last executing test programs: 11.534918506s ago: executing program 0 (id=414): socket$tipc(0x1e, 0x5, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000200)={'tunl0\x00', {0x2, 0x0, @broadcast}}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="c4000000190001000000000012000000ff0100000000000000000000000000010000000000000000000000000000000000000000000000000a"], 0xc4}}, 0x0) 11.368910097s ago: executing program 0 (id=416): r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.dequeue\x00', 0x0, 0x0) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x1, 0x30, 0x9, 0x2}]}) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'ccm(anubis)\x00'}, 0x58) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x0, 0x400, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x2000040}, 0x20040044) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000500)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x1c8, r2, 0x400, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x1, 0x20}}}}, [@NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_FRAME={0x23, 0x33, @action_no_ack={{{0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x7fff}, @device_b, @device_b, @initial, {0x9, 0x2}, @value=@ver_80211n={0x0, 0x2eec, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1}}, @ntf_ch_w={0x7, 0x0, 0x1}}}, @NL80211_ATTR_FRAME={0x128, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {}, @device_b, @broadcast, @random="0833369d4e2b", {0x6, 0x40}}, 0x100, 0x66, @device_b, {0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x2, [{0xc, 0x1}, {0x48}]}, @val={0x2d, 0x1a, {0x8000, 0x0, 0x7, 0x0, {0x0, 0x94, 0x0, 0x2, 0x0, 0x1, 0x0, 0x2}, 0x300, 0xce, 0x9}}, [{0xdd, 0xd8, "688722223fb2562ff46fd2ab4125403b1a3a7ead0a72c268bd9ad512417e06722df21037e2a0bf96dc9552f6cf6f8b7cc758c9a256fafb33099b23bf21435d015a3566b7b3bff69e715d20eb3f3551736d0185fbf86003f5776d1083a485e67d80a065d45c3a0372e35b01739bca388cb5a311efd6947da425f64e2adf6eab7a2f5743cb474b898540c218874b45e8a4f8b2394d9d8965761e1589652998b3694f3945d537ae70489931360b477cfcca2936d3f2a1d184c4c20ab4ae88d3a2b0669c0005183793293981bef923ebe7bef18e5e7a9a306ab7"}]}}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_FRAME={0x44, 0x33, @action_no_ack={{{0x0, 0x0, 0xe, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x80}, @device_a, @device_a, @initial, {0x5}, @value=@ver_80211n={0x0, 0x20, 0x3, 0x1, 0x0, 0x2, 0x1, 0x0, 0x1}}, @tdls_setup_resp={0xc, 0x1, 0x4d, 0x0, @void, @val={0x1, 0x1, [{0x2}]}, @val={0x2d, 0x1a, {0x8000, 0x0, 0x1, 0x0, {0x1, 0x5, 0x0, 0x9, 0x0, 0x1, 0x1, 0x2}, 0x400, 0x7}}, @void}}}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xe44}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x1c8}, 0x1, 0x0, 0x0, 0x80c0}, 0x40) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000580)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x34, r2, 0x300, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x73}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x5c}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) setsockopt$inet6_dccp_int(r0, 0x21, 0x3, &(0x7f0000000680), 0x4) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000006c0)={'wlan1\x00'}) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000700)=0x11d040, 0x4) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f00000007c0)={0x0, 0x5c, &(0x7f0000000740)=[@in={0x2, 0x4e23, @multicast1}, @in={0x2, 0x4e22, @multicast2}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e23, 0x5, @private0, 0x6374}, @in={0x2, 0x4e24, @rand_addr=0x64010100}]}, &(0x7f0000000800)=0x10) r6 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_inet_SIOCSIFPFLAGS(r6, 0x8934, &(0x7f0000000840)={'macvlan1\x00', 0x3}) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f0000000940)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x5201100}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x30, 0x1412, 0xa094a5a0f53bc861, 0x70bd2b, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x3}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x40) getsockopt$SO_COOKIE(r7, 0x1, 0x39, &(0x7f0000000980), &(0x7f00000009c0)=0x8) getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000ac0)={@empty, @remote, 0x0}, &(0x7f0000000b00)=0xc) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e80)={r0, 0xe0, &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000bc0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, &(0x7f0000000c00)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000c40)=[0x0], 0x0, 0x9, &(0x7f0000000c80)=[{}], 0x8, 0x10, &(0x7f0000000cc0), &(0x7f0000000d00), 0x8, 0x97, 0x8, 0x8, &(0x7f0000000d40)}}, 0x10) r10 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000f00)=@o_path={&(0x7f0000000ec0)='./file0\x00', 0x0, 0x4000, r7}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000001000)={0xf, 0x2, &(0x7f0000000a00)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8}], &(0x7f0000000a40)='syzkaller\x00', 0x4, 0x1e, &(0x7f0000000a80)=""/30, 0x40f00, 0x1, '\x00', r8, 0x2f, r0, 0x8, &(0x7f0000000b40)={0x7, 0x2}, 0x8, 0x10, &(0x7f0000000b80)={0x5, 0xe, 0xfa, 0x5}, 0x10, r9, r0, 0x8, &(0x7f0000000f40)=[r0, r10], &(0x7f0000000f80)=[{0x5, 0x5, 0x3, 0x3}, {0x3, 0x3, 0x10, 0xa}, {0x3, 0x1, 0x6, 0xb}, {0x2, 0x1, 0xa, 0x5}, {0x3, 0x1, 0xf, 0x4}, {0x1, 0x5, 0x5, 0x9}, {0x1, 0x4, 0xe, 0x7}, {0x4, 0x5, 0xd, 0xb}], 0x10, 0x6}, 0x90) r11 = socket$netlink(0x10, 0x3, 0xa) r12 = syz_genetlink_get_family_id$tipc(&(0x7f0000001100), r7) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r11, &(0x7f00000011c0)={&(0x7f00000010c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000001180)={&(0x7f0000001140)={0x30, r12, 0x4, 0x70bd28, 0x25dfdbfe, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}, ["", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x20040000}, 0x7c42bef7b0d894ca) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000001200)={r5, 0x80}, &(0x7f0000001240)=0x8) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000001280)={r13, 0xd7, 0x0, 0x1, 0x7}, &(0x7f00000012c0)=0x18) r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r14, &(0x7f0000001500)={&(0x7f0000001300), 0xc, &(0x7f00000014c0)={&(0x7f0000001380)={0x12c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x7dfb2df3ae0dd546}, @NL802154_ATTR_SEC_ENABLED={0x5}, @NL802154_ATTR_SEC_OUT_KEY_ID={0xc8, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x4}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0xfff}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x9}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x34, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}]}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x4c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x100000001}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}, @NL802154_ATTR_SEC_OUT_KEY_ID={0x2c, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x1ff}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}]}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x2}]}]}, 0x12c}, 0x1, 0x0, 0x0, 0x2eb006e026ce8903}, 0x30004015) 11.070363151s ago: executing program 0 (id=418): socket$nl_xfrm(0x10, 0x3, 0x6) mmap$xdp(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x11, 0xffffffffffffffff, 0x0) epoll_create1(0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={0x0, &(0x7f0000001f80)=""/237, 0x0, 0xed}, 0x20) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_BIND_MAP(0x1c, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff, 0x24}, 0xc) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000140), r0) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000180), 0xffffffffffffffff) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x6000, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="b400000010000904000000000014000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0) 10.562852008s ago: executing program 0 (id=423): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x40186366, &(0x7f0000000480)={'ip6tnl0\x00', &(0x7f0000000400)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}) 10.318923005s ago: executing program 0 (id=427): r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212401d00"], 0x10}}, 0x0) 10.145153996s ago: executing program 0 (id=432): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(cast6-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000002a00)="0b1c6840a936a0e377c392a7a3b38e1d", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000380)=[{0x200000000000000, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="e7", 0x1}, {&(0x7f0000000040)='A', 0x1}], 0x2}], 0x1, 0x0) 9.515739395s ago: executing program 2 (id=443): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x4, 0x4, 0x4}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f0000001680)=ANY=[@ANYBLOB="180000000000000c000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000d3000000bf0900000000000066090600000003e70400000006000000180100002020702500000000002020207d9af8ff00000000ad9100000000000037010000f8ffffffb702000008000000b70300000000000014000000060000005c93000000000000b5030200000000008500000000000000b70000000000000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 9.318529149s ago: executing program 2 (id=447): bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_emit_ethernet(0x2ce, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd6ef5c98002982901fec0ffff00000c000000ffffe0000001fe8000"], 0x0) 9.072805795s ago: executing program 2 (id=450): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'vlan0\x00', 0x0}) r2 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000000040), 0x0, 0x20000080) shutdown(r0, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000080)={0xffffffffffffffff, 0x2914, 0x6, 0x5b}) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e24, 0x26c3, @mcast1, 0x1b88}}}, &(0x7f0000000180)=0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000001c0)={r4, @in6={{0xa, 0x4e24, 0x2, @local, 0xfffffffa}}, 0x9, 0xc3b, 0x0, 0x7, 0x14, 0xfbe440ab, 0x5}, &(0x7f0000000280)=0x9c) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f00000002c0)=0x1040, 0x4) ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r3, 0x80286722, &(0x7f0000000340)={&(0x7f0000000300)=""/36, 0x24, 0xf, 0x33}) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) r7 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f0000000400)={'ip_vti0\x00', &(0x7f0000000380)={'erspan0\x00', r1, 0x1, 0x1, 0xfffffffe, 0xfff, {{0x12, 0x4, 0x1, 0x1, 0x48, 0x68, 0x0, 0x6, 0x29, 0x0, @broadcast, @multicast1, {[@cipso={0x86, 0x2e, 0x3, [{0x0, 0xa, "12cb8c23585848a8"}, {0x2, 0x5, "e52a95"}, {0x2, 0x4, "09dd"}, {0x2, 0x4, "90d8"}, {0x1, 0x4, 'u\\'}, {0x1, 0xd, "081bf51d6e2c21b8d0c717"}]}, @ra={0x94, 0x4}]}}}}}) setsockopt$inet_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000440), 0x4) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000500)={{r3}, &(0x7f0000000480), &(0x7f00000004c0)='%pB \x00'}, 0x20) syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r3) ioctl$FS_IOC_GETFLAGS(r7, 0x80086601, &(0x7f0000000580)) sendmsg$TIPC_NL_PEER_REMOVE(r3, &(0x7f0000000a80)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000a40)={&(0x7f0000000600)={0x43c, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x180, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_ID={0x29, 0x3, "be86b9f8e0e6ae09c1e23f07dbc64a3ed669144c2e388bb2d647915ce982ca2cce921f92e6"}, @TIPC_NLA_NODE_ID={0x1e, 0x3, "9567237b4138a93b49afb5830d8fbdb59012f9caab44c19dbe86"}, @TIPC_NLA_NODE_ID={0x10, 0x3, "a26b386dee8927d8d57a256a"}, @TIPC_NLA_NODE_ID={0xc0, 0x3, "7f23c45136a657b2d93f7e8c2f5eb429cabf88f54bebf6d671b61de7e2bd4015848c5dff176ad60ecdbe7448d53ef559a1e1ed7d99bbd2e9d115aef3099af9ca7e9e3a58440ab1167c0918224905ca63d85a5ad4b53a3b9b33efcd3d9226e7e86b7d65104686ef675f3641e9d1984c3942e2bb9b26765439164fd3a510635d4d4be1e1e25f8e61e90a6ff5529e2960f7d2aa509e01dd9e3c72e0e9724d35a6233b40d0c760f19f584f8b63721ddbfd5320b89066588de933a7357eb2"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "57d7db3e2e706acfe89570ef343bbef83ac7680f6b93550d50231ae403705e9b"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40}]}, @TIPC_NLA_BEARER={0x30, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x13}}}, {0x14, 0x2, @in={0x2, 0x4e23, @empty}}}}]}, @TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x3}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x61}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x800}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x800}]}, @TIPC_NLA_BEARER={0x118, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xf95e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb2}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0xb7d, @rand_addr=' \x01\x00', 0x80000000}}, {0x14, 0x2, @in={0x2, 0x4e20, @remote}}}}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x5bd, @dev={0xfe, 0x80, '\x00', 0x18}, 0x5}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0xc}}}, {0x14, 0x2, @in={0x2, 0x4e20, @multicast2}}}}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xa600e74}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x10001}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x80000000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}]}, @TIPC_NLA_NODE={0x8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_NODE={0xd0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x2e, 0x3, "62dc22ef171eaf97a8ed205a4578aea062b3843128422b0f4b161400eea4a4c60457109da53ee4988d4e"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xb57}, @TIPC_NLA_NODE_KEY={0x47, 0x4, {'gcm(aes)\x00', 0x1f, "0130b5550807d2c211ad133efe5038436b32dc77fc2275791c70678fba6af9"}}, @TIPC_NLA_NODE_KEY={0x47, 0x4, {'gcm(aes)\x00', 0x1f, "17e459d778d7713112d6032814e1cbe05c6c6730853677ca1cac527225895b"}}]}, @TIPC_NLA_SOCK={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x43c}, 0x1, 0x0, 0x0, 0x804c001}, 0x40) r8 = socket(0x5, 0x4, 0x5) ioctl$sock_SIOCADDDLCI(r2, 0x8980, &(0x7f0000000ac0)={'batadv0\x00', 0xd73}) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b40), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000b80)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_FRAME(r3, &(0x7f0000001d00)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000001cc0)={&(0x7f0000000bc0)={0x1100, r9, 0x4, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x6}, @NL80211_ATTR_FRAME_MATCH={0xd7, 0x5b, "cb33d46201df154b81ab1ec669c97a12124d6540d5698d7c8463826d7e5a5e2110bd8481522f7dcb89d8b029eeb5fdd45106a8607a05ad9c5c373eb77ca5aa5050244072ca1c00be244d82c0d488c0c4ab093f0a11fdce512101352c78e7cc5826be0312aaa23b046b8f1c71566650245b2ff401c304b7dd4e66fbfe180b9986fcf6e6a8ddd256bd58411755450da503f55fd48e2b7fe50550a7e73544293daa0d90198c6be86de129d5125d949b0f42f71b5ffab0d0b407af0fbfa412ec6d28fb33734266fa28eddb23ceaef1072bcd01c416"}, @NL80211_ATTR_FRAME_MATCH={0x1004, 0x5b, "2ae4503656f730eb7a49cb45d147368e195c3808373d5157d5a788dd1d8cee6905eff9479c4e94a87271fb9d81ebd45add008fb7d234ea6a7421f5bd4757c4ece45ea3f8920ba5225e647a41c40d324288ba920b249943ba9d0c3cfac23f68ae9da509e84d3d1a28d4e3931aa706de52b24046893fb758638f2290ab0e88329b9b4aa4354da4312b3ac4a9042adc280ed2bb33068fcb252f9e967544bc783e2d8070e851b3d3b754e0666bccdfb10a5073ef575b46bd18c6c2e00a939b7cfa3d5c2ceafe2e1327803ad7a583aa2916d097b8cba633e6fe32e2da631b1e1c59612a39db2e1ce0f8f36a81af9ae362a013e35026117e3c5eef29b13601c8d3aac3e0d1c3605895fdf2b360243a2dbf4c778880a57fa59411a6be3da69458e8dff0cb2da813f7e7802656208736603fb8a8961ffc31192edf4532135bd3e5ac2b1c044143b58a293a46ae1aa82e57e8ae6194bf6c22dc3e00eb279c802f58b56fcd82c0e40d619d4a7d0c4d35cd08ab65a3b01d2d74b8b31d94b6ed2adf19d78202bf7afc5bc512838c38f12370c05a0adeb962b46eb060b77e917b9a1291a6618c90403a8d65b1dce3b41fe8a4c2870216dea95f9d4e8724befd40e070797b0d428f2a6cfc06970e3c0635aa27935aa047bf1c0072bff3bf31bf44e9a352fb4a1805c430b2728b0dbd36f48506572388e87e9b8f417f403c27e76b45b452c1b1060fe16931ab043954d6d28f0958862cebdb3516d1065b8a5dc6428ba31f3310f35ebec4cfbd50a2a1c04ba88f013a12b50329c1432339df9c8551d157eb67efc8673b31e89e422a13b8757955fcd3884eebb2334be1582afe5d6d7e3ec80625d945e4f6c2190d2a7b35f3e152768e448829bbc81c4ab3f42025942b535af6156b93a964c9c34c5c8f05b28aaccaee3260034e31ce8faf7cf7ad2eaf6bc78546ee3d5c5b467a558315e20cbd5e1fc4e9ea47234c5f26a86b79f0f019aae42a369fbce792acdb69aff9a1905b877757cebf83d5b4abb45ffb9d5e97e0b8afc6f53c9164514e16f01efaf6684813807a091dd439cbc07e98bbac54ab39417e9551085866ed431537951d8d533724655d1225f6663db0eec3cafc35e0652b8552c38818c53445e42edcc4346cc635cc3603a7ac2a64f7b6bb82847c2366c7ab5a9b3deede58de241b2d491e35ecb4ba8b7ad3198d4caf25fc3154c4ef764229a6966820ae138ce0df4ade5e81a7abfd147eae59eb639c572ab3e8b8db873a3b567f10b6d1cfbf04cbd94b41accb8b93139fac8a8fdb7ef8a2928fa361856f59f60a36a14703bbf8c9f52b12565d075376e7dbaeaa7e38857b41aab1633b16148f916caa2c31adfc712677c626be225649cde6bcea5b4a60f8fe66e6cc6f745ff95a8d3a7f3079be37eb338f8207a112baa4af9e46d201afcd6eb075917adabae1069a5d0ec630725a7c6fcc3d50fbc980ac2fb2b8043cca39f5925e6dc4b1a0739fa15062634447fcffd132df07f985259983a41837f338a35f9b091d101831174e096cdcddd783c379b9790129beea34431ad87e20d71f604215b463e93f766c918ab582bff7b45e51072654f8cec85692719e377f19e76b3c1020ea25c7df0e07dd6d1dba20ecfacc7333616b88744d0b82397715f2f9e3675e9c1203b6f382db06e8bc7879c022b54b041cb78142e145f6e9d492e51323c852989094250e794f2dbfa46d9845aff6769d92b5b1a55818ba2772487b60f0924b0bf27919196cb5619021b31f97bc88041971783a6291595edb6b4dc0283b2f99623eedcf2759a8e20cf98c4c5732e250bc33f09a9ea3cb4dbea96dedd9ddd46c5fe6e83425ff2068174464dfa67a339722b9f53b096e332276040e17a3439a5d681297b7bf7b612be7f6674ee3579d5603523190923a342342389d5c703e6fcd65b242a8533c3d9b81c6c1350eb47dd068ec884f9c889187f0f233aeba7f5a86e88c7f7d218cdeaa37d27c6447c42f707de620f1fde3b6b407d21570dc6f7e48969a2817e3108bfa6191563a0d272c859489c7be426e56f494346c9d76f1777a3b7b5fe028d94965a4fd6073c45e0126d43f3c92398c28a9182340c4c3f898ae5224cdf1082469ce8cf6324d463a3cd3f7d67e0c2cb8193ff06b9fabc1294c2b659fe1d2306dc8fba5df27468a1e6641efbf4541450e34568c8b3112c799dd93b4f84a0429300f7579ef576a5fff549b921e083f7ef3e6dd52738ec4d8a5e01a64922e543564fb6da1a77ecc4f8f7629e06fb4aa71642b0071b9f8161b520713e77e2dec7299d5923109690fb7edad3c0ab5ae0c29ff6bef5385038b6f0447db3e2d9e28c33b29e1ea53377babba518c66ef8604a3bb0f83c36ec6b508a75f398e8dff51094ced2290e4aa98345628f84ac058134b262b64798269759a503ce1e87dc83d2ad4f80b77532b21fcc8f99ece334a2837ba4be89c241748de006f2211f9061ba1416996c6d3442dbf8f6bcc0fbdad413f13a7a246a2e82c30ae98d8e6fb8d718f07bf01fb69e55fce777550481d2124b37563b2d037c43a695271ffd284e454ba953bf4fbf92377c2bd107a2669aaef5d41ea37e8c26bb75bf24a608d0c3722ab335477fe0692258160a9f98cddcc91e68ec2d7d9ee68a7077e28d967cd3fdc03194737fafe065049fea3c447d718cb8f3de7933c9ff742ed8b5a0d22f3ead40c49688333b865a905a39c69953368a797f65da0e6f86bdbbe4518b99ffea7458005e6f67a2bbca90ca6fd628bc01e918c3e6f2f5a2e401bd7a4238daa8d69ac4f88c2ac2a3ab877291821a5ce71cd64c5bc5ce9feaa01e6a0574ee12a4db16bb4156582bb19885e0c0e71ec0931eb04ff57f57068dc44209c3dd7026638d49052ca0e09349cdcf6535d332c62adb9cfdfe6fc533667065b5145f2b0cba7fe49fdfcdb08b031ab88996b79453e0e171ee0e33e54173cbee66f5a6c629ff45bb214c610772e1b0fb1f197c542370b1963dac57245e39eb2544fcd8b0f996daffcfeaf8967b60035f3c56ec01898ad0e84eb3770d3c32c10cde9269257bd91dc41fb9fb36183930a57424226ed2c2b3268c7f326bbf6c27d3d4fe6be00fbc3889e0b9364fe4864c5ba6a356ef82954a818aaab0658b07342d8fb14b9e5e0b8ac902b61d0a139c33ef70984e02e43599992abbb7716322dc6287b70f45fd26c9a909fee9e463c3525aca0f1e3b5d1b0525526c49929f181ce90066c47ff7a0882f451ec79865513757876c53622c3bf4b20b77d2e878b9d1176478f3e1caa2aeae4a4d8f173a6618802234be4c1e315cf350448e5782cc7798989088e8a3e452ab8604a7905275b697d76da267c204d369ac6bc6956191748405f8a70ab3dc47da86b99c76eaec8fe80ccc41ed42cba9162726262599f7a3b9e45376d929c7d01c919262b6bcde7a3d38bfaa1b8c167813983e6d79c23ee4b65498ca2b3f9634dde9b1c6a25c289e7ff9df8e04adec7546f2cce6b3dedb00bcd39930ed6c56831ac32f2e30056b6c38bd69ed901bcf8843cce12f50c4130062b82639202212d2da5dc143eabce97d7cccb17da89933b133287fd8f843fa810e4f1b9ab83b378f6d35a0dba1454ae2adb3604ced3c0989a0f32c01cd4b5962e4c1c9a53e0af2c6b9ba97a2958c244153a8f68350c8d788eafa000c1ef1ea7482959722d0e0f9581844b6acba091b4268697faf597bc2a4a2a0f55bbe2e16c7c06bb4edd8db4f5de8864d5c59df2f50d9c9d93b7d259f7945d8e68ecfdd6b5234fc6be75ea7b2a038e5f4d6a128a4a03d409bf7caca1b39be2ad587b43a88cce122df85c41ac1c1a9500935e05b833a03dfc0fcfd9bf13c728a30e624ec474dd37cd280779b78dc4531fb635213d23a3d13bf9aba683d4ed1ce4a3c5a62d6784adb268f69692983a80db817379a04b88486da951be2d5495f59903cf356d4cd426b38918d54c1cd91fc5ebfcd7e904627a1960b1d4d85b91a17e60656b87968626f0f0e9af8c6c29c57103625598f38e38d1fdc9963a48be175621905b86896c91ab83c8077827082e9e3f46fe244454e91b3d27febf62eaa848e493bc225f452cf3defa6fa03f1e9b1689dc10f656e4f3cbf170a04d00159505925c513b046c552cdcb062fc43db383580db935f5eb8479baa7f59004b5f07d745c596d904d48cdd9749bbf2cc6cfb2c265da39f110a44ed54757d8ee2b6e15169e9781c0074ffc86dbb0d9e3cbc32c16a7d1116c2f5a9fcebfd343348f036b58110d59b78c1e908a98c4724859d06430f0e938dd03a10a75421b7fe14d2bd67b21e9768ebb0d1d50f5c4b227b323112042891be554b711f94d3f69da18c06ed3028ea88f5d19b0d2736763d0908c3936161bc224b225cc5caf2a6a810a8f7d7670fa3869e1e119b6300ebc368ee9a2b95cc5ff25e5637a9850c5c428c59902b2ec385a6352846a2c7c1db77b63545b503f9e86a4c3b7c31c1b2ba083a4e515c325d91a725a2018e1fd21fccb89bbe102feb1f95513ffbbd61e93dda8bf27c38f76ffa3ba78811b9c8b98fee81cfaa71a3e5574b008b6b87d22f06e53cf67b51e8093e0f1c18c692cae12a726d6b1ab61707dc6d2a9c11937f401404339a4b9bae6753c73a12bc6871d5795e37d74f841f949b209f4dcba985552efbbf684a5fbe53b61f5be368090495ced319a9d250c5b8d6ca0828ade1a4e91c5ee9a3d5407552ec059b8c189a270d8b8461f4abbc2352650d2cc60d95b8ceba4a2a25ec6659088e24a7f9d5c5bb61853ee39184794be0afee0ee78bbaec222d3f595d879dfaca3aacc6850ac1c15b59781cab1f7b2805ad8a09b041a6539b9a360857b4a61b6e817ff0732b6d1a713e273100bf54be88f584355d73ff57b50d688acff2dfa08b71a901e2ea7f86686265e3b991bb7ff6943e8f91a44fe1c679f1d929188f055f07b6912c7e4a8241d04504d80c042ef8ff95f40fe4b8026a2e2a880271ac136843e0da7fc8ee43e23d57e06bd0cb7641c6b27f81ad67e8cad5c4be3faf954ab66ea0f42b2a63f34148fa67bb9571bc62f2c82a9fd0bc7e8224b18afafb3c3a3ed4d73e08f01b9cb188581a1c6440bd8768affb458803975b41d37498aa2dcdf8eedecf16ceb72200f240e83169fc75ec955f5fb7a129e6735f9911a0f93797e2489b9ee0bc9a163844a8718b708cc68c898ff738a49e95b8f9fa05229950a4128ea25ca5bd69ddcad8a43ecceb1507d891cca24d39f65fc11a4fcf28d82664610e94a246f9d7ff4379755625fb87ac007ed000398b708be2abeebf73e5bf7f049dc967d6346b11bc3e2f261edf1b89edca54f20e5e40fc3c490b9355343f62c09f2438f69e038b2237e7c64713a09733fd941fd63c29d781bcc84a5da4c73b717d6e3a913b762077b9579469b0527aa1026e2c5fb3fc93f92685f0e30d7d7afa710ee0f0329b9ea8f5911ca4b0124316abfe73509b705bb0b6bbf265b713a8114ea3c1b7adf9d910ba78abc41dc9c268188d2b9abf540d50fbb2a83390274f2c0cf142c7c0a6beb4467843e3f1bfef6eac51c34cc1618432962d4b47cbe5deb292251b10d2ccac203c5aefb0debca30a1fbb68693a7638971503ca2b33441e96fc38c67712f557e500fde053a2230714501d7b2e00e5f92c82d3d2dec2f552e6ac45550afa4ccbe55bc79adfef0dc52c8fa679a87d8807abf34687dac4fb8a0a6dbbc81e7b79b23b637b0b53aaf3c75844d481abf5f6b9988ac1b7b826b32c09dcff760a55c39239e7a082db1923becfaf"}]}, 0x1100}, 0x1, 0x0, 0x0, 0x4008900}, 0x10) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000001d40)) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000001dc0)={r5, 0x30, &(0x7f0000001d80)=[@in={0x2, 0x4e22, @loopback}, @in={0x2, 0x4e21, @private=0xa010100}, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x43}}]}, &(0x7f0000001e00)=0x10) ioctl$sock_FIOGETOWN(r8, 0x8903, &(0x7f0000001e40)) getpeername(r7, &(0x7f0000001e80)=@sco={0x1f, @fixed}, &(0x7f0000001f00)=0x80) sendmsg$AUDIT_DEL_RULE(r8, &(0x7f0000002400)={&(0x7f0000001f40)={0x10, 0x0, 0x0, 0x2000002}, 0xc, &(0x7f00000023c0)={&(0x7f0000001f80)={0x424, 0x3f4, 0x10, 0x70bd27, 0x25dfdbff, {0x1, 0x0, 0x16, [0x4, 0x0, 0x75, 0x44a, 0x9, 0x3, 0x3, 0x6, 0x6, 0x76, 0x0, 0x3ff, 0xff, 0x6, 0x8, 0xe2ea, 0x7fff, 0x4, 0x9, 0x6, 0x5, 0x8, 0x6, 0xffff0001, 0x3, 0x0, 0x7ff, 0x7, 0x8000, 0x20, 0x4, 0x1000, 0xeef, 0x80000000, 0xfffff4cf, 0x8000, 0x2, 0x1ff, 0x7fff, 0xc895, 0x40, 0x81, 0x9, 0x6, 0x1f, 0x400, 0x1, 0x0, 0x6, 0x3f, 0x8, 0x5, 0x10000, 0x55, 0x0, 0xfffffff8, 0x9b, 0x387, 0xffff, 0x40, 0x25, 0x6, 0x2], [0xc00, 0x0, 0x1, 0x800, 0x3, 0x4, 0x8, 0xcab, 0x3ff, 0x7fff, 0x8, 0x3, 0xde2, 0x10001, 0x0, 0x1, 0xffffffff, 0x9, 0x0, 0xe95b, 0x401, 0x7fffffff, 0xff, 0x7fffffff, 0x3, 0x510, 0x9, 0x0, 0x4, 0x8, 0x2, 0x5, 0xfffffffa, 0x7, 0x7, 0x0, 0x3ff, 0x1, 0x100, 0x9, 0xff, 0x2, 0xa6e7, 0x7, 0xffff, 0x9fc, 0x2, 0xd3d, 0x4, 0x8, 0x3e9, 0x2, 0x80000001, 0x7ff, 0x3, 0x0, 0x7, 0x80, 0x4a2f, 0x7fffffff, 0x3, 0x7, 0x80, 0x7], [0x8001, 0x4, 0x0, 0x2, 0x8, 0x8, 0x3, 0xfffffffd, 0xa50c, 0x200, 0x10001, 0x8, 0x68a, 0x1d, 0x1, 0xfffffffc, 0x7fff, 0x100, 0x6, 0x952, 0x7, 0x3b9a, 0xc70, 0xe5e, 0xe78, 0x1, 0xffff, 0x9, 0x6, 0x3f, 0x6, 0x9, 0x4, 0x8, 0x1000, 0x6, 0xffffffff, 0x3, 0x6, 0x19ccf713, 0x3f, 0x10001, 0x2, 0xbed0, 0x3, 0xf75, 0x0, 0x73, 0x2, 0x8, 0xfffffff8, 0x3, 0x9, 0x446c201d, 0x4be, 0x6, 0x5, 0x1, 0x5, 0xd40d, 0x8000, 0xeca, 0x3, 0x3c55], [0x39, 0xfff, 0x0, 0x501, 0x0, 0xfffffffd, 0xda, 0x80000000, 0x401, 0x0, 0xfffffffc, 0x2, 0x6, 0x0, 0x789b, 0x7fc00, 0xadd, 0x567, 0x3, 0x2, 0xfffffffd, 0x1, 0x3b13, 0x7, 0x5, 0x9, 0x100, 0x0, 0x40c, 0x3, 0x1117, 0x2, 0x8, 0x5, 0x80, 0x9, 0x7, 0x7ff, 0x8, 0x0, 0x8, 0xfffffff8, 0x9, 0x7f, 0x6, 0x5, 0x401, 0x6, 0x7fffffff, 0x5, 0x9, 0x1ff, 0x20, 0x50ea, 0x4, 0x800000, 0x6, 0x8000, 0x15a, 0xac, 0x401, 0x7, 0x6], 0x1, ['\x00']}, ["", ""]}, 0x424}, 0x1, 0x0, 0x0, 0x20040068}, 0x0) connect$can_bcm(r8, &(0x7f0000002440), 0x10) socket$nl_generic(0x10, 0x3, 0x10) 8.79247844s ago: executing program 2 (id=454): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) writev(r1, &(0x7f00000024c0)=[{&(0x7f0000000240)="0d850ecd33a42b86f08a86e396e0af7133653b85edbd976c2a338c922a667eae1c94c629c93d8fda25f9670238c3ed769485a3df4c091e882367ad5d9caedcd48a50ea7b", 0x44}, {&(0x7f00000002c0)="8580981bfc86854870ef", 0xa}], 0x2) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040), 0xe) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34c8, 0x44, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) 8.596227725s ago: executing program 2 (id=457): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x50, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_REVISION={0x7}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x50}}, 0x0) 8.310522021s ago: executing program 2 (id=458): socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$vsock_stream(0x28, 0x1, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 4.286536188s ago: executing program 1 (id=491): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DISASSOCIATE(r0, &(0x7f0000000280)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="03002cbd7001ffe0df252800002008000300", @ANYRES32=r2, @ANYBLOB="0c002a0000060202020202020a00060050505050505000000a00340001010101010100000a000600505050505050000006003600caa400000a0006006ebb71784314000004005f00"], 0x64}, 0x1, 0x0, 0x0, 0x880}, 0x20000000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000100)='cpuacct.stat\x00', 0x100002, 0x0) write$cgroup_subtree(r4, &(0x7f0000000040)=ANY=[], 0xffe6) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r4, &(0x7f0000000180)=ANY=[], 0xff19) socket$nl_generic(0x10, 0x3, 0x10) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r6}, 0x10) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r8, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @dev={0xfe, 0x80, '\x00', 0xc}, 0x7b}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@loopback, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x32}, 0x0, @in=@dev}}, 0xe8) r9 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100)={'#! ', './file0'}, 0xb) write$binfmt_script(r8, &(0x7f0000000a00)={'#! ', './file0'}, 0xb) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="30007f000000000000000000000000000a0000000c0019800800010008000000100001800c0002802b00010000000000b48da84c2c14472cb24e4b475cada135dd1810ff4726c713d55e4b331bb9171b482e27575b35933fa311596983"], 0x30}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r10 = socket$unix(0x1, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r5) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r11) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 4.140849301s ago: executing program 4 (id=492): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'bridge_slave_0\x00', &(0x7f0000000080)=@ethtool_dump={0x3f}}) sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, 0x0}, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000100)={'sit0\x00', &(0x7f00000001c0)={'syztnl0\x00', 0x0, 0x20, 0x20, 0x1, 0x29a, {{0x11, 0x4, 0x3, 0x0, 0x44, 0x66, 0x0, 0x5, 0x7f, 0x0, @broadcast, @remote, {[@timestamp_prespec={0x44, 0x24, 0x56, 0x3, 0xe, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x7f}, {@broadcast, 0x10001}, {@remote, 0x7ff}, {@remote, 0x8}]}, @timestamp_addr={0x44, 0xc, 0x26, 0x1, 0x5, [{@multicast2, 0xf96}]}]}}}}}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=r2, @ANYBLOB="00001700000000001c0037800b0001006970768a616e00000c0002800600010000000000050027"], 0x44}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r4, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r4, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000780)={'batadv_slave_0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r4, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) bind$xdp(r4, &(0x7f0000000100)={0x2c, 0x0, r6}, 0x10) bind$xdp(r4, &(0x7f0000000180), 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x0, 0x0, 0x0}, 0x55) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'team_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2800000010000104000000000000000000fcee00", @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n'], 0x28}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 3.171008335s ago: executing program 1 (id=494): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000000440)={0x0, 0x480000a1, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="ad43000000f45400000001"], 0x14}, 0x1, 0x7a}, 0x0) 1.54007702s ago: executing program 1 (id=496): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020100000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a32000000001400000011001f"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000060a0b04000000000000000002000000200004801c00b68d0a00010071756575650000000c00028006000140008a101e4100010073797a30000000000900020073797a320000000005000740dc000000140000001100010000000000000000000000000a"], 0x7c}}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = epoll_create1(0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40088a01, &(0x7f0000000000)) socket$phonet(0x23, 0x2, 0x1) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x4, 0xff, 0x29d5, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000200000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000000)={0x58, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x3c, 0x33, @action={{{}, {}, @broadcast}, @sp_mp_close={0xf, 0x3, {{0x72, 0x6}, {0x75, 0x14, {0x0, 0x0, @void, @void, @val="ee7bfbc5191c3ca7d825d735cfd13d65"}}}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x24000080}, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r2}, 0x0, &(0x7f0000000040)}, 0x20) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000800)=ANY=[@ANYBLOB="029da807f2fddd1b30cddb4475ed6174248aad107046913d257b28a913686839447b9f75155546e9b3fe1f2bb6e9da0245b5c964eb44643dbae1ee57f2874e4d3d60a79ea58677a764614ffaf2b06d77c7c9d5c3600742e5118b9accd37f92452904abf5fba7c752dc1240f0b4610b60c0c7e26d98e303be8667b75d66c7ad86", @ANYRES16=0x0, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088010000c80a3ff0b8008000a0000000000"], 0x3c}}, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wpan0\x00'}) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x14, 0x35, 0x701, 0x0, 0x0, {0x1}}, 0x14}}, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="000000000040000000000000000000000000020000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r8}, 0x10) recvmsg(r7, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@mcast2, @in6=@initdev}}, {{}, 0x0, @in6=@initdev}}, &(0x7f00000001c0)=0xe8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={0x0}, 0x10) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x11, @rand_addr, 0x0, 0x0, 'wlc\x00'}, 0x2c) getsockopt$IP_VS_SO_GET_SERVICE(0xffffffffffffffff, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000180)=0x68) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 1.487942578s ago: executing program 4 (id=497): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={0x3c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_PKT_RATE_HIGH={0x8}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_LOW={0x8, 0x11, 0x1}]}, 0x3c}, 0x1, 0x200000000000000}, 0x0) 1.218243321s ago: executing program 3 (id=498): socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$vsock_stream(0x28, 0x1, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b70200"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 1.148882283s ago: executing program 4 (id=499): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2400000007060102000000000f000020000000000500010007001400080006"], 0x24}}, 0x0) 1.094105094s ago: executing program 3 (id=500): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x2, 0xd, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@func={0x85, 0x0, 0x1, 0x0, 0x1}, @exit, @printk={@ld={0x18, 0x0}, {}, {0x5, 0x1, 0xb, 0x1, 0x2, 0xffff}, {}, {0x5, 0x0, 0xb, 0x2, 0x0, 0x2}, {}, {0x85, 0x0, 0x0, 0xa4}}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x90) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0x6, 0x4, &(0x7f0000000600)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x9e}]}, 0x0}, 0x90) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000180), 0x2ae, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5000}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PROTO={0x5, 0x9, 0x4}, @IFLA_IPTUN_LINK={0x8, 0x1, r3}]}}}, @IFLA_MTU={0x8, 0x4, 0x40000500}]}, 0x4c}}, 0x0) r4 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f00000009c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_DEL_DAEMON(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000800000a0000000800050000000000080005000000000024000380080001"], 0x48}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=@newlink={0x20, 0x10, 0x401, 0xfffffffc, 0x25dfdbfe, {0x0, 0x0, 0x0, r8}}, 0x20}, 0x1, 0x0, 0x0, 0x22008040}, 0x10) r10 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) socket$phonet_pipe(0x23, 0x5, 0x2) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000180)={0x1, 0xffffffffffffffff}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1b, 0x8, &(0x7f00000001c0)=@framed={{}, [@map_idx_val={0x18, 0xc, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1}, @ldst={0x3, 0x1, 0x0, 0x7, 0x5, 0xffffffffffffffff, 0x10}, @map_fd={0x18, 0x8, 0x1, 0x0, r11}]}, &(0x7f0000000000)='syzkaller\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r10, 0xc, &(0x7f00000000c0)={0x0, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x90) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x22b}}, 0x0) r12 = socket$key(0xf, 0x3, 0x2) sendmmsg(r12, &(0x7f0000000180), 0x229ffa1c4ce5369, 0x0) syz_emit_ethernet(0x46, &(0x7f00000000c0)={@local, @random="7f0a00034011", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x3, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @private}, "000088beffff0000"}}}}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 970.801374ms ago: executing program 4 (id=501): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x7, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffee6}, 0x90) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r1}, &(0x7f0000000800), &(0x7f0000000840)=r0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000f40)={r1, &(0x7f0000000200), &(0x7f0000000ec0)=""/99}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000080)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x5, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xcf, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0x52, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000004c0)={0x3, 0x4, 0x4, 0xa, 0x0, r1, 0x6fed, '\x00', r2, 0xffffffffffffffff, 0x1, 0x3, 0x4}, 0x48) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000007b000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x90) socket$inet_sctp(0x2, 0x5, 0x84) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r4}, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) openat$cgroup(r3, &(0x7f0000000000)='syz1\x00', 0x200002, 0x0) 855.593914ms ago: executing program 4 (id=502): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000bd503cb995"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000780)='io_uring_cqring_wait\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="1c00000002010104000000000000000000220000060012400003000011449672bca945a9f77500c88bc0736800fad9a2a78036f1e622abd2164b4623f4954d545bdcf506e014c087c1e6e46b05a857c42d070b272451016fd1512a13ec47161731d6faf266cfb83afede0be725d3fdddee96f7ee755eb5fcff3601a8562f557dbb764ac6a024623e8e70901f9b334fe8a359abe54787ad87576aa72064637af8c78f27"], 0x1c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00'}) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000008c0)=ANY=[@ANYBLOB="40020000100000000000000000000000000000fa", @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e0001007769726567756172640000000400028008000a00", @ANYRESHEX, @ANYRESDEC=r3], 0x40}, 0x1, 0x0, 0x0, 0x840}, 0x0) r4 = socket(0x15, 0x5, 0x0) getsockopt(r4, 0x200000000114, 0x2711, &(0x7f0000005ec0)=""/102394, &(0x7f0000000040)=0x18ffa) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) r5 = socket(0x10, 0x3, 0x0) r6 = socket$packet(0x11, 0x2, 0x300) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newtaction={0x18, 0x30, 0x10b, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x4000802) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x58, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0xa}, {0x0, 0xfff1}, {0x0, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x2, 0x7fff}}}]}}]}, 0x58}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f00000004c0)='cgroup\x00'}, 0x30) r9 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r5) sendmsg$NL80211_CMD_SET_WIPHY(r4, &(0x7f00000005c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000003c0)={&(0x7f0000000800)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="100a27bd7000ffdbdf25020000000800620000000000080062009e000000050059000100000008006900f9ffffff14002580050001000800000005000500400000001c441b39eb4f5b8582d617395e04ddce265d07e6b1f237567191e12c8ce4f86aaf22ae48f08da6609b18c268d98aae75ebe3190be4f586946ed880e334c02bb076b8e9f4f955fce3b6f6b0c5532d4ab90af661c13dced00b3e2015dfb9483185020fefedb64a6f4ae95b1fbbc5719b81e130bc"], 0x48}, 0x1, 0x0, 0x0, 0x4048054}, 0x4000000) r11 = openat$cgroup_procs(r9, &(0x7f0000000140)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000040), 0x9) sendfile(r11, r11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="6271102600000000009500000000000000"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x20, 0x4, 0x4, 0x12, 0xbb0217977b32191c, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x4}, 0x48) r12 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r12, 0x107, 0xd, &(0x7f0000000080)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) sendmsg$nl_route_sched(r12, &(0x7f0000000300)={&(0x7f0000000000), 0xc, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r5, 0x89f9, &(0x7f0000000700)={'sit0\x00', &(0x7f00000006c0)={@dev={0xfe, 0x80, '\x00', 0xf}, @multicast1, 0x1d, 0x1f}}) 835.561476ms ago: executing program 1 (id=503): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001180)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x2}, 0x48) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0x8}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}]}, 0x2c}}, 0x0) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001300)={&(0x7f0000001200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0x3, [@ptr={0x3, 0x0, 0x0, 0x2, 0x5}, @fwd={0xb}, @struct={0xc, 0x2, 0x0, 0x4, 0x0, 0x7, [{0x8, 0x1, 0x5}, {0xe, 0x0, 0xa949}]}]}, {0x0, [0x0]}}, &(0x7f0000001280)=""/114, 0x57, 0x72, 0x1, 0x142}, 0x20) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x5, 0x0, 0x8, 0x40, r0, 0x20, '\x00', 0x0, r4, 0x5, 0x5, 0x3}, 0x48) r5 = socket$inet(0x2b, 0x801, 0x0) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000000)={0x84, @loopback, 0x4e23, 0x0, 'lblc\x00', 0x10, 0x0, 0x77}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r5, 0x0, 0x485, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f00000000c0)={0x6, @broadcast, 0x4e22, 0x2, 'lblcr\x00', 0x28, 0x7, 0x61}, 0x2c) sendto$inet(r5, 0x0, 0x0, 0x24000001, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000001140)={0x32, @broadcast, 0x4e24, 0x1, 'fo\x00', 0x5, 0x4e, 0x5f}, 0x2c) r6 = socket(0x28, 0x1, 0x0) getsockopt$nfc_llcp(r6, 0x28, 0x0, 0xfffffffffffffffe, 0x20000000) setsockopt$IP_VS_SO_SET_FLUSH(r5, 0x0, 0x485, 0x0, 0x0) ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f0000000040)={{0x2, 0x4e24, @local}, {0x6, @multicast}, 0xc, {0x2, 0x4e21, @multicast1}, 'dummy0\x00'}) getsockopt$inet_opts(r5, 0x0, 0x4, &(0x7f0000000100)=""/4096, &(0x7f0000001100)=0x1000) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r7, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="b800000019000100000000000000000000000000000000000000ffffe0000002fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\x00'], 0xb8}}, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500), 0xc) r9 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r9, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) 438.896657ms ago: executing program 3 (id=504): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="380000091800010000000000000000000a03000000000000000000000c001600080001000600000008000400", @ANYRES32=r1, @ANYBLOB="0600150007"], 0x38}}, 0x0) 355.685408ms ago: executing program 3 (id=505): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000006280)=ANY=[@ANYBLOB="140000001000010000000000000000070000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021300000001c0a05010000000000000000070000000900020073797a31000000000900010073797a30"], 0xb4}}, 0x0) 292.197584ms ago: executing program 1 (id=506): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) 150.95264ms ago: executing program 4 (id=507): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4) recvmmsg(r0, &(0x7f0000001b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001500)=""/51, 0x33, 0x6}}], 0x1, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 146.934359ms ago: executing program 3 (id=508): socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$vsock_stream(0x28, 0x1, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b553850000008500"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 78.846278ms ago: executing program 3 (id=509): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x3, &(0x7f0000000940)=ANY=[], &(0x7f0000000440)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_TSINFO_GET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="a787000000000c0000a213"], 0x14}}, 0x0) 0s ago: executing program 1 (id=510): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x3c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_TX={0x5}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5}]}, 0x3c}, 0x1, 0x0, 0xa00}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.132' (ED25519) to the list of known hosts. [ 67.184135][ T5085] cgroup: Unknown subsys name 'net' [ 67.390819][ T5085] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 69.221442][ T5085] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 70.109496][ T5104] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.118296][ T5104] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.125593][ T5109] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.130920][ T5104] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 70.141921][ T5104] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.148394][ T5110] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.149936][ T5104] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.162578][ T5110] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.165644][ T5104] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.171631][ T5110] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.178099][ T5112] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.186944][ T5110] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 70.203751][ T5104] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.203975][ T5110] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 70.212535][ T5104] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.219462][ T5110] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.226590][ T5113] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.244439][ T5110] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 70.248634][ T5109] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.252468][ T5110] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.259117][ T5113] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 70.266340][ T5104] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 70.274089][ T5110] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.288701][ T5113] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.288781][ T5099] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 70.311105][ T4490] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 70.311131][ T5104] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.326169][ T5099] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 70.333738][ T5104] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 70.341987][ T5099] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.966714][ T5094] chnl_net:caif_netlink_parms(): no params data found [ 71.001661][ T5098] chnl_net:caif_netlink_parms(): no params data found [ 71.113522][ T5097] chnl_net:caif_netlink_parms(): no params data found [ 71.283034][ T5094] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.290679][ T5094] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.298452][ T5094] bridge_slave_0: entered allmulticast mode [ 71.307128][ T5094] bridge_slave_0: entered promiscuous mode [ 71.351094][ T5096] chnl_net:caif_netlink_parms(): no params data found [ 71.369603][ T5094] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.376808][ T5094] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.384411][ T5094] bridge_slave_1: entered allmulticast mode [ 71.392047][ T5094] bridge_slave_1: entered promiscuous mode [ 71.421341][ T5095] chnl_net:caif_netlink_parms(): no params data found [ 71.489200][ T5098] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.496827][ T5098] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.504613][ T5098] bridge_slave_0: entered allmulticast mode [ 71.512452][ T5098] bridge_slave_0: entered promiscuous mode [ 71.523514][ T5098] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.532352][ T5098] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.539767][ T5098] bridge_slave_1: entered allmulticast mode [ 71.547516][ T5098] bridge_slave_1: entered promiscuous mode [ 71.574469][ T5094] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.591990][ T5094] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.686456][ T5097] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.694296][ T5097] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.702784][ T5097] bridge_slave_0: entered allmulticast mode [ 71.710722][ T5097] bridge_slave_0: entered promiscuous mode [ 71.766925][ T5094] team0: Port device team_slave_0 added [ 71.786962][ T5097] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.795140][ T5097] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.803174][ T5097] bridge_slave_1: entered allmulticast mode [ 71.811048][ T5097] bridge_slave_1: entered promiscuous mode [ 71.821518][ T5098] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.835528][ T5098] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.853064][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.860457][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.888023][ T5094] team0: Port device team_slave_1 added [ 71.940671][ T5096] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.948103][ T5096] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.955667][ T5096] bridge_slave_0: entered allmulticast mode [ 71.963964][ T5096] bridge_slave_0: entered promiscuous mode [ 72.030322][ T5096] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.042225][ T5096] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.050495][ T5096] bridge_slave_1: entered allmulticast mode [ 72.058335][ T5096] bridge_slave_1: entered promiscuous mode [ 72.097296][ T5097] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.112771][ T5098] team0: Port device team_slave_0 added [ 72.147361][ T5094] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.161371][ T5094] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.188730][ T5094] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.202210][ T5095] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.210248][ T5095] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.217761][ T5095] bridge_slave_0: entered allmulticast mode [ 72.225605][ T5095] bridge_slave_0: entered promiscuous mode [ 72.236184][ T5097] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.263924][ T5098] team0: Port device team_slave_1 added [ 72.274574][ T5096] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.288353][ T5096] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.298774][ T5094] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.306559][ T5094] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.334209][ T5094] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.334269][ T53] Bluetooth: hci1: command tx timeout [ 72.372447][ T5095] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.380113][ T5095] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.387565][ T5095] bridge_slave_1: entered allmulticast mode [ 72.395537][ T5095] bridge_slave_1: entered promiscuous mode [ 72.401965][ T53] Bluetooth: hci3: command tx timeout [ 72.401989][ T5099] Bluetooth: hci0: command tx timeout [ 72.410206][ T5099] Bluetooth: hci4: command tx timeout [ 72.414850][ T4490] Bluetooth: hci2: command tx timeout [ 72.509649][ T5097] team0: Port device team_slave_0 added [ 72.552269][ T5094] hsr_slave_0: entered promiscuous mode [ 72.560914][ T5094] hsr_slave_1: entered promiscuous mode [ 72.577332][ T5095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.595650][ T5097] team0: Port device team_slave_1 added [ 72.603501][ T5098] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.612363][ T5098] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.643390][ T5098] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.660843][ T5096] team0: Port device team_slave_0 added [ 72.688258][ T5095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.727058][ T5098] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.735429][ T5098] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.762751][ T5098] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.777590][ T5096] team0: Port device team_slave_1 added [ 72.837750][ T5095] team0: Port device team_slave_0 added [ 72.865202][ T5097] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.872625][ T5097] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.899235][ T5097] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.925652][ T5096] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.937180][ T5096] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.963984][ T5096] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.978342][ T5095] team0: Port device team_slave_1 added [ 72.992208][ T5097] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.000049][ T5097] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.026979][ T5097] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.067131][ T5096] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.074642][ T5096] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.102168][ T5096] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.183976][ T5095] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.191470][ T5095] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.218688][ T5095] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.237487][ T5098] hsr_slave_0: entered promiscuous mode [ 73.244455][ T5098] hsr_slave_1: entered promiscuous mode [ 73.251237][ T5098] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.259529][ T5098] Cannot create hsr debugfs directory [ 73.307786][ T5095] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.315287][ T5095] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.342464][ T5095] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.388480][ T5097] hsr_slave_0: entered promiscuous mode [ 73.395683][ T5097] hsr_slave_1: entered promiscuous mode [ 73.403134][ T5097] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.411122][ T5097] Cannot create hsr debugfs directory [ 73.612492][ T5096] hsr_slave_0: entered promiscuous mode [ 73.623526][ T5096] hsr_slave_1: entered promiscuous mode [ 73.630583][ T5096] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.638531][ T5096] Cannot create hsr debugfs directory [ 73.649785][ T5095] hsr_slave_0: entered promiscuous mode [ 73.656691][ T5095] hsr_slave_1: entered promiscuous mode [ 73.663579][ T5095] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.671779][ T5095] Cannot create hsr debugfs directory [ 74.007708][ T5094] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 74.053769][ T5094] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 74.108020][ T5094] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 74.147153][ T5094] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 74.271681][ T5097] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 74.284969][ T5097] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 74.314759][ T5097] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 74.349601][ T5097] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 74.401921][ T4490] Bluetooth: hci1: command tx timeout [ 74.436566][ T5098] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 74.464824][ T5098] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 74.479255][ T53] Bluetooth: hci2: command tx timeout [ 74.479965][ T5099] Bluetooth: hci0: command tx timeout [ 74.485116][ T53] Bluetooth: hci3: command tx timeout [ 74.491146][ T4490] Bluetooth: hci4: command tx timeout [ 74.512563][ T5098] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 74.555946][ T5098] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 74.637922][ T5095] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 74.665679][ T5095] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 74.711463][ T5095] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 74.725933][ T5095] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 74.777689][ T5094] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.846299][ T5096] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.867271][ T5096] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.890508][ T5096] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.907929][ T5094] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.935065][ T5096] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 74.973785][ T5148] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.981678][ T5148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.099008][ T5120] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.107659][ T5120] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.132950][ T5097] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.222694][ T5095] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.246817][ T5097] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.305050][ T5120] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.313346][ T5120] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.351759][ T5120] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.359078][ T5120] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.396410][ T5095] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.412052][ T5098] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.458581][ T784] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.466076][ T784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.487199][ T784] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.494804][ T784] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.695610][ T5098] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.757307][ T5120] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.765577][ T5120] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.853483][ T783] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.861359][ T783] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.882862][ T5096] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.972591][ T5094] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.155346][ T5096] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.196623][ T5094] veth0_vlan: entered promiscuous mode [ 76.225584][ T5097] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.255462][ T783] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.262769][ T783] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.292946][ T783] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.300435][ T783] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.343220][ T5094] veth1_vlan: entered promiscuous mode [ 76.480351][ T4490] Bluetooth: hci1: command tx timeout [ 76.525855][ T5096] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 76.567438][ T4490] Bluetooth: hci3: command tx timeout [ 76.574186][ T4490] Bluetooth: hci2: command tx timeout [ 76.577797][ T5095] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.580609][ T4490] Bluetooth: hci4: command tx timeout [ 76.580663][ T4490] Bluetooth: hci0: command tx timeout [ 76.627926][ T5094] veth0_macvtap: entered promiscuous mode [ 76.651544][ T5097] veth0_vlan: entered promiscuous mode [ 76.665656][ T5094] veth1_macvtap: entered promiscuous mode [ 76.741578][ T5097] veth1_vlan: entered promiscuous mode [ 76.775794][ T5094] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.797766][ T5094] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.844726][ T5094] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.860788][ T5094] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.870827][ T5094] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.882335][ T5094] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.928043][ T5098] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.003838][ T5097] veth0_macvtap: entered promiscuous mode [ 77.052173][ T5096] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.086643][ T5097] veth1_macvtap: entered promiscuous mode [ 77.126452][ T5095] veth0_vlan: entered promiscuous mode [ 77.248219][ T5097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.261306][ T5097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.274460][ T5097] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.303997][ T5095] veth1_vlan: entered promiscuous mode [ 77.323857][ T5097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.337613][ T5097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.351393][ T5097] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.362432][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.379231][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.413153][ T5097] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.425196][ T5097] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.435682][ T5097] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.446580][ T5097] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.546765][ T1039] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.566949][ T1039] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.597572][ T5096] veth0_vlan: entered promiscuous mode [ 77.683848][ T5096] veth1_vlan: entered promiscuous mode [ 77.720585][ T5098] veth0_vlan: entered promiscuous mode [ 77.730420][ T5095] veth0_macvtap: entered promiscuous mode [ 77.812595][ T5095] veth1_macvtap: entered promiscuous mode [ 77.816661][ T5183] netlink: 134312 bytes leftover after parsing attributes in process `syz.1.2'. [ 77.844699][ T1044] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.846456][ T5098] veth1_vlan: entered promiscuous mode [ 77.864983][ T1044] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.944107][ T5095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.956212][ T5095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.968711][ T5095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.981636][ T5095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.996534][ T5095] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.024287][ T5095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.036584][ T5095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.048429][ T5095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.059864][ T5095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.072743][ T5095] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.087151][ T5095] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.098311][ T5095] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.107636][ T5095] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.116866][ T5095] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.154357][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.165779][ T5096] veth0_macvtap: entered promiscuous mode [ 78.181445][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.206248][ T5096] veth1_macvtap: entered promiscuous mode [ 78.235744][ T5098] veth0_macvtap: entered promiscuous mode [ 78.295516][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.306876][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.330079][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.345096][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.364226][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.376642][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.390735][ T5096] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.414603][ T5098] veth1_macvtap: entered promiscuous mode [ 78.436222][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.449421][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.459541][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.471232][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.493868][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.505426][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.529594][ T5096] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.546648][ T5096] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.556979][ T5096] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.573411][ T5099] Bluetooth: hci1: command tx timeout [ 78.579308][ T5096] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.588177][ T5096] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.640469][ T4490] Bluetooth: hci4: command tx timeout [ 78.640490][ T53] Bluetooth: hci2: command tx timeout [ 78.640533][ T53] Bluetooth: hci3: command tx timeout [ 78.646280][ T5099] Bluetooth: hci0: command tx timeout [ 78.662952][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.676913][ T8] cfg80211: failed to load regulatory.db [ 78.690978][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.701336][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.719969][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.734189][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.745091][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.755632][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.771567][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.801315][ T5098] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.838160][ T5192] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 78.873364][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.884164][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.901412][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.911981][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.914930][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.923305][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.964575][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.975491][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.985694][ T5098] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.996861][ T5098] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.012085][ T5098] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.047481][ T5098] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.057172][ T5098] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.066735][ T5098] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.076133][ T5098] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.184361][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.223165][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.385769][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.397829][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.475085][ T5205] x_tables: ip_tables: osf match: only valid for protocol 6 [ 79.575951][ T1044] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.613217][ T1044] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.699669][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.746052][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.910460][ T5213] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4'. [ 79.952420][ T5213] vxcan3: entered promiscuous mode [ 79.964991][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.986218][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.393430][ T5229] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5'. [ 80.928076][ T5243] netlink: 28 bytes leftover after parsing attributes in process `syz.0.22'. [ 81.070638][ T5252] warning: `syz.4.25' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 81.115125][ T5250] netdevsim netdevsim2 : renamed from netdevsim0 (while UP) [ 81.202219][ T5251] netlink: 'syz.3.23': attribute type 63 has an invalid length. [ 81.251657][ T5252] netlink: 64 bytes leftover after parsing attributes in process `syz.4.25'. [ 81.267807][ T5259] netlink: 'syz.0.26': attribute type 5 has an invalid length. [ 81.821392][ T5276] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 81.871907][ T5278] netlink: 'syz.3.36': attribute type 3 has an invalid length. [ 81.910336][ T5278] netlink: 666 bytes leftover after parsing attributes in process `syz.3.36'. [ 82.003082][ T5280] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 82.150709][ T5290] FAULT_INJECTION: forcing a failure. [ 82.150709][ T5290] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 82.184293][ T5290] CPU: 0 PID: 5290 Comm: syz.3.41 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0 [ 82.194280][ T5290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 82.204828][ T5290] Call Trace: [ 82.208159][ T5290] [ 82.211139][ T5290] dump_stack_lvl+0x241/0x360 [ 82.215911][ T5290] ? __pfx_dump_stack_lvl+0x10/0x10 [ 82.221163][ T5290] ? __pfx__printk+0x10/0x10 [ 82.225829][ T5290] ? iovec_from_user+0x61/0x240 [ 82.230755][ T5290] ? __pfx_lock_release+0x10/0x10 [ 82.235939][ T5290] should_fail_ex+0x3b0/0x4e0 [ 82.240694][ T5290] _copy_from_user+0x2f/0xe0 [ 82.245871][ T5290] ____sys_sendmsg+0x2e4/0x7d0 [ 82.250712][ T5290] ? __pfx_____sys_sendmsg+0x10/0x10 [ 82.256094][ T5290] __sys_sendmmsg+0x3b2/0x740 [ 82.260851][ T5290] ? __pfx___sys_sendmmsg+0x10/0x10 [ 82.266158][ T5290] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 82.272153][ T5290] ? ksys_write+0x23e/0x2c0 [ 82.276721][ T5290] ? __pfx_lock_release+0x10/0x10 [ 82.281849][ T5290] ? vfs_write+0x7c4/0xc90 [ 82.286539][ T5290] ? __mutex_unlock_slowpath+0x21d/0x750 [ 82.292461][ T5290] ? __pfx_vfs_write+0x10/0x10 [ 82.297310][ T5290] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 82.303351][ T5290] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 82.309819][ T5290] ? do_syscall_64+0x100/0x230 [ 82.314650][ T5290] __x64_sys_sendmmsg+0xa0/0xb0 [ 82.319853][ T5290] do_syscall_64+0xf3/0x230 [ 82.324517][ T5290] ? clear_bhb_loop+0x35/0x90 [ 82.329361][ T5290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.335328][ T5290] RIP: 0033:0x7f62c2975b99 [ 82.339797][ T5290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 82.359584][ T5290] RSP: 002b:00007f62c368b048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 82.368069][ T5290] RAX: ffffffffffffffda RBX: 00007f62c2b03fa0 RCX: 00007f62c2975b99 [ 82.376265][ T5290] RDX: 0000000000000001 RSI: 00000000200017c0 RDI: 0000000000000003 [ 82.384286][ T5290] RBP: 00007f62c368b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 82.392490][ T5290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 82.400520][ T5290] R13: 000000000000000b R14: 00007f62c2b03fa0 R15: 00007ffc96242008 [ 82.408603][ T5290] [ 82.746669][ T5304] netlink: 16 bytes leftover after parsing attributes in process `syz.2.44'. [ 83.722866][ T5337] netlink: 'syz.3.56': attribute type 1 has an invalid length. [ 84.610904][ T5369] netlink: 16 bytes leftover after parsing attributes in process `syz.1.70'. [ 84.623672][ T5369] netlink: 'syz.1.70': attribute type 29 has an invalid length. [ 84.724015][ T5373] netlink: 'syz.0.71': attribute type 11 has an invalid length. [ 84.769807][ T5373] netlink: 'syz.0.71': attribute type 11 has an invalid length. [ 84.810598][ T5373] debugfs: Directory 'netdev:' with parent 'phy9' already present! [ 84.865537][ T5378] netlink: 'syz.0.71': attribute type 11 has an invalid length. [ 85.014371][ T5380] netlink: 4 bytes leftover after parsing attributes in process `syz.2.74'. [ 85.270539][ T5390] netlink: 'syz.1.79': attribute type 4 has an invalid length. [ 85.286160][ T5389] netlink: 'syz.0.78': attribute type 11 has an invalid length. [ 85.428092][ T5394] netlink: 8 bytes leftover after parsing attributes in process `syz.4.81'. [ 85.524906][ T5398] Zero length message leads to an empty skb [ 85.803915][ T5409] netlink: 'syz.3.87': attribute type 29 has an invalid length. [ 85.985747][ T5415] netlink: 'syz.0.89': attribute type 1 has an invalid length. [ 86.024217][ T5415] netlink: 16150 bytes leftover after parsing attributes in process `syz.0.89'. [ 86.036327][ T5414] netlink: 4 bytes leftover after parsing attributes in process `syz.4.90'. [ 86.258608][ T5429] netlink: 16 bytes leftover after parsing attributes in process `syz.0.94'. [ 86.347367][ T5429] Bluetooth: MGMT ver 1.22 [ 86.355169][ T5433] netlink: 'syz.4.95': attribute type 2 has an invalid length. [ 86.375641][ T5433] netlink: 24 bytes leftover after parsing attributes in process `syz.4.95'. [ 86.504473][ T5438] netlink: 24 bytes leftover after parsing attributes in process `syz.0.100'. [ 86.581270][ T5441] netlink: 68 bytes leftover after parsing attributes in process `syz.1.98'. [ 86.679679][ T5446] netlink: 'syz.2.103': attribute type 4 has an invalid length. [ 86.716042][ T5446] netlink: 'syz.2.103': attribute type 1 has an invalid length. [ 86.730370][ T5443] netlink: 'syz.1.98': attribute type 9 has an invalid length. [ 86.739067][ T5446] netlink: 88156 bytes leftover after parsing attributes in process `syz.2.103'. [ 87.244081][ T5294] block nbd64: NBD_DISCONNECT [ 87.937247][ T5482] netlink: 'syz.1.111': attribute type 3 has an invalid length. [ 88.397730][ T5499] team0: Port device macvlan1 added [ 88.502261][ T5503] team_slave_0: entered promiscuous mode [ 88.508615][ T5503] team_slave_1: entered promiscuous mode [ 88.584553][ T5503] bond0: (slave vlan3): Enslaving as an active interface with an up link [ 88.675378][ T5512] macvlan2: entered allmulticast mode [ 88.704795][ T5512] team_slave_0: entered promiscuous mode [ 88.711052][ T5512] team_slave_1: entered promiscuous mode [ 88.741353][ T5512] team0: entered allmulticast mode [ 88.752730][ T5512] team_slave_0: entered allmulticast mode [ 88.781090][ T5512] team_slave_1: entered allmulticast mode [ 88.798333][ T5512] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 88.823066][ T5512] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 89.965287][ T5533] __nla_validate_parse: 6 callbacks suppressed [ 89.965309][ T5533] netlink: 4 bytes leftover after parsing attributes in process `syz.3.124'. [ 90.720154][ T5544] netlink: 20 bytes leftover after parsing attributes in process `syz.2.128'. [ 90.846618][ T5547] Cannot find del_set index 2048 as target [ 91.085172][ T5559] netlink: 16 bytes leftover after parsing attributes in process `syz.1.135'. [ 91.104995][ T5556] netlink: 'syz.0.133': attribute type 4 has an invalid length. [ 91.168372][ T5556] netlink: 'syz.0.133': attribute type 4 has an invalid length. [ 91.248294][ T5556] lo speed is unknown, defaulting to 1000 [ 91.284737][ T5556] lo speed is unknown, defaulting to 1000 [ 91.334232][ T5566] netlink: 17 bytes leftover after parsing attributes in process `syz.4.137'. [ 91.382621][ T5566] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.426109][ T5566] netlink: 17 bytes leftover after parsing attributes in process `syz.4.137'. [ 91.470295][ T5556] lo speed is unknown, defaulting to 1000 [ 91.766030][ T5576] netlink: 4 bytes leftover after parsing attributes in process `syz.2.141'. [ 92.266675][ T5556] infiniband syz0: set active [ 92.275292][ T9] lo speed is unknown, defaulting to 1000 [ 92.284279][ T5598] netlink: 'syz.4.151': attribute type 1 has an invalid length. [ 92.335319][ T5556] infiniband syz0: added lo [ 92.348104][ T5556] syz0: rxe_create_cq: returned err = -12 [ 92.390185][ T5556] infiniband syz0: Couldn't create ib_mad CQ [ 92.397459][ T5556] infiniband syz0: Couldn't open port 1 [ 92.603948][ T5556] RDS/IB: syz0: added [ 92.608790][ T5556] smc: adding ib device syz0 with port count 1 [ 92.651935][ T5556] smc: ib device syz0 port 1 has pnetid [ 92.700180][ T9] lo speed is unknown, defaulting to 1000 [ 92.722298][ T5616] netlink: 24 bytes leftover after parsing attributes in process `syz.2.157'. [ 92.736407][ T5556] lo speed is unknown, defaulting to 1000 [ 92.979498][ T5623] netlink: 4 bytes leftover after parsing attributes in process `syz.4.159'. [ 93.471124][ T5556] lo speed is unknown, defaulting to 1000 [ 93.662550][ T5647] syzkaller1: entered promiscuous mode [ 93.668111][ T5647] syzkaller1: entered allmulticast mode [ 94.021953][ T5661] netlink: 6 bytes leftover after parsing attributes in process `syz.3.171'. [ 94.040142][ T5556] lo speed is unknown, defaulting to 1000 [ 94.087931][ T5662] netlink: 4 bytes leftover after parsing attributes in process `syz.4.172'. [ 94.390005][ T5670] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 94.752866][ T5682] netlink: 'syz.2.180': attribute type 3 has an invalid length. [ 94.805547][ T5556] lo speed is unknown, defaulting to 1000 [ 94.998523][ T5686] __nla_validate_parse: 2 callbacks suppressed [ 94.998545][ T5686] netlink: 28 bytes leftover after parsing attributes in process `syz.2.183'. [ 95.342038][ T5699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.186'. [ 95.504869][ T5556] lo speed is unknown, defaulting to 1000 [ 95.518113][ T5705] netlink: 4 bytes leftover after parsing attributes in process `syz.3.190'. [ 96.066138][ T5718] netlink: 44 bytes leftover after parsing attributes in process `syz.4.196'. [ 96.275627][ T5727] netlink: 4 bytes leftover after parsing attributes in process `syz.1.200'. [ 96.570113][ T5739] netlink: 144 bytes leftover after parsing attributes in process `syz.3.206'. [ 96.724593][ T5745] FAULT_INJECTION: forcing a failure. [ 96.724593][ T5745] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 96.793718][ T5745] CPU: 1 PID: 5745 Comm: syz.2.209 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0 [ 96.803803][ T5745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 96.814436][ T5745] Call Trace: [ 96.817767][ T5745] [ 96.820831][ T5745] dump_stack_lvl+0x241/0x360 [ 96.825571][ T5745] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.831100][ T5745] ? __pfx__printk+0x10/0x10 [ 96.835944][ T5745] should_fail_ex+0x3b0/0x4e0 [ 96.840740][ T5745] _copy_from_user+0x2f/0xe0 [ 96.845404][ T5745] move_addr_to_kernel+0x82/0x150 [ 96.850495][ T5745] __sys_sendto+0x2a3/0x4f0 [ 96.855059][ T5745] ? __pfx___sys_sendto+0x10/0x10 [ 96.860207][ T5745] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 96.866424][ T5745] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 96.872818][ T5745] __x64_sys_sendto+0xde/0x100 [ 96.878004][ T5745] do_syscall_64+0xf3/0x230 [ 96.882678][ T5745] ? clear_bhb_loop+0x35/0x90 [ 96.887422][ T5745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.893371][ T5745] RIP: 0033:0x7f4163575b99 [ 96.898149][ T5745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.917821][ T5745] RSP: 002b:00007f41643d5048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 96.926384][ T5745] RAX: ffffffffffffffda RBX: 00007f4163703fa0 RCX: 00007f4163575b99 [ 96.934564][ T5745] RDX: 0000000000000001 RSI: 0000000020000040 RDI: 0000000000000003 [ 96.941156][ T5756] netlink: 'syz.3.213': attribute type 1 has an invalid length. [ 96.942555][ T5745] RBP: 00007f41643d50a0 R08: 0000000020000100 R09: 000000000000001c [ 96.958571][ T5745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 96.966673][ T5745] R13: 000000000000000b R14: 00007f4163703fa0 R15: 00007ffd7ca26288 [ 96.974724][ T5745] [ 96.987332][ T5756] netlink: 'syz.3.213': attribute type 1 has an invalid length. [ 97.096223][ T5754] macvlan2: entered promiscuous mode [ 97.131468][ T5754] macvlan2: entered allmulticast mode [ 97.137584][ T5754] bridge0: entered promiscuous mode [ 97.153797][ T5754] bridge0: entered allmulticast mode [ 97.195253][ T5754] team0: Port device macvlan2 added [ 97.197524][ T5764] netlink: 4 bytes leftover after parsing attributes in process `syz.1.215'. [ 97.428300][ T5769] lo speed is unknown, defaulting to 1000 [ 97.516668][ T5774] syz.3.220: vmalloc error: size 8392704, failed to allocated page array size 16392, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 97.549155][ T53] Bluetooth: hci3: command 0x0405 tx timeout [ 97.558202][ T5774] CPU: 1 PID: 5774 Comm: syz.3.220 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0 [ 97.568359][ T5774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 97.578474][ T5774] Call Trace: [ 97.581786][ T5774] [ 97.584732][ T5774] dump_stack_lvl+0x241/0x360 [ 97.589456][ T5774] ? __pfx_dump_stack_lvl+0x10/0x10 [ 97.594707][ T5774] ? __pfx__printk+0x10/0x10 [ 97.599515][ T5774] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 97.605977][ T5774] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 97.612685][ T5774] warn_alloc+0x278/0x410 [ 97.617057][ T5774] ? __pfx_warn_alloc+0x10/0x10 [ 97.621945][ T5774] ? xskq_create+0xb6/0x170 [ 97.626477][ T5774] ? __get_vm_area_node+0x23d/0x270 [ 97.631788][ T5774] __vmalloc_node_range_noprof+0x69f/0x1460 [ 97.637724][ T5774] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 97.644073][ T5774] ? __kasan_kmalloc+0x98/0xb0 [ 97.648858][ T5774] ? xskq_create+0x54/0x170 [ 97.653662][ T5774] vmalloc_user_noprof+0x74/0x80 [ 97.658622][ T5774] ? xskq_create+0xb6/0x170 [ 97.663154][ T5774] xskq_create+0xb6/0x170 [ 97.667541][ T5774] xsk_init_queue+0xa1/0x100 [ 97.672181][ T5774] xsk_setsockopt+0x4ea/0x950 [ 97.676890][ T5774] ? __pfx_xsk_setsockopt+0x10/0x10 [ 97.682127][ T5774] ? __pfx_lock_acquire+0x10/0x10 [ 97.687261][ T5774] ? aa_sock_opt_perm+0x79/0x120 [ 97.692329][ T5774] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 97.697979][ T5774] ? security_socket_setsockopt+0x87/0xb0 [ 97.703728][ T5774] ? __pfx_xsk_setsockopt+0x10/0x10 [ 97.708955][ T5774] do_sock_setsockopt+0x3af/0x720 [ 97.714040][ T5774] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 97.719713][ T5774] ? __fget_files+0x29/0x470 [ 97.724336][ T5774] ? __fget_files+0x3f6/0x470 [ 97.729046][ T5774] __sys_setsockopt+0x1ae/0x250 [ 97.733932][ T5774] __x64_sys_setsockopt+0xb5/0xd0 [ 97.739007][ T5774] do_syscall_64+0xf3/0x230 [ 97.743527][ T5774] ? clear_bhb_loop+0x35/0x90 [ 97.748222][ T5774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.754139][ T5774] RIP: 0033:0x7f62c2975b99 [ 97.759182][ T5774] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.778919][ T5774] RSP: 002b:00007f62c366a048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 97.787904][ T5774] RAX: ffffffffffffffda RBX: 00007f62c2b04078 RCX: 00007f62c2975b99 [ 97.795897][ T5774] RDX: 0000000000000006 RSI: 000000000000011b RDI: 000000000000000a [ 97.803891][ T5774] RBP: 00007f62c29f677e R08: 0000000000000004 R09: 0000000000000000 [ 97.811903][ T5774] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000 [ 97.819888][ T5774] R13: 000000000000000b R14: 00007f62c2b04078 R15: 00007ffc96242008 [ 97.827892][ T5774] [ 97.983261][ T5774] Mem-Info: [ 97.986480][ T5774] active_anon:4382 inactive_anon:0 isolated_anon:0 [ 97.986480][ T5774] active_file:1343 inactive_file:38213 isolated_file:0 [ 97.986480][ T5774] unevictable:768 dirty:601 writeback:0 [ 97.986480][ T5774] slab_reclaimable:9027 slab_unreclaimable:102054 [ 97.986480][ T5774] mapped:13785 shmem:1796 pagetables:720 [ 97.986480][ T5774] sec_pagetables:0 bounce:0 [ 97.986480][ T5774] kernel_misc_reclaimable:0 [ 97.986480][ T5774] free:1400916 free_pcp:439 free_cma:0 [ 98.099054][ T5774] Node 0 active_anon:18328kB inactive_anon:0kB active_file:5372kB inactive_file:152780kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:55940kB dirty:2404kB writeback:0kB shmem:6448kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10004kB pagetables:2880kB sec_pagetables:0kB all_unreclaimable? no [ 98.184703][ T5774] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 98.231387][ T5786] netlink: 24 bytes leftover after parsing attributes in process `syz.2.224'. [ 98.269157][ T5774] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 98.300854][ T5774] lowmem_reserve[]: 0 2571 2571 0 0 [ 98.306375][ T5774] Node 0 DMA32 free:1637548kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:19984kB inactive_anon:0kB active_file:5372kB inactive_file:152464kB unevictable:1536kB writepending:2404kB present:3129332kB managed:2659864kB mlocked:0kB bounce:0kB free_pcp:2052kB local_pcp:1064kB free_cma:0kB [ 98.337438][ T5774] lowmem_reserve[]: 0 0 0 0 0 [ 98.342381][ T5774] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:316kB unevictable:0kB writepending:0kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 98.369576][ T5774] lowmem_reserve[]: 0 0 0 0 0 [ 98.374496][ T5774] Node 1 Normal free:3947388kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:0kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 98.453003][ T5774] lowmem_reserve[]: 0 0 0 0 0 [ 98.470545][ T5774] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 98.569101][ T5774] Node 0 DMA32: 28*4kB (UME) 13*8kB (UME) 205*16kB (UM) 26*32kB (U) 3*64kB (UM) 3*128kB (E) 2*256kB (ME) 2*512kB (UE) 2*1024kB (UE) 1*2048kB (E) 397*4096kB (M) = 1636648kB [ 98.659055][ T5774] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 98.710876][ T5774] Node 1 Normal: 3*4kB (UM) 10*8kB (UM) 10*16kB (UM) 8*32kB (UM) 2*64kB (U) 0*128kB 3*256kB (UM) 1*512kB (M) 1*1024kB (U) 2*2048kB (U) 962*4096kB (M) = 3947388kB [ 98.726547][ T5797] netlink: 28 bytes leftover after parsing attributes in process `syz.2.226'. [ 98.773356][ T5774] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 98.801899][ T5774] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 98.839323][ T5774] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 98.879199][ T5774] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 98.913729][ T5774] 42718 total pagecache pages [ 98.934003][ T5774] 0 pages in swap cache [ 98.951689][ T5774] Free swap = 124996kB [ 98.975531][ T5774] Total swap = 124996kB [ 98.992377][ T5774] 2097051 pages RAM [ 99.011460][ T5774] 0 pages HighMem/MovableOnly [ 99.031071][ T5774] 400875 pages reserved [ 99.072880][ T5774] 0 pages cma reserved [ 99.440481][ T5769] netlink: 'syz.0.218': attribute type 1 has an invalid length. [ 99.442479][ T5805] netlink: 4 bytes leftover after parsing attributes in process `syz.1.229'. [ 99.932971][ T5811] netlink: 'syz.3.230': attribute type 10 has an invalid length. [ 100.009400][ T53] Bluetooth: hci3: command 0x0405 tx timeout [ 100.153836][ T5811] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 100.184895][ T5826] gretap0: entered promiscuous mode [ 100.316272][ T5832] __nla_validate_parse: 1 callbacks suppressed [ 100.316296][ T5832] netlink: 24 bytes leftover after parsing attributes in process `syz.2.238'. [ 100.590601][ T5841] netlink: 4 bytes leftover after parsing attributes in process `syz.1.242'. [ 100.841887][ T5853] netlink: 144 bytes leftover after parsing attributes in process `syz.4.243'. [ 101.096410][ T5863] sctp: [Deprecated]: syz.3.248 (pid 5863) Use of int in maxseg socket option. [ 101.096410][ T5863] Use struct sctp_assoc_value instead [ 101.131910][ T5865] sctp: [Deprecated]: syz.3.248 (pid 5865) Use of int in maxseg socket option. [ 101.131910][ T5865] Use struct sctp_assoc_value instead [ 101.291041][ T5870] xt_connbytes: Forcing CT accounting to be enabled [ 101.298104][ T5870] xt_CT: You must specify a L4 protocol and not use inversions on it [ 101.432869][ T5877] netlink: 165 bytes leftover after parsing attributes in process `syz.1.251'. [ 101.450814][ T5875] netlink: 40 bytes leftover after parsing attributes in process `syz.4.254'. [ 101.633313][ T5881] netlink: 8 bytes leftover after parsing attributes in process `syz.1.255'. [ 101.729324][ T5891] netlink: 24 bytes leftover after parsing attributes in process `syz.0.256'. [ 102.291085][ T5914] FAULT_INJECTION: forcing a failure. [ 102.291085][ T5914] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 102.318762][ T5914] CPU: 1 PID: 5914 Comm: syz.0.265 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0 [ 102.329146][ T5914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 102.339427][ T5914] Call Trace: [ 102.342733][ T5914] [ 102.345684][ T5914] dump_stack_lvl+0x241/0x360 [ 102.350389][ T5914] ? __pfx_dump_stack_lvl+0x10/0x10 [ 102.355631][ T5914] ? __pfx__printk+0x10/0x10 [ 102.360253][ T5914] ? __pfx_lock_release+0x10/0x10 [ 102.365357][ T5914] should_fail_ex+0x3b0/0x4e0 [ 102.370156][ T5914] _copy_from_user+0x2f/0xe0 [ 102.374764][ T5914] copy_msghdr_from_user+0xae/0x680 [ 102.380070][ T5914] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 102.385915][ T5914] __sys_sendmsg+0x23d/0x3a0 [ 102.390540][ T5914] ? __pfx___sys_sendmsg+0x10/0x10 [ 102.395676][ T5914] ? vfs_write+0x7c4/0xc90 [ 102.400153][ T5914] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 102.406539][ T5914] ? do_syscall_64+0x100/0x230 [ 102.411341][ T5914] ? do_syscall_64+0xb6/0x230 [ 102.416144][ T5914] do_syscall_64+0xf3/0x230 [ 102.420704][ T5914] ? clear_bhb_loop+0x35/0x90 [ 102.425667][ T5914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.431604][ T5914] RIP: 0033:0x7f0218175b99 [ 102.436038][ T5914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.455670][ T5914] RSP: 002b:00007f0217bff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 102.464103][ T5914] RAX: ffffffffffffffda RBX: 00007f0218303fa0 RCX: 00007f0218175b99 [ 102.472100][ T5914] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 102.480103][ T5914] RBP: 00007f0217bff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 102.488090][ T5914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 102.496171][ T5914] R13: 000000000000000b R14: 00007f0218303fa0 R15: 00007ffd92c494e8 [ 102.504175][ T5914] [ 102.832113][ T5934] netlink: 'syz.2.272': attribute type 3 has an invalid length. [ 102.879696][ T5934] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.272'. [ 103.370854][ T5953] netlink: 4 bytes leftover after parsing attributes in process `syz.0.280'. [ 103.498309][ T5959] netlink: 40 bytes leftover after parsing attributes in process `syz.2.283'. [ 104.187261][ T5986] netlink: 'syz.0.295': attribute type 1 has an invalid length. [ 104.205111][ T5986] netlink: 'syz.0.295': attribute type 1 has an invalid length. [ 104.524118][ T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 104.534584][ T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 104.545495][ T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 104.554810][ T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 104.563017][ T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 104.571817][ T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 104.783113][ T5990] lo speed is unknown, defaulting to 1000 [ 104.901883][ T3161] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.004977][ T6009] netlink: 'syz.4.302': attribute type 10 has an invalid length. [ 105.140488][ T6009] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 105.193814][ T6009] team0: Failed to send options change via netlink (err -105) [ 105.216917][ T6009] team0: Port device netdevsim0 added [ 105.237455][ T6018] syz.0.305 uses obsolete (PF_INET,SOCK_PACKET) [ 105.312660][ T3161] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.329681][ T6010] netlink: 'syz.4.302': attribute type 10 has an invalid length. [ 105.404445][ T6023] __nla_validate_parse: 3 callbacks suppressed [ 105.404469][ T6023] netlink: 4 bytes leftover after parsing attributes in process `syz.2.306'. [ 105.594221][ T3161] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.784051][ T6034] netlink: 4 bytes leftover after parsing attributes in process `syz.2.310'. [ 105.846721][ T3161] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.853703][ T6040] netlink: 'syz.0.311': attribute type 1 has an invalid length. [ 105.886362][ T6040] netlink: 168864 bytes leftover after parsing attributes in process `syz.0.311'. [ 105.935815][ T6040] netlink: 1 bytes leftover after parsing attributes in process `syz.0.311'. [ 106.407727][ T6060] netlink: 'syz.2.318': attribute type 3 has an invalid length. [ 106.547225][ T3161] bridge_slave_1: left allmulticast mode [ 106.582529][ T3161] bridge_slave_1: left promiscuous mode [ 106.618034][ T3161] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.639141][ T53] Bluetooth: hci1: command tx timeout [ 106.701740][ T3161] bridge_slave_0: left allmulticast mode [ 106.724715][ T6071] netlink: 24 bytes leftover after parsing attributes in process `syz.4.319'. [ 106.728009][ T3161] bridge_slave_0: left promiscuous mode [ 106.758040][ T6071] nbd: must specify a size in bytes for the device [ 106.765429][ T3161] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.772046][ T6075] netlink: 4 bytes leftover after parsing attributes in process `syz.3.322'. [ 108.184630][ T3161] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 108.197343][ T3161] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 108.214136][ T3161] bond0 (unregistering): Released all slaves [ 108.305365][ T5990] chnl_net:caif_netlink_parms(): no params data found [ 108.512780][ T6097] netlink: 4 bytes leftover after parsing attributes in process `syz.3.328'. [ 108.719922][ T53] Bluetooth: hci1: command tx timeout [ 109.160058][ T5990] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.167940][ T5990] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.208404][ T5990] bridge_slave_0: entered allmulticast mode [ 109.233900][ T5990] bridge_slave_0: entered promiscuous mode [ 109.403246][ T6127] netlink: 40 bytes leftover after parsing attributes in process `syz.3.336'. [ 109.425024][ T5990] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.446199][ T6138] netlink: 4 bytes leftover after parsing attributes in process `syz.2.339'. [ 109.452635][ T5990] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.486846][ T5990] bridge_slave_1: entered allmulticast mode [ 109.501024][ T5990] bridge_slave_1: entered promiscuous mode [ 109.663546][ T6148] netlink: 156 bytes leftover after parsing attributes in process `syz.3.341'. [ 109.843113][ T5990] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.958304][ T5990] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.184084][ T6161] netlink: 'syz.0.345': attribute type 29 has an invalid length. [ 110.188857][ T5990] team0: Port device team_slave_0 added [ 110.236324][ T5990] team0: Port device team_slave_1 added [ 110.479383][ T6174] __nla_validate_parse: 2 callbacks suppressed [ 110.479406][ T6174] netlink: 8 bytes leftover after parsing attributes in process `syz.4.351'. [ 110.537803][ T6174] netlink: 4 bytes leftover after parsing attributes in process `syz.4.351'. [ 110.605656][ T6174] netlink: 44 bytes leftover after parsing attributes in process `syz.4.351'. [ 110.618760][ T5990] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 110.627785][ T5990] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.641965][ T6178] netlink: 4 bytes leftover after parsing attributes in process `syz.3.352'. [ 110.655046][ T5990] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 110.688473][ T5990] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 110.701749][ T5990] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.741668][ T5990] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 110.797214][ T3161] hsr_slave_0: left promiscuous mode [ 110.803307][ T53] Bluetooth: hci1: command tx timeout [ 110.814001][ T3161] hsr_slave_1: left promiscuous mode [ 110.826403][ T3161] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 110.845144][ T3161] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 110.851216][ T6186] FAULT_INJECTION: forcing a failure. [ 110.851216][ T6186] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 110.869532][ T6186] CPU: 0 PID: 6186 Comm: syz.4.355 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0 [ 110.879604][ T6186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 110.889719][ T6186] Call Trace: [ 110.893040][ T6186] [ 110.896012][ T6186] dump_stack_lvl+0x241/0x360 [ 110.900770][ T6186] ? __pfx_dump_stack_lvl+0x10/0x10 [ 110.906025][ T6186] ? __pfx__printk+0x10/0x10 [ 110.910678][ T6186] ? __pfx_lock_release+0x10/0x10 [ 110.915757][ T6186] should_fail_ex+0x3b0/0x4e0 [ 110.920479][ T6186] _copy_from_user+0x2f/0xe0 [ 110.925143][ T6186] copy_msghdr_from_user+0xae/0x680 [ 110.930384][ T6186] ? _parse_integer_limit+0x1b5/0x200 [ 110.935791][ T6186] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 110.941675][ T6186] __sys_sendmmsg+0x374/0x740 [ 110.946430][ T6186] ? __pfx___sys_sendmmsg+0x10/0x10 [ 110.951692][ T6186] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 110.957692][ T6186] ? ksys_write+0x23e/0x2c0 [ 110.962218][ T6186] ? __pfx_lock_release+0x10/0x10 [ 110.967265][ T6186] ? vfs_write+0x7c4/0xc90 [ 110.971728][ T6186] ? __mutex_unlock_slowpath+0x21d/0x750 [ 110.977476][ T6186] ? __pfx_vfs_write+0x10/0x10 [ 110.982306][ T6186] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 110.988308][ T6186] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 110.994671][ T6186] ? do_syscall_64+0x100/0x230 [ 110.999473][ T6186] __x64_sys_sendmmsg+0xa0/0xb0 [ 111.004379][ T6186] do_syscall_64+0xf3/0x230 [ 111.009025][ T6186] ? clear_bhb_loop+0x35/0x90 [ 111.013828][ T6186] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.019741][ T6186] RIP: 0033:0x7f337df75b99 [ 111.024186][ T6186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.044184][ T6186] RSP: 002b:00007f337ede0048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 111.052629][ T6186] RAX: ffffffffffffffda RBX: 00007f337e103fa0 RCX: 00007f337df75b99 [ 111.060642][ T6186] RDX: 032bc45944b084a6 RSI: 0000000020000180 RDI: 0000000000000005 [ 111.068727][ T6186] RBP: 00007f337ede00a0 R08: 0000000000000000 R09: 0000000000000000 [ 111.076747][ T6186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.084905][ T6186] R13: 000000000000000b R14: 00007f337e103fa0 R15: 00007ffd59ce64d8 [ 111.093088][ T6186] [ 111.100686][ T3161] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 111.117274][ T3161] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 111.147391][ T3161] veth1_macvtap: left promiscuous mode [ 111.153878][ T3161] veth0_macvtap: left promiscuous mode [ 111.160584][ T3161] veth1_vlan: left promiscuous mode [ 111.166719][ T3161] veth0_vlan: left promiscuous mode [ 111.777523][ T3161] team0 (unregistering): Port device team_slave_1 removed [ 111.835571][ T3161] team0 (unregistering): Port device team_slave_0 removed [ 112.617588][ T5990] hsr_slave_0: entered promiscuous mode [ 112.641472][ T5990] hsr_slave_1: entered promiscuous mode [ 112.652556][ T6200] netlink: 216 bytes leftover after parsing attributes in process `syz.2.360'. [ 112.689110][ T6200] netlink: 8 bytes leftover after parsing attributes in process `syz.2.360'. [ 112.698262][ T6201] netlink: 'syz.4.359': attribute type 3 has an invalid length. [ 112.728142][ T6201] netlink: 'syz.4.359': attribute type 3 has an invalid length. [ 112.887651][ T53] Bluetooth: hci1: command tx timeout [ 113.293894][ T6226] netlink: 4 bytes leftover after parsing attributes in process `syz.3.366'. [ 113.663376][ T6230] netlink: 'syz.4.367': attribute type 14 has an invalid length. [ 114.231437][ T6262] netlink: 124 bytes leftover after parsing attributes in process `syz.2.376'. [ 114.274455][ T6262] netlink: 124 bytes leftover after parsing attributes in process `syz.2.376'. [ 114.308309][ T6264] netlink: 4 bytes leftover after parsing attributes in process `syz.3.377'. [ 114.392197][ T5990] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 114.496359][ T5990] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 114.579213][ T6271] netlink: 'syz.2.379': attribute type 1 has an invalid length. [ 114.623970][ T6271] netlink: 'syz.2.379': attribute type 2 has an invalid length. [ 114.669071][ T5990] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 114.693236][ T5990] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 114.727918][ T6269] tipc: Started in network mode [ 114.739121][ T6269] tipc: Node identity aaaaaaaaaa0c, cluster identity 4711 [ 114.754394][ T6269] tipc: Enabled bearer , priority 16 [ 114.779034][ T6286] gretap0: mtu less than device minimum [ 115.163238][ T5990] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.251421][ T5990] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.309577][ T5151] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.318212][ T5151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.366109][ T5151] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.373451][ T5151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.712876][ T6313] __nla_validate_parse: 2 callbacks suppressed [ 115.712901][ T6313] netlink: 40 bytes leftover after parsing attributes in process `syz.0.389'. [ 115.757914][ T6318] netlink: 4 bytes leftover after parsing attributes in process `syz.2.390'. [ 115.766539][ T5152] tipc: Node number set to 10922666 [ 115.779836][ T6319] netlink: 4 bytes leftover after parsing attributes in process `syz.3.391'. [ 115.803189][ T6315] netlink: 8 bytes leftover after parsing attributes in process `syz.0.389'. [ 115.871898][ T6323] netlink: 4 bytes leftover after parsing attributes in process `syz.4.392'. [ 116.245666][ T5990] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.386294][ T6343] netlink: 'syz.4.396': attribute type 5 has an invalid length. [ 116.447075][ T6343] IPVS: Error connecting to the multicast addr [ 116.558764][ T5990] veth0_vlan: entered promiscuous mode [ 116.626654][ T5990] veth1_vlan: entered promiscuous mode [ 116.711603][ T6357] netlink: 44 bytes leftover after parsing attributes in process `syz.2.399'. [ 116.761578][ T6357] netlink: 56 bytes leftover after parsing attributes in process `syz.2.399'. [ 116.855344][ T5990] veth0_macvtap: entered promiscuous mode [ 116.903797][ T5990] veth1_macvtap: entered promiscuous mode [ 117.056344][ T5990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.089771][ T5990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.117522][ T5990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.144473][ T5990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.166986][ T5990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.188087][ T5990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.207938][ T5990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.241943][ T5990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.266729][ T5990] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 117.281855][ T6365] macsec0: entered promiscuous mode [ 117.288718][ T6367] netlink: 44 bytes leftover after parsing attributes in process `syz.2.404'. [ 117.311634][ T6367] netlink: 24 bytes leftover after parsing attributes in process `syz.2.404'. [ 117.330335][ T6367] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.380637][ T6367] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.387970][ T6367] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.399185][ T6373] netlink: 4 bytes leftover after parsing attributes in process `syz.3.406'. [ 117.443047][ T5990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.463946][ T5990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.497360][ T5990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.518980][ T5990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.561993][ T5990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.611803][ T5990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.626454][ T5990] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.652283][ T5990] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.671537][ T5990] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.697924][ T6379] netlink: 'syz.0.407': attribute type 34 has an invalid length. [ 117.738881][ T5990] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.749291][ T5990] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.770703][ T5990] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.802899][ T5990] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.147574][ T6403] Bluetooth: hci3: invalid len left 7, exp >= 12 [ 118.257361][ T6407] netlink: 'syz.2.412': attribute type 2 has an invalid length. [ 118.281226][ T1039] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.306623][ T1039] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.314340][ T6407] netlink: 'syz.2.412': attribute type 2 has an invalid length. [ 118.372153][ T1039] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.407977][ T6411] RDS: rds_bind could not find a transport for ::ffff:100.1.1.2, load rds_tcp or rds_rdma? [ 118.427358][ T1039] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.834969][ T6427] vlan3: entered allmulticast mode [ 118.849221][ T6427] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 118.920604][ T6427] mac80211_hwsim hwsim9 wlan1: left allmulticast mode [ 119.795228][ T6461] vxcan0: Master is either lo or non-ether device [ 120.367225][ T6486] bridge0: port 2(bridge_slave_1) entered listening state [ 121.072881][ T6509] __nla_validate_parse: 6 callbacks suppressed [ 121.072902][ T6509] netlink: 8 bytes leftover after parsing attributes in process `syz.4.453'. [ 121.139698][ T5099] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 121.152414][ T5099] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 121.162518][ T5099] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 121.179719][ T5099] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 121.183772][ T6519] netlink: 60 bytes leftover after parsing attributes in process `syz.1.456'. [ 121.201938][ T5099] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 121.212113][ T5099] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 121.243380][ T6519] netlink: 60 bytes leftover after parsing attributes in process `syz.1.456'. [ 121.317832][ T6527] netlink: 'syz.2.457': attribute type 4 has an invalid length. [ 121.526792][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.659627][ T6537] netlink: 'syz.1.459': attribute type 1 has an invalid length. [ 121.687819][ T6537] netlink: 'syz.1.459': attribute type 2 has an invalid length. [ 121.911732][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.996407][ T6514] lo speed is unknown, defaulting to 1000 [ 122.190223][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.276338][ T6553] FAULT_INJECTION: forcing a failure. [ 122.276338][ T6553] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 122.309516][ T6553] CPU: 1 PID: 6553 Comm: syz.4.464 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0 [ 122.319668][ T6553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 122.329769][ T6553] Call Trace: [ 122.333100][ T6553] [ 122.336157][ T6553] dump_stack_lvl+0x241/0x360 [ 122.340924][ T6553] ? __pfx_dump_stack_lvl+0x10/0x10 [ 122.346174][ T6553] ? __pfx__printk+0x10/0x10 [ 122.350828][ T6553] ? __pfx_lock_release+0x10/0x10 [ 122.355929][ T6553] should_fail_ex+0x3b0/0x4e0 [ 122.360770][ T6553] _copy_from_user+0x2f/0xe0 [ 122.365413][ T6553] csum_and_copy_from_iter_full+0x1fe/0x1df0 [ 122.371665][ T6553] ? __pfx_csum_and_copy_from_iter_full+0x10/0x10 [ 122.378147][ T6553] ? trace_kmalloc+0x1f/0xd0 [ 122.382784][ T6553] ? kmalloc_node_track_caller_noprof+0x242/0x440 [ 122.389254][ T6553] ? __build_skb_around+0x245/0x3d0 [ 122.394530][ T6553] ip_generic_getfrag+0x158/0x310 [ 122.399610][ T6553] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 122.405198][ T6553] ? raw6_getfrag+0x104/0x350 [ 122.409921][ T6553] ? skb_put+0x114/0x1f0 [ 122.414227][ T6553] __ip6_append_data+0x3047/0x4070 [ 122.419454][ T6553] ? __pfx_raw6_getfrag+0x10/0x10 [ 122.424647][ T6553] ? __pfx___ip6_append_data+0x10/0x10 [ 122.430192][ T6553] ? ip6_setup_cork+0x9fd/0xfb0 [ 122.435092][ T6553] ip6_append_data+0x264/0x3a0 [ 122.439931][ T6553] ? __pfx_raw6_getfrag+0x10/0x10 [ 122.444998][ T6553] rawv6_sendmsg+0x18f1/0x23c0 [ 122.449838][ T6553] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 122.455005][ T6553] ? aa_sk_perm+0x967/0xab0 [ 122.459580][ T6553] ? __might_fault+0xaa/0x120 [ 122.464316][ T6553] ? inet_sendmsg+0x330/0x390 [ 122.469052][ T6553] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 122.474382][ T6553] ? security_socket_sendmsg+0x87/0xb0 [ 122.480079][ T6553] __sock_sendmsg+0x1a6/0x270 [ 122.484832][ T6553] ____sys_sendmsg+0x525/0x7d0 [ 122.489768][ T6553] ? __pfx_____sys_sendmsg+0x10/0x10 [ 122.495137][ T6553] __sys_sendmsg+0x2b0/0x3a0 [ 122.499784][ T6553] ? __pfx___sys_sendmsg+0x10/0x10 [ 122.504983][ T6553] ? vfs_write+0x7c4/0xc90 [ 122.509608][ T6553] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 122.516618][ T6553] ? do_syscall_64+0x100/0x230 [ 122.521441][ T6553] ? do_syscall_64+0xb6/0x230 [ 122.526169][ T6553] do_syscall_64+0xf3/0x230 [ 122.530819][ T6553] ? clear_bhb_loop+0x35/0x90 [ 122.535558][ T6553] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.541524][ T6553] RIP: 0033:0x7f337df75b99 [ 122.546257][ T6553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.566372][ T6553] RSP: 002b:00007f337edbf048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 122.574860][ T6553] RAX: ffffffffffffffda RBX: 00007f337e104078 RCX: 00007f337df75b99 [ 122.582891][ T6553] RDX: 0000000000000004 RSI: 00000000200000c0 RDI: 0000000000000003 [ 122.590931][ T6553] RBP: 00007f337edbf0a0 R08: 0000000000000000 R09: 0000000000000000 [ 122.598964][ T6553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 122.607011][ T6553] R13: 000000000000006e R14: 00007f337e104078 R15: 00007ffd59ce64d8 [ 122.615033][ T6553] [ 122.643106][ T5099] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 122.657506][ T5099] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 122.668340][ T5099] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 122.684326][ T5099] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 122.703727][ T5099] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 122.727927][ T5099] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 122.790030][ T6560] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 122.862073][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.036020][ T6552] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 123.064255][ T6571] trusted_key: syz.4.470 sent an empty control message without MSG_MORE. [ 123.113142][ T6558] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 123.175459][ T6554] lo speed is unknown, defaulting to 1000 [ 123.292415][ T53] Bluetooth: hci2: command tx timeout [ 123.342745][ T35] bridge_slave_1: left allmulticast mode [ 123.348799][ T35] bridge_slave_1: left promiscuous mode [ 123.356709][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.389895][ T35] bridge_slave_0: left allmulticast mode [ 123.397808][ T35] bridge_slave_0: left promiscuous mode [ 123.407110][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.426622][ T6576] netlink: 72 bytes leftover after parsing attributes in process `syz.4.472'. [ 123.888317][ T6594] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 124.382879][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 124.395041][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 124.413239][ T35] bond0 (unregistering): (slave macvlan2): Releasing backup interface [ 124.424632][ T35] team0: left allmulticast mode [ 124.430613][ T35] team_slave_0: left allmulticast mode [ 124.436522][ T35] team_slave_1: left allmulticast mode [ 124.442820][ T35] team_slave_0: left promiscuous mode [ 124.448664][ T35] team_slave_1: left promiscuous mode [ 124.456833][ T35] bond0 (unregistering): Released all slaves [ 124.489751][ T6580] veth1_vlan: left promiscuous mode [ 124.519358][ T6580] netlink: 'syz.3.473': attribute type 1 has an invalid length. [ 124.543675][ T6580] netlink: 'syz.3.473': attribute type 2 has an invalid length. [ 124.810847][ T53] Bluetooth: hci5: command tx timeout [ 124.892262][ T6620] netlink: 'syz.4.485': attribute type 1 has an invalid length. [ 124.904400][ T6620] netlink: 'syz.4.485': attribute type 1 has an invalid length. [ 124.972451][ T6615] netlink: 4 bytes leftover after parsing attributes in process `syz.1.484'. [ 125.016509][ T6620] macvlan2: entered promiscuous mode [ 125.042908][ T6620] macvlan2: entered allmulticast mode [ 125.055916][ T6620] bridge0: entered promiscuous mode [ 125.063723][ T6620] bridge0: entered allmulticast mode [ 125.085629][ T6620] team0: Port device macvlan2 added [ 125.359696][ T53] Bluetooth: hci2: command tx timeout [ 125.418687][ T6644] netlink: 56 bytes leftover after parsing attributes in process `syz.4.489'. [ 125.462482][ T6644] netlink: 92 bytes leftover after parsing attributes in process `syz.4.489'. [ 125.495779][ T6514] chnl_net:caif_netlink_parms(): no params data found [ 125.504468][ T6644] netlink: 8 bytes leftover after parsing attributes in process `syz.4.489'. [ 125.708810][ T6654] bond0: (slave bond_slave_0): Releasing backup interface [ 126.074033][ T6660] netlink: 'syz.4.492': attribute type 1 has an invalid length. [ 126.095872][ T6660] netlink: 'syz.4.492': attribute type 2 has an invalid length. [ 126.202864][ T35] hsr_slave_0: left promiscuous mode [ 126.223705][ T35] hsr_slave_1: left promiscuous mode [ 126.236166][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 126.255281][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 126.268579][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 126.277184][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 126.331735][ T35] veth1_macvtap: left promiscuous mode [ 126.384216][ T35] veth0_macvtap: left promiscuous mode [ 126.410544][ T35] veth1_vlan: left promiscuous mode [ 126.446896][ T35] veth0_vlan: left promiscuous mode [ 126.879629][ T53] Bluetooth: hci5: command tx timeout [ 126.913505][ T35] infiniband syz0: set down [ 126.919475][ T5152] infiniband syz0: ib_query_port failed (-19) [ 127.358115][ T35] team0 (unregistering): Port device team_slave_1 removed [ 127.409289][ T35] team0 (unregistering): Port device team_slave_0 removed [ 127.439180][ T53] Bluetooth: hci2: command tx timeout [ 127.889763][ T6706] smc: removing ib device syz0 [ 128.258024][ T6725] netlink: 32 bytes leftover after parsing attributes in process `syz.1.496'. [ 128.507515][ T6514] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.539052][ T6514] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.552989][ T6514] bridge_slave_0: entered allmulticast mode [ 128.588566][ T6514] bridge_slave_0: entered promiscuous mode [ 128.613570][ T6554] chnl_net:caif_netlink_parms(): no params data found [ 128.792641][ T6739] netlink: 24 bytes leftover after parsing attributes in process `syz.3.500'. [ 128.846091][ T6514] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.871531][ T6514] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.892518][ T6514] bridge_slave_1: entered allmulticast mode [ 128.948826][ T6514] bridge_slave_1: entered promiscuous mode [ 128.959977][ T53] Bluetooth: hci5: command tx timeout [ 129.055298][ T6745] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20004 [ 129.080462][ T5120] IPVS: starting estimator thread 0... [ 129.189346][ T6746] IPVS: using max 18 ests per chain, 43200 per kthread [ 129.433209][ T6754] netlink: 4 bytes leftover after parsing attributes in process `syz.3.505'. [ 129.519359][ T53] Bluetooth: hci2: command tx timeout [ 129.523561][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 129.671305][ T6514] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 129.764156][ T6764] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000194: 0000 [#1] PREEMPT SMP KASAN PTI [ 129.777003][ T6764] KASAN: null-ptr-deref in range [0x0000000000000ca0-0x0000000000000ca7] [ 129.785455][ T6764] CPU: 0 PID: 6764 Comm: syz.3.509 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0 [ 129.790140][ T6514] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 129.795463][ T6764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 129.815121][ T6764] RIP: 0010:coalesce_fill_reply+0xcc/0x1b70 [ 129.821109][ T6764] Code: e8 59 cf f8 f7 4c 89 f0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 63 9d 5e f8 bb a0 0c 00 00 49 03 1e 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 45 9d 5e f8 48 8b 03 48 89 44 24 [ 129.841036][ T6764] RSP: 0018:ffffc9000328eee0 EFLAGS: 00010202 [ 129.847149][ T6764] RAX: 0000000000000194 RBX: 0000000000000ca0 RCX: 0000000000040000 [ 129.855274][ T6764] RDX: ffffc90009519000 RSI: 000000000000116b RDI: 000000000000116c [ 129.863328][ T6764] RBP: ffffc9000328f118 R08: ffffffff899c0ee7 R09: 006e75745f7a7973 [ 129.871328][ T6764] R10: dffffc0000000000 R11: ffffffff899d5700 R12: ffffffff899d5700 [ 129.879336][ T6764] R13: dffffc0000000000 R14: ffff88802e003340 R15: ffff888023d3ec80 [ 129.887717][ T6764] FS: 00007f62c368b6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 129.896847][ T6764] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 129.903487][ T6764] CR2: 0000555575be1808 CR3: 000000001f820000 CR4: 00000000003506f0 [ 129.911569][ T6764] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 129.919556][ T6764] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 129.927719][ T6764] Call Trace: [ 129.931099][ T6764] [ 129.934346][ T6764] ? __die_body+0x88/0xe0 [ 129.939064][ T6764] ? die_addr+0x108/0x140 [ 129.943460][ T6764] ? exc_general_protection+0x3dd/0x5d0 [ 129.949036][ T6764] ? asm_exc_general_protection+0x26/0x30 [ 129.954862][ T6764] ? __pfx_coalesce_fill_reply+0x10/0x10 [ 129.960543][ T6764] ? __pfx_coalesce_fill_reply+0x10/0x10 [ 129.966193][ T6764] ? ethnl_default_dumpit+0x517/0xb30 [ 129.971610][ T6764] ? coalesce_fill_reply+0xcc/0x1b70 [ 129.977002][ T6764] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 129.982998][ T6764] ? __pfx_coalesce_fill_reply+0x10/0x10 [ 129.988657][ T6764] ? rcu_is_watching+0x15/0xb0 [ 129.993463][ T6764] ? trace_contention_end+0x3c/0x120 [ 129.998855][ T6764] ? nla_put+0x131/0x1e0 [ 130.003118][ T6764] ? __asan_memcpy+0x40/0x70 [ 130.007717][ T6764] ? nla_put+0x131/0x1e0 [ 130.012154][ T6764] ? ethnl_fill_reply_header+0x295/0x3c0 [ 130.018090][ T6764] ? __pfx_netdev_run_todo+0x10/0x10 [ 130.023486][ T6764] ? __pfx_ethnl_fill_reply_header+0x10/0x10 [ 130.029483][ T6764] ? ethnl_ops_complete+0xba/0xd0 [ 130.034535][ T6764] ? coalesce_prepare_data+0x175/0x1e0 [ 130.040025][ T6764] ? __pfx_coalesce_fill_reply+0x10/0x10 [ 130.046119][ T6764] ? ethnl_default_dumpit+0x83/0xb30 [ 130.051610][ T6764] ethnl_default_dumpit+0x5ac/0xb30 [ 130.056917][ T6764] ? ethnl_default_dumpit+0x83/0xb30 [ 130.062596][ T6764] genl_dumpit+0x107/0x1a0 [ 130.067710][ T6764] netlink_dump+0x647/0xd80 [ 130.072285][ T6764] ? __pfx_netlink_dump+0x10/0x10 [ 130.077819][ T6764] ? genl_start+0x597/0x6d0 [ 130.082717][ T6764] __netlink_dump_start+0x59f/0x780 [ 130.088155][ T6764] genl_rcv_msg+0x88c/0xec0 [ 130.093052][ T6764] ? mark_lock+0x9a/0x350 [ 130.097458][ T6764] ? __pfx_genl_rcv_msg+0x10/0x10 [ 130.102508][ T6764] ? __pfx_genl_start+0x10/0x10 [ 130.107381][ T6764] ? __pfx_genl_dumpit+0x10/0x10 [ 130.112369][ T6764] ? __pfx_genl_done+0x10/0x10 [ 130.117195][ T6764] ? __pfx_lock_acquire+0x10/0x10 [ 130.122336][ T6764] ? __pfx_ethnl_default_start+0x10/0x10 [ 130.128069][ T6764] ? __pfx_ethnl_default_dumpit+0x10/0x10 [ 130.133987][ T6764] ? __pfx_ethnl_default_done+0x10/0x10 [ 130.139649][ T6764] ? __pfx___might_resched+0x10/0x10 [ 130.145046][ T6764] netlink_rcv_skb+0x1e3/0x430 [ 130.149938][ T6764] ? __pfx_genl_rcv_msg+0x10/0x10 [ 130.155021][ T6764] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 130.160366][ T6764] ? __netlink_deliver_tap+0x77e/0x7c0 [ 130.165865][ T6764] genl_rcv+0x28/0x40 [ 130.169865][ T6764] netlink_unicast+0x7f0/0x990 [ 130.174641][ T6764] ? __pfx_netlink_unicast+0x10/0x10 [ 130.179947][ T6764] ? __virt_addr_valid+0x183/0x520 [ 130.185081][ T6764] ? __check_object_size+0x49c/0x900 [ 130.190400][ T6764] ? bpf_lsm_netlink_send+0x9/0x10 [ 130.195532][ T6764] netlink_sendmsg+0x8e4/0xcb0 [ 130.200321][ T6764] ? __pfx_netlink_sendmsg+0x10/0x10 [ 130.205706][ T6764] ? __import_iovec+0x536/0x820 [ 130.210617][ T6764] ? aa_sock_msg_perm+0x91/0x160 [ 130.215608][ T6764] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 130.220998][ T6764] ? security_socket_sendmsg+0x87/0xb0 [ 130.226561][ T6764] ? __pfx_netlink_sendmsg+0x10/0x10 [ 130.231862][ T6764] __sock_sendmsg+0x221/0x270 [ 130.236647][ T6764] ____sys_sendmsg+0x525/0x7d0 [ 130.241444][ T6764] ? __pfx_____sys_sendmsg+0x10/0x10 [ 130.246776][ T6764] __sys_sendmsg+0x2b0/0x3a0 [ 130.251397][ T6764] ? __pfx___sys_sendmsg+0x10/0x10 [ 130.256552][ T6764] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 130.262904][ T6764] ? do_syscall_64+0x100/0x230 [ 130.267862][ T6764] ? do_syscall_64+0xb6/0x230 [ 130.272554][ T6764] do_syscall_64+0xf3/0x230 [ 130.277076][ T6764] ? clear_bhb_loop+0x35/0x90 [ 130.281766][ T6764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.287671][ T6764] RIP: 0033:0x7f62c2975b99 [ 130.292109][ T6764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.311833][ T6764] RSP: 002b:00007f62c368b048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 130.320368][ T6764] RAX: ffffffffffffffda RBX: 00007f62c2b03fa0 RCX: 00007f62c2975b99 [ 130.328446][ T6764] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000003 [ 130.336551][ T6764] RBP: 00007f62c29f677e R08: 0000000000000000 R09: 0000000000000000 [ 130.344713][ T6764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 130.352707][ T6764] R13: 000000000000000b R14: 00007f62c2b03fa0 R15: 00007ffc96242008 [ 130.360795][ T6764] SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 130.363822][ T6764] Modules linke