_CREATE(0x0, &(0x7f00000013c0)=@base={0x9, 0x9, 0x8000, 0xf68, 0x180, 0x1, 0x4, '\x00', r7, r14, 0x0, 0x1, 0x3}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001500)={0x11, 0x1a, &(0x7f0000001140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r13}}, {}, [@map_idx_val={0x18, 0x1, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x10}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001240)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x0, '\x00', r7, 0x0, r14, 0x8, &(0x7f0000001280)={0x1, 0x3}, 0x8, 0x10, &(0x7f00000012c0)={0x2, 0x10, 0x3}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000001440)=[r18, r1, r10, r19, r5], &(0x7f0000001480)=[{0x4, 0x2, 0x10, 0x4}, {0x3, 0x5, 0x4}, {0x5, 0x1, 0x8, 0xc}, {0x0, 0x5, 0x5, 0x6}, {0x2, 0x4, 0x0, 0x9}, {0x0, 0x3, 0xb, 0x7}, {0x2, 0x5, 0x5}], 0x10, 0x4}, 0x94) (async, rerun: 32) r20 = syz_genetlink_get_family_id$tipc(&(0x7f0000001600), r14) (rerun: 32) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r14, &(0x7f00000016c0)={&(0x7f00000015c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001680)={&(0x7f0000001640)={0x30, r20, 0x402, 0x70bd2d, 0x25dfdbfb, {{}, {}, {0x14, 0x19, {0x5, 0x8, 0x4, 0x2}}}, [""]}, 0x30}, 0x1, 0x0, 0x0, 0x68000}, 0x40000) (async) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001700)={0x1b, 0x0, 0x0, 0x401, 0x0, r1, 0x10, '\x00', r7, r14, 0x4, 0x0, 0x5}, 0x50) (async, rerun: 32) sendmsg$NL80211_CMD_START_AP(r14, &(0x7f0000001840)={&(0x7f0000001780)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001800)={&(0x7f00000017c0)={0x28, r16, 0x400, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r17}, @void}}, [@NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x101}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0x28}}, 0x10008841) (rerun: 32) bpf$MAP_CREATE(0x0, &(0x7f0000001880)=@bloom_filter={0x1e, 0x9, 0x3, 0x16, 0x3, r19, 0x7ff, '\x00', r7, r6, 0x3, 0x4, 0x5, 0x5}, 0x50) 352.256844ms ago: executing program 4 (id=3651): r0 = socket$alg(0x26, 0x5, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000015000200071b1700bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586"], &(0x7f0000000100)='GPL\x00'}, 0x48) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000280)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {0xc}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x58}}, 0x0) (async) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="af05200000020000329aea54c7d801000000000100000000", 0x18) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000000)=ANY=[@ANYRES8=0x0, @ANYBLOB="cb63c12521c2ccd44be2ec7fcf4cb8668e96302cb286ee18aa7504ecf8997919a0c121488cbb57fe7cfbfe0f3ab7afa8401fd4a214d4a4080032c85e5afb56b634256c8ecfedfad21c91f119fff0842bf100a383788ead0ae3eea8bff13221"], &(0x7f0000003ff6)='GPL\x00', 0x6, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) 350.919073ms ago: executing program 3 (id=3652): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) (async) getsockname$packet(r1, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="48004000000300d8250000000000", @ANYRES32=r2, @ANYBLOB="890c040000000000280012800b000100697036746e6c00001800028014000200fc0100000000000000000000000000e3"], 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x0) (async) sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @rand_addr=0x3}}}], 0x20}}], 0x1, 0x4040880) 271.198211ms ago: executing program 1 (id=3653): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x3}]}}}]}, 0x3c}}, 0x20004090) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket(0x10, 0x803, 0x0) r3 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000100)={0x20000014}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r2) getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000791038000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) sendmsg$nl_route(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="480000081000370494f560170000000000000000", @ANYRES32=r6, @ANYBLOB="83040500000000002800128008000100677265001c00028008000600ac1414bb06000e000200000006000f00b74b0000"], 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) sendmmsg$inet(r1, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880) 172.845578ms ago: executing program 4 (id=3654): socket$unix(0x1, 0x5, 0x0) r0 = socket$netlink(0x10, 0x3, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=@framed={{0x62, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x29}}, &(0x7f0000000480)='GPL\x00'}, 0x90) write(r0, &(0x7f00000000c0)="29000000140005b7ff000051915f95eb010100030006a40e07fff024bb000000000000000040000000", 0x29) 120.364906ms ago: executing program 0 (id=3655): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL80211_CMD_REQ_SET_REG(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, r2, 0x1, 0x70bd2b, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x8840) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002780)={{0x14}, [@NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x58, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x24, 0x5, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x10}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xb0}, 0x1, 0x0, 0x0, 0x1}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x33}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) 118.808207ms ago: executing program 3 (id=3656): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)=ANY=[], 0x8) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x16, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x95}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x90) 87.896217ms ago: executing program 1 (id=3657): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3d, &(0x7f0000000140)={0x2}, 0x8) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r1) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x80000000, 0x504, 0x0, 0xffffffffffffffff, 0xffffffff}, 0x50) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r3, @ANYBLOB="00668a0800000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) (async) setsockopt$sock_linger(r0, 0x1, 0x3d, &(0x7f0000000140)={0x2}, 0x8) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r1) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x80000000, 0x504, 0x0, 0xffffffffffffffff, 0xffffffff}, 0x50) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r3, @ANYBLOB="00668a0800000000"], 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) (async) 0s ago: executing program 4 (id=3658): r0 = socket$netlink(0x10, 0x3, 0x0) (async, rerun: 32) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) (async, rerun: 32) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000240)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x0, 0x3}}, 0x10) (async) r3 = socket$tipc(0x1e, 0x2, 0x0) r4 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000300)={0x42, 0x1}, 0x10) (async) socket$inet_udp(0x2, 0x2, 0x0) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, 0x0, 0x0) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 32) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 32) bind$inet(0xffffffffffffffff, &(0x7f0000000300)={0x2, 0x4e23, @local}, 0x10) r6 = socket$inet_tcp(0x2, 0x1, 0x0) (async) connect$qrtr(0xffffffffffffffff, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) (async) sendmsg$NL80211_CMD_LEAVE_IBSS(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000", @ANYRES16=r8, @ANYBLOB="d3b036022d67b7626cd2d34efcfd2d027cfeff9cd1cbf7d4c7737df1e20c8da54d558dfab6f21a2faca1506c5beae8"], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x20002840) (async, rerun: 64) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000)='batadv_slave_1\x00', 0x10) (async, rerun: 64) r9 = socket$inet(0x2, 0x801, 0x0) bind$inet(r9, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) (async) sendmsg$nl_route(r0, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYRESHEX=r8, @ANYRES32=0x0, @ANYBLOB="07fc89e3bfc33456ccb7ae4113e435fdd9b1b4b176385ed04e836e36fd66a087e0358c9e5e68d73113f7a29cc7a82bf7ff6600ee111e72ff06e2adc4478907f6c39c875e0b1d9c59742b5741e20f05804fbdcf85abe660798f"], 0x34}, 0x1, 0x0, 0x0, 0x41001}, 0x15) (async) bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-avx2\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x20000) (async) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x27}, 0x62) (async) setsockopt$nfc_llcp_NFC_LLCP_MIUX(0xffffffffffffffff, 0x118, 0x1, 0x0, 0x0) (async) sendmsg$tipc(r3, &(0x7f00000006c0)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x2, {0x41}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x44054}, 0x0) (async) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000340)=0x14) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5000000010000305fcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="1111020031880000280012800b0001006d61637365630000180002800c0004000300000100c2800008000500ffffffff08000500", @ANYRES32=r10], 0x50}, 0x1, 0x0, 0x0, 0x48890}, 0x0) kernel console output (not intermixed with test programs): 1669][T13811] 8021q: adding VLAN 0 to HW filter on device bond5 [ 279.960721][T13811] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address [ 279.973352][T13811] bond5: (slave vxcan3): Error -95 calling set_mac_address [ 279.986124][T13820] netlink: 'syz.0.2184': attribute type 33 has an invalid length. [ 279.994029][T13820] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2184'. [ 280.044145][T13814] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2184'. [ 280.067515][T13824] netlink: 'syz.2.2187': attribute type 3 has an invalid length. [ 280.086998][T13819] veth3: entered promiscuous mode [ 280.101431][T13824] netlink: 164 bytes leftover after parsing attributes in process `syz.2.2187'. [ 280.102321][T13819] bond5: (slave veth3): Enslaving as an active interface with a down link [ 280.178700][T13811] vlan3: entered allmulticast mode [ 280.186221][T13811] bond5: entered allmulticast mode [ 280.316921][T13833] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2188'. [ 280.334510][T13833] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2188'. [ 280.358674][T13833] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2188'. [ 280.490926][T13845] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2192'. [ 280.602154][T13855] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2193'. [ 280.762521][T13860] SET target dimension over the limit! [ 281.401381][T13905] netlink: zone id is out of range [ 281.409109][T13905] netlink: zone id is out of range [ 281.435557][T13905] netlink: zone id is out of range [ 281.440759][T13905] netlink: zone id is out of range [ 281.498549][T13905] netlink: zone id is out of range [ 281.503769][T13905] netlink: zone id is out of range [ 281.536092][T13905] netlink: zone id is out of range [ 281.554343][T13905] netlink: zone id is out of range [ 281.559539][T13905] netlink: zone id is out of range [ 281.593206][T13905] netlink: zone id is out of range [ 282.185835][T13947] syzkaller0: entered promiscuous mode [ 282.192710][T13947] syzkaller0: entered allmulticast mode [ 317.358368][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 339.598063][T13983] bridge_slave_0: invalid flags given to default FDB implementation [ 339.625416][T13985] validate_nla: 3 callbacks suppressed [ 339.625435][T13985] netlink: 'syz.0.2229': attribute type 13 has an invalid length. [ 339.724014][T13985] veth0_macvtap: left promiscuous mode [ 339.743383][T13985] macvtap0: entered allmulticast mode [ 339.791722][T13985] macvtap0: refused to change device tx_queue_len [ 339.900999][T14003] tipc: Enabling of bearer rejected, already enabled [ 340.069589][T14016] __nla_validate_parse: 8 callbacks suppressed [ 340.069608][T14016] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2241'. [ 340.129213][T14023] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 340.447679][T14040] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2246'. [ 340.813328][T14061] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2252'. [ 340.832006][T14061] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2252'. [ 340.844553][T14063] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2252'. [ 341.028470][T14061] bond0 (unregistering): Released all slaves [ 341.092874][T14072] 1ªî{X¹¦: left allmulticast mode [ 341.123796][T14072] 8021q: adding VLAN 0 to HW filter on device bond0 [ 341.138058][T14072] net_ratelimit: 3 callbacks suppressed [ 341.138071][T14072] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 341.299456][T14084] netlink: 'syz.1.2259': attribute type 5 has an invalid length. [ 341.478230][T14090] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2261'. [ 341.492332][T14090] bridge_slave_1: default FDB implementation only supports local addresses [ 342.067220][T14128] netlink: 'syz.3.2273': attribute type 3 has an invalid length. [ 342.362491][T14138] xt_ecn: cannot match TCP bits for non-tcp packets [ 342.487586][T14110] lo: left allmulticast mode [ 342.511931][T14110] tunl0: left allmulticast mode [ 342.542767][T14110] gre0: left allmulticast mode [ 342.561422][T14110] 0ªî{X¹¦: left allmulticast mode [ 342.571090][T14110] erspan0: left allmulticast mode [ 342.586606][T14110] ip_vti0: left allmulticast mode [ 342.612947][T14110] ip6_vti0: left allmulticast mode [ 342.621850][T14110] sit0: left allmulticast mode [ 342.637597][T14110] ip6tnl0: left allmulticast mode [ 342.645800][T14110] ip6gre0: left allmulticast mode [ 342.653346][T14110] syz_tun: left allmulticast mode [ 342.663500][T14110] ip6gretap0: left allmulticast mode [ 342.674568][T14110] vcan0: left allmulticast mode [ 342.681054][T14110] team0: left allmulticast mode [ 342.690002][T14110] 8021q: adding VLAN 0 to HW filter on device team0 [ 342.707697][T14110] dummy0: left allmulticast mode [ 342.760988][T14110] nlmon0: left allmulticast mode [ 342.792864][T14110] caif0: left allmulticast mode [ 342.808324][T14110] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 343.450598][T14195] sch_tbf: burst 0 is lower than device lo mtu (11337746) ! [ 343.596862][T14200] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2291'. [ 343.778225][T14200] 8021q: adding VLAN 0 to HW filter on device bond7 [ 343.805722][T14212] delete_channel: no stack [ 344.119937][T14224] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2300'. [ 344.163399][T14225] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2299'. [ 344.336827][T14233] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2302'. [ 344.347706][T14237] tipc: Enabling of bearer rejected, failed to enable media [ 344.547477][T14251] netlink: 'syz.3.2304': attribute type 5 has an invalid length. [ 344.708958][T14264] netlink: 'syz.0.2310': attribute type 1 has an invalid length. [ 345.198978][T14285] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 345.670830][T14305] Cannot find del_set index 4 as target [ 345.809633][T14308] __nla_validate_parse: 4 callbacks suppressed [ 345.809653][T14308] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2323'. [ 346.179777][ T5918] IPVS: starting estimator thread 0... [ 346.309427][T14337] IPVS: using max 24 ests per chain, 57600 per kthread [ 346.539860][ T30] audit: type=1800 audit(1753786735.742:4): pid=14356 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2332" name="memory.events" dev="tmpfs" ino=2534 res=0 errno=0 [ 346.579426][ T30] audit: type=1804 audit(1753786735.782:5): pid=14356 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2332" name="/newroot/495/memory.events" dev="tmpfs" ino=2534 res=1 errno=0 [ 346.762086][T14353] syzkaller1: entered promiscuous mode [ 346.774568][T14353] syzkaller1: entered allmulticast mode [ 347.162630][T14376] netlink: 'syz.1.2338': attribute type 2 has an invalid length. [ 347.189332][T14376] netlink: 'syz.1.2338': attribute type 11 has an invalid length. [ 347.224107][T14376] netlink: 149476 bytes leftover after parsing attributes in process `syz.1.2338'. [ 347.353481][T14381] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2340'. [ 347.388432][T14381] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2340'. [ 347.398001][T14381] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2340'. [ 347.608693][T14390] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2344'. [ 347.938112][T14412] openvswitch: netlink: IPv4 tun info is not correct [ 347.943154][T14414] netlink: 'syz.1.2351': attribute type 10 has an invalid length. [ 348.046593][T14414] pim6reg1: entered promiscuous mode [ 348.067506][T14414] pim6reg1: entered allmulticast mode [ 348.084467][T14420] syzkaller0: entered promiscuous mode [ 348.090025][T14420] syzkaller0: entered allmulticast mode [ 348.115147][T14427] Bluetooth: MGMT ver 1.23 [ 348.329539][T14443] netlink: 'syz.3.2353': attribute type 1 has an invalid length. [ 348.382752][T14448] : renamed from bridge_slave_0 [ 348.612767][T14458] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2359'. [ 348.755030][T14461] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2361'. [ 349.173523][T14494] netlink: 'syz.4.2369': attribute type 11 has an invalid length. [ 349.282739][T14501] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2373'. [ 349.349844][T14498] x_tables: duplicate underflow at hook 2 [ 349.408305][T14508] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2375'. [ 349.791823][T14531] netlink: zone id is out of range [ 349.807058][T14531] netlink: zone id is out of range [ 349.822520][T14531] netlink: zone id is out of range [ 349.832617][T14531] netlink: zone id is out of range [ 349.852894][T14531] netlink: get zone limit has 8 unknown bytes [ 349.862109][T14531] netlink: zone id is out of range [ 349.873234][T14531] netlink: zone id is out of range [ 349.906462][T14531] netlink: zone id is out of range [ 349.913813][T14535] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 350.342492][T14565] netlink: 'syz.2.2392': attribute type 23 has an invalid length. [ 350.424892][T14568] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 350.433533][T14568] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 350.444025][T14568] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 350.452502][T14568] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 350.563864][T14573] FAULT_INJECTION: forcing a failure. [ 350.563864][T14573] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 350.580856][T14573] CPU: 0 UID: 0 PID: 14573 Comm: syz.3.2395 Not tainted 6.16.0-rc7-syzkaller-00100-gafd8c2c9e2e2 #0 PREEMPT(full) [ 350.580879][T14573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 350.580889][T14573] Call Trace: [ 350.580895][T14573] [ 350.580902][T14573] dump_stack_lvl+0x189/0x250 [ 350.580926][T14573] ? __pfx____ratelimit+0x10/0x10 [ 350.580944][T14573] ? __pfx_dump_stack_lvl+0x10/0x10 [ 350.580961][T14573] ? __pfx__printk+0x10/0x10 [ 350.580982][T14573] ? __might_fault+0xb0/0x130 [ 350.581012][T14573] should_fail_ex+0x414/0x560 [ 350.581032][T14573] _copy_from_iter+0x1db/0x16f0 [ 350.581055][T14573] ? rcu_is_watching+0x15/0xb0 [ 350.581073][T14573] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 350.581096][T14573] ? __pfx__copy_from_iter+0x10/0x10 [ 350.581116][T14573] ? __build_skb_around+0x257/0x3e0 [ 350.581154][T14573] ? netlink_sendmsg+0x642/0xb30 [ 350.581174][T14573] ? skb_put+0x11b/0x210 [ 350.581197][T14573] netlink_sendmsg+0x6b2/0xb30 [ 350.581225][T14573] ? __pfx_netlink_sendmsg+0x10/0x10 [ 350.581249][T14573] ? aa_sock_msg_perm+0x94/0x160 [ 350.581266][T14573] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 350.581281][T14573] ? __pfx_netlink_sendmsg+0x10/0x10 [ 350.581303][T14573] __sock_sendmsg+0x21c/0x270 [ 350.581323][T14573] ____sys_sendmsg+0x505/0x830 [ 350.581341][T14573] ? __pfx_____sys_sendmsg+0x10/0x10 [ 350.581362][T14573] ? import_iovec+0x74/0xa0 [ 350.581385][T14573] ___sys_sendmsg+0x21f/0x2a0 [ 350.581400][T14573] ? __pfx____sys_sendmsg+0x10/0x10 [ 350.581456][T14573] ? __fget_files+0x2a/0x420 [ 350.581474][T14573] ? __fget_files+0x3a0/0x420 [ 350.581504][T14573] __x64_sys_sendmsg+0x19b/0x260 [ 350.581527][T14573] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 350.581557][T14573] ? __pfx_ksys_write+0x10/0x10 [ 350.581591][T14573] ? do_syscall_64+0xbe/0x3b0 [ 350.581615][T14573] do_syscall_64+0xfa/0x3b0 [ 350.581630][T14573] ? lockdep_hardirqs_on+0x9c/0x150 [ 350.581646][T14573] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.581660][T14573] ? clear_bhb_loop+0x60/0xb0 [ 350.581678][T14573] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.581692][T14573] RIP: 0033:0x7ff600f8e9a9 [ 350.581705][T14573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 350.581718][T14573] RSP: 002b:00007ff601da0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 350.581733][T14573] RAX: ffffffffffffffda RBX: 00007ff6011b5fa0 RCX: 00007ff600f8e9a9 [ 350.581744][T14573] RDX: 0000000004004010 RSI: 00002000000001c0 RDI: 0000000000000003 [ 350.581753][T14573] RBP: 00007ff601da0090 R08: 0000000000000000 R09: 0000000000000000 [ 350.581762][T14573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 350.581770][T14573] R13: 0000000000000000 R14: 00007ff6011b5fa0 R15: 00007ffd71dd84c8 [ 350.581792][T14573] [ 351.323227][T14594] __nla_validate_parse: 42 callbacks suppressed [ 351.323246][T14594] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2404'. [ 351.332338][T14591] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2402'. [ 351.349107][T14594] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2404'. [ 351.446465][T14604] FAULT_INJECTION: forcing a failure. [ 351.446465][T14604] name failslab, interval 1, probability 0, space 0, times 0 [ 351.463657][T14603] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2402'. [ 351.478309][T14591] 8021q: adding VLAN 0 to HW filter on device bond8 [ 351.487679][T14604] CPU: 0 UID: 0 PID: 14604 Comm: syz.3.2406 Not tainted 6.16.0-rc7-syzkaller-00100-gafd8c2c9e2e2 #0 PREEMPT(full) [ 351.487708][T14604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 351.487721][T14604] Call Trace: [ 351.487729][T14604] [ 351.487747][T14604] dump_stack_lvl+0x189/0x250 [ 351.487778][T14604] ? __pfx____ratelimit+0x10/0x10 [ 351.487801][T14604] ? __pfx_dump_stack_lvl+0x10/0x10 [ 351.487825][T14604] ? __pfx__printk+0x10/0x10 [ 351.487861][T14604] ? ref_tracker_alloc+0x318/0x460 [ 351.487887][T14604] should_fail_ex+0x414/0x560 [ 351.487914][T14604] should_failslab+0xa8/0x100 [ 351.487948][T14604] kmem_cache_alloc_noprof+0x73/0x3c0 [ 351.487975][T14604] ? skb_clone+0x212/0x3a0 [ 351.488001][T14604] skb_clone+0x212/0x3a0 [ 351.488026][T14604] __netlink_deliver_tap+0x404/0x850 [ 351.488070][T14604] ? netlink_deliver_tap+0x2e/0x1b0 [ 351.488101][T14604] netlink_deliver_tap+0x19c/0x1b0 [ 351.488132][T14604] netlink_unicast+0x730/0x8e0 [ 351.488171][T14604] netlink_sendmsg+0x805/0xb30 [ 351.488208][T14604] ? __pfx_netlink_sendmsg+0x10/0x10 [ 351.488242][T14604] ? aa_sock_msg_perm+0x94/0x160 [ 351.488266][T14604] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 351.488289][T14604] ? __pfx_netlink_sendmsg+0x10/0x10 [ 351.488319][T14604] __sock_sendmsg+0x21c/0x270 [ 351.488347][T14604] ____sys_sendmsg+0x505/0x830 [ 351.488374][T14604] ? __pfx_____sys_sendmsg+0x10/0x10 [ 351.488405][T14604] ? import_iovec+0x74/0xa0 [ 351.488438][T14604] ___sys_sendmsg+0x21f/0x2a0 [ 351.488461][T14604] ? __pfx____sys_sendmsg+0x10/0x10 [ 351.488519][T14604] ? __fget_files+0x2a/0x420 [ 351.488537][T14604] ? __fget_files+0x3a0/0x420 [ 351.488566][T14604] __x64_sys_sendmsg+0x19b/0x260 [ 351.488588][T14604] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 351.488620][T14604] ? __pfx_ksys_write+0x10/0x10 [ 351.488645][T14604] ? rcu_is_watching+0x15/0xb0 [ 351.488676][T14604] ? do_syscall_64+0xbe/0x3b0 [ 351.488704][T14604] do_syscall_64+0xfa/0x3b0 [ 351.488727][T14604] ? lockdep_hardirqs_on+0x9c/0x150 [ 351.488757][T14604] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.488777][T14604] ? clear_bhb_loop+0x60/0xb0 [ 351.488802][T14604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.488823][T14604] RIP: 0033:0x7ff600f8e9a9 [ 351.488842][T14604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 351.488859][T14604] RSP: 002b:00007ff601da0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 351.488880][T14604] RAX: ffffffffffffffda RBX: 00007ff6011b5fa0 RCX: 00007ff600f8e9a9 [ 351.488894][T14604] RDX: 0000000004004010 RSI: 00002000000001c0 RDI: 0000000000000003 [ 351.488919][T14604] RBP: 00007ff601da0090 R08: 0000000000000000 R09: 0000000000000000 [ 351.488931][T14604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 351.488942][T14604] R13: 0000000000000000 R14: 00007ff6011b5fa0 R15: 00007ffd71dd84c8 [ 351.488975][T14604] [ 352.342855][T14647] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.2418'. [ 352.500377][T14658] FAULT_INJECTION: forcing a failure. [ 352.500377][T14658] name failslab, interval 1, probability 0, space 0, times 0 [ 352.513389][T14658] CPU: 1 UID: 0 PID: 14658 Comm: syz.3.2422 Not tainted 6.16.0-rc7-syzkaller-00100-gafd8c2c9e2e2 #0 PREEMPT(full) [ 352.513415][T14658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 352.513427][T14658] Call Trace: [ 352.513434][T14658] [ 352.513442][T14658] dump_stack_lvl+0x189/0x250 [ 352.513470][T14658] ? __pfx____ratelimit+0x10/0x10 [ 352.513491][T14658] ? __pfx_dump_stack_lvl+0x10/0x10 [ 352.513513][T14658] ? __pfx__printk+0x10/0x10 [ 352.513548][T14658] ? __pfx___might_resched+0x10/0x10 [ 352.513570][T14658] ? fs_reclaim_acquire+0x7d/0x100 [ 352.513593][T14658] should_fail_ex+0x414/0x560 [ 352.513617][T14658] should_failslab+0xa8/0x100 [ 352.513646][T14658] __kmalloc_noprof+0xcb/0x4f0 [ 352.513670][T14658] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 352.513690][T14658] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 352.513720][T14658] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 352.513749][T14658] genl_family_rcv_msg_doit+0xb8/0x300 [ 352.513777][T14658] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 352.513801][T14658] ? rcu_is_watching+0x15/0xb0 [ 352.513826][T14658] ? apparmor_capable+0x137/0x1b0 [ 352.513853][T14658] ? bpf_lsm_capable+0x9/0x20 [ 352.513877][T14658] ? security_capable+0x7e/0x2e0 [ 352.513903][T14658] genl_rcv_msg+0x60e/0x790 [ 352.513929][T14658] ? __pfx_genl_rcv_msg+0x10/0x10 [ 352.513947][T14658] ? ref_tracker_free+0x63a/0x7d0 [ 352.513962][T14658] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 352.513976][T14658] ? __pfx_nl80211_connect+0x10/0x10 [ 352.513994][T14658] ? __pfx_nl80211_post_doit+0x10/0x10 [ 352.514009][T14658] ? __pfx_ref_tracker_free+0x10/0x10 [ 352.514033][T14658] netlink_rcv_skb+0x205/0x470 [ 352.514056][T14658] ? __pfx_genl_rcv_msg+0x10/0x10 [ 352.514074][T14658] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 352.514108][T14658] ? down_read+0x1ad/0x2e0 [ 352.514129][T14658] genl_rcv+0x28/0x40 [ 352.514144][T14658] netlink_unicast+0x759/0x8e0 [ 352.514174][T14658] netlink_sendmsg+0x805/0xb30 [ 352.514206][T14658] ? __pfx_netlink_sendmsg+0x10/0x10 [ 352.514231][T14658] ? aa_sock_msg_perm+0x94/0x160 [ 352.514256][T14658] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 352.514275][T14658] ? __pfx_netlink_sendmsg+0x10/0x10 [ 352.514303][T14658] __sock_sendmsg+0x21c/0x270 [ 352.514327][T14658] ____sys_sendmsg+0x505/0x830 [ 352.514346][T14658] ? __pfx_____sys_sendmsg+0x10/0x10 [ 352.514367][T14658] ? import_iovec+0x74/0xa0 [ 352.514392][T14658] ___sys_sendmsg+0x21f/0x2a0 [ 352.514408][T14658] ? __pfx____sys_sendmsg+0x10/0x10 [ 352.514449][T14658] ? __fget_files+0x2a/0x420 [ 352.514462][T14658] ? __fget_files+0x3a0/0x420 [ 352.514483][T14658] __x64_sys_sendmsg+0x19b/0x260 [ 352.514499][T14658] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 352.514521][T14658] ? __pfx_ksys_write+0x10/0x10 [ 352.514564][T14658] ? rcu_is_watching+0x15/0xb0 [ 352.514586][T14658] ? do_syscall_64+0xbe/0x3b0 [ 352.514608][T14658] do_syscall_64+0xfa/0x3b0 [ 352.514626][T14658] ? lockdep_hardirqs_on+0x9c/0x150 [ 352.514654][T14658] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.514669][T14658] ? clear_bhb_loop+0x60/0xb0 [ 352.514687][T14658] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.514701][T14658] RIP: 0033:0x7ff600f8e9a9 [ 352.514715][T14658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 352.514728][T14658] RSP: 002b:00007ff601da0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 352.514744][T14658] RAX: ffffffffffffffda RBX: 00007ff6011b5fa0 RCX: 00007ff600f8e9a9 [ 352.514755][T14658] RDX: 0000000004004010 RSI: 00002000000001c0 RDI: 0000000000000003 [ 352.514765][T14658] RBP: 00007ff601da0090 R08: 0000000000000000 R09: 0000000000000000 [ 352.514774][T14658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 352.514783][T14658] R13: 0000000000000000 R14: 00007ff6011b5fa0 R15: 00007ffd71dd84c8 [ 352.514806][T14658] [ 353.091640][T14671] netlink: 788 bytes leftover after parsing attributes in process `syz.2.2426'. [ 353.199344][ C1] net_ratelimit: 157 callbacks suppressed [ 353.199366][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 353.414877][T14683] netlink: 27 bytes leftover after parsing attributes in process `syz.3.2432'. [ 353.474473][T14683] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2432'. [ 353.478357][T14687] FAULT_INJECTION: forcing a failure. [ 353.478357][T14687] name failslab, interval 1, probability 0, space 0, times 0 [ 353.497345][T14688] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_team, syncid = 4, id = 0 [ 353.535325][T14687] CPU: 0 UID: 0 PID: 14687 Comm: syz.4.2434 Not tainted 6.16.0-rc7-syzkaller-00100-gafd8c2c9e2e2 #0 PREEMPT(full) [ 353.535357][T14687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 353.535370][T14687] Call Trace: [ 353.535379][T14687] [ 353.535389][T14687] dump_stack_lvl+0x189/0x250 [ 353.535419][T14687] ? __pfx____ratelimit+0x10/0x10 [ 353.535443][T14687] ? __pfx_dump_stack_lvl+0x10/0x10 [ 353.535474][T14687] ? __pfx__printk+0x10/0x10 [ 353.535509][T14687] ? __pfx___might_resched+0x10/0x10 [ 353.535533][T14687] ? fs_reclaim_acquire+0x7d/0x100 [ 353.535559][T14687] should_fail_ex+0x414/0x560 [ 353.535586][T14687] should_failslab+0xa8/0x100 [ 353.535619][T14687] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 353.535648][T14687] ? __alloc_skb+0x112/0x2d0 [ 353.535684][T14687] __alloc_skb+0x112/0x2d0 [ 353.535718][T14687] netlink_ack+0x146/0xa50 [ 353.535744][T14687] ? __pfx_genl_rcv_msg+0x10/0x10 [ 353.535765][T14687] ? ref_tracker_free+0x63a/0x7d0 [ 353.535786][T14687] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 353.535806][T14687] ? __pfx_nl80211_post_doit+0x10/0x10 [ 353.535827][T14687] ? __pfx_ref_tracker_free+0x10/0x10 [ 353.535862][T14687] netlink_rcv_skb+0x28c/0x470 [ 353.535892][T14687] ? __pfx_genl_rcv_msg+0x10/0x10 [ 353.535917][T14687] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 353.535967][T14687] ? down_read+0x1ad/0x2e0 [ 353.535996][T14687] genl_rcv+0x28/0x40 [ 353.536016][T14687] netlink_unicast+0x759/0x8e0 [ 353.536056][T14687] netlink_sendmsg+0x805/0xb30 [ 353.536098][T14687] ? __pfx_netlink_sendmsg+0x10/0x10 [ 353.536133][T14687] ? aa_sock_msg_perm+0x94/0x160 [ 353.536158][T14687] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 353.536180][T14687] ? __pfx_netlink_sendmsg+0x10/0x10 [ 353.536233][T14687] __sock_sendmsg+0x21c/0x270 [ 353.536262][T14687] ____sys_sendmsg+0x505/0x830 [ 353.536290][T14687] ? __pfx_____sys_sendmsg+0x10/0x10 [ 353.536321][T14687] ? import_iovec+0x74/0xa0 [ 353.536360][T14687] ___sys_sendmsg+0x21f/0x2a0 [ 353.536383][T14687] ? __pfx____sys_sendmsg+0x10/0x10 [ 353.536445][T14687] ? __fget_files+0x2a/0x420 [ 353.536462][T14687] ? __fget_files+0x3a0/0x420 [ 353.536504][T14687] __x64_sys_sendmsg+0x19b/0x260 [ 353.536527][T14687] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 353.536559][T14687] ? __pfx_ksys_write+0x10/0x10 [ 353.536584][T14687] ? rcu_is_watching+0x15/0xb0 [ 353.536615][T14687] ? do_syscall_64+0xbe/0x3b0 [ 353.536644][T14687] do_syscall_64+0xfa/0x3b0 [ 353.536666][T14687] ? lockdep_hardirqs_on+0x9c/0x150 [ 353.536688][T14687] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.536709][T14687] ? clear_bhb_loop+0x60/0xb0 [ 353.536735][T14687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.536754][T14687] RIP: 0033:0x7f012f78e9a9 [ 353.536773][T14687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 353.536791][T14687] RSP: 002b:00007f0130644038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 353.536813][T14687] RAX: ffffffffffffffda RBX: 00007f012f9b5fa0 RCX: 00007f012f78e9a9 [ 353.536828][T14687] RDX: 0000000004004010 RSI: 00002000000001c0 RDI: 0000000000000003 [ 353.536842][T14687] RBP: 00007f0130644090 R08: 0000000000000000 R09: 0000000000000000 [ 353.536855][T14687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 353.536867][T14687] R13: 0000000000000000 R14: 00007f012f9b5fa0 R15: 00007ffc65f707a8 [ 353.536901][T14687] [ 353.950160][T14696] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2436'. [ 354.005637][T14695] netlink: 'syz.3.2437': attribute type 11 has an invalid length. [ 354.024555][T14698] netlink: 'syz.1.2440': attribute type 1 has an invalid length. [ 354.131721][T14698] bond0: entered promiscuous mode [ 354.137321][T14698] 8021q: adding VLAN 0 to HW filter on device bond0 [ 354.293009][T14703] 8021q: adding VLAN 0 to HW filter on device bond0 [ 354.301442][T14722] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2445'. [ 354.311506][T14703] bond0: (slave wireguard0): The slave device specified does not support setting the MAC address [ 354.328777][T14703] bond0: (slave wireguard0): Setting fail_over_mac to active for active-backup mode [ 354.345755][T14724] netlink: 'syz.3.2444': attribute type 30 has an invalid length. [ 354.363863][T14703] bond0: (slave wireguard0): making interface the new active one [ 354.372469][T14703] wireguard0: entered promiscuous mode [ 354.379889][T14703] bond0: (slave wireguard0): Enslaving as an active interface with an up link [ 355.430224][T14789] syzkaller0: refused to change device tx_queue_len [ 355.432949][T14793] xt_ipcomp: unknown flags B [ 355.456242][T14795] netlink: 'syz.0.2469': attribute type 11 has an invalid length. [ 355.484472][T14795] netlink: 'syz.0.2469': attribute type 11 has an invalid length. [ 355.556334][T14800] netlink: 'syz.2.2471': attribute type 1 has an invalid length. [ 355.886713][T14817] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 356.351890][T14848] __nla_validate_parse: 7 callbacks suppressed [ 356.351911][T14848] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2484'. [ 356.542066][T14848] netlink: 'syz.2.2484': attribute type 21 has an invalid length. [ 356.567000][T14848] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2484'. [ 356.605339][T14855] bond0: Device is already in use. [ 356.618941][T14848] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 356.628180][T14848] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 356.637048][T14848] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 356.646415][T14848] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 356.778385][T14867] team0: Refused to change device type [ 356.999228][T14882] xt_hashlimit: size too large, truncated to 1048576 [ 357.736826][T14928] sctp: [Deprecated]: syz.3.2507 (pid 14928) Use of int in maxseg socket option. [ 357.736826][T14928] Use struct sctp_assoc_value instead [ 357.989085][T14941] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 358.008225][T14942] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2508'. [ 358.036750][T14942] netlink: 'syz.1.2508': attribute type 5 has an invalid length. [ 358.078665][T14942] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2508'. [ 358.120921][T14942] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 256 - 0 [ 358.149123][T14942] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 256 - 0 [ 358.160210][T14942] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 256 - 0 [ 358.178395][T14942] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 256 - 0 [ 358.187239][T14942] geneve2: entered promiscuous mode [ 358.192672][T14942] geneve2: entered allmulticast mode [ 358.200724][T14954] tipc: Enabling of bearer rejected, failed to enable media [ 358.314572][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 358.374175][T14963] sctp: [Deprecated]: syz.4.2516 (pid 14963) Use of struct sctp_assoc_value in delayed_ack socket option. [ 358.374175][T14963] Use struct sctp_sack_info instead [ 358.382688][T14962] netlink: 'syz.1.2515': attribute type 10 has an invalid length. [ 358.405951][T14962] veth1_macvtap: left allmulticast mode [ 358.727710][T14984] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2524'. [ 358.749607][T14983] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2523'. [ 358.772657][T14989] netlink: 'syz.4.2525': attribute type 1 has an invalid length. [ 358.783840][T14980] netlink: 'syz.0.2522': attribute type 4 has an invalid length. [ 358.793969][T14983] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2523'. [ 358.932923][T14989] 8021q: adding VLAN 0 to HW filter on device bond6 [ 358.958913][T14990] bond6: (slave gretap2): making interface the new active one [ 358.972763][T14990] bond6: (slave gretap2): Enslaving as an active interface with an up link [ 359.007133][T14983] delete_channel: no stack [ 359.038932][T14997] x_tables: duplicate underflow at hook 2 [ 359.187520][T15007] netlink: 'syz.2.2530': attribute type 1 has an invalid length. [ 359.730293][T15030] tipc: Enabled bearer , priority 0 [ 359.749343][T15031] syzkaller0: entered promiscuous mode [ 359.765241][T15031] syzkaller0: entered allmulticast mode [ 359.791617][T15020] tipc: Resetting bearer [ 359.819843][T15039] netlink: 'syz.0.2538': attribute type 1 has an invalid length. [ 359.840862][T15020] tipc: Disabling bearer [ 359.955527][T15045] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2539'. [ 359.972350][T15045] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2539'. [ 359.982531][T15039] 8021q: adding VLAN 0 to HW filter on device bond9 [ 360.009095][T15044] netlink: 256 bytes leftover after parsing attributes in process `syz.4.2541'. [ 360.042484][T15044] netlink: 'syz.4.2541': attribute type 9 has an invalid length. [ 360.081077][T15056] netlink: 'syz.4.2541': attribute type 3 has an invalid length. [ 360.129205][T15041] 8021q: adding VLAN 0 to HW filter on device bond9 [ 360.184933][T15041] bond9: (slave vxcan3): The slave device specified does not support setting the MAC address [ 360.201014][T15041] bond9: (slave vxcan3): Error -95 calling set_mac_address [ 360.311441][T15046] veth9: entered promiscuous mode [ 360.334931][T15046] bond9: (slave veth9): Enslaving as an active interface with a down link [ 360.678724][T15085] x_tables: unsorted entry at hook 2 [ 361.374735][T15140] __nla_validate_parse: 3 callbacks suppressed [ 361.374755][T15140] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2560'. [ 361.648686][T15153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 361.692462][T15158] macvlan0: entered promiscuous mode [ 361.736586][T15157] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2568'. [ 361.776233][T15157] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2568'. [ 361.790116][T15163] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2571'. [ 361.808344][T15157] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 361.823698][T15163] vlan4: entered allmulticast mode [ 361.831397][T15163] mac80211_hwsim hwsim36 wlan0: entered allmulticast mode [ 361.831446][T15157] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 361.851367][T15163] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 361.893036][T15157] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 361.970198][T15176] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2575'. [ 362.000550][T15174] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2571'. [ 362.010255][T15174] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2571'. [ 362.020987][T15174] netlink: 38 bytes leftover after parsing attributes in process `syz.2.2571'. [ 362.041815][T15174] tipc: Enabling of bearer rejected, already enabled [ 362.051965][T15174] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2571'. [ 362.248576][T15193] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2581'. [ 362.303640][T15195] siw: device registration error -23 [ 362.745294][T15212] ieee80211 phy40: Failed to add default virtual iface [ 362.770196][T15224] IPVS: set_ctl: invalid protocol: 11612 172.20.20.11:5 [ 363.032858][T15242] x_tables: duplicate underflow at hook 1 [ 363.225188][T15238] vlan0 (unregistering): left allmulticast mode [ 363.231622][T15238] veth0_vlan (unregistering): left allmulticast mode [ 363.293353][T15250] netlink: 'syz.1.2596': attribute type 1 has an invalid length. [ 363.642015][T15238] veth1_vlan (unregistering): left allmulticast mode [ 363.705612][T15238] macvlan0 (unregistering): left allmulticast mode [ 365.127074][T15346] pimreg: entered allmulticast mode [ 365.407374][T15362] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 365.559998][T15372] openvswitch: netlink: Flow key attr not present in new flow. [ 365.611832][T15381] bond0: left promiscuous mode [ 365.625320][T15381] wireguard0: left promiscuous mode [ 365.729786][T15386] netlink: 'syz.2.2635': attribute type 1 has an invalid length. [ 365.769668][T15387] netlink: 'syz.2.2635': attribute type 1 has an invalid length. [ 365.839848][T15395] netlink: 'syz.0.2637': attribute type 1 has an invalid length. [ 366.038991][T15406] netlink: 'syz.3.2641': attribute type 1 has an invalid length. [ 366.131213][T15409] can: request_module (can-proto-0) failed. [ 366.153878][T15406] 8021q: adding VLAN 0 to HW filter on device bond3 [ 366.458485][T15438] __nla_validate_parse: 20 callbacks suppressed [ 366.458506][T15438] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2651'. [ 366.572884][T15440] bridge7: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 366.795763][T15459] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2658'. [ 367.000189][T15468] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2661'. [ 367.290097][ T7073] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 367.316304][ T10] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 367.332105][ T7073] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 367.366820][T15479] netlink: 14544 bytes leftover after parsing attributes in process `syz.0.2662'. [ 367.474591][ T5918] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 367.519383][T15493] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2665'. [ 367.599922][T15493] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2665'. [ 367.664754][T15493] netlink: 'syz.2.2665': attribute type 5 has an invalid length. [ 367.738617][T15503] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 367.849703][T15507] netlink: 232 bytes leftover after parsing attributes in process `syz.3.2670'. [ 367.988384][T15515] netlink: 'syz.4.2672': attribute type 1 has an invalid length. [ 368.049007][T15521] netlink: 'syz.0.2674': attribute type 10 has an invalid length. [ 368.083487][T15523] netlink: 'syz.3.2673': attribute type 1 has an invalid length. [ 368.140626][T15515] 8021q: adding VLAN 0 to HW filter on device bond7 [ 368.154857][ T10] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 368.178388][T15528] netlink: 'syz.2.2675': attribute type 1 has an invalid length. [ 368.257126][T15518] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2673'. [ 368.453163][T15527] 8021q: adding VLAN 0 to HW filter on device bond5 [ 368.499731][T15527] bond4: (slave bond5): making interface the new active one [ 368.528607][T15527] bond4: (slave bond5): Enslaving as an active interface with an up link [ 368.603658][T15526] bond7: (slave gretap3): making interface the new active one [ 368.613937][T15526] bond7: (slave gretap3): Enslaving as an active interface with an up link [ 368.661623][T15528] 8021q: adding VLAN 0 to HW filter on device bond4 [ 368.721099][T15550] netlink: 'syz.4.2678': attribute type 10 has an invalid length. [ 368.727813][T15518] 8021q: adding VLAN 0 to HW filter on device bond4 [ 368.784480][T15547] tap0: tun_chr_ioctl cmd 1074025678 [ 368.789867][T15547] tap0: group set to 0 [ 368.820878][T15550] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 368.901187][T15554] IPVS: set_ctl: invalid protocol: 33646 111.130.41.53:42943 [ 368.949420][T15556] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2680'. [ 368.969837][T15556] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2680'. [ 369.286967][T15572] netdevsim netdevsim4 ÿÿÿÿÿÿ: renamed from netdevsim0 [ 369.534148][T15587] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 369.999863][T15598] bridge: RTM_NEWNEIGH with invalid ether address [ 371.354502][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 371.669313][T15623] netlink: 'syz.4.2699': attribute type 1 has an invalid length. [ 372.028629][T15650] sctp: [Deprecated]: syz.2.2709 (pid 15650) Use of int in max_burst socket option deprecated. [ 372.028629][T15650] Use struct sctp_assoc_value instead [ 372.127283][T15657] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 372.276330][T15666] __nla_validate_parse: 1 callbacks suppressed [ 372.276350][T15666] netlink: 5492 bytes leftover after parsing attributes in process `syz.2.2711'. [ 372.638554][T15687] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2716'. [ 373.299673][T15725] netlink: 'syz.1.2723': attribute type 1 has an invalid length. [ 373.321242][T15725] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2723'. [ 373.334193][T15725] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2723'. [ 373.347222][T15725] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2723'. [ 373.356476][T15725] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2723'. [ 373.361265][T15729] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.2724'. [ 373.368212][T15725] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2723'. [ 373.471906][T15731] xt_TCPMSS: Only works on TCP SYN packets [ 373.526552][T15738] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2728'. [ 373.539933][T15738] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 373.621294][T15744] netlink: 'syz.4.2730': attribute type 4 has an invalid length. [ 373.727305][T15752] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2733'. [ 373.802467][T15756] netlink: 'syz.4.2734': attribute type 10 has an invalid length. [ 373.833729][T15760] xt_TCPMSS: Only works on TCP SYN packets [ 374.326864][T15788] IPVS: set_ctl: invalid protocol: 2 0.0.0.0:0 [ 374.461454][T15798] xt_hashlimit: size too large, truncated to 1048576 [ 374.870496][T15813] tipc: Enabled bearer , priority 0 [ 374.882094][T15815] netlink: 'syz.1.2753': attribute type 30 has an invalid length. [ 374.921498][T15815] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 374.929952][T15815] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 374.939307][T15815] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 374.947707][T15815] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 375.000755][T15813] syzkaller0: entered promiscuous mode [ 375.006650][T15813] syzkaller0: entered allmulticast mode [ 375.012820][T15815] netlink: 'syz.1.2753': attribute type 30 has an invalid length. [ 375.030837][T15816] ªªªªª»: renamed from tunl0 [ 375.097148][T15813] tipc: Resetting bearer [ 375.107057][T15813] netlink: 'syz.0.2752': attribute type 4 has an invalid length. [ 375.125449][T15808] tipc: Resetting bearer [ 375.179639][T15808] tipc: Disabling bearer [ 375.376236][T15832] netlink: 'syz.0.2757': attribute type 23 has an invalid length. [ 375.595908][T15838] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on [ 375.723286][T15849] netlink: 'syz.3.2764': attribute type 1 has an invalid length. [ 375.733989][T15849] netlink: 'syz.3.2764': attribute type 4 has an invalid length. [ 375.742889][T15849] NCSI netlink: No device for ifindex 458760 [ 376.577737][T15893] bridge0: entered allmulticast mode [ 376.753524][T15900] IPVS: set_ctl: invalid protocol: 60 10.1.1.1:20000 [ 376.821591][T15909] xt_limit: Overflow, try lower: 2147483649/128 [ 376.850722][T15911] netlink: 'syz.4.2780': attribute type 21 has an invalid length. [ 376.881026][T15913] netlink: 'syz.2.2781': attribute type 39 has an invalid length. [ 377.336668][T15939] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input6 [ 377.622577][T15954] IPVS: set_ctl: invalid protocol: 28771 99.99.116.46:29556 [ 377.766543][T15965] v: renamed from ip6_vti0 (while UP) [ 377.790754][T15965] __nla_validate_parse: 18 callbacks suppressed [ 377.790775][T15965] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2793'. [ 377.814869][T15964] netlink: 'syz.3.2792': attribute type 21 has an invalid length. [ 377.822770][T15964] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2792'. [ 378.339170][T15995] ip6gre1: entered allmulticast mode [ 378.530352][T16011] : entered promiscuous mode [ 378.703206][T16013] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2810'. [ 378.803224][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.850761][T16024] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2812'. [ 379.018731][T16038] IPVS: set_ctl: invalid protocol: 58 10.1.1.0:20001 [ 379.344835][T16049] x_tables: unsorted entry at hook 1 [ 379.388231][T16053] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2821'. [ 379.407659][T16053] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2821'. [ 379.567905][T16061] netlink: 11 bytes leftover after parsing attributes in process `syz.3.2823'. [ 379.580149][T16061] netlink: 11 bytes leftover after parsing attributes in process `syz.3.2823'. [ 379.694021][T16078] netlink: 'syz.0.2827': attribute type 1 has an invalid length. [ 379.716997][T16080] netlink: 'syz.4.2828': attribute type 3 has an invalid length. [ 379.755471][T16060] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 379.786190][T16078] bond11: (slave gretap2): making interface the new active one [ 379.794999][T16078] bond11: (slave gretap2): Enslaving as an active interface with an up link [ 379.918856][T16093] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2831'. [ 379.978094][ T30] audit: type=1107 audit(1753786769.182:6): pid=16095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='V¼ô{nâ½òKß®?Diá5¿ˆ0d¨`wð3e° ç¬äžJ²ÛqNº·|%Bݺêæv¡³Þ‡Ùt¨QPÀ¡cS$ÜáuL[âl”7c)¬¸Ôû–ü¡8Z¸f¼LB5œñaî' [ 380.074497][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 380.086836][T16100] tipc: Enabled bearer , priority 0 [ 380.106635][T16100] syzkaller0: entered promiscuous mode [ 380.112191][T16100] syzkaller0: entered allmulticast mode [ 380.194175][T16100] tipc: Resetting bearer [ 380.215458][T16108] sit0: entered promiscuous mode [ 380.230045][T16108] netlink: 'syz.0.2835': attribute type 1 has an invalid length. [ 380.243319][T16108] netlink: 1 bytes leftover after parsing attributes in process `syz.0.2835'. [ 380.254976][T16097] tipc: Resetting bearer [ 380.276272][T16097] tipc: Disabling bearer [ 380.303669][T16110] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 380.387165][T16115] netlink: 'syz.2.2839': attribute type 16 has an invalid length. [ 380.415203][T16115] netlink: 'syz.2.2839': attribute type 17 has an invalid length. [ 380.438806][T16115] netlink: 'syz.2.2839': attribute type 27 has an invalid length. [ 380.479246][T16119] RDS: rds_bind could not find a transport for ::ffff:10.1.1.1, load rds_tcp or rds_rdma? [ 382.189905][T16195] netlink: 'syz.2.2861': attribute type 27 has an invalid length. [ 382.402737][ T5846] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 382.412448][ T5846] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 382.421957][ T5846] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 382.432576][ T5846] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 382.441304][ T5846] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 382.622660][T16214] netlink: 'syz.0.2867': attribute type 83 has an invalid length. [ 382.840101][T16222] syzkaller0: entered promiscuous mode [ 382.846189][T16222] syzkaller0: entered allmulticast mode [ 384.559024][ T5846] Bluetooth: hci5: command tx timeout [ 384.701873][T16258] __nla_validate_parse: 8 callbacks suppressed [ 384.701912][T16258] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2878'. [ 384.926148][T16205] chnl_net:caif_netlink_parms(): no params data found [ 385.153561][T16205] bridge0: port 1(bridge_slave_0) entered blocking state [ 385.160983][T16205] bridge0: port 1(bridge_slave_0) entered disabled state [ 385.169462][T16205] bridge_slave_0: entered allmulticast mode [ 385.178617][T16205] bridge_slave_0: entered promiscuous mode [ 385.193826][T16205] bridge0: port 2(bridge_slave_1) entered blocking state [ 385.224691][T16205] bridge0: port 2(bridge_slave_1) entered disabled state [ 385.238416][T16205] bridge_slave_1: entered allmulticast mode [ 385.247020][T16205] bridge_slave_1: entered promiscuous mode [ 385.318900][T16287] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2883'. [ 385.343756][T16205] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 385.377246][T16205] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 385.432756][T16290] netlink: 'syz.0.2883': attribute type 1 has an invalid length. [ 385.634670][T16306] netlink: 'syz.1.2888': attribute type 126 has an invalid length. [ 385.689084][T16205] team0: Port device team_slave_0 added [ 385.733533][T16205] team0: Port device team_slave_1 added [ 385.891206][T16316] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2892'. [ 385.901609][T16205] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 385.933016][T16205] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 385.965048][T16319] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2893'. [ 386.004862][T16205] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 386.048056][T16205] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 386.084324][T16205] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 386.111774][T16319] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2893'. [ 386.195602][T16205] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 386.472497][T16205] hsr_slave_0: entered promiscuous mode [ 386.496978][T16205] hsr_slave_1: entered promiscuous mode [ 386.524075][T16205] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 386.554164][T16205] Cannot create hsr debugfs directory [ 386.637575][ T5846] Bluetooth: hci5: command tx timeout [ 386.763757][T16346] digital: digital_start_poll: Unknown protocol [ 386.973414][T16357] netlink: 'syz.2.2901': attribute type 8 has an invalid length. [ 387.186805][T16205] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 387.200371][T16205] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 387.211316][T16205] netdevsim netdevsim3 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 387.296673][T16205] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 387.312185][T16205] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 387.326837][T16205] netdevsim netdevsim3 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 387.393648][T16205] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 387.404678][T16205] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 387.415017][T16205] netdevsim netdevsim3 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 387.470793][T16379] pim6reg527: entered allmulticast mode [ 387.503927][T16205] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 387.534409][T16205] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 19999 - 0 [ 387.554769][T16205] netdevsim netdevsim3 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 387.842955][T16205] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 387.933626][T16205] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 387.993738][T16205] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 388.028714][T16205] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 388.317233][T16421] xt_hashlimit: size too large, truncated to 1048576 [ 388.585828][T16205] 8021q: adding VLAN 0 to HW filter on device bond0 [ 388.688693][T16205] 8021q: adding VLAN 0 to HW filter on device team0 [ 388.711367][T16431] SET target dimension over the limit! [ 388.720295][ T5846] Bluetooth: hci5: command tx timeout [ 388.808547][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 388.815812][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 388.869947][ T7067] bridge0: port 2(bridge_slave_1) entered blocking state [ 388.877209][ T7067] bridge0: port 2(bridge_slave_1) entered forwarding state [ 389.139842][T16445] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2919'. [ 389.455566][T16458] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2922'. [ 389.536146][T16460] netlink: 18 bytes leftover after parsing attributes in process `syz.0.2923'. [ 389.605105][T16463] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 389.652499][T16462] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2922'. [ 389.690651][T16462] block nbd0: not configured, cannot reconfigure [ 389.709080][T16458] pim6reg1: entered promiscuous mode [ 389.727487][T16458] pim6reg1: entered allmulticast mode [ 390.058599][T16205] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 390.092119][T16481] tipc: Enabling of bearer rejected, already enabled [ 390.169260][T16487] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2932'. [ 390.212411][T16486] delete_channel: no stack [ 390.240847][T16205] veth0_vlan: entered promiscuous mode [ 390.298886][T16205] veth1_vlan: entered promiscuous mode [ 390.389071][T16495] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2933'. [ 390.422520][T16497] netlink: 'syz.1.2934': attribute type 6 has an invalid length. [ 390.444090][T16205] veth0_macvtap: entered promiscuous mode [ 390.457394][T16205] veth1_macvtap: entered promiscuous mode [ 390.677372][T16497] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2934'. [ 390.743031][T16205] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 390.780904][T16205] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 390.798886][ T5846] Bluetooth: hci5: command tx timeout [ 390.822684][T16205] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.833179][T16205] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.845384][T16205] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.854323][T16205] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 391.081990][ T7070] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 391.127359][ T7070] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 391.227715][ T7077] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 391.243218][ T7077] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 391.337911][ T30] audit: type=1800 audit(1753786780.522:7): pid=16525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2941" name="memory.events" dev="tmpfs" ino=2812 res=0 errno=0 [ 391.348222][T16527] netlink: 'syz.4.2943': attribute type 1 has an invalid length. [ 391.375227][T16527] netlink: 'syz.4.2943': attribute type 3 has an invalid length. [ 391.392311][T16527] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2943'. [ 391.396454][ T30] audit: type=1800 audit(1753786780.522:8): pid=16523 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2941" name="memory.events" dev="tmpfs" ino=2812 res=0 errno=0 [ 391.498284][T16538] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2853'. [ 391.636390][T16542] netlink: 256 bytes leftover after parsing attributes in process `syz.4.2946'. [ 391.781765][T16545] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2948'. [ 392.056190][T16556] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 392.708376][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 392.724785][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 392.733961][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 392.748627][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 392.767853][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 393.165102][T16612] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2966'. [ 393.267716][T16621] netlink: 'syz.1.2969': attribute type 1 has an invalid length. [ 393.293246][T16619] bond5: (slave vcan1): The slave device specified does not support setting the MAC address [ 393.309365][T16619] bond5: (slave vcan1): Error -95 calling set_mac_address [ 393.381664][T16626] bond6: (slave gretap2): making interface the new active one [ 393.395725][T16626] bond6: (slave gretap2): Enslaving as an active interface with an up link [ 394.097339][T16587] chnl_net:caif_netlink_parms(): no params data found [ 394.325865][T16652] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2977'. [ 394.386255][T16652] geneve0: left allmulticast mode [ 394.487424][T16659] sch_tbf: burst 8 is lower than device ip6tnl0 mtu (1452) ! [ 394.582427][T16587] bridge0: port 1(bridge_slave_0) entered blocking state [ 394.600199][T16587] bridge0: port 1(bridge_slave_0) entered disabled state [ 394.625211][T16587] bridge_slave_0: entered allmulticast mode [ 394.646084][T16587] bridge_slave_0: entered promiscuous mode [ 394.668808][T16587] bridge0: port 2(bridge_slave_1) entered blocking state [ 394.687412][T16587] bridge0: port 2(bridge_slave_1) entered disabled state [ 394.713631][T16587] bridge_slave_1: entered allmulticast mode [ 394.750401][T16587] bridge_slave_1: entered promiscuous mode [ 394.795050][ T51] Bluetooth: hci2: command tx timeout [ 394.928474][T16678] netlink: 'syz.4.2985': attribute type 15 has an invalid length. [ 394.937048][T16674] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2984'. [ 394.945654][T16678] IPVS: set_ctl: invalid protocol: 50 172.20.20.61:20000 [ 394.960766][T16674] netlink: 'syz.2.2984': attribute type 10 has an invalid length. [ 394.968611][T16678] IPVS: set_ctl: invalid protocol: 103 127.0.0.1:20002 [ 395.041137][T16587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 395.259130][T16587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 395.537460][T16587] team0: Port device team_slave_0 added [ 395.553009][ T5943] IPVS: starting estimator thread 0... [ 395.563230][T16587] team0: Port device team_slave_1 added [ 395.666113][T16714] IPVS: using max 28 ests per chain, 67200 per kthread [ 395.752844][T16587] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 395.763739][T16587] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 395.791650][T16587] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 395.836341][T16721] __nla_validate_parse: 1 callbacks suppressed [ 395.836361][T16721] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2998'. [ 395.852925][T16721] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2998'. [ 395.888739][T16587] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 395.898050][T16587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 395.972197][T16587] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 396.203932][T16587] hsr_slave_0: entered promiscuous mode [ 396.211622][T16587] hsr_slave_1: entered promiscuous mode [ 396.218400][T16587] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 396.227678][T16587] Cannot create hsr debugfs directory [ 396.445346][T16739] netlink: 9 bytes leftover after parsing attributes in process `syz.4.3003'. [ 396.505785][T16739] 0ªî{X¹¦: entered promiscuous mode [ 396.511182][T16739] 0ªî{X¹¦: left allmulticast mode [ 396.526258][T16742] netlink: 5 bytes leftover after parsing attributes in process `syz.4.3003'. [ 396.590320][T16742] 1ªî{X¹¦: renamed from 30ªî{X¹¦ [ 396.631226][T16742] 1ªî{X¹¦: left promiscuous mode [ 396.637158][T16742] 1ªî{X¹¦: entered allmulticast mode [ 396.668485][T16742] A link change request failed with some changes committed already. Interface 31ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 396.874813][ T51] Bluetooth: hci2: command tx timeout [ 396.976726][T16759] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 397.058488][T16587] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.148755][T16587] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.223458][T16587] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.354505][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 397.369877][T16587] netdevsim netdevsim0 netdevsim0 (unregistering): left allmulticast mode [ 397.395211][T16587] : (slave netdevsim0): Releasing backup interface [ 397.428333][T16587] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.511034][T16785] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 397.824665][T16800] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3020'. [ 397.960290][T16587] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 397.997461][T16587] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 398.025002][T16587] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 398.040000][T16813] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3023'. [ 398.054051][T16587] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 398.330869][T16587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 398.428328][T16587] 8021q: adding VLAN 0 to HW filter on device team0 [ 398.451084][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 398.458415][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 398.536456][T16832] "syz.3.3028" (16832) uses obsolete ecb(arc4) skcipher [ 398.560965][ T7078] bridge0: port 2(bridge_slave_1) entered blocking state [ 398.568780][ T7078] bridge0: port 2(bridge_slave_1) entered forwarding state [ 398.855584][T16857] netlink: 168 bytes leftover after parsing attributes in process `syz.2.3032'. [ 398.859086][T16859] netlink: 'syz.4.3033': attribute type 21 has an invalid length. [ 398.876253][T16857] netlink: 'syz.2.3032': attribute type 32 has an invalid length. [ 398.894605][T16857] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3032'. [ 398.911899][T16857] (unnamed net_device) (uninitialized): option coupled_control: invalid value (52) [ 398.955704][ T51] Bluetooth: hci2: command tx timeout [ 399.111256][T16868] tipc: Enabling of bearer rejected, already enabled [ 399.247326][T16587] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 399.276443][T16871] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3038'. [ 399.389478][T16871] netlink: 'syz.2.3038': attribute type 1 has an invalid length. [ 399.422328][T16587] veth0_vlan: entered promiscuous mode [ 399.488424][T16587] veth1_vlan: entered promiscuous mode [ 399.632568][T16587] veth0_macvtap: entered promiscuous mode [ 399.668927][T16587] veth1_macvtap: entered promiscuous mode [ 399.696919][T16892] netlink: 'syz.4.3047': attribute type 4 has an invalid length. [ 399.749389][T16587] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 399.799257][T16587] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 399.848527][T16587] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.877569][T16895] netlink: 'syz.2.3048': attribute type 2 has an invalid length. [ 399.885583][T16587] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.898827][T16587] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.936852][T16587] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.012622][T16895] netlink: 'syz.2.3048': attribute type 2 has an invalid length. [ 400.024762][T16897] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 400.258129][T16908] bridge0: port 1(bridge_slave_0) entered disabled state [ 400.268296][T16908] bridge0: port 1(bridge_slave_0) entered blocking state [ 400.275623][T16908] bridge0: port 1(bridge_slave_0) entered forwarding state [ 400.316005][T16903] syzkaller1: entered promiscuous mode [ 400.325788][T16903] syzkaller1: entered allmulticast mode [ 400.343813][ T7067] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 400.367691][ T7067] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 400.474966][T16923] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3056'. [ 400.500646][ T7077] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 400.515798][ T7077] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 400.653417][T16934] xt_socket: unknown flags 0x50 [ 401.036020][ T51] Bluetooth: hci2: command tx timeout [ 401.351840][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 401.371131][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 401.379702][ T5846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 401.391095][ T5846] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 401.401095][ T5846] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 401.867022][T16980] __nla_validate_parse: 2 callbacks suppressed [ 401.867042][T16980] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3069'. [ 401.910321][T16980] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3069'. [ 401.971548][ T7066] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 401.992117][ T7066] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.002994][ T7066] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 402.082491][T16980] hsr_slave_1 (unregistering): left promiscuous mode [ 402.169609][ T7066] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 402.195368][ T7066] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.224283][ T7066] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 402.551595][ T7066] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 402.615314][ T7066] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.652293][ T7066] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 402.951225][ T7066] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 402.971674][ T7066] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.982067][T17014] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3078'. [ 402.983733][T17015] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3080'. [ 403.006024][ T7066] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 19999 - 0 [ 403.419499][T17042] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3084'. [ 403.436032][T17044] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 403.454415][ T51] Bluetooth: hci3: command tx timeout [ 403.662013][T17051] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3089'. [ 403.772290][T17057] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3091'. [ 403.859151][T17066] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3091'. [ 404.692219][ T7066] bond0 (unregistering): Released all slaves [ 404.817828][ T7066] bond1 (unregistering): Released all slaves [ 404.835536][ T7066] bond2 (unregistering): Released all slaves [ 404.963722][ T7066] bond3 (unregistering): Released all slaves [ 405.091547][ T7066] bond4 (unregistering): Released all slaves [ 405.107843][ T7066] bond5 (unregistering): Released all slaves [ 405.218314][T16959] chnl_net:caif_netlink_parms(): no params data found [ 405.313287][ T7066] tipc: Disabling bearer [ 405.356808][ T7066] tipc: Left network mode [ 405.516116][ T51] Bluetooth: hci3: command tx timeout [ 405.717530][T16959] bridge0: port 1(bridge_slave_0) entered blocking state [ 405.764439][T16959] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.771822][T16959] bridge_slave_0: entered allmulticast mode [ 405.826586][T16959] bridge_slave_0: entered promiscuous mode [ 405.857182][T16959] bridge0: port 2(bridge_slave_1) entered blocking state [ 405.890247][T16959] bridge0: port 2(bridge_slave_1) entered disabled state [ 405.900591][T16959] bridge_slave_1: entered allmulticast mode [ 405.911961][T16959] bridge_slave_1: entered promiscuous mode [ 406.063993][T17129] bridge1: entered promiscuous mode [ 406.080424][T17129] bridge1: entered allmulticast mode [ 406.189535][T16959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 406.209011][T17136] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 406.229354][T17133] netlink: 'syz.4.3106': attribute type 3 has an invalid length. [ 406.232306][T16959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 406.246643][T17133] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 406.488861][T17151] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3110'. [ 406.524727][T17153] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3111'. [ 406.699546][T16959] team0: Port device team_slave_0 added [ 406.758362][T16959] team0: Port device team_slave_1 added [ 406.916986][T16959] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 406.934347][T16959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 406.994481][T16959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 407.017011][T16959] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 407.034534][T16959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 407.084789][T16959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 407.605004][ T51] Bluetooth: hci3: command tx timeout [ 407.779368][ T7066] hsr_slave_0: left promiscuous mode [ 407.888389][ T7066] veth1_macvtap: left promiscuous mode [ 407.903418][ T7066] veth0_macvtap: left promiscuous mode [ 407.926397][T17192] __nla_validate_parse: 1 callbacks suppressed [ 407.926417][T17192] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3121'. [ 407.968434][T17193] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3123'. [ 408.000084][T17193] netlink: 'syz.4.3123': attribute type 7 has an invalid length. [ 408.013931][T17193] netlink: 'syz.4.3123': attribute type 8 has an invalid length. [ 408.037166][T17193] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3123'. [ 408.242180][ T7066] pimreg3 (unregistering): left allmulticast mode [ 408.959616][T16959] hsr_slave_0: entered promiscuous mode [ 408.974864][T16959] hsr_slave_1: entered promiscuous mode [ 408.981249][T16959] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 408.988955][T16959] Cannot create hsr debugfs directory [ 409.017512][T17193] 1ªî{X¹¦: entered promiscuous mode [ 409.023896][T17193] batadv_slave_0: entered promiscuous mode [ 409.038432][T17193] erspan0: entered promiscuous mode [ 409.337987][ T7066] IPVS: stop unused estimator thread 0... [ 409.367337][T17218] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3131'. [ 409.627496][T17232] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3133'. [ 409.674659][ T5846] Bluetooth: hci3: command tx timeout [ 409.677652][T17232] bridge8: entered promiscuous mode [ 409.705016][T17232] bridge8: entered allmulticast mode [ 409.809267][T17242] macvlan2: entered promiscuous mode [ 409.818875][T17242] macvlan2: entered allmulticast mode [ 409.921957][T17254] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-xor(2) [ 409.927297][T17256] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3140'. [ 409.936775][T17255] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-xor(2) [ 409.960552][T17254] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3139'. [ 410.198725][T17262] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3141'. [ 410.245480][T17261] netlink: 'syz.4.3141': attribute type 1 has an invalid length. [ 410.271814][T17261] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3141'. [ 410.497313][T16959] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 410.540024][T16959] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 410.578776][T16959] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 410.636175][T16959] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 410.907622][T17295] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3148'. [ 411.010831][T16959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 411.083423][T16959] 8021q: adding VLAN 0 to HW filter on device team0 [ 411.105621][ T7073] bridge0: port 1(bridge_slave_0) entered blocking state [ 411.112891][ T7073] bridge0: port 1(bridge_slave_0) entered forwarding state [ 411.147201][ T7073] bridge0: port 2(bridge_slave_1) entered blocking state [ 411.154609][ T7073] bridge0: port 2(bridge_slave_1) entered forwarding state [ 411.278455][T16959] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 411.289365][T16959] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 411.490819][T17312] IPVS: set_ctl: invalid protocol: 12 172.30.1.1:20000 [ 411.772189][T16959] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 411.941866][T16959] veth0_vlan: entered promiscuous mode [ 412.019408][T17330] netlink: 'syz.0.3156': attribute type 1 has an invalid length. [ 412.140645][T16959] veth1_vlan: entered promiscuous mode [ 412.272647][T16959] veth0_macvtap: entered promiscuous mode [ 412.309290][T16959] veth1_macvtap: entered promiscuous mode [ 412.393679][T16959] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 412.429972][T17349] veth0_virt_wifi: mtu less than device minimum [ 412.445429][T16959] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 412.476850][T16959] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.495254][T16959] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.514659][T16959] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.528002][T16959] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.666280][T17355] xt_l2tp: v2 doesn't support IP mode [ 412.835942][ T7078] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 412.858807][ T7078] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 412.874358][ T5846] Bluetooth: hci3: command tx timeout [ 412.935957][ T5952] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 412.959304][ T5952] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 412.991064][T17367] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1303 [ 413.282856][T17378] netlink: 'syz.2.3174': attribute type 5 has an invalid length. [ 413.947195][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 413.956509][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 413.966963][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 413.975893][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 413.988091][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 414.099974][ T5952] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 414.118302][ T5952] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 414.232727][T17410] Cannot find set identified by id 0 to match [ 414.251386][ T5952] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 414.285702][ T5952] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 414.373081][T17416] x_tables: duplicate underflow at hook 2 [ 414.405197][T17416] x_tables: duplicate underflow at hook 2 [ 414.438722][ T5952] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 414.461070][T17417] delete_channel: no stack [ 414.484811][ T5952] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 414.600532][ T5952] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 414.631940][ T5952] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 256 - 0 [ 414.665299][T17429] __nla_validate_parse: 7 callbacks suppressed [ 414.665320][T17429] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3191'. [ 415.225557][T17450] netlink: 232 bytes leftover after parsing attributes in process `syz.0.3198'. [ 415.640955][T17459] FAULT_INJECTION: forcing a failure. [ 415.640955][T17459] name failslab, interval 1, probability 0, space 0, times 0 [ 415.654481][T17459] CPU: 0 UID: 0 PID: 17459 Comm: syz.4.3201 Not tainted 6.16.0-rc7-syzkaller-00100-gafd8c2c9e2e2 #0 PREEMPT(full) [ 415.654510][T17459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 415.654527][T17459] Call Trace: [ 415.654535][T17459] [ 415.654544][T17459] dump_stack_lvl+0x189/0x250 [ 415.654575][T17459] ? __pfx____ratelimit+0x10/0x10 [ 415.654597][T17459] ? __pfx_dump_stack_lvl+0x10/0x10 [ 415.654621][T17459] ? __pfx__printk+0x10/0x10 [ 415.654644][T17459] ? xfrm_policy_lookup_bytype+0x11ef/0x1250 [ 415.654684][T17459] ? __lock_acquire+0xab9/0xd20 [ 415.654708][T17459] should_fail_ex+0x414/0x560 [ 415.654737][T17459] should_failslab+0xa8/0x100 [ 415.654768][T17459] kmem_cache_alloc_noprof+0x73/0x3c0 [ 415.654794][T17459] ? dst_alloc+0x105/0x170 [ 415.654821][T17459] dst_alloc+0x105/0x170 [ 415.654845][T17459] xfrm_alloc_dst+0x76/0x160 [ 415.654866][T17459] xfrm_lookup_with_ifid+0x77e/0x1a70 [ 415.654911][T17459] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10 [ 415.654937][T17459] ? sha256+0xfd/0x150 [ 415.654965][T17459] ? __pfx_sha256+0x10/0x10 [ 415.655006][T17459] xfrm_lookup_route+0x3c/0x1c0 [ 415.655037][T17459] tcp_v6_connect+0xbe5/0x1880 [ 415.655070][T17459] ? __lock_acquire+0xab9/0xd20 [ 415.655093][T17459] ? __pfx_tcp_v6_connect+0x10/0x10 [ 415.655134][T17459] ? __local_bh_enable_ip+0x12d/0x1c0 [ 415.655157][T17459] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 415.655192][T17459] mptcp_connect+0x52d/0x790 [ 415.655220][T17459] __inet_stream_connect+0x2ae/0xe80 [ 415.655256][T17459] ? __local_bh_enable_ip+0x12d/0x1c0 [ 415.655278][T17459] ? __pfx___inet_stream_connect+0x10/0x10 [ 415.655322][T17459] ? __local_bh_enable_ip+0x12d/0x1c0 [ 415.655345][T17459] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 415.655381][T17459] inet_stream_connect+0x66/0xa0 [ 415.655410][T17459] __sys_connect+0x316/0x440 [ 415.655442][T17459] ? __pfx___sys_connect+0x10/0x10 [ 415.655486][T17459] ? rcu_is_watching+0x15/0xb0 [ 415.655520][T17459] __x64_sys_connect+0x7a/0x90 [ 415.655549][T17459] do_syscall_64+0xfa/0x3b0 [ 415.655572][T17459] ? lockdep_hardirqs_on+0x9c/0x150 [ 415.655594][T17459] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.655615][T17459] ? clear_bhb_loop+0x60/0xb0 [ 415.655640][T17459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.655666][T17459] RIP: 0033:0x7f012f78e9a9 [ 415.655687][T17459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 415.655704][T17459] RSP: 002b:00007f0130644038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 415.655726][T17459] RAX: ffffffffffffffda RBX: 00007f012f9b5fa0 RCX: 00007f012f78e9a9 [ 415.655741][T17459] RDX: 000000000000001c RSI: 0000200000000040 RDI: 000000000000000b [ 415.655753][T17459] RBP: 00007f0130644090 R08: 0000000000000000 R09: 0000000000000000 [ 415.655765][T17459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 415.655777][T17459] R13: 0000000000000000 R14: 00007f012f9b5fa0 R15: 00007ffc65f707a8 [ 415.655811][T17459] [ 415.977038][ T5952] bond6 (unregistering): (slave gretap2): Releasing active interface [ 416.091015][ T51] Bluetooth: hci0: command tx timeout [ 416.629157][ T5952] bond1 (unregistering): Released all slaves [ 416.645996][ T5952] bond2 (unregistering): Released all slaves [ 416.759317][ T5952] bond3 (unregistering): Released all slaves [ 416.868480][ T5952] bond4 (unregistering): Released all slaves [ 416.983658][ T5952] bond5 (unregistering): (slave veth3): Releasing active interface [ 416.995952][ T5952] bond5 (unregistering): Released all slaves [ 417.105826][ T5952] bond0 (unregistering): (slave wireguard0): Releasing backup interface [ 417.121014][ T5952] bond0 (unregistering): Released all slaves [ 417.136077][ T5952] bond6 (unregistering): Released all slaves [ 417.157704][T17444] wg2: entered promiscuous mode [ 417.164145][T17444] wg2: entered allmulticast mode [ 417.370605][ T5952] tipc: Disabling bearer [ 417.387664][T17474] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3206'. [ 417.410900][T17474] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3206'. [ 417.427153][ T5952] tipc: Left network mode [ 417.625083][T17484] bond0: entered promiscuous mode [ 417.630214][T17484] bond_slave_0: entered promiscuous mode [ 417.637264][T17484] bond_slave_1: entered promiscuous mode [ 417.646979][T17484] batadv0: entered promiscuous mode [ 417.653121][T17484] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 417.660835][T17484] Cannot create hsr debugfs directory [ 417.670096][T17484] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 417.831345][T17399] chnl_net:caif_netlink_parms(): no params data found [ 418.039638][T17487] netlink: 'syz.3.3209': attribute type 16 has an invalid length. [ 418.046245][T17500] FAULT_INJECTION: forcing a failure. [ 418.046245][T17500] name failslab, interval 1, probability 0, space 0, times 0 [ 418.060494][T17500] CPU: 1 UID: 0 PID: 17500 Comm: syz.0.3211 Not tainted 6.16.0-rc7-syzkaller-00100-gafd8c2c9e2e2 #0 PREEMPT(full) [ 418.060521][T17500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 418.060533][T17500] Call Trace: [ 418.060542][T17500] [ 418.060550][T17500] dump_stack_lvl+0x189/0x250 [ 418.060581][T17500] ? __pfx____ratelimit+0x10/0x10 [ 418.060605][T17500] ? __pfx_dump_stack_lvl+0x10/0x10 [ 418.060628][T17500] ? __pfx__printk+0x10/0x10 [ 418.060659][T17500] ? __lock_acquire+0xab9/0xd20 [ 418.060689][T17500] should_fail_ex+0x414/0x560 [ 418.060716][T17500] should_failslab+0xa8/0x100 [ 418.060750][T17500] kmem_cache_alloc_noprof+0x73/0x3c0 [ 418.060776][T17500] ? __inet_hash_connect+0x151e/0x2310 [ 418.060812][T17500] __inet_hash_connect+0x151e/0x2310 [ 418.060857][T17500] ? __inet_hash_connect+0x4fa/0x2310 [ 418.060897][T17500] ? __pfx___inet_hash_connect+0x10/0x10 [ 418.060926][T17500] ? sk_setup_caps+0x850/0xac0 [ 418.060952][T17500] ? inet6_hash_connect+0xd8/0x170 [ 418.060985][T17500] tcp_v6_connect+0xf2e/0x1880 [ 418.061024][T17500] ? __pfx_tcp_v6_connect+0x10/0x10 [ 418.061066][T17500] ? __local_bh_enable_ip+0x12d/0x1c0 [ 418.061089][T17500] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 418.061123][T17500] mptcp_connect+0x52d/0x790 [ 418.061151][T17500] __inet_stream_connect+0x2ae/0xe80 [ 418.061186][T17500] ? __local_bh_enable_ip+0x12d/0x1c0 [ 418.061209][T17500] ? __pfx___inet_stream_connect+0x10/0x10 [ 418.061234][T17500] ? __local_bh_enable_ip+0x12d/0x1c0 [ 418.061256][T17500] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 418.061292][T17500] inet_stream_connect+0x66/0xa0 [ 418.061320][T17500] __sys_connect+0x316/0x440 [ 418.061347][T17500] ? __might_fault+0xb0/0x130 [ 418.061373][T17500] ? bpf_trace_run2+0x186/0x4b0 [ 418.061400][T17500] ? __pfx___sys_connect+0x10/0x10 [ 418.061447][T17500] ? rcu_is_watching+0x15/0xb0 [ 418.061483][T17500] __x64_sys_connect+0x7a/0x90 [ 418.061512][T17500] do_syscall_64+0xfa/0x3b0 [ 418.061538][T17500] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.061557][T17500] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 418.061577][T17500] ? clear_bhb_loop+0x60/0xb0 [ 418.061601][T17500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.061621][T17500] RIP: 0033:0x7fd03df8e9a9 [ 418.061639][T17500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 418.061655][T17500] RSP: 002b:00007fd03ee35038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 418.061676][T17500] RAX: ffffffffffffffda RBX: 00007fd03e1b5fa0 RCX: 00007fd03df8e9a9 [ 418.061691][T17500] RDX: 000000000000001c RSI: 0000200000000040 RDI: 000000000000000b [ 418.061703][T17500] RBP: 00007fd03ee35090 R08: 0000000000000000 R09: 0000000000000000 [ 418.061715][T17500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 418.061727][T17500] R13: 0000000000000000 R14: 00007fd03e1b5fa0 R15: 00007fff8c52b358 [ 418.061760][T17500] [ 418.360308][ T51] Bluetooth: hci0: command tx timeout [ 418.375640][T17487] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3209'. [ 418.591904][T17399] bridge0: port 1(bridge_slave_0) entered blocking state [ 418.605673][T17399] bridge0: port 1(bridge_slave_0) entered disabled state [ 418.626892][T17399] bridge_slave_0: entered allmulticast mode [ 418.642798][T17399] bridge_slave_0: entered promiscuous mode [ 418.689978][T17399] bridge0: port 2(bridge_slave_1) entered blocking state [ 418.704113][T17399] bridge0: port 2(bridge_slave_1) entered disabled state [ 418.726117][T17399] bridge_slave_1: entered allmulticast mode [ 418.740681][T17399] bridge_slave_1: entered promiscuous mode [ 418.865211][T17399] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 418.909184][T17399] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 419.043433][T17399] team0: Port device team_slave_0 added [ 419.082452][T17399] team0: Port device team_slave_1 added [ 419.161960][T17524] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3217'. [ 419.191590][T17399] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 419.245213][T17399] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 419.311743][T17399] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 419.348351][T17399] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 419.377927][T17399] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 419.382086][T17512] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 419.442249][T17399] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 419.528262][T17530] ip6t_REJECT: ECHOREPLY is not supported [ 419.537880][T17530] netlink: 'syz.4.3219': attribute type 58 has an invalid length. [ 419.557408][T17530] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3219'. [ 419.571746][ T5952] hsr_slave_0: left promiscuous mode [ 419.586542][ T5952] hsr_slave_1: left promiscuous mode [ 419.663666][T17537] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3220'. [ 419.690653][T17539] FAULT_INJECTION: forcing a failure. [ 419.690653][T17539] name failslab, interval 1, probability 0, space 0, times 0 [ 419.705809][T17539] CPU: 1 UID: 0 PID: 17539 Comm: syz.3.3222 Not tainted 6.16.0-rc7-syzkaller-00100-gafd8c2c9e2e2 #0 PREEMPT(full) [ 419.705838][T17539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 419.705851][T17539] Call Trace: [ 419.705860][T17539] [ 419.705868][T17539] dump_stack_lvl+0x189/0x250 [ 419.705898][T17539] ? __pfx____ratelimit+0x10/0x10 [ 419.705922][T17539] ? __pfx_dump_stack_lvl+0x10/0x10 [ 419.705947][T17539] ? __pfx__printk+0x10/0x10 [ 419.705979][T17539] ? __pfx___might_resched+0x10/0x10 [ 419.706010][T17539] should_fail_ex+0x414/0x560 [ 419.706037][T17539] should_failslab+0xa8/0x100 [ 419.706070][T17539] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 419.706099][T17539] ? __alloc_skb+0x112/0x2d0 [ 419.706132][T17539] __alloc_skb+0x112/0x2d0 [ 419.706165][T17539] tcp_stream_alloc_skb+0x3d/0x340 [ 419.706196][T17539] tcp_connect+0x146f/0x4ef0 [ 419.706232][T17539] ? ktime_get_with_offset+0x8c/0x2a0 [ 419.706269][T17539] ? seqcount_lockdep_reader_access+0x123/0x1c0 [ 419.706308][T17539] ? ktime_get_with_offset+0x8c/0x2a0 [ 419.706332][T17539] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 419.706361][T17539] ? __pfx_tcp_connect+0x10/0x10 [ 419.706381][T17539] ? get_random_u32+0x48e/0x940 [ 419.706400][T17539] ? lockdep_hardirqs_on+0x9c/0x150 [ 419.706433][T17539] ? __asan_memset+0x22/0x50 [ 419.706463][T17539] ? __pfx_tcp_fastopen_defer_connect+0x10/0x10 [ 419.706516][T17539] ? inet6_hash_connect+0xd8/0x170 [ 419.706547][T17539] tcp_v6_connect+0x1202/0x1880 [ 419.706587][T17539] ? __pfx_tcp_v6_connect+0x10/0x10 [ 419.706627][T17539] ? __local_bh_enable_ip+0x12d/0x1c0 [ 419.706649][T17539] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 419.706684][T17539] mptcp_connect+0x52d/0x790 [ 419.706710][T17539] __inet_stream_connect+0x2ae/0xe80 [ 419.706745][T17539] ? __local_bh_enable_ip+0x12d/0x1c0 [ 419.706766][T17539] ? __pfx___inet_stream_connect+0x10/0x10 [ 419.706791][T17539] ? __local_bh_enable_ip+0x12d/0x1c0 [ 419.706814][T17539] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 419.706848][T17539] inet_stream_connect+0x66/0xa0 [ 419.706875][T17539] __sys_connect+0x316/0x440 [ 419.706902][T17539] ? __might_fault+0xb0/0x130 [ 419.706927][T17539] ? bpf_trace_run2+0x186/0x4b0 [ 419.706955][T17539] ? __pfx___sys_connect+0x10/0x10 [ 419.707000][T17539] ? rcu_is_watching+0x15/0xb0 [ 419.707030][T17539] __x64_sys_connect+0x7a/0x90 [ 419.707059][T17539] do_syscall_64+0xfa/0x3b0 [ 419.707081][T17539] ? lockdep_hardirqs_on+0x9c/0x150 [ 419.707102][T17539] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.707122][T17539] ? clear_bhb_loop+0x60/0xb0 [ 419.707145][T17539] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.707163][T17539] RIP: 0033:0x7fa257b8e9a9 [ 419.707179][T17539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.707193][T17539] RSP: 002b:00007fa2589bb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 419.707212][T17539] RAX: ffffffffffffffda RBX: 00007fa257db5fa0 RCX: 00007fa257b8e9a9 [ 419.707226][T17539] RDX: 000000000000001c RSI: 0000200000000040 RDI: 000000000000000b [ 419.707237][T17539] RBP: 00007fa2589bb090 R08: 0000000000000000 R09: 0000000000000000 [ 419.707248][T17539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 419.707259][T17539] R13: 0000000000000000 R14: 00007fa257db5fa0 R15: 00007ffd8cd36578 [ 419.707291][T17539] [ 420.623311][T17551] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3224'. [ 421.119534][T17399] hsr_slave_0: entered promiscuous mode [ 421.156272][T17399] hsr_slave_1: entered promiscuous mode [ 421.186081][T17560] netlink: 'syz.0.3228': attribute type 10 has an invalid length. [ 421.319278][T17560] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 421.364307][T17560] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 421.731050][T17585] FAULT_INJECTION: forcing a failure. [ 421.731050][T17585] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 421.752717][T17585] CPU: 0 UID: 0 PID: 17585 Comm: syz.0.3238 Not tainted 6.16.0-rc7-syzkaller-00100-gafd8c2c9e2e2 #0 PREEMPT(full) [ 421.752748][T17585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 421.752761][T17585] Call Trace: [ 421.752770][T17585] [ 421.752779][T17585] dump_stack_lvl+0x189/0x250 [ 421.752809][T17585] ? __pfx____ratelimit+0x10/0x10 [ 421.752832][T17585] ? __pfx_dump_stack_lvl+0x10/0x10 [ 421.752857][T17585] ? __pfx__printk+0x10/0x10 [ 421.752899][T17585] should_fail_ex+0x414/0x560 [ 421.752927][T17585] _copy_to_user+0x31/0xb0 [ 421.752960][T17585] simple_read_from_buffer+0xe1/0x170 [ 421.752996][T17585] proc_fail_nth_read+0x1df/0x250 [ 421.753020][T17585] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 421.753044][T17585] ? rw_verify_area+0x258/0x650 [ 421.753070][T17585] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 421.753101][T17585] vfs_read+0x200/0x980 [ 421.753137][T17585] ? __pfx_vfs_read+0x10/0x10 [ 421.753164][T17585] ? bpf_trace_run2+0x186/0x4b0 [ 421.753198][T17585] ? bpf_trace_run2+0x322/0x4b0 [ 421.753225][T17585] ? __might_fault+0xb0/0x130 [ 421.753251][T17585] ? bpf_trace_run2+0x186/0x4b0 [ 421.753290][T17585] ksys_read+0x145/0x250 [ 421.753320][T17585] ? __pfx_ksys_read+0x10/0x10 [ 421.753348][T17585] ? rcu_is_watching+0x15/0xb0 [ 421.753373][T17585] ? trace_sys_enter+0x25/0x120 [ 421.753401][T17585] do_syscall_64+0xfa/0x3b0 [ 421.753424][T17585] ? lockdep_hardirqs_on+0x9c/0x150 [ 421.753445][T17585] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.753466][T17585] ? clear_bhb_loop+0x60/0xb0 [ 421.753492][T17585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.753512][T17585] RIP: 0033:0x7fd03df8d3bc [ 421.753531][T17585] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 421.753548][T17585] RSP: 002b:00007fd03ee35030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 421.753570][T17585] RAX: ffffffffffffffda RBX: 00007fd03e1b5fa0 RCX: 00007fd03df8d3bc [ 421.753585][T17585] RDX: 000000000000000f RSI: 00007fd03ee350a0 RDI: 000000000000000c [ 421.753598][T17585] RBP: 00007fd03ee35090 R08: 0000000000000000 R09: 0000000000000000 [ 421.753610][T17585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 421.753622][T17585] R13: 0000000000000000 R14: 00007fd03e1b5fa0 R15: 00007fff8c52b358 [ 421.753653][T17585] [ 422.212388][ T5952] IPVS: stop unused estimator thread 0... [ 422.825125][T17399] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 422.903964][T17399] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 422.978973][T17399] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 422.987532][T17621] netlink: 'syz.2.3246': attribute type 1 has an invalid length. [ 423.025113][T17621] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3246'. [ 423.060233][T17399] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 423.102460][T17627] xt_CT: You must specify a L4 protocol and not use inversions on it [ 423.130200][T17622] (unnamed net_device) (uninitialized): peer notification delay (1164) is not a multiple of miimon (100), value rounded to 1100 ms [ 423.231882][T17622] bond1: entered promiscuous mode [ 423.237118][T17622] bond1: entered allmulticast mode [ 423.242791][T17622] 8021q: adding VLAN 0 to HW filter on device bond1 [ 423.466949][T17652] netlink: 211204 bytes leftover after parsing attributes in process `syz.3.3251'. [ 423.642847][T17399] 8021q: adding VLAN 0 to HW filter on device bond0 [ 423.773152][T17399] 8021q: adding VLAN 0 to HW filter on device team0 [ 423.808998][ T5952] bridge0: port 1(bridge_slave_0) entered blocking state [ 423.816271][ T5952] bridge0: port 1(bridge_slave_0) entered forwarding state [ 423.854773][T17667] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3258'. [ 423.919640][ T5952] bridge0: port 2(bridge_slave_1) entered blocking state [ 423.926928][ T5952] bridge0: port 2(bridge_slave_1) entered forwarding state [ 423.950118][T17673] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3260'. [ 424.223191][T17689] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3264'. [ 424.811855][T17399] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 424.897314][T17718] netlink: 50 bytes leftover after parsing attributes in process `syz.3.3271'. [ 424.970345][T17717] syzkaller0: entered promiscuous mode [ 424.978309][T17717] syzkaller0: entered allmulticast mode [ 424.989442][T17720] sock: sock_timestamping_bind_phc: sock not bind to device [ 425.001102][T17399] veth0_vlan: entered promiscuous mode [ 425.014297][T17721] sock: sock_timestamping_bind_phc: sock not bind to device [ 426.712789][T17399] veth1_vlan: entered promiscuous mode [ 426.840625][T17399] veth0_macvtap: entered promiscuous mode [ 426.872415][T17399] veth1_macvtap: entered promiscuous mode [ 426.938612][T17399] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 426.988761][T17399] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 427.015686][T17746] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3278'. [ 427.020332][T17743] tipc: Started in network mode [ 427.035087][T17743] tipc: Node identity , cluster identity 4711 [ 427.041229][T17743] tipc: Failed to obtain node identity [ 427.075814][T17743] tipc: Enabling of bearer rejected, failed to enable media [ 427.126440][T17399] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 427.149970][T17399] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 427.159405][T17399] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 427.189800][T17399] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 427.218419][T17751] syzkaller0: entered promiscuous mode [ 427.232456][T17751] syzkaller0: entered allmulticast mode [ 427.247173][T17756] x_tables: duplicate underflow at hook 1 [ 427.400655][T17761] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3282'. [ 427.496514][T17764] veth0: entered promiscuous mode [ 427.502832][T17764] veth0: entered allmulticast mode [ 427.541524][T17766] sch_tbf: burst 21990 is lower than device lo mtu (65550) ! [ 427.587088][ T768] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 427.609274][ T768] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 427.817564][ T7066] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 427.862850][ T7066] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 427.905246][T17778] netlink: 'syz.4.3287': attribute type 1 has an invalid length. [ 428.022657][T17786] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3173'. [ 428.216944][T17778] workqueue: Failed to create a rescuer kthread for wq "bond10": -EINTR [ 428.239712][T17786] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 428.257948][T17786] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 428.258769][T17792] netlink: 'syz.2.3289': attribute type 8 has an invalid length. [ 428.266766][T17786] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 428.266833][T17786] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 428.544742][T17801] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3291'. [ 428.577840][T17801] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3291'. [ 428.997498][T17814] syzkaller1: entered promiscuous mode [ 429.006787][T17814] syzkaller1: entered allmulticast mode [ 429.194917][T17822] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3298'. [ 429.552584][ T5846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 429.563183][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 429.572159][ T5846] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 429.580618][ T5846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 429.588711][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 429.633383][ T7066] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 429.644890][ T7066] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.791629][ T7066] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 429.814615][ T7066] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.018467][ T7066] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 430.075035][ T7066] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.109004][T17841] xt_hashlimit: size too large, truncated to 1048576 [ 430.279188][ T7066] netdevsim netdevsim4 ÿÿÿÿÿÿ (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 430.311757][T17847] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144 [ 430.369711][ T7066] netdevsim netdevsim4 ÿÿÿÿÿÿ (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.518124][T17850] netlink: 'syz.1.3307': attribute type 1 has an invalid length. [ 430.554543][T17850] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3307'. [ 430.698913][T17852] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 431.674684][ T51] Bluetooth: hci1: command tx timeout [ 432.010418][ T7066] erspan0 (unregistering): left promiscuous mode [ 432.070478][ T7066] 1ªî{X¹¦ (unregistering): left promiscuous mode [ 432.131204][ T7066] bond6 (unregistering): (slave gretap2): Releasing active interface [ 432.170652][ T7066] bond7 (unregistering): (slave gretap3): Releasing active interface [ 432.511325][T17760] Set syz1 is full, maxelem 65536 reached [ 432.588112][T17863] netlink: 248 bytes leftover after parsing attributes in process `syz.3.3312'. [ 432.716411][T17866] netlink: 'syz.3.3313': attribute type 10 has an invalid length. [ 433.026965][ T7066] bond1 (unregistering): Released all slaves [ 433.140583][ T7066] bond2 (unregistering): Released all slaves [ 433.244908][ T7066] bond3 (unregistering): Released all slaves [ 433.348514][ T7066] bond4 (unregistering): Released all slaves [ 433.453907][ T7066] bond0 (unregistering): Released all slaves [ 433.559998][ T7066] bond5 (unregistering): Released all slaves [ 433.670862][ T7066] bond6 (unregistering): Released all slaves [ 433.754464][ T51] Bluetooth: hci1: command tx timeout [ 433.783470][ T7066] bond7 (unregistering): Released all slaves [ 433.799448][ T7066] bond8 (unregistering): Released all slaves [ 433.817610][ T7066] bond9 (unregistering): Released all slaves [ 433.864573][T17865] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3313'. [ 433.938314][T17866] batman_adv: batadv0: Adding interface: team0 [ 433.985439][T17866] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 434.015348][T17866] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 434.056574][T17874] x_tables: unsorted underflow at hook 4 [ 434.076039][T17874] x_tables: unsorted underflow at hook 4 [ 434.124516][ T7066] : left promiscuous mode [ 434.246658][T17881] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3318'. [ 434.280317][T17884] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3318'. [ 434.337846][ T7066] tipc: Left network mode [ 434.753997][T17914] netlink: 5 bytes leftover after parsing attributes in process `syz.2.3325'. [ 434.786720][T17911] delete_channel: no stack [ 434.848671][T17914] vlan2: entered allmulticast mode [ 434.853938][T17914] veth1: entered allmulticast mode [ 435.049798][T17912] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3325'. [ 435.061285][T17912] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3325'. [ 435.294407][T17829] chnl_net:caif_netlink_parms(): no params data found [ 435.554657][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 435.834560][ T5846] Bluetooth: hci1: command tx timeout [ 436.009528][T17829] bridge0: port 1(bridge_slave_0) entered blocking state [ 436.027340][T17829] bridge0: port 1(bridge_slave_0) entered disabled state [ 436.040358][T17829] bridge_slave_0: entered allmulticast mode [ 436.051389][T17829] bridge_slave_0: entered promiscuous mode [ 436.077196][T17829] bridge0: port 2(bridge_slave_1) entered blocking state [ 436.090717][T17829] bridge0: port 2(bridge_slave_1) entered disabled state [ 436.099890][T17829] bridge_slave_1: entered allmulticast mode [ 436.142200][T17829] bridge_slave_1: entered promiscuous mode [ 436.339291][T17829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 436.419304][T17829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 436.748851][T17829] team0: Port device team_slave_0 added [ 436.763480][T17980] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3341'. [ 436.791884][T17829] team0: Port device team_slave_1 added [ 436.799787][T17980] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3341'. [ 437.045032][T17992] openvswitch: netlink: Duplicate or invalid key (type 0). [ 437.052517][T17992] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 437.092077][T17829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 437.112426][T17829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 437.203916][T17829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 437.298703][ T7066] batadv_slave_0: left promiscuous mode [ 437.386452][ T7066] hsr_slave_0: left promiscuous mode [ 437.418772][ T7066] veth1_macvtap: left promiscuous mode [ 437.444436][ T7066] veth0_macvtap: left promiscuous mode [ 437.450434][ T7066] veth1_vlan: left promiscuous mode [ 437.759659][ T7066] pim6reg527 (unregistering): left allmulticast mode [ 437.779814][ T7066] pimreg (unregistering): left allmulticast mode [ 437.924547][ T5846] Bluetooth: hci1: command 0x0419 tx timeout [ 438.343076][ T768] smc: removing ib device syz! [ 438.363969][ T5952] smc: removing ib device syz0 [ 438.733892][T17829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 438.741305][T17829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 438.769671][T17829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 438.805666][ T2153] syz0: Port: 1 Link DOWN [ 439.120125][T18041] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3353'. [ 439.368604][T18036] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3353'. [ 439.535241][T18052] netlink: 'syz.2.3354': attribute type 7 has an invalid length. [ 439.752069][T17829] hsr_slave_0: entered promiscuous mode [ 439.796477][T17829] hsr_slave_1: entered promiscuous mode [ 439.833512][T17829] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 439.874908][T17829] Cannot create hsr debugfs directory [ 439.995626][ T5846] Bluetooth: hci1: command 0x0419 tx timeout [ 440.069886][T18072] netlink: 'syz.3.3358': attribute type 1 has an invalid length. [ 440.261733][T18076] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 440.269239][T18076] IPv6: NLM_F_CREATE should be set when creating new route [ 440.276671][T18076] IPv6: NLM_F_CREATE should be set when creating new route [ 440.305522][T18079] netlink: 'syz.1.3359': attribute type 1 has an invalid length. [ 440.344893][T18076] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 440.528650][T18072] bond1: entered promiscuous mode [ 440.534534][T18072] 8021q: adding VLAN 0 to HW filter on device bond1 [ 440.589364][T18073] 8021q: adding VLAN 0 to HW filter on device bond1 [ 440.625152][T18073] bond1: (slave wireguard0): The slave device specified does not support setting the MAC address [ 440.655742][T18073] bond1: (slave wireguard0): Setting fail_over_mac to active for active-backup mode [ 440.781036][T18103] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3363'. [ 440.794912][T18073] bond1: (slave wireguard0): making interface the new active one [ 440.803163][T18073] wireguard0: entered promiscuous mode [ 440.812114][T18073] bond1: (slave wireguard0): Enslaving as an active interface with an up link [ 441.002172][T18108] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3364'. [ 441.076297][T18079] 8021q: adding VLAN 0 to HW filter on device bond1 [ 441.111722][T18076] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 441.311281][T18080] bond1: (slave veth3): Enslaving as an active interface with a down link [ 441.496102][T18095] bond1: (slave veth0_to_bond): making interface the new active one [ 441.525304][T18095] veth0_to_bond: entered promiscuous mode [ 441.538256][T18095] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 441.621817][T18100] vlan2: entered allmulticast mode [ 441.627947][T18100] veth1: entered allmulticast mode [ 441.643524][T18100] veth1: entered promiscuous mode [ 441.708716][T18100] veth1: left promiscuous mode [ 441.806890][T18100] bond1: (slave vlan2): Enslaving as an active interface with an up link [ 442.055941][T18108] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 442.099742][T18108] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 442.114756][T18108] gretap1: entered promiscuous mode [ 442.120063][T18108] gretap1: entered allmulticast mode [ 442.695866][T18148] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3371'. [ 443.079658][T18165] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3375'. [ 443.423937][T18178] sctp: [Deprecated]: syz.2.3379 (pid 18178) Use of int in maxseg socket option. [ 443.423937][T18178] Use struct sctp_assoc_value instead [ 444.581117][ T7066] IPVS: stop unused estimator thread 0... [ 444.739641][T17829] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 444.811994][T17829] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 444.869777][T18223] !€ÿ: renamed from bond_slave_0 (while UP) [ 444.905639][T17829] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 444.955421][T17829] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 445.088058][T18235] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input7 [ 445.342226][T17829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 445.419877][T17829] 8021q: adding VLAN 0 to HW filter on device team0 [ 445.455181][T18249] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3393'. [ 445.484165][ T768] bridge0: port 1(bridge_slave_0) entered blocking state [ 445.491507][ T768] bridge0: port 1(bridge_slave_0) entered forwarding state [ 445.549022][ T5952] bridge0: port 2(bridge_slave_1) entered blocking state [ 445.556304][ T5952] bridge0: port 2(bridge_slave_1) entered forwarding state [ 445.564765][T18248] delete_channel: no stack [ 445.601099][T18252] netlink: 45 bytes leftover after parsing attributes in process `syz.3.3394'. [ 445.826367][T18260] netlink: 'syz.2.3397': attribute type 1 has an invalid length. [ 446.123119][T18273] netlink: 'syz.1.3400': attribute type 1 has an invalid length. [ 446.315902][T17829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 446.370766][T18255] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 446.513488][T18290] netlink: 112 bytes leftover after parsing attributes in process `syz.3.3404'. [ 446.673299][T18298] netlink: 'syz.1.3405': attribute type 10 has an invalid length. [ 446.721175][T18298] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3405'. [ 447.241812][T17829] veth0_vlan: entered promiscuous mode [ 447.297083][T17829] veth1_vlan: entered promiscuous mode [ 447.380568][T18324] netlink: 19 bytes leftover after parsing attributes in process `syz.3.3411'. [ 447.392550][T17829] veth0_macvtap: entered promiscuous mode [ 447.407703][T18324] netlink: 19 bytes leftover after parsing attributes in process `syz.3.3411'. [ 447.417449][T18328] netlink: 19 bytes leftover after parsing attributes in process `syz.3.3411'. [ 447.429777][T17829] veth1_macvtap: entered promiscuous mode [ 447.500950][T17829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 447.507641][T18330] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3412'. [ 447.551649][T17829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 447.720564][T18330] bond0: (slave bond_slave_1): Releasing backup interface [ 447.791293][T17829] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.802062][T17829] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.811467][T17829] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.817781][T18344] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.3415'. [ 447.821242][T17829] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.039173][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 448.068082][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 448.111876][ T768] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 448.139487][ T768] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 448.265218][T18356] netlink: 'syz.1.3420': attribute type 11 has an invalid length. [ 448.277097][T18356] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3420'. [ 448.425855][T18360] bridge1: port 1(veth0_to_bond) entered blocking state [ 448.462127][T18360] bridge1: port 1(veth0_to_bond) entered disabled state [ 448.514698][T18360] veth0_to_bond: entered allmulticast mode [ 448.558102][T18360] veth0_to_bond: entered promiscuous mode [ 448.619689][T18367] vlan2: entered allmulticast mode [ 448.626182][T18367] veth1: entered allmulticast mode [ 448.648851][T18367] bridge1: port 2(vlan2) entered blocking state [ 448.670229][T18367] bridge1: port 2(vlan2) entered disabled state [ 448.679770][T18367] vlan2: entered promiscuous mode [ 448.684972][T18367] veth1: entered promiscuous mode [ 448.697820][T18375] netlink: 'syz.2.3424': attribute type 1 has an invalid length. [ 448.711222][T18382] xt_connbytes: Forcing CT accounting to be enabled [ 448.739994][T18379] pimreg: entered allmulticast mode [ 448.747652][T18381] pimreg: left allmulticast mode [ 448.856250][T18384] netlink: 'syz.0.3426': attribute type 1 has an invalid length. [ 449.298670][T18404] tipc: Started in network mode [ 449.324401][T18404] tipc: Node identity 0a563f653bb7, cluster identity 4711 [ 449.331874][T18404] tipc: Enabled bearer , priority 0 [ 449.384621][T18409] syzkaller0: entered promiscuous mode [ 449.401782][T18409] syzkaller0: entered allmulticast mode [ 449.411636][T18415] x_tables: duplicate entry at hook 1 [ 449.427201][T18407] x_tables: arp_tables: MARK.2 target: invalid size 8 (kernel) != (user) 0 [ 449.437437][T18404] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 449.500321][T18404] tipc: Resetting bearer [ 449.561553][T18401] tipc: Resetting bearer [ 449.613471][T18401] tipc: Disabling bearer [ 449.641980][T18424] netlink: 'syz.1.3440': attribute type 2 has an invalid length. [ 449.652259][T18424] netlink: 'syz.1.3440': attribute type 1 has an invalid length. [ 449.711455][T18420] netlink: 'syz.4.3438': attribute type 12 has an invalid length. [ 449.999173][T18432] xt_CT: No such helper "snmp" [ 450.066621][ T7077] tipc: Subscription rejected, illegal request [ 450.653065][T18476] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 450.880842][T18485] __nla_validate_parse: 10 callbacks suppressed [ 450.880864][T18485] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3458'. [ 451.320149][T18499] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3464'. [ 451.330352][T18499] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3464'. [ 451.480244][T18507] netlink: 'syz.4.3466': attribute type 10 has an invalid length. [ 451.491030][T18507] bridge0: port 2(bridge_slave_1) entered disabled state [ 451.498976][T18507] bridge0: port 1(bridge_slave_0) entered disabled state [ 451.530387][T18505] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3465'. [ 451.544798][T18507] bridge0: port 2(bridge_slave_1) entered blocking state [ 451.552058][T18507] bridge0: port 2(bridge_slave_1) entered forwarding state [ 451.559702][T18507] bridge0: port 1(bridge_slave_0) entered blocking state [ 451.566968][T18507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 451.591607][T18507] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 451.876870][T18526] tipc: Started in network mode [ 451.905571][T18487] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 451.944498][T18526] tipc: Node identity , cluster identity 4711 [ 451.981814][T18526] tipc: Failed to set node id, please configure manually [ 451.999310][T18526] tipc: Enabling of bearer rejected, failed to enable media [ 452.031647][T18530] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3472'. [ 452.144681][T18542] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3473'. [ 452.232557][T18549] netlink: 'syz.4.3476': attribute type 11 has an invalid length. [ 452.484496][T18565] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3481'. [ 452.537505][T18573] netlink: 'syz.4.3482': attribute type 5 has an invalid length. [ 452.650863][T18578] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3484'. [ 452.736474][ T7066] veth0_to_bond: left promiscuous mode [ 452.853136][T18589] openvswitch: netlink: IPv6 tunnel dst address is zero [ 453.330079][T18615] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3495'. [ 453.357728][T18615] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3495'. [ 453.444959][T18620] netlink: 'syz.4.3496': attribute type 2 has an invalid length. [ 453.790142][T18639] veth0: entered promiscuous mode [ 453.813747][T18642] netlink: 'syz.4.3500': attribute type 10 has an invalid length. [ 453.971500][T18642] team0: Port device geneve0 added [ 454.072931][T18635] veth0: left promiscuous mode [ 454.118062][T18659] tipc: Started in network mode [ 454.123099][T18659] tipc: Node identity 92c58a20e382, cluster identity 4711 [ 454.143835][T18659] tipc: Enabled bearer , priority 0 [ 454.161865][T18659] syzkaller0: entered promiscuous mode [ 454.169444][T18659] syzkaller0: entered allmulticast mode [ 454.233915][T18659] tipc: Resetting bearer [ 454.255952][T18665] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-tlb(5) [ 454.354800][T18659] tipc: Resetting bearer [ 454.431470][T18659] tipc: Disabling bearer [ 454.482771][T18676] pim6reg: entered allmulticast mode [ 454.493530][T18679] pim6reg: left allmulticast mode [ 454.532326][T18681] netlink: 'syz.3.3511': attribute type 4 has an invalid length. [ 454.702262][T18688] dvmrp0: entered allmulticast mode [ 454.707958][T18691] netlink: 'syz.3.3514': attribute type 1 has an invalid length. [ 454.751924][T18691] netlink: 'syz.3.3514': attribute type 2 has an invalid length. [ 454.754432][T18694] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 454.777870][T18696] netlink: 'syz.3.3514': attribute type 1 has an invalid length. [ 454.795333][T18696] netlink: 'syz.3.3514': attribute type 2 has an invalid length. [ 455.306762][T18707] veth0_macvtap: left promiscuous mode [ 455.821158][T18741] xt_CT: No such helper "netbios-ns" [ 456.085261][T18762] __nla_validate_parse: 16 callbacks suppressed [ 456.085298][T18762] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3531'. [ 456.305835][T18773] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3534'. [ 456.324076][T18773] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3534'. [ 456.784135][T18802] tipc: Enabled bearer , priority 0 [ 456.817480][T18802] syzkaller0: entered promiscuous mode [ 456.823049][T18802] syzkaller0: entered allmulticast mode [ 456.846467][T18802] tipc: Resetting bearer [ 456.901439][T18801] tipc: Resetting bearer [ 456.930249][T18801] tipc: Disabling bearer [ 457.378691][T18837] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3555'. [ 457.395671][T18837] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3555'. [ 457.416495][T18835] netlink: 252 bytes leftover after parsing attributes in process `syz.1.3554'. [ 457.427062][T18840] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3556'. [ 457.535627][T18843] validate_nla: 1 callbacks suppressed [ 457.535649][T18843] netlink: 'syz.4.3557': attribute type 3 has an invalid length. [ 457.555681][T18846] Cannot find add_set index 1 as target [ 457.563470][T18846] netlink: ct family unspecified [ 457.605546][T18846] openvswitch: netlink: Actions may not be safe on all matching packets [ 457.686816][T18852] netlink: 'syz.2.3560': attribute type 1 has an invalid length. [ 457.712213][T18852] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 457.876902][T18859] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3563'. [ 457.893393][T18859] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3563'. [ 457.924518][T18859] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3563'. [ 458.513218][T18899] tipc: Started in network mode [ 458.534483][T18899] tipc: Node identity 6aa0a2550238, cluster identity 4711 [ 458.562307][T18899] tipc: Enabled bearer , priority 0 [ 458.680453][T18911] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 458.696651][T18899] tipc: Disabling bearer [ 459.423564][T18949] sch_tbf: peakrate 7 is lower than or equals to rate 2147483647 ! [ 459.544180][T18951] 8021q: adding VLAN 0 to HW filter on device bond1 [ 459.617115][T18951] gretap2: entered promiscuous mode [ 461.107101][T19031] netlink: 'syz.0.3611': attribute type 1 has an invalid length. [ 461.168473][T19031] veth0_to_team: entered promiscuous mode [ 461.175428][T19031] veth0_to_team: entered allmulticast mode [ 462.891609][T19060] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 463.378845][T19076] xt_CT: You must specify a L4 protocol and not use inversions on it [ 463.408802][T19077] __nla_validate_parse: 17 callbacks suppressed [ 463.408825][T19077] netlink: 88 bytes leftover after parsing attributes in process `syz.1.3625'. [ 463.482029][T19084] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 463.631471][T19092] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3630'. [ 463.668978][T19092] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 463.767071][T19092] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 463.898678][T19102] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3634'. [ 463.967574][ T768] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 464.089006][ T7066] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 464.121840][ T7066] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 464.191918][ T5952] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 464.214647][ T5952] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 464.362186][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 464.385735][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 464.488077][ T12] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 464.636224][ T5952] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 464.644136][ T5952] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 464.753336][ T5952] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 464.781147][T19137] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3642'. [ 464.814731][ T5952] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 464.938112][ T768] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 464.991639][ T5952] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.022109][ T5952] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 465.049692][T19151] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3646'. [ 465.164314][ T768] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.172478][ T768] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 465.217999][ T768] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.232767][ T768] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 465.328265][ T7066] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.362057][ T7066] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 465.435100][ T7067] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.462351][ T7067] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 465.505598][ T7067] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.544053][ T7067] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 465.632516][ T7066] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.669304][ T7066] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 465.728198][ T7078] ------------[ cut here ]------------ [ 465.734002][ T7078] WARNING: CPU: 1 PID: 7078 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x3ca/0x440 [ 465.744566][ T7078] Modules linked in: [ 465.750055][ T7078] CPU: 1 UID: 0 PID: 7078 Comm: kworker/u8:17 Not tainted 6.16.0-rc7-syzkaller-00100-gafd8c2c9e2e2 #0 PREEMPT(full) [ 465.762770][ T7078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 465.773440][ T7078] Workqueue: cfg80211 cfg80211_event_work [ 465.779940][ T7078] RIP: 0010:__cfg80211_ibss_joined+0x3ca/0x440 [ 465.786258][ T7078] Code: 00 00 00 75 69 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 d2 73 f2 f6 90 0f 0b 90 eb bd e8 c7 73 f2 f6 90 <0f> 0b 90 4c 8b 6c 24 18 eb ad e8 b7 73 f2 f6 90 0f 0b 90 e9 de fd [ 465.808362][ T7078] RSP: 0018:ffffc9001bb978e0 EFLAGS: 00010293 [ 465.815021][ T7078] RAX: ffffffff8acdb309 RBX: dffffc0000000000 RCX: ffff888027a75a00 [ 465.823064][ T7078] RDX: 0000000000000000 RSI: ffffffff8d996a45 RDI: ffffffff8be28d40 [ 465.831151][ T7078] RBP: ffffc9001bb979b8 R08: ffffffff8fa1def7 R09: 1ffffffff1f43bde [ 465.840877][ T7078] R10: dffffc0000000000 R11: fffffbfff1f43bdf R12: ffff888076904d90 [ 465.848969][ T7078] R13: 1ffff92003772f24 R14: ffff88802eed3338 R15: 0000000000000006 [ 465.857055][ T7078] FS: 0000000000000000(0000) GS:ffff888125d23000(0000) knlGS:0000000000000000 [ 465.858649][T19189] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3657'. [ 465.866082][ T7078] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 465.866161][ T7078] CR2: 0000200000002780 CR3: 0000000076538000 CR4: 00000000003526f0 [ 465.866188][ T7078] Call Trace: [ 465.866199][ T7078] [ 465.866211][ T7078] ? lockdep_hardirqs_on+0x9c/0x150 [ 465.866247][ T7078] ? __pfx___cfg80211_ibss_joined+0x10/0x10 [ 465.866273][ T7078] ? cfg80211_event_work+0x24/0x60 [ 465.866304][ T7078] ? __pfx___mutex_lock+0x10/0x10 [ 465.866336][ T7078] cfg80211_process_wdev_events+0x38a/0x4f0 [ 465.926033][ T7078] cfg80211_process_rdev_events+0xa1/0x110 [ 465.931906][ T7078] cfg80211_event_work+0x2c/0x60 [ 465.937505][ T7078] ? process_scheduled_works+0x9ef/0x17b0 [ 465.943294][ T7078] process_scheduled_works+0xae1/0x17b0 [ 465.948976][ T7078] ? __pfx_process_scheduled_works+0x10/0x10 [ 465.955075][ T7078] worker_thread+0x8a0/0xda0 [ 465.959750][ T7078] kthread+0x70e/0x8a0 [ 465.963884][ T7078] ? __pfx_worker_thread+0x10/0x10 [ 465.969723][ T7078] ? __pfx_kthread+0x10/0x10 [ 465.974405][ T7078] ? _raw_spin_unlock_irq+0x23/0x50 [ 465.979654][ T7078] ? lockdep_hardirqs_on+0x9c/0x150 [ 465.984971][ T7078] ? __pfx_kthread+0x10/0x10 [ 465.989620][ T7078] ret_from_fork+0x3fc/0x770 [ 465.995006][ T7078] ? __pfx_ret_from_fork+0x10/0x10 [ 466.000194][ T7078] ? __switch_to_asm+0x39/0x70 [ 466.005692][ T7078] ? __switch_to_asm+0x33/0x70 [ 466.010535][ T7078] ? __pfx_kthread+0x10/0x10 [ 466.015624][ T7078] ret_from_fork_asm+0x1a/0x30 [ 466.020481][ T7078] [ 466.023572][ T7078] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 466.030885][ T7078] CPU: 1 UID: 0 PID: 7078 Comm: kworker/u8:17 Not tainted 6.16.0-rc7-syzkaller-00100-gafd8c2c9e2e2 #0 PREEMPT(full) [ 466.043142][ T7078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 466.053224][ T7078] Workqueue: cfg80211 cfg80211_event_work [ 466.058977][ T7078] Call Trace: [ 466.062269][ T7078] [ 466.065212][ T7078] dump_stack_lvl+0x99/0x250 [ 466.069824][ T7078] ? __asan_memcpy+0x40/0x70 [ 466.074438][ T7078] ? __pfx_dump_stack_lvl+0x10/0x10 [ 466.079661][ T7078] ? __pfx__printk+0x10/0x10 [ 466.084288][ T7078] panic+0x2db/0x790 [ 466.088216][ T7078] ? __pfx_panic+0x10/0x10 [ 466.092646][ T7078] ? show_trace_log_lvl+0x4fb/0x550 [ 466.097875][ T7078] ? ret_from_fork_asm+0x1a/0x30 [ 466.102834][ T7078] __warn+0x31b/0x4b0 [ 466.106837][ T7078] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 466.112418][ T7078] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 466.117984][ T7078] report_bug+0x2be/0x4f0 [ 466.122333][ T7078] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 466.127892][ T7078] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 466.133450][ T7078] ? __cfg80211_ibss_joined+0x3cc/0x440 [ 466.139013][ T7078] handle_bug+0x84/0x160 [ 466.143271][ T7078] exc_invalid_op+0x1a/0x50 [ 466.147797][ T7078] asm_exc_invalid_op+0x1a/0x20 [ 466.152662][ T7078] RIP: 0010:__cfg80211_ibss_joined+0x3ca/0x440 [ 466.158835][ T7078] Code: 00 00 00 75 69 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 d2 73 f2 f6 90 0f 0b 90 eb bd e8 c7 73 f2 f6 90 <0f> 0b 90 4c 8b 6c 24 18 eb ad e8 b7 73 f2 f6 90 0f 0b 90 e9 de fd [ 466.178459][ T7078] RSP: 0018:ffffc9001bb978e0 EFLAGS: 00010293 [ 466.184543][ T7078] RAX: ffffffff8acdb309 RBX: dffffc0000000000 RCX: ffff888027a75a00 [ 466.192530][ T7078] RDX: 0000000000000000 RSI: ffffffff8d996a45 RDI: ffffffff8be28d40 [ 466.200514][ T7078] RBP: ffffc9001bb979b8 R08: ffffffff8fa1def7 R09: 1ffffffff1f43bde [ 466.208508][ T7078] R10: dffffc0000000000 R11: fffffbfff1f43bdf R12: ffff888076904d90 [ 466.216510][ T7078] R13: 1ffff92003772f24 R14: ffff88802eed3338 R15: 0000000000000006 [ 466.224509][ T7078] ? __cfg80211_ibss_joined+0x3c9/0x440 [ 466.230081][ T7078] ? lockdep_hardirqs_on+0x9c/0x150 [ 466.235325][ T7078] ? __pfx___cfg80211_ibss_joined+0x10/0x10 [ 466.241232][ T7078] ? cfg80211_event_work+0x24/0x60 [ 466.246361][ T7078] ? __pfx___mutex_lock+0x10/0x10 [ 466.251411][ T7078] cfg80211_process_wdev_events+0x38a/0x4f0 [ 466.257325][ T7078] cfg80211_process_rdev_events+0xa1/0x110 [ 466.263145][ T7078] cfg80211_event_work+0x2c/0x60 [ 466.268099][ T7078] ? process_scheduled_works+0x9ef/0x17b0 [ 466.273837][ T7078] process_scheduled_works+0xae1/0x17b0 [ 466.279418][ T7078] ? __pfx_process_scheduled_works+0x10/0x10 [ 466.285454][ T7078] worker_thread+0x8a0/0xda0 [ 466.290085][ T7078] kthread+0x70e/0x8a0 [ 466.294185][ T7078] ? __pfx_worker_thread+0x10/0x10 [ 466.299335][ T7078] ? __pfx_kthread+0x10/0x10 [ 466.303945][ T7078] ? _raw_spin_unlock_irq+0x23/0x50 [ 466.309160][ T7078] ? lockdep_hardirqs_on+0x9c/0x150 [ 466.314379][ T7078] ? __pfx_kthread+0x10/0x10 [ 466.319006][ T7078] ret_from_fork+0x3fc/0x770 [ 466.323611][ T7078] ? __pfx_ret_from_fork+0x10/0x10 [ 466.328741][ T7078] ? __switch_to_asm+0x39/0x70 [ 466.333528][ T7078] ? __switch_to_asm+0x33/0x70 [ 466.338333][ T7078] ? __pfx_kthread+0x10/0x10 [ 466.342941][ T7078] ret_from_fork_asm+0x1a/0x30 [ 466.347734][ T7078] [ 466.351279][ T7078] Kernel Offset: disabled [ 466.355660][ T7078] Rebooting in 86400 seconds..