last executing test programs: 19.129477818s ago: executing program 3 (id=620): r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000280)={0x58, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @auth={{{}, {0xd}, @broadcast, @device_a, @from_mac=@broadcast}, 0x0, 0x0, 0x0, @void}}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x800}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}]]}, 0x58}}, 0x0) (async) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000400)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x28, 0x9, 0x0, 0x7ffff020}, {0x6, 0x0, 0x0, 0x4}]}, 0x10) (async) r4 = socket$nl_route(0x10, 0x3, 0x0) (async) socketpair(0x1e, 0x3, 0x4, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000180)=@assoc_value, &(0x7f00000001c0)=0x8) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_encap(r6, 0x11, 0x64, &(0x7f00000000c0)=0x4, 0x4) (async) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r7) sendmsg$NLBL_CIPSOV4_C_ADD(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000006040)=ANY=[@ANYBLOB="84010000", @ANYRES16=r8, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088058010c8054000b800800090000000000080009000000000008000a000000000008000a000000000008000a0000000002"], 0x184}}, 0x0) (async) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@ipv4_delrule={0x1c, 0x21, 0x105, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0x1c}}, 0x0) 19.007787816s ago: executing program 3 (id=621): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @remote}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x2e}}}}, &(0x7f00000003c0)=0x90) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x8c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @empty}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}]}]}]}, 0x8c}}, 0x0) 18.036287626s ago: executing program 3 (id=634): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="85100000010000009500000000000000850000007600000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) (async) unshare(0x28000400) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, 0x0, 0x15) (async) bpf$TOKEN_CREATE(0x24, &(0x7f0000000100)={0x0, r1}, 0x8) r2 = accept4(r0, 0x0, 0x0, 0x0) (async, rerun: 64) pipe(&(0x7f00000045c0)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) vmsplice(r4, &(0x7f0000002480)=[{&(0x7f00000001c0)="9718b7b35f0f5725d440a340664128463b2edda3", 0x1e}], 0x1, 0x0) r5 = socket$inet(0x2, 0x3, 0x7f) bind$inet(r5, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) (async) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c00000010f9210402001fb30bce0ab161"], 0x4c}}, 0x0) (async) sendmsg$NFT_MSG_GETTABLE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x24004000}, 0x4000000) (async) setsockopt$inet_int(r5, 0x0, 0x3, &(0x7f0000000080)=0xfffffffa, 0x4) (async, rerun: 64) connect$inet(r5, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) (rerun: 64) splice(r3, 0x0, r5, 0x0, 0xe8, 0x0) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r2) sendmsg$nl_route_sched_retired(r2, &(0x7f000001be80)={0x0, 0x0, &(0x7f000001be40)={&(0x7f0000000240)=@newtaction={0x200, 0x30, 0x800, 0x0, 0x0, {}, [{0x1ec, 0x1, [@m_ipt={0x1ac, 0x0, 0x0, 0x0, {{0x8}, {0x184, 0x2, 0x0, 0x1, [@TCA_IPT_INDEX={0x8}, @TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}, @TCA_IPT_TARG={0x49, 0x6, {0x7f, 'mangle\x00', 0x1, 0xfff, "f951fabdcbbe5deee9e2759c89a68ca19a86c92d5f104db955925a1fc8caba"}}, @TCA_IPT_TABLE={0x24, 0x1, 'filter\x00'}, @TCA_IPT_TARG={0xe1, 0x6, {0x4, 'mangle\x00', 0x80, 0x7, "3c03d93c75e10354489d4351f8c15af3fd1c960a1c324edd2ae839ed7bbdc3eae7f8f923d7a88f1dd4bca352433bde074cbae258ffc2b92b4835089489f4913cbf1956c321d073d195a37249cff3fb0cdb16713bb093ab1471e91e6748b0e7b7bee1d002403921c88131cb19202dd434614e4ea0970acfcf0556a513c325b57e9b8325588582dc5298233df5f2e1343388782ed597ac2568c6d1f1e09b8efc5d3990cf1c066ed67a05492aecf376f387f51f0dbd5484ab"}}]}, {0x4}, {0xc}, {0xc}}}, @m_ipt={0x3c, 0x0, 0x0, 0x0, {{0x8}, {0x4}, {0x11, 0x6, "f46756d0da560b4c8eabc516cc"}, {0xc}, {0xc}}}]}]}, 0x200}}, 0x0) (async) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r3) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000700)=ANY=[@ANYBLOB="40000000a581a84172c271d17eb00f109a9570d8a6024d533991676e2a07b6ef3005c7f532758230a59826af09dfd62ac6cf3874b688eecc15c08860007873c10e8186ddd4181bec6edf0eaa86d430e89242ed44a0b605394c128dd563a4811dfd5f708c2bd7dc24637578a6a322ad2453860c56b6dc369a3dc7f05a3c0b1e322bf8eb8e81e08f691fe28cb94d35d6cbabbfb1d39487908f58912020f27d01cddc1a9d7b0f98fc2394da87b9ec49c764cc081ff7a471c1e3d6cde791ce8a36b5ec82137d2b71e53c0ae7010f56d77bcd153ffb164c46a18a776acbf6d6a8d1b53b12d0646d8eec5a2faa69", @ANYRES16=r6, @ANYBLOB="010800000000000000000b00000008000300", @ANYRES32=r8, @ANYBLOB="0a000600080211000001000018005080110001004abee339084eeef16f162471f4000000"], 0x40}}, 0x0) (async, rerun: 64) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01"], 0x7c}}, 0x0) (async, rerun: 64) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r9, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) r11 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010000000000000000000100000008000100", @ANYRES32=r10, @ANYBLOB="440002804000010024000100"], 0x60}, 0x1, 0xf000}, 0x0) (async) ioctl$FIONCLEX(r7, 0x5450) 17.917438156s ago: executing program 4 (id=635): socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0xa, 0x300) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000611228000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0x101, 0x4) sendmmsg$inet6(r0, &(0x7f0000001480)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x95, @loopback, 0x5}, 0x1c, 0x0}}], 0x1, 0x0) recvmmsg(r0, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=""/161, 0x19}}], 0x1, 0x12141, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r1, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 17.717579748s ago: executing program 3 (id=638): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtfilter={0x5c, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {0xffe0}, {}, {0x5, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x2c, 0x2, [@TCA_FLOWER_KEY_CT_LABELS={0x14, 0x61, "cc4751af6e86592f024d38f66dbc1702"}, @TCA_FLOWER_KEY_CT_LABELS_MASK={0x14, 0x62, "2f8d8d8aae11218b7b82869677d78fda"}]}}]}, 0x5c}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000a40)=@newsa={0x144, 0x10, 0x1, 0x0, 0x0, {{@in=@local, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x6c}, @in=@remote, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}, 0xffffff49}}, @sec_ctx={0xc, 0x8, {0x8}}]}, 0x144}}, 0x0) r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0xfff, 0xb3, 0x48, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000080)=@framed={{0x18, 0x3}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r3}, @generic={0x66}, @initr0, @exit, @alu={0x4, 0x0, 0x2, 0x3}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) 17.569321319s ago: executing program 4 (id=640): sendmsg$AUDIT_TTY_SET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x18, 0x3f9, 0x4, 0x70bd2b, 0x25dfdbfe, {}, ["", ""]}, 0x18}}, 0xc890) (async) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="7c00000000000000000000000700000044140001ac1414aa00000000ac1414000000000000441c0003e0000001000000007f000001000000000000000000000000442c00000000000000000f883816814100000000000000000000000000000000000000000000000000000000000000000000440c0001000000000000000000000000000000a400000000000000000000000700000044280000000000000000000000000000000000000000000000000000000000000000000000000000071700e0000002ac1414bb00000000e0000002ac1414bb018616000000000010c986d78e6c4b9394b247217b87cb00830b00000000007f000001861f0000000000020010421487f84baabcbcfb42a4d90bab000748c68c4c31001089ca45d9612e5b5c11f12bc78a41000000000000006c000000000000000000000007000000441c0003ffffffff000000000000000000000000e00000010000000044340001ac1414bb0000000000000000000000000000000000000000ac1414aa00000000ac1414aa00000000ac1e000100000000830b0000000000e000000200000000001c000000000000000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001400000000000018000000000200000000000000000000001c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="7f0000017f00000a0000000800"/28, @ANYRES32=0x0, @ANYBLOB="7f000001ac141400000000011c0e0000000000000000000007006fc946f1f569c01801"], 0x230}, 0x0) r0 = socket$kcm(0x10, 0x0, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030017000b63d25a80648c2594f92e24fc60100c034002000009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 17.479388058s ago: executing program 3 (id=641): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000004400000010000300", @ANYBLOB], 0x4c}}, 0x0) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000030000001c00018008000700", @ANYRES32=0x0, @ANYBLOB="080003007f000001080006"], 0x30}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0x7, &(0x7f0000000040)=ANY=[@ANYRESHEX=r4, @ANYBLOB="000000000900000018", @ANYRES32=r5, @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) bind$packet(r6, &(0x7f0000000100)={0x11, 0x0, r7}, 0x14) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'veth1\x00', 0x0}) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x54, r5, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_ADDR={0x2c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r7}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r8}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x1}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x8}]}, 0x54}, 0x1, 0x0, 0x0, 0x24000880}, 0x20000801) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000080)=0x2, 0x4) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e200023b0"], 0x0) 17.395484616s ago: executing program 4 (id=644): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x16, 0x0, 0x8400, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r0, 0x0, 0x20000000}, 0x20) bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000400)={r0, 0x0, 0x20000000}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0x10, &(0x7f0000000180)=@raw=[@printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2}, @initr0={0x18, 0x0, 0x0, 0x0, 0xf20d, 0x0, 0x0, 0x0, 0x8}], &(0x7f0000000200)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xac}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0xb8, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x24, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6}]}]}]}, 0xb8}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe80, 0xe80, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 17.135499599s ago: executing program 4 (id=646): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = socket(0x15, 0x5, 0x0) r2 = socket(0x40000000015, 0x5, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10) (async) bind$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) (async) sendmsg$xdp(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) (async) getsockopt(r1, 0x200000000114, 0x2715, 0x0, &(0x7f0000000040)) (async) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) (async) sendmmsg(r3, &(0x7f0000000440)=[{{&(0x7f0000000700)=@hci={0x1f, 0xffffffffffffffff, 0x1}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000380)="46310f3a62022ffdeba93ec529e7", 0xe}], 0x1, 0x0, 0x0, 0x2f00}, 0xf00}], 0x1, 0x0) (async) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f00000009c0)=ANY=[@ANYBLOB="1828000000000000000000000000000018110000", @ANYRES32=r0, @ANYRES16=r0, @ANYRES64=0x0], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r4, &(0x7f000000b0c0)={0xa, 0x0, 0x0, @mcast2, 0x20}, 0x1c) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x3a) (async) socket$nl_route(0x10, 0x3, 0x0) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x30, r6, 0x300, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x1c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x15, 0x1, @l2={'eth', 0x3a, 'veth0_to_hsr\x00'}}]}]}, 0x30}}, 0x0) (async) sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000a00)={0x224, r6, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7ff}]}, @TIPC_NLA_BEARER={0x30, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x34}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3b0}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}, @TIPC_NLA_BEARER={0x118, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x5740, @dev={0xfe, 0x80, '\x00', 0x12}, 0x8}}, {0x14, 0x2, @in={0x2, 0x4e20, @empty}}}}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4e29}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'ib', 0x3a, 'sit0\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0xf, @local, 0x7}}, {0x14, 0x2, @in={0x2, 0x4e21, @empty}}}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_virt_wifi\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x0, @empty, 0x5}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0xfffffff9, @mcast1, 0x7}}}}]}, @TIPC_NLA_LINK={0x4}, @TIPC_NLA_NET={0x30, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7a}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xc}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xbca}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x101}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xffffaadc}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xb79}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x50}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x10}]}]}, 0x224}, 0x1, 0x0, 0x0, 0x800}, 0x24000000) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@ipv4_newroute={0x38, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1400}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x2}, @RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, @LWTUNNEL_IP_OPT_ERSPAN_VER={0x5, 0x1, 0x2}}}}]}, 0x38}}, 0x0) r8 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90324fc6004001c000a000200053582c137153e37000c0480fc0b10000300", 0x33fe0}], 0x1}, 0x0) r9 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r9, &(0x7f0000000000)=[{&(0x7f0000000100)="58000000140019234083feff040d8c560a060f0200ff0000000000000020ffff00000000000064009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c100000000200ffffffff", 0x58}], 0x1) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) (async) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) 17.011563667s ago: executing program 3 (id=648): socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$inet(0x2, 0x3, 0x1) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x23, &(0x7f0000004b00)=ANY=[@ANYBLOB="e0000808ac1414aa"], 0x10) r2 = socket$kcm(0x10, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x5f, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = socket$kcm(0xa, 0x922000000003, 0x11) sendmsg$kcm(r3, &(0x7f0000000100)={&(0x7f00000002c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1={0xff, 0x2}}, 0x80, &(0x7f0000001500)=[{&(0x7f0000000000), 0x4c00}], 0x1}, 0x0) recvmsg$kcm(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000340)=""/4106, 0x5a8}], 0x10}, 0x0) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0xa00, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f0000000100)={'broute\x00', 0x0, 0x3, 0x2b, [0xfc, 0x70, 0x7fc, 0x8, 0xae70, 0x5], 0x4, &(0x7f0000000080)=[{}, {}, {}, {}], &(0x7f00000001c0)=""/43}, &(0x7f0000000180)=0x78) 16.813972662s ago: executing program 4 (id=651): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @lsm, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r0}, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NODES(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x1c, r2, 0x1, 0x70bd28, 0x25dfdbff}, 0x1c}}, 0x4) 16.651702572s ago: executing program 4 (id=654): unshare(0x68040200) unshare(0x14000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001640)={&(0x7f00000008c0)=ANY=[@ANYBLOB="2c0000001a00010000000000000000000a0000000000006f0000000005001b003a00000008000300", @ANYRES32], 0x2c}}, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x26, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) unshare(0x68040200) (async) unshare(0x14000000) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001640)={&(0x7f00000008c0)=ANY=[@ANYBLOB="2c0000001a00010000000000000000000a0000000000006f0000000005001b003a00000008000300", @ANYRES32], 0x2c}}, 0x0) (async) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x26, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) (async) 4.269573576s ago: executing program 0 (id=680): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8982, &(0x7f0000000000)={0x6, 'dvmrp0\x00', {0x2}, 0x5}) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_EDIT(r1, 0x0, 0x483, &(0x7f00000000c0)={0x1d, @broadcast, 0x4e23, 0x0, 'none\x00', 0x10, 0x9, 0x4c}, 0x2c) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) r3 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) r4 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r6, &(0x7f0000000140)={0xd0002005}) ppoll(&(0x7f0000000200)=[{r7, 0x1}], 0x1, 0x0, 0x0, 0x3) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="cc000000", @ANYRES16=r3, @ANYBLOB="0100ffffffff000000000100000008000100", @ANYRES32=r2, @ANYBLOB="b00002803c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300400000000400040008"], 0xcc}, 0x1, 0xf000}, 0x0) 3.658713406s ago: executing program 1 (id=684): r0 = socket$inet_smc(0x2b, 0x1, 0x0) (async) r1 = socket$pppl2tp(0x18, 0x1, 0x1) getsockname(r1, 0x0, 0x0) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x2000000, 0xc, 0xfffffffffffffcd0, 0x2, [@func={0x3, 0x0, 0x0, 0xc, 0x2}]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) (async) bind$inet(r0, &(0x7f0000000540)={0x2, 0x4e22, @multicast2}, 0x10) (async) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) (async) close(r3) (async) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a050000000000000000000100002c000000030a0102000000000000fe7d5f4500000900010073797a30000000000900030073797a300000000054000000060a010400000000000000000100000008000b40000000002c00b780280001800a0001006c696d6974000000180002800c0001400000000000000000080004403f9fee2815cdc4092470000000010900010073797a3000000000140000001100010000000000000000000000000a00000048f8139fe3df45da3efdc466c6d34d24ae7b9fd43bf4625665a26bb7d1611a93ca1b4e28325d6df50934f4bac5ac48c426da89b0e834ea1394e3cbf6fdbad9fb2cdfdd8d9e4243bccefcd25d5502f0a5bcfcbb931341805e54ac4abc9756487dcf41fc98412914a80c55"], 0xc8}}, 0x0) sendto$inet(r0, &(0x7f0000000300)="b2", 0x1, 0x8005, 0x0, 0x0) setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000500)=@gcm_256={{0x304}, "5ab3b7ccb150a4f8", "8b7e476094455a04734bd3fb730c41e0c041d250e01cac4ec428a91297175f10", "fa058e9c", "368e39a22013f3c2"}, 0x38) (async) unshare(0x62040200) socket(0x15, 0x5, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async) socket$inet6_sctp(0xa, 0x1, 0x84) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) (async) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1e00000056bc000006000000a200000080900000", @ANYRES32, @ANYBLOB='\t\x00'/20, @ANYRES32=0x0, @ANYRES32=r2, @ANYBLOB="0000000002000000010000000100000000000000", @ANYRES32=r2, @ANYBLOB="be77fc2aa32f91c51b4eeec5b5b31e96002a3c02c27bcaaaae872082fa2844313499b1e7ce8249ae1638a2b395cf6e441163d82a49c37d95d3057abecb4932dc454aecd6f791f9a544d9a0f9c81968d3a38c44c9f2f88c65e17fbde4b2af2a48c65eae5404451a9f270805485d42d263da75deec75cf577fe35180dbb432f6359747579f54e38ec5f50c808c23dfaab2d3917a849833372733122f316f5bb160583df6418e7908eab9b7aa5665999e86787036832ae1e1f80e64820c2c5d66fbc0d92cfd984f113c"], 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@bloom_filter={0x1e, 0x0, 0x8, 0x6, 0x20482, r5, 0x5, '\x00', 0x0, r2, 0x2, 0x3, 0x1, 0x7, @void, @value, @void, @value}, 0x50) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_type(r6, &(0x7f0000000180), 0x2, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) (async) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="000000000080000000a1150969f137e8e70000006e5c0f7e11ec24696b11cbb429db518e006c8fb6b3cc067e32f6eeaffb3d997e82aba0b05309ec89c4c14c97f7aa1b38248c6cd61d11b6d39c8960fd4623dd4eb442ab2ff9bb429bd9915eaa89c8bf21979a1d", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0b00000007000000010001000900000001000000", @ANYRES32, @ANYBLOB="00000000000000000000000000f900000000000060856e9b55c09049029148bb714ac04f8ba42473f8ff4d52cfc695a2c78a0bc915f8d5cad93d8a9e3229b08be5f4285c3dc576f7c564ebcd9ac4db7665100000000000000000000000005ca4000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 3.341009656s ago: executing program 1 (id=687): socket$tipc(0x1e, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="1400000015000100000000000000000005"], 0x1c}}, 0x0) syz_init_net_socket$ax25(0x3, 0x5, 0xf0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x5, 0x84) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) socket(0x11, 0x800000003, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r1) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_DEV(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="4d7e00c30000000000002700000008000200", @ANYRES16=r3], 0x1c}, 0x4, 0x700000000000000}, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket(0x1d, 0x2, 0x6) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1d}}}}, &(0x7f00000001c0)=0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x1f, &(0x7f0000000200)={r5, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x11}}}, 0xf, 0xfff8}, &(0x7f00000002c0)=0x90) r6 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000400)={0x1d, r7, 0x2}, 0x18) bind$can_j1939(r4, &(0x7f0000000080)={0x1d, r7}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)) 3.159256495s ago: executing program 1 (id=689): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r5, 0x0, 0x0) getsockname$packet(r5, 0x0, &(0x7f00000000c0)) connect$inet6(0xffffffffffffffff, &(0x7f0000000600)={0xa, 0x4e24, 0x1, @dev={0xfe, 0x80, '\x00', 0x30}, 0x4}, 0x1c) sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newlink={0x68, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b}, [@IFLA_LINKINFO={0x48, 0x12, 0x0, 0x1, @sit={{0x8}, {0x3c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FLAGS={0x6, 0x8, 0x3f}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e20}, @IFLA_IPTUN_FWMARK={0x8, 0x14, 0x800000f0}, @IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0x8}, @IFLA_IPTUN_TTL={0x5}, @IFLA_IPTUN_LOCAL={0x8, 0x2, @dev}, @IFLA_IPTUN_TOS={0x5, 0x5, 0xc9}]}}}]}, 0x68}, 0x1, 0x0, 0x0, 0x4004}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r5, 0x89f8, &(0x7f0000000480)={'tunl0\x00', &(0x7f00000012c0)}) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000008c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @remote}, 0x10, 0x0}}], 0x1, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="3c0000fe140009050000000000000000020100fe", @ANYRES32=r3, @ANYBLOB="1400060000000000000400f0000000000000000008000200ac1414aa0800010000000000"], 0x3c}}, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) writev(r6, &(0x7f0000000440)=[{&(0x7f0000000000)="9d1a13725d2ac496d8524b29015cb6177fb70266cdc1eb7946d14ecd1f78270c68e3f287a9b3e6a3488c9316058279eedbd33508792be7a7593d9ba300e8fa232b1aa6fc7d44445a36ab8bbc3a444413723bb8ae3cfff5b54875408f8466dbae9712e91f093fac4ce3", 0x69}, {&(0x7f0000000100)="3769b1010037e8a9ae43aeb3b548006a10d9c0e698b8c6691fab1c1a020361621d101a1f7e7025966793befc048be74f16a9dacc57eb770f36672b415dc746636a3642063b6d12c7a6aff9b6f49639a73a0fb7c7b211072597e0f0bc8c61a754cb46c24460fd60526ac2dcef7c464378bd5eee2ab75f308755636caf8b9c6c4d1305a9a083df98286683c72d6c0061b801593821b6d721dcddcfe23eaf7269f3633fa93065de979b306529e992133b79f0980c71367bf895bbaed6c9a803f5", 0xbf}, {&(0x7f00000002c0)="118d07e6f540da3183027c81dfd4ddc1700904286a13c66e82d09dfa2135a3f6a429bf83206af569932ffac91416f5a740ecff9da01d19b59d727af01d4e6581a615b0", 0x43}, {&(0x7f0000000240)="d1", 0x1}], 0x4) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0xa, 0x4, 0x4, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000600)=@bpf_tracing={0x1a, 0xf, &(0x7f0000000480)=@ringbuf={{}, {}, {}, [@btf_id={0x18, 0x0, 0x3, 0x0, 0x1}, @exit, @cb_func={0x18, 0x6, 0x4, 0x0, 0x5}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r8}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, 0x1a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x67) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00000018000280140003"], 0x50}}, 0x0) r9 = gettid() syz_open_procfs$namespace(r9, &(0x7f0000000200)='ns/pid_for_children\x00') 2.965640517s ago: executing program 0 (id=690): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000001c0)={r1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x22}}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket(0x1e, 0x80005, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_IDLE(r5, 0x103, 0x7, 0x0, 0x0) r6 = socket$inet6(0xa, 0x3, 0x2) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_DAT_CACHE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r4, 0x305, 0x0, 0x0, {0x7}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x1c}}, 0x0) r8 = socket(0x10, 0x3, 0x0) r9 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_ECN={0x8}]}}]}, 0x3c}}, 0x0) sendmsg$BATADV_CMD_SET_HARDIF(r2, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="02829c3c32c6387a0d002cbd7000ffdbdf25", @ANYRES32=r10, @ANYBLOB="0a000900aaaaaaaaaabb0000050037000100000005003300020000000800310026e70000050030000000000008002c000c00000005003000000000000500300005000000"], 0x60}, 0x1, 0x0, 0x0, 0x4000004}, 0x4084) socket(0x2, 0x80805, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x18) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_tcp(0xa, 0x1, 0x0) pipe(&(0x7f0000000100)) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) 2.559430985s ago: executing program 2 (id=692): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0], 0x0, 0x21, &(0x7f0000000200)=[{}, {}], 0x10, 0x10, &(0x7f0000000280), &(0x7f00000002c0), 0x8, 0xd7, 0x8, 0x8, &(0x7f0000000300)}}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x10012, r1, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x10, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70500000800000085000000c7000000950000"], &(0x7f0000000300)='GPL\x00', 0x4, 0xff8, &(0x7f0000001e00)=""/4088, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000640)=ANY=[@ANYRES64=0x0], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000240)='kfree\x00', r3}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000054000000030a01030000000000000000050000000900010073797a30000000000900030073797a3200000000280004800800024000000000080001"], 0xb0}, 0x1, 0x0, 0x0, 0x2000000}, 0x0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x30, 0x2, 0x6, 0x3, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x10) 2.475778408s ago: executing program 0 (id=693): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x401, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1008}}, 0x20}}, 0x0) 2.460959705s ago: executing program 2 (id=694): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r3, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f0000000340)={0xf}, 0x1) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0xc) sendmsg$netlink(r4, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000002c0)={0x18, 0x69, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x2f, 0x0, 0x0, @str=':,*\x00'}]}, 0x18}, {&(0x7f0000001200)={0x10, 0x2, 0x300, 0x70bd25, 0x25dfdbfe}, 0x10}, {&(0x7f00000000c0)={0x14, 0x34, 0x100, 0x70bd2b, 0x25dfdbfc, "", [@typed={0x4, 0x5f}]}, 0x14}, {&(0x7f00000001c0)={0xe0, 0x14, 0xe00, 0x70bd28, 0x25dfdbfd, "", [@typed={0x8, 0x138, 0x0, 0x0, @fd}, @nested={0xc8, 0xb3, 0x0, 0x1, [@generic="685a23101f816e89e6c38f62918652b69ef471ce52ae7f66025cc69c8ac8debfeba568b7fcbcdd56db5f79e4a9c609d19956a0a3c2a47a878d6a1d0d3d544300dae8729a98920e172b579026a55bea10f1f7bb24027bbfb6b514626ee8341aa7b69938278872f2c4469a8bbdf662904172acf59381aeb5b3152a2d83543d2a80cd132965097912513c7b7f8d7b03f96ddf271cabb5b47140b32d568a6fa33df89ad635f3bba582bf26b97211257eacfc3c90c408e45566e2563dccbf", @typed={0x8, 0x36, 0x0, 0x0, @uid=r5}]}]}, 0xe0}, {&(0x7f0000001240)={0x1050, 0x22, 0x800, 0x70bd29, 0x25dfdbfc, "", [@generic="81a027cdef53fb0588c51069b42075e92c73d10c0c7d14b3c20c7db9262838c04ac6379e1e41be9a9a14a357f39907399dc7f1bcc34bd4e0d6eb8e", @typed={0x1004, 0x3e, 0x0, 0x0, @binary="889fdd8c33b50406296b84a9942fd6ad4d32945a4768e6d707a797745cc1d28096744badc3b0a1645e5a2c5d4a458fcfc81ef2210fcffd7da7f1fa3d331d9b5fc6891897f455c854a4582128d195626d60b7311bbbf7d38f4c220c54ef01f5948a8171f92204bb49e62b96a669c0d2ef6c14222b6d4e25fe30ca32fb3dd372425242e99460627276bb755852bec181b5fa0dcc9006ef265bb3ff84ba7bfd9a52b234d7ff9eaf507d09342da4e3bc190b531e074fcd2aab87bd8020c373d459dc9b3384f96bd01c66ac065a86a8b6e845284f5eb82fe91e5fbf59ef33ccebb6f47224ecb04d37c663e70639b253f7accc29b98136331caf16a315984743433fb60812c5a59c6fdb83080df9b2e071f21efdb320aaa05d1b0e803cbcc02514bc51b146a0748163149b8c79e84ba1b24c4124d46ce684f9a35d0ae0195216bd57b54e751b2fb1d3d7e2d30dd3507a00dd1a1bdc40e188ee3ca66212d39daec223a3ab3a26f15c66c55b52542a94407d5d97cd2024f0eed46f3550e7cc55c828768bfe03325067efee4ccc1f1d2e00c69983ac07625e7d8cd64383c7f26d0581cdfe6f2035045151b55df9d140435415113ea9a6cede393c76413acd800185baa8a7497198d707f74593474f8b833f713f23484a3d5ee4876198348046dad6bc274f5551fb2ace6a1caf5a92115d6b8c169715d4ce2a3278927b2a898e2f2fd382ec148de2432abe1e52e08b28f2bc751868686926f51e40776657024b928ce846fe7ddbf9972e678a66e688b11750742cf52d709c1c15e2cf5c1f89b87d8986a7eb1aa36e506e132ac5300b89d1d4d664d93981659677b32d30286fc317c045c065baf86874978df46612e6bc68cd856f71d63f946d59433dcd03eac9865513fef40b18cee8a19039cd8f7d44179b58f83faaf024411f656d963dc65d504b9b255f0dc59e57b445e17b9ba5efc30267ee2db6a03cf1fb24e1028005262f454aa99cbf1b9ff0e3f4865d6cd174e9c257a915bc6c9d05252cf6765d794ac856b2b3926532de9dc156fe1d0d8dd2059b5871215c21e10219f4c5d0afdf4d8c5a06dfc9ccedd36cd982f69caf572d71eb49dfd50a1cddb06dd545dbd2004e9cc71551b49cec6291c63ba7236db188f449742e6f4edc9428814dc749bfd5bc7d0207689f191a21ea53dc46b662583c0b743553d1a49bdaa16d1e2acddbc853cc15148c6cebfe2701055237353d2221a389b264be18daa309d1b29b75a2cea7e17c89d621b877b315d06edfc946ec366a39a25422c878fe53e244ed43aea8d05bd4f20d46b5c51fd615f64740a31117d75129b6413b4da72746f1ec438d6e429e86260b9a68dc929858c1803356aa9967ada3e177bde40b8ec4522ad64438263c1238e2a818eebc05f41479c2957aa74b8fef356099c8915b29989a81e400fad8866957e04292253254cf52bea2ef23a1a16c45896f9acc0da950c431692f59b22c94f02947a2f3e4a7b3688c2b5e838d0d06389afed94b471927d3dba3b38c5fb070c483c0490763939dfd21dcd033270a199e7e73e8445462e657703ff1876cdff722675f86de04608b700a5804bb0f422d7df5d611f445417db98e3789b4ae8ccfb1e29a1272d2705b1882fd53e5f755a97f04925593c9f89fcafe53ff69c0f0e18d6fc636c86d660c0a1d4f387aa53238cb46c71a5b968a432670b06728d71d118e7039a4c13eb43b57fe2a49d61023f697e2dafc49ecdc958e831e1f31ee7aac97ed8f8bcdad1efe20b9548950c2940a778c983d30db6a62aab689f2cbf3e6b44e4225381f45a10b143627d4c4fc4075960d817e84215635d1d3c4c81f68ec4b0905a40e8aaf022fad3002dd181b09d6a9ac95e4a819119e29c6067527d940c1999ecddc760d9d1844e16876b927b8229221a5a14c2058596eac01295c8e2ee9e26a6b47551dd7598206c86c6373b5bfcc2d843c374cdaa567420aa7a0822494e119e238a3ba80e9a02640c07efe23ba3effbe2f3bf31f37a4d758b9d1e7ffbe48991eb33fe7a53f562d568f0addf643b3310aa1d8368b90dae5e6a2048fb9bea5b745ef1b61e9c2796492d10ab28a81cfa74bdcad92f050b0f9ccd12a5399fa1750598d121a5abb5fd56f558a6b91cece60658edeaff10b41cf6224e524b4a2512c52b81346d2b2a24ec7a1ca1c1c9df68a90cc5f66378d4fa1a569734a224b0fffea1417dce3d668287e5d30cd0bcdc2c6e9b09c4f012c05f269291a2a54ec7ec29b52e99d2d8a61be41adc0b6c9752133665e389fa5389a29e2624f3f911003d4b4cad3a0efaa18109c24cbfefa737352043754fe6d9b8aec36221f8f07a5e813cf7720deff433192a18d35ad895d2fe0f22d7fbde254c444dacd202e6fe73efe49c692cf911d5980a88be1db019d3cbb816208a2cdfcb0951eddfbead418ab12b8e9a638c1fb9a33eaa1b247bd36b47bc93a345ddfa250b0ee468097823b6369b9beae1dee09d3ad4db2c980fc18fea9a5ed570bba25b9b3d5d8157b4c1e3d95962efb45bcfc299007ddc9175d80e81947ae4e9d89f82252b5f079e82eab0d2f2e510b14a18e8c79eb7c7a9741ba2de9fb3400f372725a8748af4cab79a3ba5252b75dbb4d22e6597bb9ebae35cc7816ffcb2d53ffd740eab10ca1a76b18b8476b86a4d9abba6ec1fea65f8fb5281e855238ec2ad5c17edcd9bc8db74a037817608fe6562d1bcb8dca4f3e2865b1527ef87891317d28093708c867756f22fcfcbd683b1dd527362dbb93f4d9500109e3a095e6ea28ffc95aaa05190fc5e408a802d780dffb500379028151b1a9a1452f4eef3680de283ea5da8a24d7dc9f4f96b46cf4b5467fc991716c45a351c13b2299f5b2ce5592e02b661e99c83e45b21c5de5d4fc4a10521043dfb60bbfff5048366f6487d597e20f330c6c82d603372e08620f385f025db424c0a30369fe53590cdbe4fb655188584b16d01391580a87770d4e5aafd247c9dcd21bdd79480320e030674fc68ff1497e61dea05087f9cbce1211ff06a125088c7c29be4461a24814cbeddb67fa5b142b71f181dbc42708996a14cf013ee9fc3a098999850dca62c8fddee882330d35b6e47a9215e373eed0e115bebbdee74ae5c97f30eb9055635af508e1566f5018900ad385e954d5bdad7435d695410f667f7504148338360de056d5ee7a863c399b2111585792b515a76ece35c410bbe0321038ad340b7f41c4342ad70a0bc4a35e929ab48a8fc084e82bc443ebae1389b748f99b667b00337f6587a2f9faa671ee3fca8b236a110932dca8268270caccb1e55329b88a7f00683dc0eedab0b34bfba457253fcd680d17bbf9d20538fed50b1496cd2c9002af74ce19088069851ca2f14d68fcb7dd9a4edc76244cef1ff92647783c2039a040791daf9af828f4dbf8056458695291d1991fe08e6af3734690a509323c09ae223c995e87415bc531ac86b4033d405f1c1a26b92b0b698d88eea293af5e8efa72b9fe351495fcc999578671ea49a3d8c1eaffcfb39bc5304ebfef9988ad07d928f59a9f0a98131ee9220d2d4e17fc50979cc6ad030946130688d94a7609a910ad8d38a04b5ecd47c3a99986a7d030073ca9ff52fffe40388036536bebb594726019cf16ed43b508bd8ed058bf7f6e24020b004583f2fc74a8f33ff0732d699a60f9695d864ec115a557d5bc30c90820336d5df2076ea34225b74047a8e77aef0102c9894e64e56465f4a4dcd512dead5f9549cb6318d279c8fc58fc0c674d001409b3634bbb2eff530592c94f3f5868a8a389560f9d55dd189b9b08ce56bdac9dad7e1b45dff34cbe5d61b89a8b469026308bf40d598924a104c7642e4b4060404d81757fbafdb20beacd42e4365759c984cbfe3cb6bb0455168144b54cebebec8cd7db37adf7d95bc0b071754dd41072920a6aa049811058f2aca7b25be25e18957baf3036167bcaeb026b5f597c97e18fa3f75c2a46182d8d28ca713826946232b2e0a86f4e58c98a0ad955408a5120d54fa6ab2e531c883292e4dbf8b57c0459e0efc0092e360fca04974705e27e41cec79e21960aa148b68f83f13b484ae5689734fd123347a0b752f4d238a7ffd82cc60d75fc776f1baeed40435112122cc51cebc45ebe446807c7e42077795633f0b1d9e6bc86fbb03859bc82d9be58d1e5637830bf50a1d8bcf2c1489bbecac358a650207edec957d3f32ee52b8df605f549947476dea6c693522f60e628daaf1dc3a5c16fdaf6d8526309631ed797d2e63466f764aa96fd5a7bd9ae08ddbc850b6d65462a213e6a00c9e3ad7efcf74d0cf091acfb0eb3bddea7b0e4f3bbfe793e4ea7bb99c39f6a6c7eb2caee54ef51e0c5b78d58f3e070b4fe12131510e77e6202657c6d9f9d17b82492875d19b346ba745a3ebf4c3c3e9560e1fcd7484d19cb06e3f9061d35bfe9157aa1f116900c7a6e13fdefdece4ae13c3754214385f4e4ba97323d4bb37ef4233eaa66aa0819a742b3512b0535fdec06adbfb275151d2d0a9fddc1d26737a7f73a118911d94f9c4e3828a8d12c5286f489868bfaf2c52ed86be6d401755819049ba8c38bbfcd8de2f5b506e344bdfcb0c940c4d8ec8b4ec0adad47f0a7a31f905f97ade73de462810f61f06e2dfc6b1cb248bb867f3b5c3c44034c42c2329863492f6cb47a6a0327b2453a77e09bcbb9646ff40f2228d800feea351fb0b78543d6fb2454fc4bfab4ce62b84bce8a37af62e921471d741dde016d485d49f6f2f9b45eff00fd74553d39137347fb5dc82a99e05c6e8c46512514a3c0d0a52feb3c133dde3661e2947a36190f82e820c25575d41e88f820af71cb3e44080c5b73acae6f7ab6a6b7a6c563068196143e88ce797e35b7cbdd684eeee2a4478d6890d0e1a5752e796efe1ccaa90bf7e2323c3f3f40f40853a8173b70ce324a19e2e209e5c5ced5df5a5d63d67d1a1ca22dab0ed7d350c264ec939a58f22d75fff2ab3df31a52d605b1a839850c6c8b58ae6a04b0d611041a2e963c68cbe8ec1f6655289f8c071357659ed46d0354ed1a7f245aabe5ed3678d3105347312303cfb38ef99e8ffceb1418716d7574c9dce6440ab5a3bc24ff04190ea0763d3caf2421ed411280c0b91a03a983d66618df5aa471cba8bc3cbc8609e1ba846335b1b1fc26acd818dc54bb9836e3d10fb1738d84d69b2106f9dcafa0303c35d0ddafec559e741f63280ddad8e667fe23312479c05a86c0c380623408b90b41d1a61eaecd631a55d698e8fe8652c28cae2fe18523c872ccb9edc3474475e115d0c740b6cc47b6e030578514ce172b3960ad0095fb1f195d070953c9c415f49513c9cd9a9751eab83d7e58db0c2e47eb83f76273ebf958fca58f68f432bc481647dfd3c3ffa6a51539e8eb53b67cce64109d143ea55adfae2a87f9d9863e0aba4205c9463484c0026f71ad0305b606094e1568c1cb6457396267e97762d91f1abc64708006d4694d51a361e4669a1d0267ac6aab903d9f8acd0740f47640ed8722a8db11f307bbfb1471b626893094ffbedb154c7cb58a1bcd27ff7c949934ce072f622b13c7ac97465af528aa54fe9eee1cac392404015e41aa4581f7b7e8d547817b1b6bb90ee5c0c47dd78946f21fb518a17b76f8fcfbb245242e50ab67654c7ed4107160dbafabef4fa5dcbfacfb2553b0607822bc8bffb84fa6c440e2697d68b95c08a8cd89d8bdaf0b6f8978fa17aade0b2265ca69edf54a36445a1d2a90ca85ca04bbdafe72d408d7f24f86f2223fc206ff3fe5e60a423c946b"}]}, 0x1050}], 0x5}, 0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="090d2000000000f0ff000700000008000300", @ANYRES32=r2, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc0008000500040000001400040073"], 0x58}}, 0x0) 808.440553ms ago: executing program 0 (id=695): bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="8d88eb93b41b0000000000000000000000008000000000000000000000000000000062a26aad7895cfbd783d9aa35325ea3723f3afb66a86dde7088bd5c2a1a07f50e4af8eaa66a09645f9cd27170f572ec2aa50", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) (async) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="8d88eb93b41b0000000000000000000000008000000000000000000000000000000062a26aad7895cfbd783d9aa35325ea3723f3afb66a86dde7088bd5c2a1a07f50e4af8eaa66a09645f9cd27170f572ec2aa50", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r1 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000180), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000200)) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'team0\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f00000003c0)={'syztnl2\x00', &(0x7f0000000380)={'gretap0\x00', r3, 0x700, 0x1, 0xd, 0x7, {{0x6, 0x4, 0x0, 0x0, 0x18, 0x65, 0x0, 0x7, 0x0, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x12}, {[@end]}}}}}) sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000a050}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x98, r2, 0x10, 0x70bd27, 0x25dfdbfd, {}, [{{0x8, 0x1, r3}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r4}}}]}}]}, 0x98}, 0x1, 0x0, 0x0, 0x5}, 0x8884) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x8, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x0, 0x41}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 801.417334ms ago: executing program 1 (id=696): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) connect$can_j1939(r0, &(0x7f0000000040)={0x1d, r1, 0x2, {0x1, 0xf0, 0x3}}, 0x18) socketpair(0x11, 0x3, 0xa2b, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) getpeername$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, &(0x7f0000000100)=0x10) setsockopt$RDS_CANCEL_SENT_TO(r2, 0x114, 0x1, &(0x7f0000000140)={0x2, 0x4e23, @multicast2}, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) sendmsg$NL80211_CMD_UPDATE_FT_IES(r3, &(0x7f0000001380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001340)={&(0x7f0000000200)={0x112c, r4, 0x100, 0x70bd26, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x56a, 0x13}}}}, [@NL80211_ATTR_MDID={0x6, 0xb1, 0x5}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x80}, @NL80211_ATTR_IE={0x10e6, 0x2a, [@mesh_id={0x72, 0x6}, @chsw_timing={0x68, 0x4, {0x4, 0xfff}}, @channel_switch={0x25, 0x3, {0x0, 0x9, 0x7f}}, @supported_rates={0x1, 0x2, [{0x0, 0x1}, {0x18}]}, @measure_req={0x26, 0x3e, {0x5, 0xf7, 0x3, "1784676dc78a3ea222d81747316175ae798657bd399fdc983813012e7d8d2507e04065b3e40d45474c65447b04c937415f2d53e198bafb3667dd93"}}, @peer_mgmt={0x75, 0x4, {0x0, 0xc027, @void, @void, @void}}, @erp={0x2a, 0x1, {0x0, 0x1}}, @preq={0x82, 0x78, {{0x1, 0x1, 0x0, 0x0, 0x1}, 0x80, 0x3, 0x0, @device_a, 0x3, @value=@broadcast, 0x7, 0x200, 0x8, [{{0x1}, @broadcast, 0x4}, {{0x1}, @broadcast, 0x8000}, {{0x1}, @broadcast, 0x4}, {{0x1, 0x0, 0x1}, @broadcast, 0x3}, {{0x1, 0x0, 0x1}, @device_b, 0x5}, {{}, @device_a, 0xec5}, {{}, @broadcast, 0x2}, {{}, @device_a, 0x6}]}}, @supported_rates={0x1, 0x1, [{0x5, 0x1}]}, @measure_req={0x26, 0x1003, {0x7, 0x9, 0x3, "71fbc3bf269b48662768543d99d696897a440bd878719150b956370ea4e5a3d86208452c11c9e60b656c0939bf54f05a64f970951e2440e71b7eff25ed662f32ff3eb615c011d52ce6b9ad01c8e59bceb201f1405aecf88d86072f8c79218fc716fa5d1ae3f836360c7252b38d49fbba3859d95529fdfb543a5435a06f457300ada975cb5a6141274cb4e686d839fd92130c5d57602318bfeecb751d6ea03800cb08673161d3d46125dfe9ac73676b81c2b73d9ed6ce7727d89045d5388d31dd4d8eb3e68b21e85af51c50de420f343d586e7ae762dea9666360505fb47ac89e9c88b2e359a06d1c86eee6a24c600d9d63488e2fd70f4931284f2955839c0ffe5053c109f62cf6e54ecd3cb102b9f243135b34b3fa3e1fafd3eef292e0bbafaed1aca58186f2f7e80df3f614a6dcf9a407df966b34f20a4bbf4a794f810cb934d669c3a7d67e5193c8b339fb5b5443c3fb29dc36c59232d3762e13cc440e7475a7cf3bd20863f18c30effd7e7cd2721f2795491c91bbfe3e09d86456c2e3a948150a0c5a298974f6102a1234a49b40ddcc5fd4eae368ecf223ccb803ac41894e7796b1891e92580e365ed349cde5cbff90244146b7b0819bde76c98dd8350e442bf9f3f9a7c0bc3f9d313f379bd41755df68caa6d983b084840ef09273faec9757f4c0e5ac5fd13fd4054bbfe8f22e7a21503413b36478e98ceed91410bf37460d29381c930f109cebc8d524b59b8904b62082069e8a68a06e5d22761123cd183bc8d7426e0e7052c1ab96120208c6aaaee7eef32799852ede18332cc3bcd96f9de58111a6961e03afabeadbc6ec334f47cd593692faca6eb4a1633e3b2737b5bebfe803d20df8593bcb6baca3db97eeb9b3a8b44499b3abe268fda2631fabd4286cc15be577c764aa131224aab23e0e42869f2a7e69718f75104fff9bd4ce3f1c837594fcb895d2acd1cd81e948103b5069d60c75171fde1565ea4c6a5dade1f9ed3f243eeee78e0d302a57d6d4ef469e054e1cf7a214f693d3d1af7c0ed5c4ff543425071aabfc396a94c8cc708d00a4b44c2109c51fc00a4923ba6021f2f982888196e788c69ec9769b4c7c7c41f9fd4ac70fea0a37e92d319d0eb1e678d7926a060e2887e45ebdbf3b648545612687b6af3a211875d3b2120a4a8ccaa7623360cb489394b50c1cc5ba7f8dd0593db72c145920efc84753d9006d77d6ea83a209d7506288df193cf05366f72e6b4a10f373e242f1bccb472e5d4b685289699b5e352fa63b82c19ed87ca47f5dc3b2b4bfd7f64defc386af2462933064e71477052e76a8d0fc3942ae0bab53de97c968f9ba3b262e8c0b01bf9d128f5ebdb70b8b3cdf6f67a34fce13e3661edc7dd4764309d0e03d2df0677287ec3a801d0550aa5f77a66b982420a508764abdeca224d33f178df40dcfc9f16e410a56bf0496553e6bb361d3551ede92f0a02b20821ec4cf39476923a414930374828ac16df3f1446ecfa649d51a6d6839e3c83c57405d11df92d80c696cad51af5e72ddb81b479b5c99f35749d9fed1f33cbb45c8b268747eac0c7e42fbf6daca3fc4176666f048a769318cb30f28fdb50901daa1a3250f76dbcb294e765f676489c546a612e736e1f1b2447e77de415f542efd375189525cc82c6a61d9d205406159cc619735d07e8d6cf373319900297f63b32fe2d13bc070733fb1dba6ed46d28b94568851fd8c481f88c8d66d6c41ed274c776bb3408078231286b7cbb54785c9b1a540389eef48a7a1d8037997329e798e5f8bf0d5dee117fa0d3570a5a34a19fd082599683cd023c7b9a0977258891a910f6d6d61b382d240e9bb092afd4e4d0c1a6f5de80e272ef731d53eeada4872d15f72420d3b11e49ddca8eb1ce548b88d3bac748219fa3dd545d400751e1feb73816d6769a522b9b46293fcb932152fb4c85134ff5c0772aa48b89642564780be15b12eff32b2a01abae4ad37ae9c82d96d0baa3437fdbf29e60db2c3ecaaeaebce5cc22257f96786f6918129ce2afb9130981cd1e5f17e38872694529211bb96848dab8ef06d55b3474c320778ff6ae75638b9219e494f8c7ba22f0ce5753dd5a44afb343f7e05ebd0f734b9d4937790e7d6a0e2e6bbfbe5b15e347035a5497b6564182eecdf0b2e50fc660cc796868d0564b9667eaede513dbc401bf881e2e26602dfd48f6a5c2fc8783ea902b647d29d9ba94dd11b25220efc9e7048dacb22825e792dc94c551e5ea45d2a255a6577220ad2bab4a6a909be82b06167a3355ab10fec8b100d070c9e3743428074dff00ad7abd21c06f50fd24026ed595d36b1d28c206d46c52b17bedbbb0ac5e108edb206f59dcfd9fc7534274de71a77d9da19cb1c8ac6100a2996935f61225f87a30616f81fbc4b51b060f5627565896fc343990d9b7df170c0337d005f92572821fc74d553f722fa08c37049e7117ad90c8a7b482ffc6a729d02db099496aabce4e88c80dd25f2c28462ae38940d0390aee17128fcab12265cbf836374d28e71aa129b3596bb58d37e5feafc8f8c2b4ab56fd79f7ad6f1ed902ce4a987ed8316396bb7ff6b1daef3250535e57f962903bf3e50db2ac6f42eabd9dab2e6f6128b7163bbfd687570ed2d22d73b8fc89ee8c40312dfb09bcba1b73e2e2753ac80a03e804b77285b33d4c0ad35aa9bcc9b06ee5e77395f54ef47decadc6b243ba769502130752f9575bd5decfcc6965237b26860f41430aeb477d91e1f44332fd20414878d4d368404e550fd97097d810ed209106e7f9d4175ffb4445dae948a943e3815789869a2ef9cb879cac056a613153ed32a740806983cb4ed70a7f7849353461735af802dbc9458abb49ef63e81968a40aaaed8d78c78b915e3d707be0994c147fd420eee2a4aad8253d6f6868d24f537be2a2604100c1aca92f1758ef712a0ed29f83ec4267e69325cf08efc2a59bb8366eb3ee92399c31c3aeeba130ebaeb96de33c1e6c1dadf0a0e4be88b3f8df1d67ce9e948819e3e2988e403264e2cee28bd795d5f7a1ddf747e4920d58e6306405f200793b8629d39ebdfac52146da38a08c40a7a7a1155db694cb3fe07c9ecaf9b5e3e7bea931b024a26ebf0b8afd57232afc8d658bd355bce81acd6642db62473195e438b11848741d989f260ffdce0bc409ca43784d2f56b4a08f2c04611c435e5df2fce065a9335d48538af00c745c8c744e2020e70dc3b57c16f5d6d6c1134bf769038e52aec0a16c156c6249ca139ca6b23283dd9ae78583d912ecdd85b5499c0005eeb7e2a83b2684daeaf216a0d122248ff19cf8b137a02ef68039d1c3659f5a836c480443cf08738b90e414803441131aba7fb7155cffcbda4bc9c5cbedbdfd40c1e99636e821d76fdeaa08c0b12a5421bfffe282618712e70049bc6c8384f4f4d0a4ac31d0637a4ebc8cebd3fcb3db586dd68d21e6b76d655d3abf465328bffa926eb308e4f42c68a782da7ac04d4ae6918b6f33ed9ef8ad97cb2e751e34a94780ffc6383222d2c76a3ad019c9c7592184cbeba31dca524f84f5d54191b958ceb154fae608f86b05c11684239657b54ed2bf3575acb27bceb1761bc59f876f859dc2c90206e87947472f5fa5f6b437a7688e3c1f58897d029d0350a21d70be022dd82365d0de3d2d066e250f3be3baf9c166448eada597b62ed824bdf1519bb84b30740320bfe9642af1bd2ccb687b13c8f6f35e3332f08ce444fecf6db1b9eaa64bddf495c8e055266049a9ecdc9091fb9a0ed396408aa9bf3225fb73117b54e35c9911a9ba7694011f1c5be06fc76cdb63da6b3ac0361fda64b35a97eb5614f4afaa3c1d87e849140698a2727184cd98831f97c76db82537b4ea991964c554da7413fd841ff3eb6c8a57060af43c5b157847aada3f7bc8f7ce30d21a3302df5b585aa99dd2eb9929bda66192496109e41f1b8fa148d8d7a48c003a077e066e7092e3d7e45bbe06cc089946b21cfceb68e37fb12cc44ecc12a966914beaecf8bfa0f249b7f7af8cf05b0f14bbe7c4265f4d3ed8066ffa319e12b1736d2ee0ab6f6aa991d6f12087c2a324a1323f81cc9f5904298f47a5b04afc150914247bf97677b794ba58af52d6be589b662ff44dc8313353887eebdd22ac158335fcd27f49de3249fa2b1b759bc5e2f72d97a16cf1ec0dc0b1d8a0f6dde2d281eb3af323a4efb7a963ae5bc703eee4f79baaf61084bbc5072bd9622412d9c286506fb246a73ec9f7b99ecd86cf40859bc36d867544cd068574a707042528e6da8b0fe90cffc1aa181e447e3845e3a23d85f58b60b5e88a4150fb4848d3e8f3f98a4243f3689727f083ddb1805a7f06c077426497e9efd6c176dcf955c1fa8db77b6b647deb2f2ba1d40f9bb8f6f2b32058950c71c4ab5400140a372482d5aca0de14a6758b4a3347c07165bb58124647cb226db36aa4e0464442cfd1fdde78b42891c51f8f686b0b11f88eecdf9aa21bbd5bcbd477a297101e375b3c562760661c14222225eb971421b59be24b47bb5176f0e693e59e5cdfef91d14a5db073d458b94fecad65ef3e809b3cdbf89b0f9dea565ecc2a983deadc543b400c02ae52b945859c6c62a05ad01c3e88845c83bf52e101ade0b602603844487cc8f54bf8bd3ec279d1dddea04ffb4b08134174d74a426cc460ca2ce4d8446458ad093e3a18ec0a80106014a7d949445c4f7c8b766b1f1fec86782eef5e3bf2e935350820254c974f0c0ddd6ad16ab855e028f088abb7b689e622d9f5e15fc8938727c4dd535b7467da2f44e1e30fa360e229373eea4f1e8a9496d9e490a9490a47585c4dc5d180ee464e8cc4a202598bda97252ad1258d2df30f1987df60b4a196462bedf6aa448b8579fc4f07cdb44b87654c2c4dd04a817f54b3ad741bf72a04fccb2870579c560e8f2033d1002993fd7261b613da85ef45b19f6e76265b77d80d9413b2665fc533e23cf8337bb701fe54ae1482ad835dcd9fb638d9bbe95134a9efb9ac35504b8c12f00c8b53c9e432abec69905eabb455efae8078f0e218faf5c350024d7611a428739083240b784791f0c9e51efc9f3bd56740814b7d573611f2dbe62d65b71b507fe88e1bc2c239cad0cb8dbbb1ec0c02835201d86eed8ec6f37b9894b4b64b904ae84a6f981e7729555ad2eecc3a406460a5ed3b587749d612b1813e427711bc875db2422993895e28c3803a697ade2d0003919b681b86584e90864593684d2ea0fd877b19bb9459668483032c0926d98a10593ee2471134062a30f455c5cba29c841ee9d74f4c4b44964aee1af70aeed5748690d2277266369a57d8ea0547a0ccb16705133b127a19516f8e4ac777caf25b3f9eb81d396ecaba38a4cfb93964b3e7fe659e2498fffb56aa92c935d9d8f2efae5c9e1794b6704522e04b592a351e3f2bb5cceaa3fa83bdb6610990a9e2034ff4ce74177ae5f4aa1f7aab58f1ec30375cbfd401b3b9d155cce7cb467d2db0a83cc6988bb775c39e0a502583c9eab2d34d5ce0822ef39e4dce055925706875132cbeb84517a5637e36dd6edc9a650c49ff218797f3d55c8dd0911ac8ff40abd599b53b6ed8817e5e1027797578ab87e16e59f1483476e0fa584ccf899b1724925d500ea0e35926c9dff76af6287bcb6d2ffc9fc4604862f0694f8eea6c95873d3d57f41ea798891a67dbdc614597a37786d02cbcbe978117bfe4f6ed0461389c122ba6a9713e58000bb409c0417419fa18f3da3f72759b188a73263f0dfd023803f59f931154187bbe46f8c7c50a0cc3efc7f08b99f67c8"}}]}, @NL80211_ATTR_IE={0x9, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0x99, 0x5}}]}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x6}]}, 0x112c}}, 0x4048084) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f00000013c0)={0x0}, &(0x7f0000001400)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r3, 0x84, 0x5, &(0x7f0000001440)={r5, @in={{0x2, 0x4e22, @private=0xa010101}}}, 0x84) getsockopt$ARPT_SO_GET_ENTRIES(r3, 0x0, 0x61, &(0x7f0000001500)={'filter\x00', 0xc0, "9c20385880c0d99c9dd47801f37f2798f0cf30b19d60f6ef1e56e85ca38a3f9a8ac21ab5a9921a8a87873e9aa8309f43eabc6a0a6e3f3397f66fb7d6cc06c1944d146aa8e559b4512eeeba3150d38175d534d441bb55eb0073bd73b02d7b2db1327cd20a9cb9463390b3afb6388afcc1cd048f1d1aa812111db44ebee55fa6369c94e03a69a7e8364c1ef72e1d090d46d19ae1731c77b1aa978b2401ef1a98dc45eddae18753219d573c8f9d146d3332c175bf1ddac80137f816aaa08a6ea1e2"}, &(0x7f0000001600)=0xe4) sendmsg$NL80211_CMD_DEL_KEY(r3, &(0x7f0000001780)={&(0x7f0000001640)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001740)={&(0x7f0000001680)={0xa0, r4, 0x8, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_KEY={0x10, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "c779b4c7e2"}]}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x24, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "cfeaad5d40eeb1e7c40be46bf5"}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x1}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY_SEQ={0xb, 0xa, "99192d27e1de5a"}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x5}, @NL80211_ATTR_KEY_SEQ={0xc, 0xa, "8d7be7915f9ec747"}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "b5a120553918e9e0a72e840b95"}]}, 0xa0}, 0x1, 0x0, 0x0, 0x8094}, 0x4000000) socket$xdp(0x2c, 0x3, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f00000017c0)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7a, r1}) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r3, 0x84, 0x4, &(0x7f0000001800), &(0x7f0000001840)=0x4) setsockopt$TIPC_GROUP_LEAVE(r3, 0x10f, 0x88) pipe(&(0x7f0000001880)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_JOIN_OCB(r7, &(0x7f00000019c0)={&(0x7f00000018c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001980)={&(0x7f0000001900)={0x4c, r4, 0x20, 0x70bd26, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x389}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x194}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0xce}, @NL80211_ATTR_CHANNEL_WIDTH={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40001}, 0x20000800) sendmsg$NL80211_CMD_SET_TID_CONFIG(r7, &(0x7f0000001c80)={&(0x7f0000001a00)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000001c40)={&(0x7f0000001a40)={0x1f4, r4, 0x100, 0x70bd27, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x905, 0x62}}}}, [@NL80211_ATTR_TID_CONFIG={0xd8, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}, {0x20, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x5c}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x10000}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}]}, {0x4c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xb6}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x60}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xfffffffffffffff9}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x7e}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x44}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}, {0x4}]}, @NL80211_ATTR_TID_CONFIG={0x50, 0x11d, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xd7}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}]}]}, @NL80211_ATTR_TID_CONFIG={0xac, 0x11d, 0x0, 0x1, [{0x24, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x98}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x32}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x6f}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xc2c}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xdd}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xf3}]}, {0x20, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x6c7c}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x12}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xf9}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x6}]}]}]}, 0x1f4}, 0x1, 0x0, 0x0, 0x20044081}, 0x91) r8 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f0000001cc0)={@loopback, 0x1, 0x2, 0x3, 0x0, 0xff, 0x84a}, 0x20) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001d00)={0x1b, 0x0, 0x0, 0x7, 0x0, r6, 0x7, '\x00', r1, r7, 0x1, 0x4, 0x4, 0x0, @void, @value, @void, @value}, 0x50) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000001f80)={'vxcan1\x00', 0x0}) r11 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000002280)={0x6, 0xa, &(0x7f0000002040)=@raw=[@alu={0x7, 0x1, 0x9, 0xf, 0x4, 0xffffffffffffffe7, 0x1}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x32b75f67}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], &(0x7f00000020c0)='GPL\x00', 0xcd, 0xd3, &(0x7f0000002100)=""/211, 0x41000, 0x46, '\x00', r1, 0x25, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000002200)=[r7, r6, r7], &(0x7f0000002240)=[{0x2, 0x5, 0x7, 0xb}, {0x1, 0x2, 0x0, 0x8}], 0x10, 0x8, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000002400)={0xb, 0x11, &(0x7f0000001d80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r9}}, {}, [@ldst={0x3, 0x3, 0x4, 0x8, 0x5, 0x48}, @exit], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001e40)='syzkaller\x00', 0x6, 0xef, &(0x7f0000001e80)=""/239, 0x40f00, 0x18, '\x00', r10, @fallback=0x37, r7, 0x8, &(0x7f0000001fc0)={0x2, 0x2}, 0x8, 0x10, &(0x7f0000002000)={0x5, 0x9, 0x8, 0xfffffff7}, 0x10, 0xffffffffffffffff, r11, 0x6, &(0x7f0000002340)=[r6], &(0x7f0000002380)=[{0x0, 0x5, 0xf, 0x3}, {0x4, 0x5, 0x5}, {0x4, 0x3, 0x6, 0x6}, {0x4, 0x2, 0x9, 0x4}, {0x5, 0x1, 0x3, 0x3}, {0x4, 0x5, 0x7, 0x3}], 0x10, 0x9, @void, @value}, 0x94) pipe(&(0x7f00000024c0)={0xffffffffffffffff, 0xffffffffffffffff}) r13 = syz_genetlink_get_family_id$gtp(&(0x7f0000002540), r3) sendmsg$GTP_CMD_ECHOREQ(r12, &(0x7f0000002640)={&(0x7f0000002500)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000002600)={&(0x7f0000002580)={0x54, r13, 0x4, 0x70bd28, 0x25dfdbfb, {}, [@GTPA_FAMILY={0x5, 0xd, 0x15}, @GTPA_PEER_ADDRESS={0x8, 0x4, @local}, @GTPA_PEER_ADDR6={0x14, 0xb, @ipv4={'\x00', '\xff\xff', @remote}}, @GTPA_MS_ADDR6={0x14, 0xc, @dev={0xfe, 0x80, '\x00', 0x19}}, @GTPA_LINK={0x8, 0x1, r1}]}, 0x54}, 0x1, 0x0, 0x0, 0x40801}, 0x4008001) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000002780)={@fallback=r3, 0x32, 0x1, 0x8, &(0x7f0000002680)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, &(0x7f00000026c0)=[0x0, 0x0, 0x0], &(0x7f0000002700)=[0x0, 0x0, 0x0], &(0x7f0000002740)=[0x0, 0x0], 0x0}, 0x40) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000027c0)={@ifindex=r1, r11, 0x26, 0x10, 0x0, @void, @value=r12, @void, @void, r14}, 0x20) 735.435049ms ago: executing program 2 (id=697): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0xac}]}, &(0x7f0000000180)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 709.798932ms ago: executing program 1 (id=698): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000006c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_QOS_MAP(r1, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000006800000008000300", @ANYRES32=r3, @ANYBLOB="1700c7"], 0x34}}, 0x0) sendmmsg$unix(r0, &(0x7f0000000c00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000ac0)=[@cred={{0x20}}, @cred={{0x1c}}], 0x40}}], 0x2, 0x0) socket$kcm(0x2, 0x5, 0x84) (async) r4 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r4, 0x84, 0x64, &(0x7f0000000000), 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x6d}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r6}, 0x10) r7 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$inet6_int(r7, 0x29, 0x1f, &(0x7f0000000040), 0x4) (async) setsockopt$inet6_int(r7, 0x29, 0x1f, &(0x7f0000000040), 0x4) r8 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) (async) r9 = socket$inet6_udp(0xa, 0x2, 0x0) unshare(0x600) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0500000004000000e27f00000200000000000000", @ANYRES32, @ANYBLOB="000000000000000001025f92030000e96b99ba4a78e77b9189d100", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) (async) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0500000004000000e27f00000200000000000000", @ANYRES32, @ANYBLOB="000000000000000001025f92030000e96b99ba4a78e77b9189d100", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000006c0)={r10, &(0x7f0000000500), &(0x7f0000000600)=""/155}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r10, &(0x7f0000000040), &(0x7f0000000480)=""/146}, 0x1d) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0x1}, {0x0, 0x7}, {0xfff2, 0xb}}}, 0x24}}, 0x0) (async) sendmsg$nl_route_sched(r8, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0x1}, {0x0, 0x7}, {0xfff2, 0xb}}}, 0x24}}, 0x0) 678.479203ms ago: executing program 2 (id=699): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000040)) write$cgroup_int(r3, &(0x7f0000000000)=0x2, 0x12) vmsplice(r2, &(0x7f0000000680)=[{&(0x7f00000002c0)="2fb50f4f69064cf211dd632970ccb0f0412b", 0x12}], 0x1, 0x4) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x6, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x45}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000000c0)={0x40, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x1, 0x28}, @val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x40}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x60, 0x0, 0x1, 0x201, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x4}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_SEQ_ADJ_REPLY={0x4}]}, 0x60}, 0x1, 0x0, 0x0, 0x10}, 0x0) 627.332737ms ago: executing program 0 (id=700): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket(0x10, 0x3, 0x0) r2 = socket(0x2a, 0x2, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0x5, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0x14, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0x2, 0x2}}]}}]}, 0x48}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000001c0)={'sit0\x00', &(0x7f0000000c40)={'sit0\x00', r3, 0x7, 0x10, 0xffffff81, 0x7, {{0x16, 0x4, 0x3, 0x38, 0x58, 0x68, 0x0, 0x1, 0x4, 0x0, @broadcast, @private=0xa010101, {[@timestamp_addr={0x44, 0x44, 0xe8, 0x1, 0x5, [{@loopback, 0x1}, {@multicast1, 0xfffffff9}, {@multicast2, 0x3}, {@private=0xa010101, 0x3}, {@empty, 0x4}, {@private=0xa010100, 0x3fd}, {@local, 0x1}, {@multicast2, 0x2}]}]}}}}}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0xc2, 0x1, 0x0, 0x0, {[@mss={0x2, 0x4, 0xa005}, @nop]}}}}}}}, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r5, &(0x7f0000000ec0)=[{{&(0x7f0000000300)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000100)='k', 0x1}], 0x1}}], 0x1, 0x0) shutdown(r5, 0x1) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x800, 0x30}, 0xc) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720a00fef8ffffff71a400fe000000007110bf00000000001d300200000000004704000001ed030407030000020000001d440000000000006b0a20fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000003c0)='hrtimer_start\x00', r6, 0x0, 0x8000000000000000}, 0x18) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r6, 0xe0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000040)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0xa, 0x2, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0], 0x0, 0x8e, &(0x7f0000000580)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000200), &(0x7f0000000280), 0x8, 0x77, 0x8, 0x8, &(0x7f0000000380)}}, 0x10) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="38010000100013070000000000000000ac1414aa00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa000000000000000000000000000000003200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005bf067dcbb36f9e61b7871a974544e2a29b219a0989c2ef288e1263043e1dd697f9a4e3b304391ec686b5509f91a8197fb0d78f8"], 0x138}}, 0x0) 535.272545ms ago: executing program 1 (id=701): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f00000001c0)={r1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x22}}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket(0x1e, 0x80005, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_IDLE(r5, 0x103, 0x7, 0x0, 0x0) r6 = socket$inet6(0xa, 0x3, 0x2) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_DAT_CACHE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r4, 0x305, 0x0, 0x0, {0x7}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x1c}}, 0x0) r8 = socket(0x10, 0x3, 0x0) r9 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_ECN={0x8}]}}]}, 0x3c}}, 0x0) sendmsg$BATADV_CMD_SET_HARDIF(r2, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="02829c3c32c6387a0d002cbd7000ffdbdf25", @ANYRES32=r10, @ANYBLOB="0a000900aaaaaaaaaabb0000050037000100000005003300020000000800310026e70000050030000000000008002c000c00000005003000000000000500300005000000"], 0x60}, 0x1, 0x0, 0x0, 0x4000004}, 0x4084) socket(0x2, 0x80805, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x18) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_tcp(0xa, 0x1, 0x0) pipe(&(0x7f0000000100)) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) 488.669135ms ago: executing program 2 (id=702): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000040), 0x4) bpf$ITER_CREATE(0x21, &(0x7f0000000140)={r1}, 0x8) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="e3ac8d1531e387962b0ca2aa7a74e3211faeaa889f81de3e427a41a692b129210df1205309cf3815cb29afa89850693148864e786c8bc88c98a61697ca7d46b15cfcadbced816dcd1133d058c3a5a07abc8f445b2bcf9529"], 0xc8}}, 0x20020880) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2c0000005200010026bd7000fcdbdf250a"], 0x2c}, 0x1, 0x0, 0x0, 0xd441}, 0x0) 217.910037ms ago: executing program 2 (id=703): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10) (async) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1200000022000000040000000600000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000cac4627f619c6fb885e3f0689083ab8b22b797a5f20101c406edf2a81468700339e8b3298c02eb6ca44d0ae2e22070ab3e460ed50aadb99501317673436320948ac6c60b89cc47fe884924d020c6b0cbabf281973f9a7228b988b5ede22e40e54b404506b47f87e614b401b07159344315572156", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) (async) r1 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000000), &(0x7f0000000100)=@udp=r1}, 0x20) (async) r2 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000011c0)={r0, &(0x7f00000001c0)="4addc387a7c74b6eb343d78806a9bfcf0b31766b6dc27b90a63d8bd24db093e86208", &(0x7f0000000000)=@udp=r2}, 0x20) bpf$MAP_UPDATE_ELEM(0x4, &(0x7f00000011c0)={r0, &(0x7f0000000040)="4addc387a7c74b6eb343d78806a9bfcf0b31766b6dc27b90a63d8bd24db093e86208", &(0x7f00000005c0)=@udp}, 0x20) r3 = socket$inet6(0xa, 0x3, 0x8000000003c) (async) r4 = socket$kcm(0x10, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="02000000040000000800000001000000800000003535b3d215ee0169395f"], 0x48) sendmsg$inet(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa310b6b8703360000001f03000000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) (async) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x2, @dev, 0x800}, 0x1c) (async) r5 = socket$igmp6(0xa, 0x3, 0x2) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r5, 0x80089419, &(0x7f0000000080)) (async) r6 = socket$nl_generic(0x10, 0x3, 0x10) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00'}) (async) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004002800018007000100637400001c00028008000240000000150500030000000000080001400000000d0900010073797a300000000009000b00"], 0x80}}, 0x0) (async) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8b28, &(0x7f0000000000)={'wlan1\x00'}) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx\x00'}, 0x58) (async) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003600)=[{{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000500)="d01d4881040cc19a2d2902fdf1d9752173744eebf9f976c207090ab9fc54e1fb15e5ffa4c7270a3d53d0f32cc6327d256ad8a00d8e75f29964d103fdc71b9908bc4ab7d37ecfbbbf3bc0b0c479e116d2218b3925993d746023936cea5863e7848744fd9d5c6edbb2c1d983acf3c2306c2836e49c43ff2c73fd63e5053796d286fbc5668bd46a24b6bade7fd81722cdd380d60d2d766d423d39a4", 0x9a}], 0x1}}], 0x1, 0x0) (async) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) (async) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f00000002c0)={0x0, @in={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0xe, 0x9, 0x9, 0x1, 0x9}, &(0x7f0000000140)=0x98) getsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000380)={r9, 0x6}, &(0x7f00000003c0)=0x8) (async) r10 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r10, 0x0, 0x40, &(0x7f0000001500)=@raw={'raw\x00', 0x8, 0x3, 0xa40, 0x8c0, 0x11, 0x148, 0x9a8, 0x0, 0x9a8, 0x2a8, 0x2a8, 0x9a8, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x878, 0x8c0, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@u32={{0x7e0}, {[], 0x29}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}, {{@uncond, 0x0, 0xb8, 0xe8, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@socket0={{0x20}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xaa0) (async) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000001c0)=ANY=[@ANYBLOB="d8000000", @ANYRESOCT=r5, @ANYBLOB="04002dbd7000f2dbdf254f0000000c00839ced540000680000004c007a8008000400000000181c000200134ecc4d908540c3c8630b918a29360800040004005111335ced5fd94e0800040009000000080004000300000048007a801400010003d869f47d8c428eaa74b31794b4b314b5000400000000000c0003004180081ee4f88f1a080004000c0000000c0003007858754e3c504054080004000800000004007a8020007a800800040005000000140002002929590c5e910000002a68e1"], 0xd8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async) sendmsg(r3, &(0x7f00000000c0)={0x0, 0x9506, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 0s ago: executing program 0 (id=704): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=@delchain={0xc0, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_RATE={0x6, 0x5, {0x9d}}, @filter_kind_options=@f_fw={{0x7}, {0x84, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x9, 0xe}}, @TCA_FW_INDEV={0x14, 0x3, 'batadv_slave_1\x00'}, @TCA_FW_INDEV={0x14, 0x3, 'veth0_to_bond\x00'}, @TCA_FW_CLASSID={0x8}, @TCA_FW_INDEV={0x14, 0x3, 'veth0_to_team\x00'}, @TCA_FW_ACT={0x34, 0x4, [@m_simple={0x30, 0x0, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0xc0}}, 0x0) (async) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) (async) sendmsg$nl_route(r0, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f0000000040)=@ipmr_getroute={0x1c, 0x1a, 0x400, 0x70bd27, 0x25dfdbfe, {0x80, 0x0, 0x0, 0xe, 0x0, 0x3, 0xfe, 0xb, 0x200}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) (async, rerun: 64) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x7e}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0xb00}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) (rerun: 64) kernel console output (not intermixed with test programs): 76.511207][ T6025] bond0: entered promiscuous mode [ 76.516584][ T6025] bond_slave_0: entered promiscuous mode [ 76.523472][ T6025] bond_slave_1: entered promiscuous mode [ 76.532186][ T6034] netlink: 116 bytes leftover after parsing attributes in process `syz.3.218'. [ 76.544923][ T5999] bond0: left promiscuous mode [ 76.552671][ T6029] netlink: 40 bytes leftover after parsing attributes in process `syz.0.217'. [ 76.555227][ T5999] bond_slave_0: left promiscuous mode [ 76.577349][ T5999] bond_slave_1: left promiscuous mode [ 76.680127][ T6041] FAULT_INJECTION: forcing a failure. [ 76.680127][ T6041] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 76.721951][ T6046] netlink: 108 bytes leftover after parsing attributes in process `syz.2.221'. [ 76.737518][ T941] cfg80211: failed to load regulatory.db [ 76.761622][ T6041] CPU: 0 UID: 0 PID: 6041 Comm: syz.3.220 Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 76.771907][ T6041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 76.781975][ T6041] Call Trace: [ 76.783872][ T6050] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.785256][ T6041] [ 76.794445][ T6041] dump_stack_lvl+0x241/0x360 [ 76.798063][ T6050] netlink: 8 bytes leftover after parsing attributes in process `syz.4.224'. [ 76.799139][ T6041] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.813102][ T6041] ? __pfx__printk+0x10/0x10 [ 76.817727][ T6041] ? __pfx_lock_release+0x10/0x10 [ 76.822786][ T6041] should_fail_ex+0x3b0/0x4e0 [ 76.827490][ T6041] _copy_from_user+0x2f/0xe0 [ 76.829359][ T6046] netlink: 108 bytes leftover after parsing attributes in process `syz.2.221'. [ 76.832083][ T6041] copy_msghdr_from_user+0xae/0x680 [ 76.832112][ T6041] ? __pfx___might_resched+0x10/0x10 [ 76.849676][ T6055] netlink: 12 bytes leftover after parsing attributes in process `syz.4.224'. [ 76.851472][ T6041] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 76.851507][ T6041] ? rcu_is_watching+0x15/0xb0 [ 76.851529][ T6041] ? __might_fault+0xaa/0x120 [ 76.875639][ T6041] __sys_sendmmsg+0x36d/0x730 [ 76.880347][ T6041] ? __pfx___sys_sendmmsg+0x10/0x10 [ 76.885575][ T6041] ? __pfx_lock_release+0x10/0x10 [ 76.890623][ T6041] ? kstrtouint_from_user+0x128/0x190 [ 76.896046][ T6041] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 76.901972][ T6041] ? ksys_write+0x229/0x2b0 [ 76.906510][ T6041] ? __pfx_lock_release+0x10/0x10 [ 76.911569][ T6041] ? vfs_write+0x7bf/0xc90 [ 76.916022][ T6041] ? kmem_cache_free+0x1a2/0x420 [ 76.920988][ T6041] ? __mutex_unlock_slowpath+0x21d/0x750 [ 76.926648][ T6041] ? __fget_files+0x3f3/0x470 [ 76.931351][ T6041] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 76.937348][ T6041] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 76.943706][ T6041] ? do_syscall_64+0x100/0x230 [ 76.948492][ T6041] __x64_sys_sendmmsg+0xa0/0xb0 [ 76.953371][ T6041] do_syscall_64+0xf3/0x230 [ 76.957898][ T6041] ? clear_bhb_loop+0x35/0x90 [ 76.962596][ T6041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.968517][ T6041] RIP: 0033:0x7f43cf37dff9 [ 76.973088][ T6041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.992716][ T6041] RSP: 002b:00007f43d0244038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 77.001158][ T6041] RAX: ffffffffffffffda RBX: 00007f43cf535f80 RCX: 00007f43cf37dff9 [ 77.009153][ T6041] RDX: 0000000004000070 RSI: 0000000020003b80 RDI: 0000000000000005 [ 77.017156][ T6041] RBP: 00007f43d0244090 R08: 0000000000000000 R09: 0000000000000000 [ 77.025161][ T6041] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000002 [ 77.033163][ T6041] R13: 0000000000000000 R14: 00007f43cf535f80 R15: 00007ffc85a5f2f8 [ 77.041182][ T6041] [ 77.857149][ T6110] FAULT_INJECTION: forcing a failure. [ 77.857149][ T6110] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 77.870533][ T6110] CPU: 0 UID: 0 PID: 6110 Comm: syz.1.238 Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 77.880801][ T6110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 77.890891][ T6110] Call Trace: [ 77.894195][ T6110] [ 77.897146][ T6110] dump_stack_lvl+0x241/0x360 [ 77.901913][ T6110] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.907140][ T6110] ? __pfx__printk+0x10/0x10 [ 77.911739][ T6110] ? __pfx_lock_release+0x10/0x10 [ 77.916778][ T6110] should_fail_ex+0x3b0/0x4e0 [ 77.921477][ T6110] _copy_from_user+0x2f/0xe0 [ 77.926085][ T6110] copy_msghdr_from_user+0xae/0x680 [ 77.931311][ T6110] ? __pfx___might_resched+0x10/0x10 [ 77.936626][ T6110] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 77.942464][ T6110] ? rcu_is_watching+0x15/0xb0 [ 77.947248][ T6110] ? __might_fault+0xaa/0x120 [ 77.951956][ T6110] __sys_sendmmsg+0x36d/0x730 [ 77.956669][ T6110] ? __pfx___sys_sendmmsg+0x10/0x10 [ 77.961908][ T6110] ? __pfx_lock_release+0x10/0x10 [ 77.966956][ T6110] ? kstrtouint_from_user+0x128/0x190 [ 77.972375][ T6110] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 77.978291][ T6110] ? ksys_write+0x229/0x2b0 [ 77.982806][ T6110] ? __pfx_lock_release+0x10/0x10 [ 77.987834][ T6110] ? vfs_write+0x7bf/0xc90 [ 77.992254][ T6110] ? kmem_cache_free+0x1a2/0x420 [ 77.997280][ T6110] ? __mutex_unlock_slowpath+0x21d/0x750 [ 78.002915][ T6110] ? __fget_files+0x3f3/0x470 [ 78.007597][ T6110] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 78.013583][ T6110] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 78.019916][ T6110] ? do_syscall_64+0x100/0x230 [ 78.024675][ T6110] __x64_sys_sendmmsg+0xa0/0xb0 [ 78.029532][ T6110] do_syscall_64+0xf3/0x230 [ 78.034039][ T6110] ? clear_bhb_loop+0x35/0x90 [ 78.038709][ T6110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.044692][ T6110] RIP: 0033:0x7f066437dff9 [ 78.049110][ T6110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.068709][ T6110] RSP: 002b:00007f06651bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 78.077209][ T6110] RAX: ffffffffffffffda RBX: 00007f0664535f80 RCX: 00007f066437dff9 [ 78.085177][ T6110] RDX: 0000000004000070 RSI: 0000000020003b80 RDI: 0000000000000005 [ 78.093141][ T6110] RBP: 00007f06651bb090 R08: 0000000000000000 R09: 0000000000000000 [ 78.101105][ T6110] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000002 [ 78.109155][ T6110] R13: 0000000000000000 R14: 00007f0664535f80 R15: 00007ffe5f0ad5c8 [ 78.117132][ T6110] [ 78.222357][ T6120] dvmrp0: entered allmulticast mode [ 78.234024][ T6120] dvmrp0: left allmulticast mode [ 78.393708][ T6130] tipc: Enabled bearer , priority 10 [ 79.283759][ T6169] openvswitch: netlink: Missing key (keys=20040, expected=2000) [ 79.527488][ T6181] FAULT_INJECTION: forcing a failure. [ 79.527488][ T6181] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 79.600649][ T941] IPVS: starting estimator thread 0... [ 79.614469][ T6185] x_tables: duplicate underflow at hook 2 [ 79.625542][ T6181] CPU: 1 UID: 0 PID: 6181 Comm: syz.2.254 Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 79.635855][ T6181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 79.646024][ T6181] Call Trace: [ 79.649311][ T6181] [ 79.652238][ T6181] dump_stack_lvl+0x241/0x360 [ 79.656934][ T6181] ? __pfx_dump_stack_lvl+0x10/0x10 [ 79.662141][ T6181] ? __pfx__printk+0x10/0x10 [ 79.666733][ T6181] ? __pfx_lock_release+0x10/0x10 [ 79.671769][ T6181] should_fail_ex+0x3b0/0x4e0 [ 79.676449][ T6181] _copy_from_user+0x2f/0xe0 [ 79.681036][ T6181] copy_msghdr_from_user+0xae/0x680 [ 79.686231][ T6181] ? __pfx___might_resched+0x10/0x10 [ 79.691515][ T6181] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 79.697318][ T6181] ? rcu_is_watching+0x15/0xb0 [ 79.702101][ T6181] ? __might_fault+0xaa/0x120 [ 79.706793][ T6181] __sys_sendmmsg+0x36d/0x730 [ 79.711492][ T6181] ? __pfx___sys_sendmmsg+0x10/0x10 [ 79.716706][ T6181] ? __pfx_lock_release+0x10/0x10 [ 79.721735][ T6181] ? kstrtouint_from_user+0x128/0x190 [ 79.727123][ T6181] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 79.733023][ T6181] ? ksys_write+0x229/0x2b0 [ 79.737544][ T6181] ? __pfx_lock_release+0x10/0x10 [ 79.742596][ T6181] ? vfs_write+0x7bf/0xc90 [ 79.747023][ T6181] ? kmem_cache_free+0x1a2/0x420 [ 79.751981][ T6181] ? __mutex_unlock_slowpath+0x21d/0x750 [ 79.757619][ T6181] ? __fget_files+0x3f3/0x470 [ 79.762312][ T6181] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 79.768300][ T6181] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 79.774630][ T6181] ? do_syscall_64+0x100/0x230 [ 79.779390][ T6181] __x64_sys_sendmmsg+0xa0/0xb0 [ 79.784242][ T6181] do_syscall_64+0xf3/0x230 [ 79.788741][ T6181] ? clear_bhb_loop+0x35/0x90 [ 79.793419][ T6181] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 79.799312][ T6181] RIP: 0033:0x7f151557dff9 [ 79.803719][ T6181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 79.823322][ T6181] RSP: 002b:00007f1516322038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 79.831733][ T6181] RAX: ffffffffffffffda RBX: 00007f1515735f80 RCX: 00007f151557dff9 [ 79.839696][ T6181] RDX: 0000000004000070 RSI: 0000000020003b80 RDI: 0000000000000005 [ 79.847660][ T6181] RBP: 00007f1516322090 R08: 0000000000000000 R09: 0000000000000000 [ 79.855623][ T6181] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000002 [ 79.863591][ T6181] R13: 0000000000000000 R14: 00007f1515735f80 R15: 00007fff2675e5d8 [ 79.871569][ T6181] [ 79.945619][ T6182] IPVS: using max 19 ests per chain, 45600 per kthread [ 80.404675][ T6214] mac80211_hwsim hwsim7 wlan0: entered allmulticast mode [ 80.448879][ T6220] macvlan2: entered promiscuous mode [ 80.454330][ T6220] vlan0: entered promiscuous mode [ 80.960323][ T6246] __nla_validate_parse: 9 callbacks suppressed [ 80.960341][ T6246] netlink: 16 bytes leftover after parsing attributes in process `syz.3.279'. [ 80.999602][ T6246] netlink: 4 bytes leftover after parsing attributes in process `syz.3.279'. [ 81.399686][ T6269] bond0: entered promiscuous mode [ 81.404779][ T6269] bond_slave_0: entered promiscuous mode [ 81.423825][ T6269] bond_slave_1: entered promiscuous mode [ 81.483261][ T6268] bond0: left promiscuous mode [ 81.501206][ T6268] bond_slave_0: left promiscuous mode [ 81.515936][ T6268] bond_slave_1: left promiscuous mode [ 81.739720][ T6293] netlink: 24 bytes leftover after parsing attributes in process `syz.4.282'. [ 82.036156][ T6320] bond0: entered promiscuous mode [ 82.062041][ T6320] bond_slave_0: entered promiscuous mode [ 82.086478][ T6320] bond_slave_1: entered promiscuous mode [ 82.161015][ T6318] bond0: left promiscuous mode [ 82.187814][ T6318] bond_slave_0: left promiscuous mode [ 82.200838][ T6318] bond_slave_1: left promiscuous mode [ 82.221887][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 82.291301][ T6328] netlink: 4 bytes leftover after parsing attributes in process `syz.3.303'. [ 82.323254][ T6331] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 82.363987][ T6331] batadv_slave_1: entered promiscuous mode [ 82.531622][ T6342] netlink: 'syz.3.307': attribute type 10 has an invalid length. [ 82.570009][ T6342] netlink: 40 bytes leftover after parsing attributes in process `syz.3.307'. [ 82.586522][ T6342] veth0_vlan: entered allmulticast mode [ 82.592724][ T6342] bridge0: port 3(veth0_vlan) entered blocking state [ 82.629684][ T6342] bridge0: port 3(veth0_vlan) entered disabled state [ 82.647653][ T6342] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 83.097106][ T6373] netlink: 152 bytes leftover after parsing attributes in process `syz.2.315'. [ 83.313425][ T6370] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.321421][ T6370] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.361265][ T6381] dvmrp0: entered allmulticast mode [ 83.385807][ T6378] dvmrp0: left allmulticast mode [ 83.394784][ T6383] netlink: 1696 bytes leftover after parsing attributes in process `syz.0.319'. [ 83.809211][ T6398] netlink: 28 bytes leftover after parsing attributes in process `syz.4.324'. [ 83.933387][ T6397] delete_channel: no stack [ 84.021894][ T6403] netlink: 44 bytes leftover after parsing attributes in process `syz.4.326'. [ 84.194553][ T6414] netlink: 104 bytes leftover after parsing attributes in process `syz.4.329'. [ 84.569905][ T6430] IPv4: Oversized IP packet from 172.20.20.24 [ 84.577842][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 84.584884][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 84.686935][ T6448] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 85.871308][ T6515] netlink: 'syz.2.356': attribute type 1 has an invalid length. [ 85.884097][ T6515] netlink: 'syz.2.356': attribute type 1 has an invalid length. [ 86.025422][ T6520] __nla_validate_parse: 4 callbacks suppressed [ 86.025441][ T6520] netlink: 28 bytes leftover after parsing attributes in process `syz.2.359'. [ 86.041005][ T6520] netlink: 12 bytes leftover after parsing attributes in process `syz.2.359'. [ 86.050498][ T6520] netlink: 16 bytes leftover after parsing attributes in process `syz.2.359'. [ 86.131154][ T6526] netlink: 32 bytes leftover after parsing attributes in process `syz.4.360'. [ 86.151527][ T6530] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 0, id = 0 [ 86.173928][ T6526] IPVS: stopping master sync thread 6530 ... [ 86.203722][ T6526] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 86.244020][ T6526] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 86.371364][ T6543] netlink: 4 bytes leftover after parsing attributes in process `syz.0.366'. [ 86.425683][ T6543] bridge_slave_1: left allmulticast mode [ 86.431409][ T6543] bridge_slave_1: left promiscuous mode [ 86.483653][ T6543] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.576149][ T6543] bridge_slave_0: left allmulticast mode [ 86.581847][ T6543] bridge_slave_0: left promiscuous mode [ 86.594971][ T6543] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.759976][ T6567] netlink: 16 bytes leftover after parsing attributes in process `syz.1.372'. [ 86.928723][ T6584] netlink: 'syz.4.376': attribute type 7 has an invalid length. [ 86.949666][ T6575] Bluetooth: MGMT ver 1.23 [ 86.957584][ T6584] netlink: 'syz.4.376': attribute type 39 has an invalid length. [ 87.024795][ T6581] netlink: 'syz.2.375': attribute type 1 has an invalid length. [ 87.044922][ T6589] xt_TCPMSS: Only works on TCP SYN packets [ 87.053572][ T6588] netlink: 'syz.1.377': attribute type 10 has an invalid length. [ 87.080902][ T6588] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.377'. [ 87.109242][ T6588] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 87.152425][ T6588] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 87.183212][ T6591] netlink: 'syz.1.377': attribute type 4 has an invalid length. [ 87.253255][ T6593] netlink: 'syz.4.378': attribute type 10 has an invalid length. [ 87.322107][ T6593] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.342824][ T6593] team0: Port device batadv0 added [ 87.359353][ T6601] netlink: 4 bytes leftover after parsing attributes in process `syz.0.381'. [ 87.377749][ T6602] netlink: 8 bytes leftover after parsing attributes in process `syz.2.382'. [ 87.618578][ T6619] xt_CT: You must specify a L4 protocol and not use inversions on it [ 87.647777][ T6619] netlink: 36 bytes leftover after parsing attributes in process `syz.4.388'. [ 87.680152][ T6621] netlink: 'syz.3.389': attribute type 1 has an invalid length. [ 87.961659][ T6632] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 87.995678][ T6632] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 88.020648][ T6632] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 88.155460][ T6632] team0: Port device batadv0 removed [ 88.226570][ T6644] netlink: 'syz.1.397': attribute type 4 has an invalid length. [ 88.316615][ T6648] netlink: 'syz.1.397': attribute type 4 has an invalid length. [ 88.482947][ T6662] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 88.554141][ T6667] netlink: 'syz.0.402': attribute type 1 has an invalid length. [ 88.875304][ T6680] xt_addrtype: ipv6 BLACKHOLE matching not supported [ 88.982709][ T6686] netlink: 'syz.0.408': attribute type 2 has an invalid length. [ 89.083609][ T6695] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: invalid value (5) [ 89.207002][ T6704] FAULT_INJECTION: forcing a failure. [ 89.207002][ T6704] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 89.232236][ T6704] CPU: 0 UID: 0 PID: 6704 Comm: syz.3.413 Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 89.242531][ T6704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 89.252607][ T6704] Call Trace: [ 89.255899][ T6704] [ 89.258844][ T6704] dump_stack_lvl+0x241/0x360 [ 89.263554][ T6704] ? __pfx_dump_stack_lvl+0x10/0x10 [ 89.268781][ T6704] ? __pfx__printk+0x10/0x10 [ 89.273400][ T6704] ? __pfx_lock_release+0x10/0x10 [ 89.278468][ T6704] should_fail_ex+0x3b0/0x4e0 [ 89.283180][ T6704] _copy_from_user+0x2f/0xe0 [ 89.287797][ T6704] copy_msghdr_from_user+0xae/0x680 [ 89.293022][ T6704] ? __pfx___might_resched+0x10/0x10 [ 89.298361][ T6704] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 89.304197][ T6704] ? rcu_is_watching+0x15/0xb0 [ 89.308980][ T6704] ? __might_fault+0xaa/0x120 [ 89.313682][ T6704] __sys_sendmmsg+0x36d/0x730 [ 89.318387][ T6704] ? __pfx___sys_sendmmsg+0x10/0x10 [ 89.323628][ T6704] ? __pfx_lock_release+0x10/0x10 [ 89.328647][ T6704] ? kstrtouint_from_user+0x128/0x190 [ 89.334040][ T6704] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 89.339953][ T6704] ? ksys_write+0x229/0x2b0 [ 89.344474][ T6704] ? __pfx_lock_release+0x10/0x10 [ 89.349508][ T6704] ? vfs_write+0x7bf/0xc90 [ 89.353948][ T6704] ? kmem_cache_free+0x1a2/0x420 [ 89.358889][ T6704] ? __mutex_unlock_slowpath+0x21d/0x750 [ 89.364529][ T6704] ? __fget_files+0x3f3/0x470 [ 89.369220][ T6704] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 89.375208][ T6704] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 89.381625][ T6704] ? do_syscall_64+0x100/0x230 [ 89.386399][ T6704] __x64_sys_sendmmsg+0xa0/0xb0 [ 89.391269][ T6704] do_syscall_64+0xf3/0x230 [ 89.395773][ T6704] ? clear_bhb_loop+0x35/0x90 [ 89.400446][ T6704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.406337][ T6704] RIP: 0033:0x7f43cf37dff9 [ 89.410750][ T6704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.430363][ T6704] RSP: 002b:00007f43d0244038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 89.438887][ T6704] RAX: ffffffffffffffda RBX: 00007f43cf535f80 RCX: 00007f43cf37dff9 [ 89.446859][ T6704] RDX: 0000000004000070 RSI: 0000000020003b80 RDI: 0000000000000005 [ 89.454840][ T6704] RBP: 00007f43d0244090 R08: 0000000000000000 R09: 0000000000000000 [ 89.462815][ T6704] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000002 [ 89.470787][ T6704] R13: 0000000000000000 R14: 00007f43cf535f80 R15: 00007ffc85a5f2f8 [ 89.478850][ T6704] [ 89.524520][ T6713] FAULT_INJECTION: forcing a failure. [ 89.524520][ T6713] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 89.561594][ T6713] CPU: 1 UID: 0 PID: 6713 Comm: syz.4.416 Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 89.571887][ T6713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 89.581965][ T6713] Call Trace: [ 89.585265][ T6713] [ 89.588221][ T6713] dump_stack_lvl+0x241/0x360 [ 89.593025][ T6713] ? __pfx_dump_stack_lvl+0x10/0x10 [ 89.598254][ T6713] ? __pfx__printk+0x10/0x10 [ 89.602877][ T6713] ? __pfx_lock_release+0x10/0x10 [ 89.607935][ T6713] should_fail_ex+0x3b0/0x4e0 [ 89.612645][ T6713] _copy_from_user+0x2f/0xe0 [ 89.617259][ T6713] copy_msghdr_from_user+0xae/0x680 [ 89.622478][ T6713] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 89.628302][ T6713] __sys_sendmsg+0x22d/0x380 [ 89.632889][ T6713] ? __pfx___sys_sendmsg+0x10/0x10 [ 89.638003][ T6713] ? __pfx_vfs_write+0x10/0x10 [ 89.642795][ T6713] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 89.649128][ T6713] ? do_syscall_64+0x100/0x230 [ 89.653890][ T6713] ? do_syscall_64+0xb6/0x230 [ 89.658578][ T6713] do_syscall_64+0xf3/0x230 [ 89.663096][ T6713] ? clear_bhb_loop+0x35/0x90 [ 89.667771][ T6713] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.673663][ T6713] RIP: 0033:0x7f646037dff9 [ 89.678123][ T6713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.697727][ T6713] RSP: 002b:00007f64611fe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 89.706142][ T6713] RAX: ffffffffffffffda RBX: 00007f6460535f80 RCX: 00007f646037dff9 [ 89.714109][ T6713] RDX: 0000000000048080 RSI: 0000000020000840 RDI: 0000000000000004 [ 89.722072][ T6713] RBP: 00007f64611fe090 R08: 0000000000000000 R09: 0000000000000000 [ 89.730209][ T6713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 89.738174][ T6713] R13: 0000000000000000 R14: 00007f6460535f80 R15: 00007ffcd5e22718 [ 89.746153][ T6713] [ 89.840628][ T6721] IPv6: sit1: Disabled Multicast RS [ 89.891141][ T6719] netlink: 'syz.1.418': attribute type 1 has an invalid length. [ 90.253535][ T6753] FAULT_INJECTION: forcing a failure. [ 90.253535][ T6753] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 90.278227][ T6753] CPU: 1 UID: 0 PID: 6753 Comm: syz.1.428 Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 90.288521][ T6753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 90.298610][ T6753] Call Trace: [ 90.301914][ T6753] [ 90.304865][ T6753] dump_stack_lvl+0x241/0x360 [ 90.309587][ T6753] ? __pfx_dump_stack_lvl+0x10/0x10 [ 90.314822][ T6753] ? __pfx__printk+0x10/0x10 [ 90.319450][ T6753] ? __pfx_lock_release+0x10/0x10 [ 90.324514][ T6753] should_fail_ex+0x3b0/0x4e0 [ 90.329230][ T6753] _copy_from_user+0x2f/0xe0 [ 90.333850][ T6753] copy_msghdr_from_user+0xae/0x680 [ 90.339077][ T6753] ? __pfx___might_resched+0x10/0x10 [ 90.344397][ T6753] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 90.350235][ T6753] ? rcu_is_watching+0x15/0xb0 [ 90.355024][ T6753] ? __might_fault+0xaa/0x120 [ 90.359721][ T6753] __sys_sendmmsg+0x36d/0x730 [ 90.364422][ T6753] ? __pfx___sys_sendmmsg+0x10/0x10 [ 90.369640][ T6753] ? __pfx_lock_release+0x10/0x10 [ 90.374687][ T6753] ? kstrtouint_from_user+0x128/0x190 [ 90.380085][ T6753] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 90.385977][ T6753] ? ksys_write+0x229/0x2b0 [ 90.390485][ T6753] ? __pfx_lock_release+0x10/0x10 [ 90.395517][ T6753] ? vfs_write+0x7bf/0xc90 [ 90.399938][ T6753] ? kmem_cache_free+0x1a2/0x420 [ 90.404884][ T6753] ? __mutex_unlock_slowpath+0x21d/0x750 [ 90.410523][ T6753] ? __fget_files+0x3f3/0x470 [ 90.415293][ T6753] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 90.421274][ T6753] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 90.427600][ T6753] ? do_syscall_64+0x100/0x230 [ 90.432361][ T6753] __x64_sys_sendmmsg+0xa0/0xb0 [ 90.437213][ T6753] do_syscall_64+0xf3/0x230 [ 90.441709][ T6753] ? clear_bhb_loop+0x35/0x90 [ 90.446384][ T6753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.452274][ T6753] RIP: 0033:0x7f066437dff9 [ 90.456689][ T6753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.476292][ T6753] RSP: 002b:00007f06651bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 90.484703][ T6753] RAX: ffffffffffffffda RBX: 00007f0664535f80 RCX: 00007f066437dff9 [ 90.492679][ T6753] RDX: 0000000004000070 RSI: 0000000020003b80 RDI: 0000000000000005 [ 90.500644][ T6753] RBP: 00007f06651bb090 R08: 0000000000000000 R09: 0000000000000000 [ 90.508608][ T6753] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000002 [ 90.516573][ T6753] R13: 0000000000000000 R14: 00007f0664535f80 R15: 00007ffe5f0ad5c8 [ 90.524551][ T6753] [ 90.588527][ T6762] tipc: Can't bind to reserved service type 3 [ 90.724665][ T6772] FAULT_INJECTION: forcing a failure. [ 90.724665][ T6772] name failslab, interval 1, probability 0, space 0, times 1 [ 90.772101][ T6772] CPU: 1 UID: 0 PID: 6772 Comm: syz.2.431 Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 90.782399][ T6772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 90.792488][ T6772] Call Trace: [ 90.795791][ T6772] [ 90.798742][ T6772] dump_stack_lvl+0x241/0x360 [ 90.803455][ T6772] ? __pfx_dump_stack_lvl+0x10/0x10 [ 90.808686][ T6772] ? __pfx__printk+0x10/0x10 [ 90.813299][ T6772] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 90.819303][ T6772] ? __pfx___might_resched+0x10/0x10 [ 90.824625][ T6772] should_fail_ex+0x3b0/0x4e0 [ 90.829337][ T6772] should_failslab+0xac/0x100 [ 90.834043][ T6772] ? __alloc_skb+0x1c3/0x440 [ 90.838659][ T6772] kmem_cache_alloc_node_noprof+0x71/0x320 [ 90.844510][ T6772] __alloc_skb+0x1c3/0x440 [ 90.848970][ T6772] ? __pfx___alloc_skb+0x10/0x10 [ 90.853941][ T6772] ? netlink_autobind+0xd6/0x2f0 [ 90.858897][ T6772] ? netlink_autobind+0x2b0/0x2f0 [ 90.863945][ T6772] netlink_sendmsg+0x638/0xcb0 [ 90.868757][ T6772] ? __pfx_netlink_sendmsg+0x10/0x10 [ 90.874075][ T6772] ? aa_sock_msg_perm+0x91/0x160 [ 90.879043][ T6772] ? __pfx_netlink_sendmsg+0x10/0x10 [ 90.884364][ T6772] __sock_sendmsg+0x221/0x270 [ 90.889071][ T6772] ____sys_sendmsg+0x52a/0x7e0 [ 90.893868][ T6772] ? __pfx_____sys_sendmsg+0x10/0x10 [ 90.899215][ T6772] __sys_sendmsg+0x292/0x380 [ 90.903825][ T6772] ? __pfx___sys_sendmsg+0x10/0x10 [ 90.908971][ T6772] ? __pfx_vfs_write+0x10/0x10 [ 90.913793][ T6772] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 90.920154][ T6772] ? do_syscall_64+0x100/0x230 [ 90.924944][ T6772] ? do_syscall_64+0xb6/0x230 [ 90.929646][ T6772] do_syscall_64+0xf3/0x230 [ 90.934174][ T6772] ? clear_bhb_loop+0x35/0x90 [ 90.938883][ T6772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.944803][ T6772] RIP: 0033:0x7f151557dff9 [ 90.949246][ T6772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.968876][ T6772] RSP: 002b:00007f1516322038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 90.977498][ T6772] RAX: ffffffffffffffda RBX: 00007f1515735f80 RCX: 00007f151557dff9 [ 90.985497][ T6772] RDX: 0000000000048080 RSI: 0000000020000840 RDI: 0000000000000004 [ 90.993493][ T6772] RBP: 00007f1516322090 R08: 0000000000000000 R09: 0000000000000000 [ 91.001487][ T6772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.009475][ T6772] R13: 0000000000000000 R14: 00007f1515735f80 R15: 00007fff2675e5d8 [ 91.017484][ T6772] [ 91.441802][ T6794] __nla_validate_parse: 8 callbacks suppressed [ 91.441824][ T6794] netlink: 56 bytes leftover after parsing attributes in process `syz.4.438'. [ 91.540821][ T6786] netlink: 16 bytes leftover after parsing attributes in process `syz.3.437'. [ 91.861138][ T6813] FAULT_INJECTION: forcing a failure. [ 91.861138][ T6813] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 91.881383][ T6813] CPU: 0 UID: 0 PID: 6813 Comm: syz.2.444 Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 91.891695][ T6813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 91.901855][ T6813] Call Trace: [ 91.905155][ T6813] [ 91.908099][ T6813] dump_stack_lvl+0x241/0x360 [ 91.912807][ T6813] ? __pfx_dump_stack_lvl+0x10/0x10 [ 91.918027][ T6813] ? __pfx__printk+0x10/0x10 [ 91.922640][ T6813] ? __pfx_lock_release+0x10/0x10 [ 91.927692][ T6813] should_fail_ex+0x3b0/0x4e0 [ 91.932396][ T6813] _copy_from_user+0x2f/0xe0 [ 91.937006][ T6813] copy_msghdr_from_user+0xae/0x680 [ 91.942229][ T6813] ? __pfx___might_resched+0x10/0x10 [ 91.947546][ T6813] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 91.953465][ T6813] ? rcu_is_watching+0x15/0xb0 [ 91.958346][ T6813] ? __might_fault+0xaa/0x120 [ 91.963051][ T6813] __sys_sendmmsg+0x36d/0x730 [ 91.967756][ T6813] ? __pfx___sys_sendmmsg+0x10/0x10 [ 91.972986][ T6813] ? __pfx_lock_release+0x10/0x10 [ 91.978030][ T6813] ? kstrtouint_from_user+0x128/0x190 [ 91.983438][ T6813] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 91.984462][ T6804] netlink: 12 bytes leftover after parsing attributes in process `syz.4.441'. [ 91.989337][ T6813] ? ksys_write+0x229/0x2b0 [ 91.989368][ T6813] ? __pfx_lock_release+0x10/0x10 [ 91.989397][ T6813] ? vfs_write+0x7bf/0xc90 [ 91.989419][ T6813] ? kmem_cache_free+0x1a2/0x420 [ 91.989443][ T6813] ? __mutex_unlock_slowpath+0x21d/0x750 [ 91.989469][ T6813] ? __fget_files+0x3f3/0x470 [ 91.989499][ T6813] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 91.989525][ T6813] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 91.989551][ T6813] ? do_syscall_64+0x100/0x230 [ 91.989572][ T6813] __x64_sys_sendmmsg+0xa0/0xb0 [ 91.989596][ T6813] do_syscall_64+0xf3/0x230 [ 91.989614][ T6813] ? clear_bhb_loop+0x35/0x90 [ 91.989635][ T6813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.989659][ T6813] RIP: 0033:0x7f151557dff9 [ 91.989677][ T6813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.989693][ T6813] RSP: 002b:00007f1516322038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 91.989716][ T6813] RAX: ffffffffffffffda RBX: 00007f1515735f80 RCX: 00007f151557dff9 [ 91.989731][ T6813] RDX: 0000000004000070 RSI: 0000000020003b80 RDI: 0000000000000005 [ 91.989743][ T6813] RBP: 00007f1516322090 R08: 0000000000000000 R09: 0000000000000000 [ 91.989756][ T6813] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000002 [ 91.989769][ T6813] R13: 0000000000000000 R14: 00007f1515735f80 R15: 00007fff2675e5d8 [ 91.989798][ T6813] [ 92.112277][ T6816] netlink: 40 bytes leftover after parsing attributes in process `syz.4.441'. [ 92.137605][ T6818] netlink: 'syz.2.445': attribute type 1 has an invalid length. [ 92.171334][ T6804] netlink: 'syz.4.441': attribute type 8 has an invalid length. [ 92.426905][ T6833] trusted_key: syz.2.449 sent an empty control message without MSG_MORE. [ 92.576846][ T6839] netlink: 20 bytes leftover after parsing attributes in process `syz.0.453'. [ 92.631730][ T6841] bond0: entered promiscuous mode [ 92.637083][ T6841] bond_slave_0: entered promiscuous mode [ 92.642870][ T6841] bond_slave_1: entered promiscuous mode [ 92.668593][ T6840] bond0: left promiscuous mode [ 92.673427][ T6840] bond_slave_0: left promiscuous mode [ 92.680845][ T6840] bond_slave_1: left promiscuous mode [ 92.853458][ T6844] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 92.931399][ T6855] FAULT_INJECTION: forcing a failure. [ 92.931399][ T6855] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 92.975917][ T6855] CPU: 0 UID: 0 PID: 6855 Comm: syz.0.458 Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 92.986209][ T6855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 92.996263][ T6855] Call Trace: [ 92.999537][ T6855] [ 93.002459][ T6855] dump_stack_lvl+0x241/0x360 [ 93.007143][ T6855] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.012336][ T6855] ? __pfx__printk+0x10/0x10 [ 93.016923][ T6855] ? __pfx_lock_release+0x10/0x10 [ 93.021948][ T6855] should_fail_ex+0x3b0/0x4e0 [ 93.026629][ T6855] _copy_from_iter+0x1ed/0x1d60 [ 93.031473][ T6855] ? __virt_addr_valid+0x183/0x530 [ 93.036587][ T6855] ? __pfx_lock_release+0x10/0x10 [ 93.041620][ T6855] ? __alloc_skb+0x28f/0x440 [ 93.046206][ T6855] ? __pfx__copy_from_iter+0x10/0x10 [ 93.051489][ T6855] ? __virt_addr_valid+0x183/0x530 [ 93.056591][ T6855] ? __virt_addr_valid+0x183/0x530 [ 93.061698][ T6855] ? __virt_addr_valid+0x45f/0x530 [ 93.066803][ T6855] ? __check_object_size+0x48e/0x900 [ 93.072086][ T6855] netlink_sendmsg+0x73d/0xcb0 [ 93.076874][ T6855] ? __pfx_netlink_sendmsg+0x10/0x10 [ 93.082169][ T6855] ? aa_sock_msg_perm+0x91/0x160 [ 93.087119][ T6855] ? __pfx_netlink_sendmsg+0x10/0x10 [ 93.092406][ T6855] __sock_sendmsg+0x221/0x270 [ 93.097087][ T6855] ____sys_sendmsg+0x52a/0x7e0 [ 93.101863][ T6855] ? __pfx_____sys_sendmsg+0x10/0x10 [ 93.107154][ T6855] __sys_sendmsg+0x292/0x380 [ 93.111736][ T6855] ? __pfx___sys_sendmsg+0x10/0x10 [ 93.116849][ T6855] ? __pfx_vfs_write+0x10/0x10 [ 93.121630][ T6855] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 93.127953][ T6855] ? do_syscall_64+0x100/0x230 [ 93.132706][ T6855] ? do_syscall_64+0xb6/0x230 [ 93.137381][ T6855] do_syscall_64+0xf3/0x230 [ 93.141881][ T6855] ? clear_bhb_loop+0x35/0x90 [ 93.146549][ T6855] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.152436][ T6855] RIP: 0033:0x7fa95c37dff9 [ 93.156844][ T6855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.176451][ T6855] RSP: 002b:00007fa95d17e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 93.184859][ T6855] RAX: ffffffffffffffda RBX: 00007fa95c535f80 RCX: 00007fa95c37dff9 [ 93.192848][ T6855] RDX: 0000000000048080 RSI: 0000000020000840 RDI: 0000000000000004 [ 93.200824][ T6855] RBP: 00007fa95d17e090 R08: 0000000000000000 R09: 0000000000000000 [ 93.208801][ T6855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 93.216770][ T6855] R13: 0000000000000000 R14: 00007fa95c535f80 R15: 00007ffd3961d5d8 [ 93.224757][ T6855] [ 93.644060][ T6878] netlink: 24 bytes leftover after parsing attributes in process `syz.0.465'. [ 93.789208][ T6883] netlink: 8 bytes leftover after parsing attributes in process `syz.2.466'. [ 93.812263][ T6883] batadv0: default FDB implementation only supports local addresses [ 93.840849][ T6885] bond0: entered promiscuous mode [ 93.845862][ T5247] Bluetooth: hci4: command tx timeout [ 93.846157][ T6885] bond_slave_0: entered promiscuous mode [ 93.862711][ T6893] netlink: 44 bytes leftover after parsing attributes in process `syz.2.466'. [ 93.873262][ T6885] bond_slave_1: entered promiscuous mode [ 93.884191][ T6890] netlink: 44 bytes leftover after parsing attributes in process `syz.2.466'. [ 93.946838][ T6884] bond0: left promiscuous mode [ 93.951790][ T6884] bond_slave_0: left promiscuous mode [ 93.963455][ T6884] bond_slave_1: left promiscuous mode [ 94.073925][ T6904] FAULT_INJECTION: forcing a failure. [ 94.073925][ T6904] name failslab, interval 1, probability 0, space 0, times 0 [ 94.095150][ T6904] CPU: 1 UID: 0 PID: 6904 Comm: syz.0.472 Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 94.105463][ T6904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 94.115543][ T6904] Call Trace: [ 94.118834][ T6904] [ 94.121760][ T6904] dump_stack_lvl+0x241/0x360 [ 94.126445][ T6904] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.131654][ T6904] ? __pfx__printk+0x10/0x10 [ 94.136245][ T6904] ? __kmalloc_noprof+0xb0/0x400 [ 94.141188][ T6904] ? __pfx___might_resched+0x10/0x10 [ 94.146475][ T6904] should_fail_ex+0x3b0/0x4e0 [ 94.151158][ T6904] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 94.157408][ T6904] should_failslab+0xac/0x100 [ 94.162080][ T6904] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 94.168314][ T6904] __kmalloc_noprof+0xd8/0x400 [ 94.173078][ T6904] ? apparmor_capable+0x13b/0x1b0 [ 94.178101][ T6904] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 94.184169][ T6904] genl_rcv_msg+0x802/0xec0 [ 94.188680][ T6904] ? mark_lock+0x9a/0x360 [ 94.193008][ T6904] ? __pfx_genl_rcv_msg+0x10/0x10 [ 94.198044][ T6904] ? __pfx_lock_acquire+0x10/0x10 [ 94.203069][ T6904] ? __pfx_nl802154_pre_doit+0x10/0x10 [ 94.208527][ T6904] ? __pfx_nl802154_add_llsec_dev+0x10/0x10 [ 94.214411][ T6904] ? __pfx_nl802154_post_doit+0x10/0x10 [ 94.219954][ T6904] ? __pfx___might_resched+0x10/0x10 [ 94.225246][ T6904] netlink_rcv_skb+0x1e3/0x430 [ 94.230008][ T6904] ? __pfx_genl_rcv_msg+0x10/0x10 [ 94.235027][ T6904] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 94.240328][ T6904] genl_rcv+0x28/0x40 [ 94.244305][ T6904] netlink_unicast+0x7f6/0x990 [ 94.249074][ T6904] ? __pfx_netlink_unicast+0x10/0x10 [ 94.254352][ T6904] ? __virt_addr_valid+0x183/0x530 [ 94.259465][ T6904] ? __check_object_size+0x48e/0x900 [ 94.264747][ T6904] netlink_sendmsg+0x8e4/0xcb0 [ 94.269516][ T6904] ? __pfx_netlink_sendmsg+0x10/0x10 [ 94.274890][ T6904] ? aa_sock_msg_perm+0x91/0x160 [ 94.279850][ T6904] ? __pfx_netlink_sendmsg+0x10/0x10 [ 94.285167][ T6904] __sock_sendmsg+0x221/0x270 [ 94.289866][ T6904] ____sys_sendmsg+0x52a/0x7e0 [ 94.294635][ T6904] ? __pfx_____sys_sendmsg+0x10/0x10 [ 94.300015][ T6904] __sys_sendmsg+0x292/0x380 [ 94.304608][ T6904] ? __pfx___sys_sendmsg+0x10/0x10 [ 94.309727][ T6904] ? __pfx_vfs_write+0x10/0x10 [ 94.314617][ T6904] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 94.320972][ T6904] ? do_syscall_64+0x100/0x230 [ 94.325749][ T6904] ? do_syscall_64+0xb6/0x230 [ 94.330430][ T6904] do_syscall_64+0xf3/0x230 [ 94.334929][ T6904] ? clear_bhb_loop+0x35/0x90 [ 94.339623][ T6904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.345538][ T6904] RIP: 0033:0x7fa95c37dff9 [ 94.349978][ T6904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.369594][ T6904] RSP: 002b:00007fa95d17e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 94.378011][ T6904] RAX: ffffffffffffffda RBX: 00007fa95c535f80 RCX: 00007fa95c37dff9 [ 94.385979][ T6904] RDX: 0000000000048080 RSI: 0000000020000840 RDI: 0000000000000004 [ 94.393948][ T6904] RBP: 00007fa95d17e090 R08: 0000000000000000 R09: 0000000000000000 [ 94.401911][ T6904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 94.409879][ T6904] R13: 0000000000000000 R14: 00007fa95c535f80 R15: 00007ffd3961d5d8 [ 94.417860][ T6904] [ 94.499705][ T9] IPVS: starting estimator thread 0... [ 94.506588][ T6906] netlink: 8 bytes leftover after parsing attributes in process `syz.2.473'. [ 94.547653][ T6912] FAULT_INJECTION: forcing a failure. [ 94.547653][ T6912] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 94.564335][ T6912] CPU: 1 UID: 0 PID: 6912 Comm: syz.1.475 Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 94.574624][ T6912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 94.584704][ T6912] Call Trace: [ 94.588008][ T6912] [ 94.590954][ T6912] dump_stack_lvl+0x241/0x360 [ 94.595659][ T6912] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.600884][ T6912] ? __pfx__printk+0x10/0x10 [ 94.605500][ T6912] ? __pfx_lock_release+0x10/0x10 [ 94.610548][ T6912] should_fail_ex+0x3b0/0x4e0 [ 94.615247][ T6912] _copy_from_user+0x2f/0xe0 [ 94.619861][ T6912] copy_msghdr_from_user+0xae/0x680 [ 94.625081][ T6912] ? __pfx___might_resched+0x10/0x10 [ 94.630386][ T6912] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 94.636214][ T6912] ? rcu_is_watching+0x15/0xb0 [ 94.641033][ T6912] ? __might_fault+0xaa/0x120 [ 94.645827][ T6912] __sys_sendmmsg+0x36d/0x730 [ 94.650530][ T6912] ? __pfx___sys_sendmmsg+0x10/0x10 [ 94.655761][ T6912] ? __pfx_lock_release+0x10/0x10 [ 94.660837][ T6912] ? kstrtouint_from_user+0x128/0x190 [ 94.666249][ T6912] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 94.672185][ T6912] ? ksys_write+0x229/0x2b0 [ 94.676721][ T6912] ? __pfx_lock_release+0x10/0x10 [ 94.681786][ T6912] ? vfs_write+0x7bf/0xc90 [ 94.686426][ T6912] ? kmem_cache_free+0x1a2/0x420 [ 94.691432][ T6912] ? __mutex_unlock_slowpath+0x21d/0x750 [ 94.697182][ T6912] ? __fget_files+0x3f3/0x470 [ 94.701981][ T6912] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 94.707992][ T6912] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 94.714448][ T6912] ? do_syscall_64+0x100/0x230 [ 94.719236][ T6912] __x64_sys_sendmmsg+0xa0/0xb0 [ 94.724116][ T6912] do_syscall_64+0xf3/0x230 [ 94.728637][ T6912] ? clear_bhb_loop+0x35/0x90 [ 94.733330][ T6912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.739243][ T6912] RIP: 0033:0x7f066437dff9 [ 94.743670][ T6912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.763272][ T6912] RSP: 002b:00007f06651bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 94.771686][ T6912] RAX: ffffffffffffffda RBX: 00007f0664535f80 RCX: 00007f066437dff9 [ 94.779654][ T6912] RDX: 0000000004000070 RSI: 0000000020003b80 RDI: 0000000000000005 [ 94.787621][ T6912] RBP: 00007f06651bb090 R08: 0000000000000000 R09: 0000000000000000 [ 94.795603][ T6912] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000002 [ 94.803582][ T6912] R13: 0000000000000000 R14: 00007f0664535f80 R15: 00007ffe5f0ad5c8 [ 94.811554][ T6912] [ 94.818477][ T6910] IPVS: using max 22 ests per chain, 52800 per kthread [ 95.373777][ T6946] netlink: 'syz.3.487': attribute type 1 has an invalid length. [ 95.386077][ T6946] FAULT_INJECTION: forcing a failure. [ 95.386077][ T6946] name failslab, interval 1, probability 0, space 0, times 0 [ 95.404016][ T6944] pimreg: entered allmulticast mode [ 95.429948][ T6946] CPU: 0 UID: 0 PID: 6946 Comm: syz.3.487 Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 95.440254][ T6946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 95.450421][ T6946] Call Trace: [ 95.453715][ T6946] [ 95.456661][ T6946] dump_stack_lvl+0x241/0x360 [ 95.461370][ T6946] ? __pfx_dump_stack_lvl+0x10/0x10 [ 95.466597][ T6946] ? __pfx__printk+0x10/0x10 [ 95.471311][ T6946] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 95.477320][ T6946] ? __pfx___might_resched+0x10/0x10 [ 95.482637][ T6946] should_fail_ex+0x3b0/0x4e0 [ 95.487350][ T6946] should_failslab+0xac/0x100 [ 95.492165][ T6946] ? __alloc_skb+0x1c3/0x440 [ 95.496879][ T6946] kmem_cache_alloc_node_noprof+0x71/0x320 [ 95.502719][ T6946] __alloc_skb+0x1c3/0x440 [ 95.507171][ T6946] ? __pfx___alloc_skb+0x10/0x10 [ 95.512138][ T6946] ? netlink_ack_tlv_len+0x6e/0x200 [ 95.517368][ T6946] netlink_ack+0x13f/0xa30 [ 95.521824][ T6946] ? __pfx_lock_acquire+0x10/0x10 [ 95.526876][ T6946] ? __pfx_nl802154_add_llsec_dev+0x10/0x10 [ 95.532878][ T6946] ? __pfx_nl802154_post_doit+0x10/0x10 [ 95.538470][ T6946] netlink_rcv_skb+0x262/0x430 [ 95.543268][ T6946] ? __pfx_genl_rcv_msg+0x10/0x10 [ 95.548324][ T6946] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 95.553804][ T6946] genl_rcv+0x28/0x40 [ 95.557833][ T6946] netlink_unicast+0x7f6/0x990 [ 95.562642][ T6946] ? __pfx_netlink_unicast+0x10/0x10 [ 95.567962][ T6946] ? __virt_addr_valid+0x183/0x530 [ 95.573282][ T6946] ? __check_object_size+0x48e/0x900 [ 95.578600][ T6946] netlink_sendmsg+0x8e4/0xcb0 [ 95.583419][ T6946] ? __pfx_netlink_sendmsg+0x10/0x10 [ 95.588741][ T6946] ? aa_sock_msg_perm+0x91/0x160 [ 95.593686][ T6946] ? __pfx_netlink_sendmsg+0x10/0x10 [ 95.598976][ T6946] __sock_sendmsg+0x221/0x270 [ 95.603652][ T6946] ____sys_sendmsg+0x52a/0x7e0 [ 95.608422][ T6946] ? __pfx_____sys_sendmsg+0x10/0x10 [ 95.613713][ T6946] __sys_sendmsg+0x292/0x380 [ 95.618305][ T6946] ? __pfx___sys_sendmsg+0x10/0x10 [ 95.623417][ T6946] ? __pfx_vfs_write+0x10/0x10 [ 95.628199][ T6946] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 95.634524][ T6946] ? do_syscall_64+0x100/0x230 [ 95.639294][ T6946] ? do_syscall_64+0xb6/0x230 [ 95.643974][ T6946] do_syscall_64+0xf3/0x230 [ 95.648470][ T6946] ? clear_bhb_loop+0x35/0x90 [ 95.653139][ T6946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.659081][ T6946] RIP: 0033:0x7f43cf37dff9 [ 95.663487][ T6946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.683176][ T6946] RSP: 002b:00007f43d0244038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 95.691681][ T6946] RAX: ffffffffffffffda RBX: 00007f43cf535f80 RCX: 00007f43cf37dff9 [ 95.699658][ T6946] RDX: 0000000000048080 RSI: 0000000020000840 RDI: 0000000000000004 [ 95.707660][ T6946] RBP: 00007f43d0244090 R08: 0000000000000000 R09: 0000000000000000 [ 95.715633][ T6946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 95.723687][ T6946] R13: 0000000000000000 R14: 00007f43cf535f80 R15: 00007ffc85a5f2f8 [ 95.731668][ T6946] [ 95.904097][ T6930] tipc: Failed to remove unknown binding: 66,1,1/0:2293200838/2293200840 [ 95.920543][ T6930] tipc: Failed to remove unknown binding: 66,1,1/0:2293200838/2293200840 [ 95.935120][ T6930] tipc: Failed to remove unknown binding: 66,1,1/0:2293200838/2293200840 [ 96.284121][ T6959] FAULT_INJECTION: forcing a failure. [ 96.284121][ T6959] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 96.299231][ T6959] CPU: 1 UID: 0 PID: 6959 Comm: syz.2.489 Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 96.309514][ T6959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 96.319601][ T6959] Call Trace: [ 96.322898][ T6959] [ 96.325852][ T6959] dump_stack_lvl+0x241/0x360 [ 96.330556][ T6959] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.335767][ T6959] ? __pfx__printk+0x10/0x10 [ 96.340371][ T6959] ? __pfx_lock_release+0x10/0x10 [ 96.345406][ T6959] should_fail_ex+0x3b0/0x4e0 [ 96.350104][ T6959] _copy_from_user+0x2f/0xe0 [ 96.354703][ T6959] copy_msghdr_from_user+0xae/0x680 [ 96.359912][ T6959] ? __pfx___might_resched+0x10/0x10 [ 96.365203][ T6959] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 96.371009][ T6959] ? rcu_is_watching+0x15/0xb0 [ 96.375795][ T6959] ? __might_fault+0xaa/0x120 [ 96.380504][ T6959] __sys_sendmmsg+0x36d/0x730 [ 96.385197][ T6959] ? __pfx___sys_sendmmsg+0x10/0x10 [ 96.390424][ T6959] ? __pfx_lock_release+0x10/0x10 [ 96.395468][ T6959] ? kstrtouint_from_user+0x128/0x190 [ 96.400859][ T6959] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 96.406751][ T6959] ? ksys_write+0x229/0x2b0 [ 96.411255][ T6959] ? __pfx_lock_release+0x10/0x10 [ 96.416281][ T6959] ? vfs_write+0x7bf/0xc90 [ 96.420696][ T6959] ? kmem_cache_free+0x1a2/0x420 [ 96.425632][ T6959] ? __mutex_unlock_slowpath+0x21d/0x750 [ 96.431260][ T6959] ? __fget_files+0x3f3/0x470 [ 96.435939][ T6959] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 96.441926][ T6959] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 96.448255][ T6959] ? do_syscall_64+0x100/0x230 [ 96.453019][ T6959] __x64_sys_sendmmsg+0xa0/0xb0 [ 96.457869][ T6959] do_syscall_64+0xf3/0x230 [ 96.462367][ T6959] ? clear_bhb_loop+0x35/0x90 [ 96.467040][ T6959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.472951][ T6959] RIP: 0033:0x7f151557dff9 [ 96.477370][ T6959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.497012][ T6959] RSP: 002b:00007f1516322038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 96.505529][ T6959] RAX: ffffffffffffffda RBX: 00007f1515735f80 RCX: 00007f151557dff9 [ 96.513511][ T6959] RDX: 0000000004000070 RSI: 0000000020003b80 RDI: 0000000000000005 [ 96.521484][ T6959] RBP: 00007f1516322090 R08: 0000000000000000 R09: 0000000000000000 [ 96.529461][ T6959] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000002 [ 96.537429][ T6959] R13: 0000000000000000 R14: 00007f1515735f80 R15: 00007fff2675e5d8 [ 96.545424][ T6959] [ 97.588784][ T6944] pimreg: left allmulticast mode [ 97.770000][ T6969] __nla_validate_parse: 3 callbacks suppressed [ 97.770020][ T6969] netlink: 180 bytes leftover after parsing attributes in process `syz.1.491'. [ 97.811090][ T6969] netlink: 'syz.1.491': attribute type 1 has an invalid length. [ 97.820009][ T6967] netlink: 32 bytes leftover after parsing attributes in process `syz.4.492'. [ 97.826692][ T6969] netlink: 20 bytes leftover after parsing attributes in process `syz.1.491'. [ 98.156092][ T6989] netlink: 8 bytes leftover after parsing attributes in process `syz.3.496'. [ 98.241178][ T6995] FAULT_INJECTION: forcing a failure. [ 98.241178][ T6995] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 98.255763][ T6995] CPU: 1 UID: 0 PID: 6995 Comm: syz.2.500 Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 98.266041][ T6995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 98.276120][ T6995] Call Trace: [ 98.279428][ T6995] [ 98.282381][ T6995] dump_stack_lvl+0x241/0x360 [ 98.287099][ T6995] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.292340][ T6995] ? __pfx__printk+0x10/0x10 [ 98.296963][ T6995] ? __pfx_lock_release+0x10/0x10 [ 98.302033][ T6995] should_fail_ex+0x3b0/0x4e0 [ 98.306742][ T6995] _copy_from_user+0x2f/0xe0 [ 98.311338][ T6995] copy_msghdr_from_user+0xae/0x680 [ 98.316596][ T6995] ? __pfx___might_resched+0x10/0x10 [ 98.321883][ T6995] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 98.327750][ T6995] ? rcu_is_watching+0x15/0xb0 [ 98.332538][ T6995] ? __might_fault+0xaa/0x120 [ 98.337220][ T6995] __sys_sendmmsg+0x36d/0x730 [ 98.341898][ T6995] ? __pfx___sys_sendmmsg+0x10/0x10 [ 98.347099][ T6995] ? __pfx_lock_release+0x10/0x10 [ 98.352122][ T6995] ? kstrtouint_from_user+0x128/0x190 [ 98.357511][ T6995] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 98.363404][ T6995] ? ksys_write+0x229/0x2b0 [ 98.367905][ T6995] ? __pfx_lock_release+0x10/0x10 [ 98.372954][ T6995] ? vfs_write+0x7bf/0xc90 [ 98.377416][ T6995] ? kmem_cache_free+0x1a2/0x420 [ 98.382455][ T6995] ? __mutex_unlock_slowpath+0x21d/0x750 [ 98.388098][ T6995] ? __fget_files+0x3f3/0x470 [ 98.392794][ T6995] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 98.398784][ T6995] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 98.405119][ T6995] ? do_syscall_64+0x100/0x230 [ 98.409885][ T6995] __x64_sys_sendmmsg+0xa0/0xb0 [ 98.414733][ T6995] do_syscall_64+0xf3/0x230 [ 98.419236][ T6995] ? clear_bhb_loop+0x35/0x90 [ 98.423909][ T6995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.429807][ T6995] RIP: 0033:0x7f151557dff9 [ 98.434237][ T6995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.453925][ T6995] RSP: 002b:00007f1516322038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 98.462429][ T6995] RAX: ffffffffffffffda RBX: 00007f1515735f80 RCX: 00007f151557dff9 [ 98.470396][ T6995] RDX: 0000000004000070 RSI: 0000000020003b80 RDI: 0000000000000005 [ 98.478361][ T6995] RBP: 00007f1516322090 R08: 0000000000000000 R09: 0000000000000000 [ 98.486325][ T6995] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000002 [ 98.494288][ T6995] R13: 0000000000000000 R14: 00007f1515735f80 R15: 00007fff2675e5d8 [ 98.502275][ T6995] [ 98.779518][ T7015] netlink: 20 bytes leftover after parsing attributes in process `syz.3.504'. [ 98.807594][ T7017] netlink: 20 bytes leftover after parsing attributes in process `syz.4.505'. [ 98.864313][ T7022] netlink: 'syz.2.507': attribute type 1 has an invalid length. [ 98.938972][ T7020] batadv0: entered promiscuous mode [ 98.956194][ T7011] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 98.969985][ T7027] netlink: 240 bytes leftover after parsing attributes in process `syz.4.508'. [ 98.986382][ T7020] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.251683][ T7044] FAULT_INJECTION: forcing a failure. [ 99.251683][ T7044] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 99.268688][ T7044] CPU: 1 UID: 0 PID: 7044 Comm: syz.0.512 Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 99.278974][ T7044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 99.289065][ T7044] Call Trace: [ 99.292365][ T7044] [ 99.295315][ T7044] dump_stack_lvl+0x241/0x360 [ 99.300035][ T7044] ? __pfx_dump_stack_lvl+0x10/0x10 [ 99.305270][ T7044] ? __pfx__printk+0x10/0x10 [ 99.309890][ T7044] ? __pfx_lock_release+0x10/0x10 [ 99.314949][ T7044] should_fail_ex+0x3b0/0x4e0 [ 99.319654][ T7044] _copy_from_user+0x2f/0xe0 [ 99.324270][ T7044] copy_msghdr_from_user+0xae/0x680 [ 99.329517][ T7044] ? __pfx___might_resched+0x10/0x10 [ 99.334846][ T7044] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 99.340691][ T7044] ? rcu_is_watching+0x15/0xb0 [ 99.345484][ T7044] ? __might_fault+0xaa/0x120 [ 99.350205][ T7044] __sys_sendmmsg+0x36d/0x730 [ 99.354918][ T7044] ? __pfx___sys_sendmmsg+0x10/0x10 [ 99.360241][ T7044] ? __pfx_lock_release+0x10/0x10 [ 99.365304][ T7044] ? kstrtouint_from_user+0x128/0x190 [ 99.370727][ T7044] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 99.376651][ T7044] ? ksys_write+0x229/0x2b0 [ 99.381189][ T7044] ? __pfx_lock_release+0x10/0x10 [ 99.386255][ T7044] ? vfs_write+0x7bf/0xc90 [ 99.390706][ T7044] ? kmem_cache_free+0x1a2/0x420 [ 99.395678][ T7044] ? __mutex_unlock_slowpath+0x21d/0x750 [ 99.401178][ T7046] netlink: 112 bytes leftover after parsing attributes in process `syz.4.513'. [ 99.401407][ T7044] ? __fget_files+0x3f3/0x470 [ 99.415130][ T7044] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 99.421139][ T7044] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 99.427493][ T7044] ? do_syscall_64+0x100/0x230 [ 99.432321][ T7044] __x64_sys_sendmmsg+0xa0/0xb0 [ 99.433830][ T7046] netlink: 52 bytes leftover after parsing attributes in process `syz.4.513'. [ 99.437182][ T7044] do_syscall_64+0xf3/0x230 [ 99.437208][ T7044] ? clear_bhb_loop+0x35/0x90 [ 99.437227][ T7044] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.437250][ T7044] RIP: 0033:0x7fa95c37dff9 [ 99.437267][ T7044] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.437281][ T7044] RSP: 002b:00007fa95d17e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 99.456039][ T7052] dccp_invalid_packet: invalid packet type [ 99.461232][ T7044] RAX: ffffffffffffffda RBX: 00007fa95c535f80 RCX: 00007fa95c37dff9 [ 99.461252][ T7044] RDX: 0000000004000070 RSI: 0000000020003b80 RDI: 0000000000000005 [ 99.461264][ T7044] RBP: 00007fa95d17e090 R08: 0000000000000000 R09: 0000000000000000 [ 99.461276][ T7044] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000002 [ 99.531384][ T7044] R13: 0000000000000000 R14: 00007fa95c535f80 R15: 00007ffd3961d5d8 [ 99.539399][ T7044] [ 99.611838][ T7052] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 1 [ 99.675612][ T7059] sock: sock_timestamping_bind_phc: sock not bind to device [ 99.706909][ T7059] netlink: 8 bytes leftover after parsing attributes in process `syz.4.516'. [ 99.889104][ T7065] netlink: 'syz.0.519': attribute type 1 has an invalid length. [ 110.747138][ T4625] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 110.756502][ T5242] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 110.768212][ T5246] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 110.775864][ T5246] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 110.785804][ T5246] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 110.786896][ T5242] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 110.794625][ T5246] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 110.803534][ T5242] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 110.810643][ T5246] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 110.819869][ T5242] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 110.823540][ T5246] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 110.831805][ T5244] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 110.837648][ T5246] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 110.844462][ T5244] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 110.859057][ T5242] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 110.871095][ T5244] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 110.878335][ T5244] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 110.887086][ T5244] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 110.934580][ T5246] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 110.961541][ T5244] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 111.015500][ T5246] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 111.051566][ T5246] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 111.184057][ T5246] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 111.193474][ T5246] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 111.343005][ T7081] chnl_net:caif_netlink_parms(): no params data found [ 111.414983][ T5232] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 111.429002][ T5232] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 111.438211][ T5232] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 111.504659][ T5246] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 111.529063][ T5246] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 111.545076][ T5246] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 111.714436][ T7081] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.722885][ T7081] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.730502][ T7081] bridge_slave_0: entered allmulticast mode [ 111.738084][ T7081] bridge_slave_0: entered promiscuous mode [ 111.786185][ T7081] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.793353][ T7081] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.803588][ T7081] bridge_slave_1: entered allmulticast mode [ 111.812188][ T7081] bridge_slave_1: entered promiscuous mode [ 111.843083][ T6434] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.854307][ T6434] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20064 - 0 [ 111.882093][ T7085] chnl_net:caif_netlink_parms(): no params data found [ 111.930512][ T6434] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.941227][ T6434] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20064 - 0 [ 111.974917][ T7081] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 111.986922][ T7081] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 112.054665][ T6434] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.065405][ T6434] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20064 - 0 [ 112.092362][ T7081] team0: Port device team_slave_0 added [ 112.100569][ T7081] team0: Port device team_slave_1 added [ 112.178509][ T6434] team0: Port device netdevsim0 removed [ 112.188200][ T6434] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.198641][ T6434] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20064 - 0 [ 112.223212][ T7081] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.230291][ T7081] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.261133][ T7081] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.297314][ T7081] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.304289][ T7081] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.331959][ T7081] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.360381][ T7085] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.367732][ T7085] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.374909][ T7085] bridge_slave_0: entered allmulticast mode [ 112.387576][ T7085] bridge_slave_0: entered promiscuous mode [ 112.415860][ T7085] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.423069][ T7085] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.430903][ T7085] bridge_slave_1: entered allmulticast mode [ 112.438843][ T7085] bridge_slave_1: entered promiscuous mode [ 112.466193][ T7081] hsr_slave_0: entered promiscuous mode [ 112.472374][ T7081] hsr_slave_1: entered promiscuous mode [ 112.478747][ T7081] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 112.486610][ T7081] Cannot create hsr debugfs directory [ 112.522180][ T7085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 112.574364][ T7085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 112.683773][ T6434] bridge_slave_1: left allmulticast mode [ 112.691889][ T6434] bridge_slave_1: left promiscuous mode [ 112.699527][ T6434] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.966636][ T5246] Bluetooth: hci5: command tx timeout [ 113.045511][ T5246] Bluetooth: hci6: command tx timeout [ 113.075800][ T6434] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 113.091532][ T6434] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 113.102369][ T6434] bond0 (unregistering): Released all slaves [ 113.126871][ T5246] Bluetooth: hci7: command tx timeout [ 113.140897][ T7085] team0: Port device team_slave_0 added [ 113.151233][ T7085] team0: Port device team_slave_1 added [ 113.171997][ T7087] chnl_net:caif_netlink_parms(): no params data found [ 113.329149][ T7085] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 113.345515][ T7085] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.372977][ T7085] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 113.390484][ T7084] chnl_net:caif_netlink_parms(): no params data found [ 113.428243][ T7085] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 113.435238][ T7085] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.463887][ T7085] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 113.509333][ T7095] chnl_net:caif_netlink_parms(): no params data found [ 113.535269][ T5246] Bluetooth: hci8: command tx timeout [ 113.609305][ T5246] Bluetooth: hci1: command tx timeout [ 113.731963][ T7085] hsr_slave_0: entered promiscuous mode [ 113.739712][ T7085] hsr_slave_1: entered promiscuous mode [ 113.754701][ T7085] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 113.764465][ T7085] Cannot create hsr debugfs directory [ 113.812130][ T6434] hsr_slave_0: left promiscuous mode [ 113.824046][ T6434] hsr_slave_1: left promiscuous mode [ 113.841467][ T6434] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 113.855651][ T6434] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 113.864429][ T6434] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 113.881475][ T6434] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 113.908725][ T6434] vlan0: left promiscuous mode [ 113.913918][ T6434] veth1_macvtap: left promiscuous mode [ 113.920111][ T6434] veth0_macvtap: left promiscuous mode [ 113.926607][ T6434] veth1_vlan: left promiscuous mode [ 113.931899][ T6434] veth0_vlan: left promiscuous mode [ 114.340223][ T6434] team0 (unregistering): Port device team_slave_1 removed [ 114.378116][ T6434] team0 (unregistering): Port device team_slave_0 removed [ 114.822388][ T7087] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.830531][ T7087] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.838525][ T7087] bridge_slave_0: entered allmulticast mode [ 114.845124][ T7087] bridge_slave_0: entered promiscuous mode [ 114.909102][ T7087] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.919895][ T7087] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.927492][ T7087] bridge_slave_1: entered allmulticast mode [ 114.934529][ T7087] bridge_slave_1: entered promiscuous mode [ 114.966234][ T7084] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.973381][ T7084] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.982083][ T7084] bridge_slave_0: entered allmulticast mode [ 114.989401][ T7084] bridge_slave_0: entered promiscuous mode [ 115.046721][ T5246] Bluetooth: hci5: command tx timeout [ 115.062608][ T7084] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.070056][ T7084] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.077717][ T7084] bridge_slave_1: entered allmulticast mode [ 115.084284][ T7084] bridge_slave_1: entered promiscuous mode [ 115.116579][ T7087] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 115.126793][ T5246] Bluetooth: hci6: command tx timeout [ 115.133069][ T7095] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.140949][ T7095] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.149498][ T7095] bridge_slave_0: entered allmulticast mode [ 115.156591][ T7095] bridge_slave_0: entered promiscuous mode [ 115.206614][ T5246] Bluetooth: hci7: command tx timeout [ 115.238507][ T7087] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 115.257223][ T7095] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.264560][ T7095] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.273219][ T7095] bridge_slave_1: entered allmulticast mode [ 115.280345][ T7095] bridge_slave_1: entered promiscuous mode [ 115.330144][ T7087] team0: Port device team_slave_0 added [ 115.350098][ T7084] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 115.384390][ T7087] team0: Port device team_slave_1 added [ 115.414320][ T7095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 115.427505][ T7084] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 115.479793][ T7085] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.505969][ T7095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 115.547888][ T7087] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 115.554877][ T7087] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.585325][ T7087] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 115.599348][ T7087] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 115.606616][ T7087] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.632759][ T7087] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 115.634275][ T5246] Bluetooth: hci8: command tx timeout [ 115.671248][ T7085] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.685790][ T5246] Bluetooth: hci1: command tx timeout [ 115.704661][ T7084] team0: Port device team_slave_0 added [ 115.723402][ T7095] team0: Port device team_slave_0 added [ 115.747558][ T7085] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.768416][ T7084] team0: Port device team_slave_1 added [ 115.791584][ T7084] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 115.798834][ T7084] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.832455][ T7084] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 115.846441][ T7095] team0: Port device team_slave_1 added [ 115.911399][ T7085] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.947634][ T7084] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 115.954737][ T7084] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.981378][ T7084] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 116.013843][ T7095] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 116.020927][ T7095] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.047065][ T7095] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 116.064368][ T7095] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 116.071732][ T7095] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.098571][ T7095] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 116.112009][ T7087] hsr_slave_0: entered promiscuous mode [ 116.124136][ T7087] hsr_slave_1: entered promiscuous mode [ 116.151570][ T6434] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.226006][ T7084] hsr_slave_0: entered promiscuous mode [ 116.234934][ T7084] hsr_slave_1: entered promiscuous mode [ 116.242171][ T7084] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 116.253793][ T7084] Cannot create hsr debugfs directory [ 116.273075][ T6434] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.346870][ T6434] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.397156][ T7095] hsr_slave_0: entered promiscuous mode [ 116.403501][ T7095] hsr_slave_1: entered promiscuous mode [ 116.414815][ T7095] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 116.423107][ T7095] Cannot create hsr debugfs directory [ 116.461757][ T6434] team0: Port device netdevsim0 removed [ 116.469690][ T6434] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.543152][ T7081] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 116.612848][ T7081] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 116.649919][ T7081] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 116.660968][ T7081] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 116.794127][ T7087] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.811933][ T7085] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 116.861791][ T7087] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.878761][ T7085] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 116.911951][ T6434] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.928347][ T7085] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 116.951030][ T7087] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.985911][ T7085] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 117.027820][ T6434] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.076911][ T7087] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.127053][ T5246] Bluetooth: hci5: command tx timeout [ 117.134827][ T6434] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.206889][ T5246] Bluetooth: hci6: command tx timeout [ 117.273396][ T6434] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.288060][ T5246] Bluetooth: hci7: command tx timeout [ 117.494176][ T7081] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.516778][ T7087] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 117.527496][ T7087] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 117.550068][ T7087] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 117.591873][ T7087] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 117.629607][ T7085] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.653645][ T7081] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.690389][ T5246] Bluetooth: hci8: command tx timeout [ 117.703346][ T6434] bridge_slave_1: left allmulticast mode [ 117.717308][ T6434] bridge_slave_1: left promiscuous mode [ 117.723062][ T6434] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.749926][ T6434] bridge_slave_0: left allmulticast mode [ 117.763213][ T6434] bridge_slave_0: left promiscuous mode [ 117.772798][ T6434] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.776006][ T5246] Bluetooth: hci1: command tx timeout [ 117.796368][ T6434] bridge_slave_1: left allmulticast mode [ 117.802060][ T6434] bridge_slave_1: left promiscuous mode [ 117.817237][ T6434] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.838732][ T6434] bridge_slave_0: left allmulticast mode [ 117.844429][ T6434] bridge_slave_0: left promiscuous mode [ 117.861112][ T6434] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.507978][ T6434] team0: Port device bond0 removed [ 118.515595][ T6434] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 118.524456][ T6434] bond_slave_0: left promiscuous mode [ 118.532950][ T6434] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 118.542349][ T6434] bond_slave_1: left promiscuous mode [ 118.558004][ T6434] bond0 (unregistering): Released all slaves [ 118.582630][ T6434] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 118.593909][ T6434] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 118.621589][ T6434] bond0 (unregistering): Released all slaves [ 118.691827][ T2581] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.699002][ T2581] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.785164][ T2581] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.792381][ T2581] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.855219][ T6434] tipc: Left network mode [ 118.938002][ T7085] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.048486][ T3015] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.055656][ T3015] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.097604][ T3015] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.104695][ T3015] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.208656][ T5246] Bluetooth: hci5: command tx timeout [ 119.286074][ T5246] Bluetooth: hci6: command tx timeout [ 119.367269][ T5246] Bluetooth: hci7: command tx timeout [ 119.534190][ T7087] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.580585][ T7087] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.682873][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.690078][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.766735][ T7085] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.777603][ T5246] Bluetooth: hci8: command tx timeout [ 119.785121][ T7081] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 119.794220][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.801393][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.848962][ T5246] Bluetooth: hci1: command tx timeout [ 119.891036][ T6434] hsr_slave_0: left promiscuous mode [ 119.898128][ T6434] hsr_slave_1: left promiscuous mode [ 119.904493][ T6434] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 119.919633][ T6434] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 119.931238][ T6434] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 119.939168][ T6434] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 119.948629][ T6434] hsr_slave_0: left promiscuous mode [ 119.954468][ T6434] hsr_slave_1: left promiscuous mode [ 119.978250][ T6434] veth1_macvtap: left promiscuous mode [ 119.983767][ T6434] veth0_macvtap: left promiscuous mode [ 119.989735][ T6434] veth1_vlan: left promiscuous mode [ 119.994978][ T6434] veth0_vlan: left promiscuous mode [ 120.008183][ T6434] veth1_macvtap: left promiscuous mode [ 120.013700][ T6434] veth0_macvtap: left promiscuous mode [ 120.443511][ T6434] team0 (unregistering): Port device team_slave_1 removed [ 120.482640][ T6434] team0 (unregistering): Port device team_slave_0 removed [ 120.964785][ T6434] team0 (unregistering): Port device team_slave_1 removed [ 121.001431][ T6434] team0 (unregistering): Port device team_slave_0 removed [ 121.330342][ T7084] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 121.359532][ T7084] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 121.389909][ T7084] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 121.410908][ T7084] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 121.525125][ T7081] veth0_vlan: entered promiscuous mode [ 121.542050][ T7085] veth0_vlan: entered promiscuous mode [ 121.564195][ T7095] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 121.576632][ T7095] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 121.597463][ T7095] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 121.620823][ T7095] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 121.669448][ T7085] veth1_vlan: entered promiscuous mode [ 121.739062][ T7081] veth1_vlan: entered promiscuous mode [ 121.939677][ T7081] veth0_macvtap: entered promiscuous mode [ 121.984394][ T7084] 8021q: adding VLAN 0 to HW filter on device bond0 [ 122.001776][ T6434] IPVS: stop unused estimator thread 0... [ 122.018770][ T7081] veth1_macvtap: entered promiscuous mode [ 122.056188][ T7085] veth0_macvtap: entered promiscuous mode [ 122.062620][ T6434] IPVS: stop unused estimator thread 0... [ 122.137752][ T7085] veth1_macvtap: entered promiscuous mode [ 122.184428][ T7084] 8021q: adding VLAN 0 to HW filter on device team0 [ 122.199179][ T7081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.211852][ T7081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.222309][ T7081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.235411][ T7081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.255216][ T7081] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 122.288490][ T7081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.300641][ T7081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.311109][ T7081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.322540][ T7081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.334537][ T7081] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 122.351406][ T7081] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.360720][ T7081] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.370287][ T7081] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.379389][ T7081] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.409041][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.416222][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.432766][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.440127][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.451956][ T7087] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 122.473818][ T7085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.484549][ T7085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.495876][ T7085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.506685][ T7085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.517641][ T7085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.528430][ T7085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.539671][ T7085] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 122.564762][ T7085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.580440][ T7085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.590301][ T7085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.601582][ T7085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.611611][ T7085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.622194][ T7085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.633922][ T7085] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 122.644364][ T7095] 8021q: adding VLAN 0 to HW filter on device bond0 [ 122.684564][ T7085] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.697349][ T7085] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.706865][ T7085] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.715799][ T7085] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.779043][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.797130][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.820743][ T7095] 8021q: adding VLAN 0 to HW filter on device team0 [ 122.856883][ T7087] veth0_vlan: entered promiscuous mode [ 122.872564][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.879716][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.920017][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.927117][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.947158][ T7087] veth1_vlan: entered promiscuous mode [ 122.956986][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.964845][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.024791][ T7095] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 123.037084][ T7095] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 123.076691][ T6434] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.112345][ T6434] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.181813][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.222299][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.237018][ T7087] veth0_macvtap: entered promiscuous mode [ 123.246021][ T7087] veth1_macvtap: entered promiscuous mode [ 123.261648][ T7087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.272311][ T7087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.282949][ T7087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.294225][ T7087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.304247][ T7087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.314766][ T7087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.324764][ T7087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.335737][ T7087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.347113][ T7087] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 123.357551][ T7087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.368594][ T7087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.378812][ T7087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.389589][ T7087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.400334][ T7087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.411472][ T7087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.421533][ T7087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.432136][ T7087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.443384][ T7087] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 123.454452][ T7087] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.463373][ T7087] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.472432][ T7087] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.481408][ T7087] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.609032][ T7084] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 123.729349][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.744695][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.764261][ T7095] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 123.884967][ T7084] veth0_vlan: entered promiscuous mode [ 123.912421][ T6450] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.942012][ T6450] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.950345][ T7233] netlink: 28 bytes leftover after parsing attributes in process `syz.1.527'. [ 123.973542][ T7084] veth1_vlan: entered promiscuous mode [ 124.042543][ T12] tipc: Subscription rejected, illegal request [ 124.072838][ T7084] veth0_macvtap: entered promiscuous mode [ 124.100689][ T7238] FAULT_INJECTION: forcing a failure. [ 124.100689][ T7238] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 124.113320][ T7084] veth1_macvtap: entered promiscuous mode [ 124.136320][ T7238] CPU: 0 UID: 0 PID: 7238 Comm: syz.3.525 Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 124.146614][ T7238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 124.152342][ T7235] netlink: 8 bytes leftover after parsing attributes in process `syz.0.529'. [ 124.156756][ T7238] Call Trace: [ 124.156769][ T7238] [ 124.156778][ T7238] dump_stack_lvl+0x241/0x360 [ 124.156811][ T7238] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.156836][ T7238] ? __pfx__printk+0x10/0x10 [ 124.182593][ T7084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.186211][ T7238] ? __pfx_lock_release+0x10/0x10 [ 124.186252][ T7238] should_fail_ex+0x3b0/0x4e0 [ 124.186282][ T7238] _copy_from_user+0x2f/0xe0 [ 124.211053][ T7238] copy_msghdr_from_user+0xae/0x680 [ 124.216260][ T7238] ? __pfx___might_resched+0x10/0x10 [ 124.221547][ T7238] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 124.227443][ T7238] ? rcu_is_watching+0x15/0xb0 [ 124.232200][ T7238] ? __might_fault+0xaa/0x120 [ 124.236874][ T7238] __sys_sendmmsg+0x36d/0x730 [ 124.241552][ T7238] ? __pfx___sys_sendmmsg+0x10/0x10 [ 124.246839][ T7238] ? __pfx_lock_release+0x10/0x10 [ 124.251864][ T7238] ? kstrtouint_from_user+0x128/0x190 [ 124.257353][ T7238] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 124.263246][ T7238] ? ksys_write+0x229/0x2b0 [ 124.267755][ T7238] ? __pfx_lock_release+0x10/0x10 [ 124.272789][ T7238] ? vfs_write+0x7bf/0xc90 [ 124.277215][ T7238] ? kmem_cache_free+0x1a2/0x420 [ 124.282170][ T7238] ? __mutex_unlock_slowpath+0x21d/0x750 [ 124.287818][ T7238] ? __fget_files+0x3f3/0x470 [ 124.292532][ T7238] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 124.298531][ T7238] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 124.304868][ T7238] ? do_syscall_64+0x100/0x230 [ 124.309739][ T7238] __x64_sys_sendmmsg+0xa0/0xb0 [ 124.314616][ T7238] do_syscall_64+0xf3/0x230 [ 124.319128][ T7238] ? clear_bhb_loop+0x35/0x90 [ 124.323806][ T7238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.329703][ T7238] RIP: 0033:0x7ff37137dff9 [ 124.334119][ T7238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.353740][ T7238] RSP: 002b:00007ff37208e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 124.362181][ T7238] RAX: ffffffffffffffda RBX: 00007ff371535f80 RCX: 00007ff37137dff9 [ 124.370160][ T7238] RDX: 0000000004000070 RSI: 0000000020003b80 RDI: 0000000000000005 [ 124.378122][ T7238] RBP: 00007ff37208e090 R08: 0000000000000000 R09: 0000000000000000 [ 124.386089][ T7238] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000002 [ 124.394051][ T7238] R13: 0000000000000000 R14: 00007ff371535f80 R15: 00007fff1771cbb8 [ 124.402057][ T7238] [ 124.445587][ T7084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.455732][ T7084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.477858][ T7084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.488000][ T7084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.498586][ T7084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.508501][ T7084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.519768][ T7084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.530265][ T7084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.540809][ T7084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.552256][ T7084] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 124.562756][ T7084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.573502][ T7084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.580464][ T7246] tipc: Failed to remove unknown binding: 66,1,1/0:4159655755/4159655757 [ 124.583453][ T7084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.602323][ T7084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.612802][ T7084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.624153][ T7084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.634146][ T7084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.644662][ T7084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.655471][ T7084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 124.663657][ T7246] tipc: Failed to remove unknown binding: 66,1,1/0:4159655755/4159655757 [ 124.666021][ T7084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.686291][ T7084] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.695567][ T7246] tipc: Failed to remove unknown binding: 66,1,1/0:4159655755/4159655757 [ 124.737824][ T7084] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.747647][ T7084] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.756475][ T7084] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.765190][ T7084] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.944055][ T7095] veth0_vlan: entered promiscuous mode [ 124.978312][ T2581] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.005895][ T2581] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.032621][ T7095] veth1_vlan: entered promiscuous mode [ 125.104902][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.128957][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.139011][ T7095] veth0_macvtap: entered promiscuous mode [ 125.150507][ T7261] netlink: 'syz.3.535': attribute type 9 has an invalid length. [ 125.189688][ T7095] veth1_macvtap: entered promiscuous mode [ 125.261935][ T7095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 125.273684][ T7095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.283668][ T7095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 125.295645][ T7095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.305577][ T7095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 125.316794][ T7095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.326986][ T7095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 125.338208][ T7095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.349355][ T7095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 125.360168][ T7095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.370527][ T7095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 125.381550][ T7095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.392772][ T7095] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 125.416737][ T7095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 125.456008][ T7095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.495712][ T7095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 125.522188][ T7095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.538594][ T7095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 125.550059][ T7095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.560719][ T7095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 125.571704][ T7095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.583134][ T7095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 125.595392][ T7095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.607753][ T7095] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 125.618557][ T7095] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.631917][ T7095] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 125.737054][ T7095] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.759898][ T7095] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.774809][ T7095] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.795982][ T7095] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 126.138144][ T7293] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 126.162533][ T7293] netlink: 8 bytes leftover after parsing attributes in process `syz.0.546'. [ 127.564008][ T7304] netlink: 12 bytes leftover after parsing attributes in process `syz.2.549'. [ 127.747064][ T6450] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.754928][ T6450] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.924822][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.944422][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.944489][ T7316] team0: entered promiscuous mode [ 127.953938][ T7313] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 127.964114][ T7316] team_slave_0: entered promiscuous mode [ 127.974493][ T7316] team_slave_1: entered promiscuous mode [ 127.987834][ T7320] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 128.032215][ T7314] team0: left promiscuous mode [ 128.038339][ T7314] team_slave_0: left promiscuous mode [ 128.044643][ T7314] team_slave_1: left promiscuous mode [ 128.336794][ T7330] syzkaller1: entered promiscuous mode [ 128.342329][ T7330] syzkaller1: entered allmulticast mode [ 128.522064][ T7351] veth0_vlan: left promiscuous mode [ 128.528789][ T7349] netlink: 4 bytes leftover after parsing attributes in process `syz.4.563'. [ 128.543202][ T7351] veth0_vlan: entered promiscuous mode [ 128.926450][ T7370] netlink: 8 bytes leftover after parsing attributes in process `syz.0.570'. [ 128.985594][ T7370] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 129.162046][ T7386] syzkaller1: entered promiscuous mode [ 129.173536][ T7386] syzkaller1: entered allmulticast mode [ 129.227367][ T7386] netlink: 4 bytes leftover after parsing attributes in process `syz.3.575'. [ 129.297034][ T7389] netlink: 4 bytes leftover after parsing attributes in process `syz.3.575'. [ 129.552788][ T7398] netlink: 'syz.1.580': attribute type 1 has an invalid length. [ 129.716645][ T7404] tun0: tun_chr_ioctl cmd 1074025675 [ 129.727456][ T7404] tun0: persist enabled [ 129.738221][ T7406] lo: entered promiscuous mode [ 129.748265][ T7403] tun0: tun_chr_ioctl cmd 1074025675 [ 129.775990][ T7403] tun0: persist enabled [ 129.831921][ T7406] lo: left promiscuous mode [ 129.848740][ T7413] netlink: 20 bytes leftover after parsing attributes in process `syz.3.584'. [ 130.234112][ T7430] team_slave_0: entered promiscuous mode [ 130.240113][ T7430] team_slave_1: entered promiscuous mode [ 130.288308][ T7430] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 130.324510][ T7430] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 130.412722][ T7452] netlink: 116 bytes leftover after parsing attributes in process `syz.2.593'. [ 130.705916][ T7462] netlink: 'syz.3.601': attribute type 64 has an invalid length. [ 130.765688][ T7462] netlink: 24 bytes leftover after parsing attributes in process `syz.3.601'. [ 130.778323][ T7462] netlink: 20 bytes leftover after parsing attributes in process `syz.3.601'. [ 130.860266][ T7473] netlink: 68 bytes leftover after parsing attributes in process `syz.4.602'. [ 130.926305][ T7475] netlink: 'syz.0.606': attribute type 1 has an invalid length. [ 130.972588][ T7476] netlink: 28 bytes leftover after parsing attributes in process `syz.0.606'. [ 130.992343][ T7480] netlink: 'syz.4.602': attribute type 10 has an invalid length. [ 130.995318][ T7475] netlink: 112860 bytes leftover after parsing attributes in process `syz.0.606'. [ 131.019112][ T7476] netlink: 28 bytes leftover after parsing attributes in process `syz.0.606'. [ 131.052298][ T7475] netlink: 'syz.0.606': attribute type 1 has an invalid length. [ 131.368587][ T7503] hsr0: entered promiscuous mode [ 131.513881][ T7514] netlink: 'syz.0.615': attribute type 1 has an invalid length. [ 131.867527][ T7527] netem: unknown loss type 0 [ 131.873972][ T7527] netem: change failed [ 131.929282][ T7531] netlink: 'syz.0.622': attribute type 9 has an invalid length. [ 131.970186][ T7535] netlink: 'syz.2.624': attribute type 9 has an invalid length. [ 132.186510][ T7549] netlink: 'syz.0.627': attribute type 11 has an invalid length. [ 132.218027][ T7549] netlink: 'syz.0.627': attribute type 11 has an invalid length. [ 132.604002][ T7564] xt_CT: You must specify a L4 protocol and not use inversions on it [ 133.047549][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.053995][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.495994][ T7598] netlink: 'syz.3.641': attribute type 3 has an invalid length. [ 133.851648][ T7614] netlink: 'syz.4.646': attribute type 4 has an invalid length. [ 134.017667][ T7625] netlink: 'syz.3.648': attribute type 10 has an invalid length. [ 134.076022][ T7625] syz_tun: entered promiscuous mode [ 134.117301][ T7625] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 144.146816][ T7652] netlink: 'syz.1.660': attribute type 1 has an invalid length. [ 144.185568][ T7652] __nla_validate_parse: 13 callbacks suppressed [ 144.185589][ T7652] netlink: 9352 bytes leftover after parsing attributes in process `syz.1.660'. [ 144.247237][ T7652] netlink: 'syz.1.660': attribute type 2 has an invalid length. [ 144.299946][ T7652] netlink: 'syz.1.660': attribute type 1 has an invalid length. [ 144.481574][ T4625] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 144.500039][ T4625] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 144.510969][ T4625] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 144.519272][ T4625] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 144.533118][ T4625] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 144.542558][ T4625] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 144.621269][ T7087] bond0: (slave syz_tun): Releasing backup interface [ 144.668544][ T4625] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 144.686035][ T7661] netlink: 16 bytes leftover after parsing attributes in process `syz.2.661'. [ 144.709550][ T7661] IPv6: NLM_F_CREATE should be specified when creating new route [ 144.717833][ T4625] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 144.733289][ T4625] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 144.737171][ T7663] netlink: 'syz.2.661': attribute type 1 has an invalid length. [ 144.792771][ T7663] netlink: 112860 bytes leftover after parsing attributes in process `syz.2.661'. [ 144.800153][ T4625] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 144.811244][ T7663] netlink: 'syz.2.661': attribute type 1 has an invalid length. [ 144.827854][ T4625] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 144.838498][ T4625] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 145.149308][ T7685] bond0: entered promiscuous mode [ 145.154403][ T7685] bond_slave_0: entered promiscuous mode [ 145.173223][ T7685] bond_slave_1: entered promiscuous mode [ 145.533217][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.564864][ T7684] bond0: left promiscuous mode [ 145.575767][ T7684] bond_slave_0: left promiscuous mode [ 145.582663][ T7684] bond_slave_1: left promiscuous mode [ 145.598104][ T7698] netlink: 56 bytes leftover after parsing attributes in process `syz.1.670'. [ 145.613140][ T7664] chnl_net:caif_netlink_parms(): no params data found [ 145.715180][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.762283][ T7704] netlink: 'syz.2.671': attribute type 3 has an invalid length. [ 145.774010][ T7668] chnl_net:caif_netlink_parms(): no params data found [ 145.781023][ T7704] netlink: 'syz.2.671': attribute type 1 has an invalid length. [ 145.781045][ T7704] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.671'. [ 145.848091][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.928949][ T7708] FAULT_INJECTION: forcing a failure. [ 145.928949][ T7708] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 145.955864][ T7708] CPU: 0 UID: 0 PID: 7708 Comm: syz.0.673 Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 145.966151][ T7708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 145.976231][ T7708] Call Trace: [ 145.979523][ T7708] [ 145.982470][ T7708] dump_stack_lvl+0x241/0x360 [ 145.987178][ T7708] ? __pfx_dump_stack_lvl+0x10/0x10 [ 145.992402][ T7708] ? __pfx__printk+0x10/0x10 [ 145.997025][ T7708] ? __pfx_lock_release+0x10/0x10 [ 146.002065][ T7708] should_fail_ex+0x3b0/0x4e0 [ 146.006743][ T7708] _copy_from_user+0x2f/0xe0 [ 146.011325][ T7708] copy_msghdr_from_user+0xae/0x680 [ 146.016528][ T7708] ? __pfx___might_resched+0x10/0x10 [ 146.021835][ T7708] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 146.027656][ T7708] ? rcu_is_watching+0x15/0xb0 [ 146.032411][ T7708] ? __might_fault+0xaa/0x120 [ 146.037083][ T7708] __sys_sendmmsg+0x36d/0x730 [ 146.041785][ T7708] ? __pfx___sys_sendmmsg+0x10/0x10 [ 146.046992][ T7708] ? __pfx_lock_release+0x10/0x10 [ 146.052012][ T7708] ? kstrtouint_from_user+0x128/0x190 [ 146.057388][ T7708] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 146.063307][ T7708] ? ksys_write+0x229/0x2b0 [ 146.067833][ T7708] ? __pfx_lock_release+0x10/0x10 [ 146.072889][ T7708] ? vfs_write+0x7bf/0xc90 [ 146.077327][ T7708] ? kmem_cache_free+0x1a2/0x420 [ 146.082363][ T7708] ? __mutex_unlock_slowpath+0x21d/0x750 [ 146.087988][ T7708] ? __fget_files+0x3f3/0x470 [ 146.092692][ T7708] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 146.098684][ T7708] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 146.105006][ T7708] ? do_syscall_64+0x100/0x230 [ 146.109775][ T7708] __x64_sys_sendmmsg+0xa0/0xb0 [ 146.114630][ T7708] do_syscall_64+0xf3/0x230 [ 146.119138][ T7708] ? clear_bhb_loop+0x35/0x90 [ 146.123843][ T7708] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.129758][ T7708] RIP: 0033:0x7f4e32b7dff9 [ 146.134203][ T7708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.153828][ T7708] RSP: 002b:00007f4e33a63038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 146.162257][ T7708] RAX: ffffffffffffffda RBX: 00007f4e32d35f80 RCX: 00007f4e32b7dff9 [ 146.170232][ T7708] RDX: 0000000004000070 RSI: 0000000020003b80 RDI: 0000000000000005 [ 146.178218][ T7708] RBP: 00007f4e33a63090 R08: 0000000000000000 R09: 0000000000000000 [ 146.186186][ T7708] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000002 [ 146.194151][ T7708] R13: 0000000000000000 R14: 00007f4e32d35f80 R15: 00007ffc8540b518 [ 146.202154][ T7708] [ 146.237267][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.273210][ T7710] netlink: 'syz.2.674': attribute type 322 has an invalid length. [ 146.323570][ T7664] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.332161][ T7664] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.342327][ T7664] bridge_slave_0: entered allmulticast mode [ 146.366879][ T7664] bridge_slave_0: entered promiscuous mode [ 146.414784][ T7664] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.436842][ T7664] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.444383][ T7664] bridge_slave_1: entered allmulticast mode [ 146.451834][ T7664] bridge_slave_1: entered promiscuous mode [ 146.459536][ T7724] bond0: entered promiscuous mode [ 146.465422][ T7724] bond_slave_0: entered promiscuous mode [ 146.471554][ T7724] bond_slave_1: entered promiscuous mode [ 146.508217][ T7668] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.516754][ T7668] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.523934][ T7668] bridge_slave_0: entered allmulticast mode [ 146.544481][ T7668] bridge_slave_0: entered promiscuous mode [ 146.554385][ T7726] netlink: 'syz.2.677': attribute type 11 has an invalid length. [ 146.624321][ T7733] IPVS: set_ctl: invalid protocol: 29 255.255.255.255:20003 [ 146.648432][ T4625] Bluetooth: hci0: command tx timeout [ 146.737029][ T7668] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.766444][ T7668] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.786311][ T7668] bridge_slave_1: entered allmulticast mode [ 146.793354][ T7668] bridge_slave_1: entered promiscuous mode [ 146.827825][ T7737] netlink: 112 bytes leftover after parsing attributes in process `syz.0.680'. [ 146.873101][ T7664] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 146.885813][ T4625] Bluetooth: hci2: command tx timeout [ 146.898555][ T7722] bond0: left promiscuous mode [ 146.911594][ T7722] bond_slave_0: left promiscuous mode [ 146.922125][ T7722] bond_slave_1: left promiscuous mode [ 146.963303][ T7664] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 146.973419][ T7738] netlink: 'syz.2.681': attribute type 2 has an invalid length. [ 147.044953][ T7668] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.062341][ T7668] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 147.090167][ T7741] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 147.241069][ T7668] team0: Port device team_slave_0 added [ 147.274486][ T7664] team0: Port device team_slave_0 added [ 147.289113][ T7748] netlink: 12 bytes leftover after parsing attributes in process `syz.1.684'. [ 147.309784][ T7664] team0: Port device team_slave_1 added [ 147.380122][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.426170][ T7668] team0: Port device team_slave_1 added [ 147.513079][ T7668] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 147.535722][ T7668] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.589276][ T7668] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 147.621536][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.673087][ T7668] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 147.682817][ T7668] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.736014][ T7668] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 147.788105][ T7664] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 147.804713][ T7664] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.835835][ T7664] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 147.859837][ T7763] IPv6: sit1: Disabled Multicast RS [ 147.887899][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.969437][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.010045][ T7769] bond0: entered promiscuous mode [ 148.016946][ T7769] bond_slave_0: entered promiscuous mode [ 148.022733][ T7769] bond_slave_1: entered promiscuous mode [ 148.030567][ T7664] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 148.038836][ T7664] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.070241][ T7664] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 148.101941][ T7668] hsr_slave_0: entered promiscuous mode [ 148.109814][ T7668] hsr_slave_1: entered promiscuous mode [ 148.129723][ T7765] netlink: 8 bytes leftover after parsing attributes in process `syz.1.689'. [ 148.259425][ T7768] bond0: left promiscuous mode [ 148.267484][ T7780] netlink: 20 bytes leftover after parsing attributes in process `syz.2.692'. [ 148.281301][ T7768] bond_slave_0: left promiscuous mode [ 148.289282][ T7768] bond_slave_1: left promiscuous mode [ 148.456590][ T7785] netlink: 'syz.2.694': attribute type 11 has an invalid length. [ 148.737441][ T4625] Bluetooth: hci0: command tx timeout [ 148.975734][ T4625] Bluetooth: hci2: command tx timeout [ 150.017322][ T7664] hsr_slave_0: entered promiscuous mode [ 150.036099][ T7664] hsr_slave_1: entered promiscuous mode [ 150.047922][ T7664] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 150.075489][ T7664] Cannot create hsr debugfs directory [ 150.266600][ T11] bridge_slave_1: left allmulticast mode [ 150.286429][ T11] bridge_slave_1: left promiscuous mode [ 150.292185][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.371119][ T7804] netlink: 24 bytes leftover after parsing attributes in process `syz.2.702'. [ 150.435264][ T7797] syz.0.700[7797] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 150.439410][ T7797] syz.0.700[7797] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 150.454930][ T11] bridge_slave_0: left allmulticast mode [ 150.494897][ T7797] syz.0.700[7797] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 150.504551][ T11] bridge_slave_0: left promiscuous mode [ 150.573444][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.669090][ T11] bridge_slave_1: left allmulticast mode [ 150.674793][ T11] bridge_slave_1: left promiscuous mode [ 150.715121][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.789776][ T11] bridge_slave_0: left allmulticast mode [ 150.808075][ T4625] Bluetooth: hci0: command tx timeout [ 150.816758][ T11] bridge_slave_0: left promiscuous mode [ 150.838259][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.057367][ T4625] Bluetooth: hci2: command tx timeout [ 152.887212][ T4625] Bluetooth: hci0: command tx timeout [ 153.125977][ T4625] Bluetooth: hci2: command tx timeout [ 154.773427][ T938] sched: DL replenish lagged too much [ 162.023748][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 162.037001][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 162.044795][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 162.054358][ T5247] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 162.062645][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 162.072480][ T5247] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 162.083695][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 162.095303][ T5247] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 162.103288][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 162.112136][ T5247] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 162.131680][ T5247] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 162.142859][ T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 162.150606][ T5247] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 162.167995][ T5246] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 162.180955][ T5246] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 162.189297][ T5246] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 162.211188][ T5246] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 162.219264][ T5246] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 164.165704][ T5246] Bluetooth: hci1: command tx timeout [ 164.245621][ T5232] Bluetooth: hci4: command tx timeout [ 164.253633][ T5246] Bluetooth: hci3: command tx timeout [ 166.249602][ T5246] Bluetooth: hci1: command tx timeout [ 166.326365][ T5246] Bluetooth: hci3: command tx timeout [ 166.331858][ T5246] Bluetooth: hci4: command tx timeout [ 168.325526][ T5246] Bluetooth: hci1: command tx timeout [ 168.408643][ T5232] Bluetooth: hci3: command tx timeout [ 168.416205][ T5246] Bluetooth: hci4: command tx timeout [ 170.405611][ T5246] Bluetooth: hci1: command tx timeout [ 170.485589][ T5232] Bluetooth: hci3: command tx timeout [ 170.492852][ T5246] Bluetooth: hci4: command tx timeout [ 194.511008][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.524075][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 206.216349][ T5232] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 206.227370][ T5232] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 206.236631][ T5232] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 206.246202][ T5232] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 206.264613][ T5232] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 206.272997][ T5232] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 206.313893][ T5246] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 206.323314][ T5246] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 206.334724][ T5246] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 206.342925][ T5246] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 206.354937][ T5246] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 206.363385][ T5246] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 208.325761][ T5246] Bluetooth: hci7: command tx timeout [ 208.408326][ T5246] Bluetooth: hci9: command tx timeout [ 210.411400][ T5246] Bluetooth: hci7: command tx timeout [ 210.485781][ T5246] Bluetooth: hci9: command tx timeout [ 212.485688][ T5246] Bluetooth: hci7: command tx timeout [ 212.566498][ T5246] Bluetooth: hci9: command tx timeout [ 214.565594][ T5246] Bluetooth: hci7: command tx timeout [ 214.645616][ T5246] Bluetooth: hci9: command tx timeout [ 222.526957][ T5232] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 222.539117][ T5232] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 222.547502][ T5232] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 222.556495][ T5232] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 222.564264][ T5232] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 222.575741][ T5232] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 222.624427][ T5246] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 222.637112][ T5246] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 222.646301][ T5246] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 222.655972][ T5246] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 222.663683][ T5246] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 222.671210][ T5246] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 222.718576][ T5246] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 222.728129][ T5246] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 222.740321][ T5246] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 222.748405][ T5246] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 222.756453][ T5246] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 222.763882][ T5246] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 224.648033][ T5246] Bluetooth: hci10: command tx timeout [ 224.725702][ T5246] Bluetooth: hci11: command tx timeout [ 224.806501][ T5246] Bluetooth: hci12: command tx timeout [ 226.730122][ T5246] Bluetooth: hci10: command tx timeout [ 226.805593][ T5246] Bluetooth: hci11: command tx timeout [ 226.885961][ T5246] Bluetooth: hci12: command tx timeout [ 228.805659][ T5246] Bluetooth: hci10: command tx timeout [ 228.887310][ T5246] Bluetooth: hci11: command tx timeout [ 228.966046][ T5246] Bluetooth: hci12: command tx timeout [ 230.885639][ T5246] Bluetooth: hci10: command tx timeout [ 230.965646][ T5246] Bluetooth: hci11: command tx timeout [ 231.046491][ T5246] Bluetooth: hci12: command tx timeout [ 237.545573][ T5244] Bluetooth: hci5: command 0x0406 tx timeout [ 237.551769][ T4625] Bluetooth: hci8: command 0x0406 tx timeout [ 237.558705][ T54] Bluetooth: hci6: command 0x0406 tx timeout [ 255.947510][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.953891][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 268.259031][ T5232] Bluetooth: hci2: command 0x0406 tx timeout [ 268.265104][ T5232] Bluetooth: hci0: command 0x0406 tx timeout [ 269.276019][ T5246] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 269.285230][ T5246] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 269.293480][ T5246] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 269.302280][ T5246] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 269.311390][ T5246] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 269.319135][ T5246] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 269.400945][ T5247] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 269.416446][ T5247] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 269.425661][ T5247] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 269.433913][ T5247] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 269.441708][ T5247] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 269.450301][ T5247] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 271.366419][ T5247] Bluetooth: hci13: command tx timeout [ 271.525905][ T5247] Bluetooth: hci14: command tx timeout [ 273.445583][ T5247] Bluetooth: hci13: command tx timeout [ 273.605878][ T5247] Bluetooth: hci14: command tx timeout [ 275.529294][ T5247] Bluetooth: hci13: command tx timeout [ 275.686696][ T5247] Bluetooth: hci14: command tx timeout [ 277.608858][ T5247] Bluetooth: hci13: command tx timeout [ 277.765825][ T5247] Bluetooth: hci14: command tx timeout [ 283.260592][ T5246] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 283.270548][ T5246] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 283.279724][ T5246] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 283.290387][ T5246] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 283.298276][ T5246] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 283.306594][ T5246] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 283.380716][ T5247] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 283.392522][ T5247] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 283.401325][ T5247] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 283.409493][ T5247] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 283.417272][ T5247] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3 [ 283.424654][ T5247] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 283.487470][ T5246] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 283.499149][ T5246] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 283.507153][ T5246] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 283.517114][ T5246] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 283.524899][ T5246] Bluetooth: hci17: unexpected cc 0x0c25 length: 249 > 3 [ 283.544399][ T5246] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 285.365682][ T5247] Bluetooth: hci15: command tx timeout [ 285.526685][ T5246] Bluetooth: hci16: command tx timeout [ 285.605927][ T5246] Bluetooth: hci17: command tx timeout [ 287.446339][ T5246] Bluetooth: hci15: command tx timeout [ 287.605912][ T5246] Bluetooth: hci16: command tx timeout [ 287.686615][ T5246] Bluetooth: hci17: command tx timeout [ 288.743268][ T5246] Bluetooth: hci4: command 0x0406 tx timeout [ 288.749441][ T54] Bluetooth: hci1: command 0x0406 tx timeout [ 288.755557][ T5244] Bluetooth: hci3: command 0x0406 tx timeout [ 289.525693][ T5247] Bluetooth: hci15: command tx timeout [ 289.686166][ T5247] Bluetooth: hci16: command tx timeout [ 289.765732][ T5247] Bluetooth: hci17: command tx timeout [ 291.605649][ T5247] Bluetooth: hci15: command tx timeout [ 291.769440][ T5247] Bluetooth: hci16: command tx timeout [ 291.845724][ T5247] Bluetooth: hci17: command tx timeout [ 294.965779][ T30] INFO: task kworker/u8:0:11 blocked for more than 143 seconds. [ 294.973472][ T30] Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 294.992998][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 295.003315][ T30] task:kworker/u8:0 state:D stack:20088 pid:11 tgid:11 ppid:2 flags:0x00004000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 295.025387][ T30] Workqueue: netns cleanup_net [ 295.036506][ T30] Call Trace: [ 295.039839][ T30] [ 295.042793][ T30] __schedule+0x1895/0x4b30 [ 295.085565][ T30] ? __pfx___schedule+0x10/0x10 [ 295.090486][ T30] ? __pfx_lock_release+0x10/0x10 [ 295.200325][ T30] ? kthread_data+0x52/0xd0 [ 295.204908][ T30] ? wq_worker_sleeping+0x66/0x240 [ 295.238111][ T30] ? schedule+0x90/0x320 [ 295.242419][ T30] schedule+0x14b/0x320 [ 295.285605][ T30] schedule_timeout+0xb0/0x310 [ 295.290443][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 295.336241][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 295.342304][ T30] ? wait_for_completion+0x2fe/0x620 [ 295.396118][ T30] ? wait_for_completion+0x2fe/0x620 [ 295.401473][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 295.439846][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 295.445120][ T30] ? wait_for_completion+0x2fe/0x620 [ 295.486306][ T30] wait_for_completion+0x355/0x620 [ 295.491509][ T30] ? __pfx_wait_for_completion+0x10/0x10 [ 295.533131][ T30] ? __flush_work+0xe7/0xc50 [ 295.546323][ T30] __flush_work+0xa37/0xc50 [ 295.550879][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 295.576280][ T30] ? __flush_work+0xe7/0xc50 [ 295.580933][ T30] ? __pfx___flush_work+0x10/0x10 [ 295.611358][ T30] ? __pfx_wq_barrier_func+0x10/0x10 [ 295.625481][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 295.631855][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 295.666398][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 295.671663][ T30] unregister_netdevice_many_notify+0x87b/0x1da0 [ 295.696345][ T30] ? net_generic+0x1f/0x240 [ 295.700906][ T30] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 295.733317][ T30] ? unregister_netdevice_queue+0x26b/0x370 [ 295.754144][ T30] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 295.765564][ T30] ? nexthop_net_exit_batch_rtnl+0x100/0x150 [ 295.771592][ T30] cleanup_net+0x75d/0xcc0 [ 295.792473][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 295.805474][ T30] ? process_scheduled_works+0x976/0x1850 [ 295.811238][ T30] process_scheduled_works+0xa63/0x1850 [ 295.828966][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 295.834997][ T30] ? assign_work+0x364/0x3d0 [ 295.846218][ T30] worker_thread+0x870/0xd30 [ 295.851274][ T30] ? __kthread_parkme+0x169/0x1d0 [ 295.865380][ T30] ? __pfx_worker_thread+0x10/0x10 [ 295.870534][ T30] kthread+0x2f0/0x390 [ 295.874617][ T30] ? __pfx_worker_thread+0x10/0x10 [ 295.890104][ T30] ? __pfx_kthread+0x10/0x10 [ 295.894730][ T30] ret_from_fork+0x4b/0x80 [ 295.903668][ T30] ? __pfx_kthread+0x10/0x10 [ 295.914595][ T30] ret_from_fork_asm+0x1a/0x30 [ 295.919705][ T30] [ 295.926242][ T30] INFO: task kworker/u8:10:2939 blocked for more than 144 seconds. [ 295.949493][ T30] Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 295.962988][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 295.975531][ T30] task:kworker/u8:10 state:D stack:20920 pid:2939 tgid:2939 ppid:2 flags:0x00004000 [ 295.996563][ T30] Workqueue: events_unbound linkwatch_event [ 296.002514][ T30] Call Trace: [ 296.014789][ T30] [ 296.017983][ T30] __schedule+0x1895/0x4b30 [ 296.022540][ T30] ? __pfx___schedule+0x10/0x10 [ 296.039983][ T30] ? __pfx_lock_release+0x10/0x10 [ 296.045072][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 296.051764][ T30] ? kthread_data+0x52/0xd0 [ 296.069324][ T30] ? schedule+0x90/0x320 [ 296.073704][ T30] ? wq_worker_sleeping+0x66/0x240 [ 296.094425][ T30] ? schedule+0x90/0x320 [ 296.105324][ T30] schedule+0x14b/0x320 [ 296.109527][ T30] schedule_preempt_disabled+0x13/0x30 [ 296.115010][ T30] __mutex_lock+0x6a7/0xd70 [ 296.130235][ T30] ? __mutex_lock+0x52a/0xd70 [ 296.141381][ T30] ? linkwatch_event+0xe/0x60 [ 296.152724][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 296.163264][ T30] ? process_scheduled_works+0x976/0x1850 [ 296.176243][ T30] linkwatch_event+0xe/0x60 [ 296.180810][ T30] process_scheduled_works+0xa63/0x1850 [ 296.195438][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 296.201500][ T30] ? assign_work+0x364/0x3d0 [ 296.216254][ T30] worker_thread+0x870/0xd30 [ 296.220922][ T30] ? __kthread_parkme+0x169/0x1d0 [ 296.234730][ T30] ? __pfx_worker_thread+0x10/0x10 [ 296.241512][ T30] kthread+0x2f0/0x390 [ 296.255382][ T30] ? __pfx_worker_thread+0x10/0x10 [ 296.260944][ T30] ? __pfx_kthread+0x10/0x10 [ 296.275409][ T30] ret_from_fork+0x4b/0x80 [ 296.279957][ T30] ? __pfx_kthread+0x10/0x10 [ 296.284576][ T30] ret_from_fork_asm+0x1a/0x30 [ 296.300049][ T30] [ 296.303191][ T30] INFO: task kworker/0:3:5273 blocked for more than 144 seconds. [ 296.315449][ T30] Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 296.322766][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 296.351101][ T30] task:kworker/0:3 state:D stack:22224 pid:5273 tgid:5273 ppid:2 flags:0x00004000 [ 296.365510][ T30] Workqueue: events switchdev_deferred_process_work [ 296.372244][ T30] Call Trace: [ 296.386221][ T30] [ 296.389202][ T30] __schedule+0x1895/0x4b30 [ 296.393736][ T30] ? try_to_wake_up+0x971/0x1480 [ 296.409408][ T30] ? schedule+0x90/0x320 [ 296.413727][ T30] ? __pfx___schedule+0x10/0x10 [ 296.425443][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 296.431471][ T30] ? __pfx_lock_release+0x10/0x10 [ 296.448782][ T30] ? kick_pool+0x45c/0x620 [ 296.453356][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 296.464434][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 296.474439][ T30] ? schedule+0x90/0x320 [ 296.484007][ T30] schedule+0x14b/0x320 [ 296.495557][ T30] schedule_preempt_disabled+0x13/0x30 [ 296.501068][ T30] __mutex_lock+0x6a7/0xd70 [ 296.517555][ T30] ? __mutex_lock+0x52a/0xd70 [ 296.522278][ T30] ? switchdev_deferred_process_work+0xe/0x20 [ 296.539615][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 296.553267][ T30] ? process_scheduled_works+0x976/0x1850 [ 296.562678][ T30] switchdev_deferred_process_work+0xe/0x20 [ 296.583914][ T30] process_scheduled_works+0xa63/0x1850 [ 296.589809][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 296.605458][ T30] ? assign_work+0x364/0x3d0 [ 296.610107][ T30] worker_thread+0x870/0xd30 [ 296.614749][ T30] ? __kthread_parkme+0x169/0x1d0 [ 296.630098][ T30] ? __pfx_worker_thread+0x10/0x10 [ 296.640907][ T30] kthread+0x2f0/0x390 [ 296.654119][ T30] ? __pfx_worker_thread+0x10/0x10 [ 296.660382][ T30] ? __pfx_kthread+0x10/0x10 [ 296.665013][ T30] ret_from_fork+0x4b/0x80 [ 296.679960][ T30] ? __pfx_kthread+0x10/0x10 [ 296.684607][ T30] ret_from_fork_asm+0x1a/0x30 [ 296.694771][ T30] [ 296.698097][ T30] INFO: task syz-executor:7664 blocked for more than 145 seconds. [ 296.716086][ T30] Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 296.723410][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 296.743798][ T30] task:syz-executor state:D stack:21728 pid:7664 tgid:7664 ppid:1 flags:0x00004004 [ 296.765380][ T30] Call Trace: [ 296.768698][ T30] [ 296.773738][ T30] __schedule+0x1895/0x4b30 [ 296.785385][ T30] ? __pfx___schedule+0x10/0x10 [ 296.790283][ T30] ? __pfx_lock_release+0x10/0x10 [ 296.805115][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 296.811476][ T30] ? schedule+0x90/0x320 [ 296.820798][ T30] schedule+0x14b/0x320 [ 296.825004][ T30] schedule_preempt_disabled+0x13/0x30 [ 296.840595][ T30] __mutex_lock+0x6a7/0xd70 [ 296.845151][ T30] ? __mutex_lock+0x52a/0xd70 [ 296.855507][ T30] ? rtnetlink_rcv_msg+0x6e6/0xcf0 [ 296.860666][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 296.875499][ T30] rtnetlink_rcv_msg+0x6e6/0xcf0 [ 296.881061][ T30] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 296.896259][ T30] ? __lock_acquire+0x1384/0x2050 [ 296.901339][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 296.916694][ T30] netlink_rcv_skb+0x1e3/0x430 [ 296.921505][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 296.928384][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 296.933731][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 296.948870][ T30] netlink_unicast+0x7f6/0x990 [ 296.962072][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 296.972215][ T30] ? __virt_addr_valid+0x183/0x530 [ 296.983701][ T30] ? __check_object_size+0x48e/0x900 [ 296.994336][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 297.004910][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 297.014650][ T30] ? aa_sock_msg_perm+0x91/0x160 [ 297.025375][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 297.030702][ T30] __sock_sendmsg+0x221/0x270 [ 297.042369][ T30] __sys_sendto+0x39b/0x4f0 [ 297.051171][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 297.064852][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 297.074304][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 297.092048][ T30] __x64_sys_sendto+0xde/0x100 [ 297.099357][ T30] do_syscall_64+0xf3/0x230 [ 297.103903][ T30] ? clear_bhb_loop+0x35/0x90 [ 297.115509][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.121456][ T30] RIP: 0033:0x7f18d617fe8c [ 297.145779][ T30] RSP: 002b:00007ffff49fc970 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 297.154263][ T30] RAX: ffffffffffffffda RBX: 00007f18d6e64620 RCX: 00007f18d617fe8c [ 297.173967][ T30] RDX: 000000000000004c RSI: 00007f18d6e64670 RDI: 0000000000000003 [ 297.183948][ T30] RBP: 0000000000000000 R08: 00007ffff49fc9c4 R09: 000000000000000c [ 297.203039][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 297.215476][ T30] R13: 0000000000000000 R14: 00007f18d6e64670 R15: 0000000000000000 [ 297.223514][ T30] [ 297.235525][ T30] INFO: task syz-executor:7668 blocked for more than 145 seconds. [ 297.243369][ T30] Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 297.262735][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 297.279830][ T30] task:syz-executor state:D stack:21728 pid:7668 tgid:7668 ppid:1 flags:0x00000004 [ 297.301513][ T30] Call Trace: [ 297.304829][ T30] [ 297.311236][ T30] __schedule+0x1895/0x4b30 [ 297.318017][ T30] ? __pfx___schedule+0x10/0x10 [ 297.322927][ T30] ? __pfx_lock_release+0x10/0x10 [ 297.342248][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 297.355405][ T30] ? schedule+0x90/0x320 [ 297.359920][ T30] schedule+0x14b/0x320 [ 297.366744][ T30] schedule_preempt_disabled+0x13/0x30 [ 297.372246][ T30] __mutex_lock+0x6a7/0xd70 [ 297.391817][ T30] ? __mutex_lock+0x52a/0xd70 [ 297.400107][ T30] ? rtnetlink_rcv_msg+0x6e6/0xcf0 [ 297.412821][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 297.418153][ T30] rtnetlink_rcv_msg+0x6e6/0xcf0 [ 297.423127][ T30] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 297.439126][ T30] ? __lock_acquire+0x1384/0x2050 [ 297.444206][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 297.455497][ T30] netlink_rcv_skb+0x1e3/0x430 [ 297.460318][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 297.478018][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 297.483383][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 297.499860][ T30] netlink_unicast+0x7f6/0x990 [ 297.504683][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 297.515387][ T30] ? __virt_addr_valid+0x183/0x530 [ 297.520628][ T30] ? __check_object_size+0x48e/0x900 [ 297.543522][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 297.548731][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 297.554062][ T30] ? aa_sock_msg_perm+0x91/0x160 [ 297.571996][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 297.581789][ T30] __sock_sendmsg+0x221/0x270 [ 297.593666][ T30] __sys_sendto+0x39b/0x4f0 [ 297.598346][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 297.603423][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 297.621656][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 297.632599][ T30] __x64_sys_sendto+0xde/0x100 [ 297.642926][ T30] do_syscall_64+0xf3/0x230 [ 297.648553][ T30] ? clear_bhb_loop+0x35/0x90 [ 297.653269][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.670916][ T30] RIP: 0033:0x7fc8ed57fe8c [ 297.681824][ T30] RSP: 002b:00007ffd1e22a5a0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 297.701341][ T30] RAX: ffffffffffffffda RBX: 00007fc8ee264620 RCX: 00007fc8ed57fe8c [ 297.713584][ T30] RDX: 0000000000000058 RSI: 00007fc8ee264670 RDI: 0000000000000003 [ 297.725489][ T30] RBP: 0000000000000000 R08: 00007ffd1e22a5f4 R09: 000000000000000c [ 297.733581][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 297.751964][ T30] R13: 0000000000000000 R14: 00007fc8ee264670 R15: 0000000000000000 [ 297.762262][ T30] [ 297.775504][ T30] INFO: task syz.1.701:7802 blocked for more than 146 seconds. [ 297.783081][ T30] Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 297.801365][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 297.814990][ T30] task:syz.1.701 state:D stack:27296 pid:7802 tgid:7801 ppid:7081 flags:0x00000004 [ 297.836478][ T30] Call Trace: [ 297.839785][ T30] [ 297.842732][ T30] __schedule+0x1895/0x4b30 [ 297.855105][ T30] ? __pfx___schedule+0x10/0x10 [ 297.863050][ T30] ? __pfx_lock_release+0x10/0x10 [ 297.873152][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 297.886293][ T30] ? schedule+0x90/0x320 [ 297.890583][ T30] schedule+0x14b/0x320 [ 297.894765][ T30] schedule_preempt_disabled+0x13/0x30 [ 297.910126][ T30] __mutex_lock+0x6a7/0xd70 [ 297.914676][ T30] ? __mutex_lock+0x52a/0xd70 [ 297.924938][ T30] ? packet_mc_add+0x28/0x950 [ 297.935388][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 297.940452][ T30] ? __pfx___might_resched+0x10/0x10 [ 297.955344][ T30] ? __might_fault+0xaa/0x120 [ 297.960062][ T30] ? __pfx_lock_release+0x10/0x10 [ 297.965118][ T30] packet_mc_add+0x28/0x950 [ 297.981211][ T30] ? __might_fault+0xc6/0x120 [ 297.991539][ T30] packet_setsockopt+0x104f/0x1970 [ 298.001595][ T30] ? __pfx_packet_setsockopt+0x10/0x10 [ 298.013952][ T30] ? aa_sk_perm+0x96d/0xab0 [ 298.022964][ T30] ? __pfx_aa_sk_perm+0x10/0x10 [ 298.033851][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 298.039823][ T30] ? __fget_files+0x29/0x470 [ 298.044443][ T30] ? aa_sock_opt_perm+0x79/0x120 [ 298.059622][ T30] ? __pfx_packet_setsockopt+0x10/0x10 [ 298.065124][ T30] do_sock_setsockopt+0x3af/0x720 [ 298.075517][ T30] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 298.085975][ T30] ? __fget_files+0x29/0x470 [ 298.090700][ T30] ? __fget_files+0x3f3/0x470 [ 298.105466][ T30] ? __fget_files+0x29/0x470 [ 298.111879][ T30] __sys_setsockopt+0x1a2/0x250 [ 298.124677][ T30] __x64_sys_setsockopt+0xb5/0xd0 [ 298.130776][ T30] do_syscall_64+0xf3/0x230 [ 298.145441][ T30] ? clear_bhb_loop+0x35/0x90 [ 298.150170][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.175243][ T30] RIP: 0033:0x7fba9df7dff9 [ 298.186192][ T30] RSP: 002b:00007fba9ee1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 298.194673][ T30] RAX: ffffffffffffffda RBX: 00007fba9e135f80 RCX: 00007fba9df7dff9 [ 298.216767][ T30] RDX: 0000000000000001 RSI: 0000000000000107 RDI: 0000000000000005 [ 298.224792][ T30] RBP: 00007fba9dff0296 R08: 0000000000000010 R09: 0000000000000000 [ 298.235433][ T30] R10: 00000000200001c0 R11: 0000000000000246 R12: 0000000000000000 [ 298.243447][ T30] R13: 0000000000000000 R14: 00007fba9e135f80 R15: 00007ffd7ade9a18 [ 298.263657][ T30] [ 298.270318][ T30] INFO: task syz.1.701:7805 blocked for more than 146 seconds. [ 298.290694][ T30] Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 298.302574][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 298.322881][ T30] task:syz.1.701 state:D stack:25248 pid:7805 tgid:7801 ppid:7081 flags:0x00000004 [ 298.343525][ T30] Call Trace: [ 298.346982][ T30] [ 298.349944][ T30] __schedule+0x1895/0x4b30 [ 298.354529][ T30] ? __pfx___schedule+0x10/0x10 [ 298.370185][ T30] ? __pfx_lock_release+0x10/0x10 [ 298.381650][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 298.393567][ T30] ? schedule+0x90/0x320 [ 298.404312][ T30] schedule+0x14b/0x320 [ 298.408901][ T30] schedule_preempt_disabled+0x13/0x30 [ 298.414398][ T30] __mutex_lock+0x6a7/0xd70 [ 298.434113][ T30] ? __mutex_lock+0x52a/0xd70 [ 298.440200][ T30] ? rtnetlink_rcv_msg+0x6e6/0xcf0 [ 298.454207][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 298.460304][ T30] rtnetlink_rcv_msg+0x6e6/0xcf0 [ 298.475481][ T30] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 298.480646][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 298.495485][ T30] ? ref_tracker_free+0x643/0x7e0 [ 298.500581][ T30] netlink_rcv_skb+0x1e3/0x430 [ 298.514992][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 298.522031][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 298.535522][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 298.540775][ T30] netlink_unicast+0x7f6/0x990 [ 298.555139][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 298.560748][ T30] ? __virt_addr_valid+0x183/0x530 [ 298.566381][ T30] ? __check_object_size+0x48e/0x900 [ 298.571716][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 298.592307][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 298.602286][ T30] ? aa_sock_msg_perm+0x91/0x160 [ 298.614739][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 298.624766][ T30] __sock_sendmsg+0x221/0x270 [ 298.634957][ T30] ____sys_sendmsg+0x52a/0x7e0 [ 298.640863][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 298.655487][ T30] __sys_sendmsg+0x292/0x380 [ 298.660125][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 298.675516][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 298.681892][ T30] ? do_syscall_64+0x100/0x230 [ 298.699050][ T30] ? do_syscall_64+0xb6/0x230 [ 298.703778][ T30] do_syscall_64+0xf3/0x230 [ 298.714941][ T30] ? clear_bhb_loop+0x35/0x90 [ 298.719936][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.735445][ T30] RIP: 0033:0x7fba9df7dff9 [ 298.739903][ T30] RSP: 002b:00007fba9edfb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 298.758701][ T30] RAX: ffffffffffffffda RBX: 00007fba9e136058 RCX: 00007fba9df7dff9 [ 298.773281][ T30] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 000000000000000e [ 298.784862][ T30] RBP: 00007fba9dff0296 R08: 0000000000000000 R09: 0000000000000000 [ 298.805624][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 298.813646][ T30] R13: 0000000000000000 R14: 00007fba9e136058 R15: 00007ffd7ade9a18 [ 298.834385][ T30] [ 298.837759][ T30] INFO: task syz.2.703:7811 blocked for more than 147 seconds. [ 298.855476][ T30] Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 298.862794][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 298.881912][ T30] task:syz.2.703 state:D stack:26880 pid:7811 tgid:7809 ppid:7084 flags:0x00004004 [ 298.904078][ T30] Call Trace: [ 298.908301][ T30] [ 298.911260][ T30] __schedule+0x1895/0x4b30 [ 298.925383][ T30] ? __pfx___schedule+0x10/0x10 [ 298.930298][ T30] ? __pfx_lock_release+0x10/0x10 [ 298.945345][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 298.950854][ T30] ? schedule+0x90/0x320 [ 298.955123][ T30] schedule+0x14b/0x320 [ 298.969742][ T30] schedule_preempt_disabled+0x13/0x30 [ 298.975251][ T30] __mutex_lock+0x6a7/0xd70 [ 298.990012][ T30] ? __mutex_lock+0x52a/0xd70 [ 298.994728][ T30] ? rtnetlink_rcv_msg+0x6e6/0xcf0 [ 299.005404][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 299.010487][ T30] rtnetlink_rcv_msg+0x6e6/0xcf0 [ 299.026501][ T30] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 299.031666][ T30] ? rcu_preempt_deferred_qs_irqrestore+0x87b/0xc70 [ 299.047780][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 299.053305][ T30] netlink_rcv_skb+0x1e3/0x430 [ 299.065370][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 299.070885][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 299.086169][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 299.091249][ T30] netlink_unicast+0x7f6/0x990 [ 299.107151][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 299.112488][ T30] ? __virt_addr_valid+0x183/0x530 [ 299.125829][ T30] ? __check_object_size+0x48e/0x900 [ 299.131262][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 299.146145][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 299.151498][ T30] ? aa_sock_msg_perm+0x91/0x160 [ 299.165350][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 299.170692][ T30] __sock_sendmsg+0x221/0x270 [ 299.185658][ T30] ____sys_sendmsg+0x52a/0x7e0 [ 299.190575][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 299.205088][ T30] __sys_sendmsg+0x292/0x380 [ 299.218971][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 299.224181][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 299.242205][ T30] ? do_syscall_64+0x100/0x230 [ 299.247593][ T30] ? do_syscall_64+0xb6/0x230 [ 299.252307][ T30] do_syscall_64+0xf3/0x230 [ 299.267535][ T30] ? clear_bhb_loop+0x35/0x90 [ 299.272271][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.285540][ T30] RIP: 0033:0x7f45a477dff9 [ 299.290007][ T30] RSP: 002b:00007f45a55a9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 299.314890][ T30] RAX: ffffffffffffffda RBX: 00007f45a4935f80 RCX: 00007f45a477dff9 [ 299.324543][ T30] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000006 [ 299.342817][ T30] RBP: 00007f45a47f0296 R08: 0000000000000000 R09: 0000000000000000 [ 299.353200][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 299.365709][ T30] R13: 0000000000000000 R14: 00007f45a4935f80 R15: 00007ffd822dcf48 [ 299.373757][ T30] [ 299.388792][ T30] INFO: task syz.0.704:7817 blocked for more than 147 seconds. [ 299.403164][ T30] Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 299.416190][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 299.424901][ T30] task:syz.0.704 state:D stack:26880 pid:7817 tgid:7816 ppid:7085 flags:0x00000004 [ 299.444804][ T30] Call Trace: [ 299.467812][ T30] [ 299.470801][ T30] __schedule+0x1895/0x4b30 [ 299.483949][ T30] ? __pfx___schedule+0x10/0x10 [ 299.489005][ T30] ? __pfx_lock_release+0x10/0x10 [ 299.494163][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 299.512519][ T30] ? schedule+0x90/0x320 [ 299.518200][ T30] schedule+0x14b/0x320 [ 299.522401][ T30] schedule_preempt_disabled+0x13/0x30 [ 299.538973][ T30] __mutex_lock+0x6a7/0xd70 [ 299.544067][ T30] ? __mutex_lock+0x52a/0xd70 [ 299.555517][ T30] ? rtnl_dumpit+0x99/0x200 [ 299.560086][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 299.565140][ T30] ? __alloc_skb+0x28f/0x440 [ 299.579989][ T30] ? __pfx___alloc_skb+0x10/0x10 [ 299.585072][ T30] ? __pfx_rtnl_dump_ifinfo+0x10/0x10 [ 299.596312][ T30] rtnl_dumpit+0x99/0x200 [ 299.600705][ T30] netlink_dump+0x647/0xd80 [ 299.605260][ T30] ? __pfx_netlink_dump+0x10/0x10 [ 299.624905][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 299.635533][ T30] __netlink_dump_start+0x5a2/0x790 [ 299.641266][ T30] ? __pfx_rtnl_dump_ifinfo+0x10/0x10 [ 299.656333][ T30] rtnetlink_rcv_msg+0xb3d/0xcf0 [ 299.661430][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 299.675485][ T30] ? __pfx_rtnl_dumpit+0x10/0x10 [ 299.680492][ T30] ? __pfx_rtnl_dump_ifinfo+0x10/0x10 [ 299.697370][ T30] ? ref_tracker_free+0x643/0x7e0 [ 299.702573][ T30] netlink_rcv_skb+0x1e3/0x430 [ 299.707596][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 299.713099][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 299.730867][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 299.740193][ T30] netlink_unicast+0x7f6/0x990 [ 299.745027][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 299.761215][ T30] ? __virt_addr_valid+0x183/0x530 [ 299.769851][ T30] ? __check_object_size+0x48e/0x900 [ 299.775189][ T30] netlink_sendmsg+0x8e4/0xcb0 [ 299.785395][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 299.790743][ T30] ? aa_sock_msg_perm+0x91/0x160 [ 299.804965][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 299.811232][ T30] __sock_sendmsg+0x221/0x270 [ 299.819405][ T30] __sys_sendto+0x39b/0x4f0 [ 299.823964][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 299.840030][ T30] ? do_futex+0x33b/0x560 [ 299.844446][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 299.861978][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 299.872501][ T30] __x64_sys_sendto+0xde/0x100 [ 299.884146][ T30] do_syscall_64+0xf3/0x230 [ 299.888852][ T30] ? clear_bhb_loop+0x35/0x90 [ 299.893561][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.910588][ T30] RIP: 0033:0x7f4e32b7dff9 [ 299.915050][ T30] RSP: 002b:00007f4e33a63038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 299.935467][ T30] RAX: ffffffffffffffda RBX: 00007f4e32d35f80 RCX: 00007f4e32b7dff9 [ 299.943977][ T30] RDX: 0000000000000012 RSI: 0000000020000740 RDI: 0000000000000004 [ 299.962208][ T30] RBP: 00007f4e32bf0296 R08: 0000000000000000 R09: 0000000000000000 [ 299.973651][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 299.986218][ T30] R13: 0000000000000000 R14: 00007f4e32d35f80 R15: 00007ffc8540b518 [ 299.994260][ T30] [ 300.005757][ T30] [ 300.005757][ T30] Showing all locks held in the system: [ 300.013511][ T30] 5 locks held by kworker/u8:0/11: [ 300.031905][ T30] #0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 300.046270][ T30] #1: ffffc90000107d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 300.066579][ T30] #2: ffffffff8fcc5f50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 300.084697][ T30] #3: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: cleanup_net+0x6af/0xcc0 [ 300.105158][ T30] #4: ffffffff8e7d1dd0 (cpu_hotplug_lock){++++}-{0:0}, at: unregister_netdevice_many_notify+0x5ea/0x1da0 [ 300.130018][ T30] 3 locks held by kworker/u8:1/12: [ 300.135182][ T30] #0: ffff88802e278148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 300.164942][ T30] #1: ffffc90000117d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 300.185315][ T30] #2: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 300.194895][ T30] 1 lock held by khungtaskd/30: [ 300.210606][ T30] #0: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 300.232496][ T30] 3 locks held by kworker/u8:10/2939: [ 300.242574][ T30] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 300.266096][ T30] #1: ffffc90009a67d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 300.287190][ T30] #2: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 300.304920][ T30] 2 locks held by getty/4985: [ 300.309810][ T30] #0: ffff88814c22d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 300.331388][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 [ 300.353240][ T30] 3 locks held by kworker/0:3/5273: [ 300.364760][ T30] #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 300.386131][ T30] #1: ffffc90004097d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 300.405398][ T30] #2: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 300.425416][ T30] 7 locks held by kworker/1:4/5284: [ 300.430661][ T30] 3 locks held by kworker/0:6/5322: [ 300.447516][ T30] #0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 300.471014][ T30] #1: ffffc90004317d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 300.495491][ T30] #2: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0 [ 300.506411][ T30] 1 lock held by syz-executor/7664: [ 300.511993][ T30] #0: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 300.531501][ T30] 1 lock held by syz-executor/7668: [ 300.542755][ T30] #0: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 300.562778][ T30] 1 lock held by syz.1.701/7802: [ 300.572905][ T30] #0: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: packet_mc_add+0x28/0x950 [ 300.585449][ T30] 1 lock held by syz.1.701/7805: [ 300.590421][ T30] #0: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 300.609642][ T30] 1 lock held by syz.2.703/7811: [ 300.614632][ T30] #0: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 300.634832][ T30] 2 locks held by syz.0.704/7817: [ 300.641294][ T30] #0: ffff8880607af6c8 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x790 [ 300.665450][ T30] #1: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x99/0x200 [ 300.674345][ T30] 1 lock held by syz-executor/7823: [ 300.690469][ T30] #0: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 300.705539][ T30] 1 lock held by syz-executor/7825: [ 300.710792][ T30] #0: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 300.734913][ T30] 1 lock held by syz-executor/7827: [ 300.746292][ T30] #0: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 300.765442][ T30] 1 lock held by syz-executor/7831: [ 300.770690][ T30] #0: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 300.790652][ T30] 1 lock held by syz-executor/7833: [ 300.800429][ T30] #0: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 300.823763][ T30] 1 lock held by syz-executor/7844: [ 300.830418][ T30] #0: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 300.852715][ T30] 1 lock held by syz-executor/7846: [ 300.860289][ T30] #0: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 300.881418][ T30] 1 lock held by syz-executor/7847: [ 300.893463][ T30] #0: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 300.914349][ T30] 1 lock held by syz-executor/7852: [ 300.920800][ T30] #0: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 300.941023][ T30] 1 lock held by syz-executor/7854: [ 300.952203][ T30] #0: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 300.975526][ T30] 1 lock held by syz-executor/7859: [ 300.980763][ T30] #0: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 301.000194][ T30] 1 lock held by syz-executor/7861: [ 301.009957][ T30] #0: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 301.025465][ T30] 1 lock held by syz-executor/7863: [ 301.030689][ T30] #0: ffffffff8fcd2a48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 301.052051][ T30] [ 301.054415][ T30] ============================================= [ 301.054415][ T30] [ 301.076175][ T30] NMI backtrace for cpu 0 [ 301.080547][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 301.090733][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 301.100809][ T30] Call Trace: [ 301.104108][ T30] [ 301.107051][ T30] dump_stack_lvl+0x241/0x360 [ 301.111758][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 301.116983][ T30] ? __pfx__printk+0x10/0x10 [ 301.121610][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 301.126577][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 301.132052][ T30] ? _printk+0xd5/0x120 [ 301.136230][ T30] ? __pfx__printk+0x10/0x10 [ 301.140841][ T30] ? __wake_up_klogd+0xcc/0x110 [ 301.145714][ T30] ? __pfx__printk+0x10/0x10 [ 301.150329][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 301.155376][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 301.161465][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 301.167471][ T30] watchdog+0xff4/0x1040 [ 301.171740][ T30] ? watchdog+0x1ea/0x1040 [ 301.176192][ T30] ? __pfx_watchdog+0x10/0x10 [ 301.180897][ T30] kthread+0x2f0/0x390 [ 301.184989][ T30] ? __pfx_watchdog+0x10/0x10 [ 301.189687][ T30] ? __pfx_kthread+0x10/0x10 [ 301.194297][ T30] ret_from_fork+0x4b/0x80 [ 301.198746][ T30] ? __pfx_kthread+0x10/0x10 [ 301.203397][ T30] ret_from_fork_asm+0x1a/0x30 [ 301.208199][ T30] [ 301.213300][ T30] Sending NMI from CPU 0 to CPUs 1: [ 301.219216][ C1] NMI backtrace for cpu 1 [ 301.219229][ C1] CPU: 1 UID: 0 PID: 5284 Comm: kworker/1:4 Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 301.219249][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 301.219260][ C1] Workqueue: events nsim_dev_trap_report_work [ 301.219283][ C1] RIP: 0010:unwind_next_frame+0x18ed/0x22d0 [ 301.219309][ C1] Code: 0c 01 75 40 80 3d c2 22 db 11 00 75 37 c6 05 b9 22 db 11 01 e9 21 fa ff ff bf 01 00 00 00 e8 8a c5 21 00 65 8b 0d ab 98 c2 7e 01 85 c9 75 73 e8 48 77 bf ff eb 6c 80 3d ba 75 c5 0e 00 0f 84 [ 301.219323][ C1] RSP: 0018:ffffc90000a18730 EFLAGS: 00000213 [ 301.219336][ C1] RAX: 0000000000000103 RBX: ffffc90000a18810 RCX: 0000000000000102 [ 301.219348][ C1] RDX: dffffc0000000000 RSI: ffffc90000a11000 RDI: 0000000000000001 [ 301.219360][ C1] RBP: ffffc90000a18800 R08: ffffc90000a18c40 R09: 0000000000000000 [ 301.219371][ C1] R10: ffffc90000a18850 R11: fffff5200014310c R12: dffffc0000000000 [ 301.219384][ C1] R13: ffffc90000a18800 R14: ffffc90000a11000 R15: ffffc90000a18c50 [ 301.219397][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 301.219410][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 301.219422][ C1] CR2: 000000110c3591bd CR3: 000000000e734000 CR4: 00000000003506f0 [ 301.219443][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 301.219453][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 301.219463][ C1] Call Trace: [ 301.219469][ C1] [ 301.219476][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 301.219496][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 301.219519][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 301.219537][ C1] ? nmi_handle+0x2a/0x5a0 [ 301.219565][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 301.219585][ C1] ? nmi_handle+0x14f/0x5a0 [ 301.219600][ C1] ? nmi_handle+0x2a/0x5a0 [ 301.219616][ C1] ? unwind_next_frame+0x18ed/0x22d0 [ 301.219639][ C1] ? default_do_nmi+0x63/0x160 [ 301.219658][ C1] ? exc_nmi+0x123/0x1f0 [ 301.219675][ C1] ? end_repeat_nmi+0xf/0x53 [ 301.219695][ C1] ? unwind_next_frame+0x18ed/0x22d0 [ 301.219724][ C1] ? unwind_next_frame+0x18ed/0x22d0 [ 301.219748][ C1] ? unwind_next_frame+0x18ed/0x22d0 [ 301.219771][ C1] [ 301.219776][ C1] [ 301.219786][ C1] ? kmem_cache_free+0x1a2/0x420 [ 301.219808][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 301.219827][ C1] arch_stack_walk+0x11c/0x150 [ 301.219845][ C1] ? dst_destroy+0x2ac/0x460 [ 301.219862][ C1] stack_trace_save+0x118/0x1d0 [ 301.219880][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 301.219899][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 301.219923][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 301.219946][ C1] kasan_save_track+0x3f/0x80 [ 301.219960][ C1] ? kasan_save_track+0x3f/0x80 [ 301.219974][ C1] ? kasan_save_free_info+0x40/0x50 [ 301.219994][ C1] ? __kasan_slab_free+0x59/0x70 [ 301.220009][ C1] ? kmem_cache_free+0x1a2/0x420 [ 301.220047][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 301.220070][ C1] kasan_save_free_info+0x40/0x50 [ 301.220096][ C1] __kasan_slab_free+0x59/0x70 [ 301.220111][ C1] ? dst_destroy+0x2ac/0x460 [ 301.220124][ C1] kmem_cache_free+0x1a2/0x420 [ 301.220144][ C1] ? dst_destroy+0x2ac/0x460 [ 301.220159][ C1] dst_destroy+0x2ac/0x460 [ 301.220174][ C1] ? rcu_core+0xa37/0x17a0 [ 301.220188][ C1] ? __pfx_dst_destroy_rcu+0x10/0x10 [ 301.220211][ C1] rcu_core+0xaaa/0x17a0 [ 301.220232][ C1] ? __pfx_rcu_core+0x10/0x10 [ 301.220246][ C1] ? __run_timer_base+0x1c0/0x8e0 [ 301.220274][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 301.220302][ C1] handle_softirqs+0x2c5/0x980 [ 301.220325][ C1] ? do_softirq+0x11b/0x1e0 [ 301.220345][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 301.220368][ C1] do_softirq+0x11b/0x1e0 [ 301.220386][ C1] [ 301.220391][ C1] [ 301.220397][ C1] ? __pfx_do_softirq+0x10/0x10 [ 301.220416][ C1] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 301.220440][ C1] ? rcu_is_watching+0x15/0xb0 [ 301.220458][ C1] __local_bh_enable_ip+0x1bb/0x200 [ 301.220478][ C1] ? nsim_dev_trap_report_work+0x75d/0xaa0 [ 301.220495][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 301.220515][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 301.220535][ C1] ? nsim_dev_trap_report_work+0x6a7/0xaa0 [ 301.220554][ C1] nsim_dev_trap_report_work+0x75d/0xaa0 [ 301.220582][ C1] ? process_scheduled_works+0x976/0x1850 [ 301.220602][ C1] process_scheduled_works+0xa63/0x1850 [ 301.220634][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 301.220658][ C1] ? assign_work+0x364/0x3d0 [ 301.220680][ C1] worker_thread+0x870/0xd30 [ 301.220704][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 301.220727][ C1] ? __kthread_parkme+0x169/0x1d0 [ 301.220751][ C1] ? __pfx_worker_thread+0x10/0x10 [ 301.220772][ C1] kthread+0x2f0/0x390 [ 301.220785][ C1] ? __pfx_worker_thread+0x10/0x10 [ 301.220805][ C1] ? __pfx_kthread+0x10/0x10 [ 301.220820][ C1] ret_from_fork+0x4b/0x80 [ 301.220841][ C1] ? __pfx_kthread+0x10/0x10 [ 301.220855][ C1] ret_from_fork_asm+0x1a/0x30 [ 301.220882][ C1] [ 301.231591][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 301.231607][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-11503-gc824deb1a897 #0 [ 301.231628][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 301.231639][ T30] Call Trace: [ 301.231647][ T30] [ 301.231656][ T30] dump_stack_lvl+0x241/0x360 [ 301.231687][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 301.231711][ T30] ? __pfx__printk+0x10/0x10 [ 301.231731][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 301.231760][ T30] ? vscnprintf+0x5d/0x90 [ 301.231781][ T30] panic+0x349/0x880 [ 301.231804][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 301.231830][ T30] ? __pfx_panic+0x10/0x10 [ 301.231850][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 301.231868][ T30] ? __irq_work_queue_local+0x137/0x410 [ 301.231891][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 301.231910][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 301.231932][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 301.231953][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 301.231974][ T30] watchdog+0x1033/0x1040 [ 301.231996][ T30] ? watchdog+0x1ea/0x1040 [ 301.232021][ T30] ? __pfx_watchdog+0x10/0x10 [ 301.232041][ T30] kthread+0x2f0/0x390 [ 301.232057][ T30] ? __pfx_watchdog+0x10/0x10 [ 301.232077][ T30] ? __pfx_kthread+0x10/0x10 [ 301.232094][ T30] ret_from_fork+0x4b/0x80 [ 301.232115][ T30] ? __pfx_kthread+0x10/0x10 [ 301.232132][ T30] ret_from_fork_asm+0x1a/0x30 [ 301.232162][ T30] [ 301.874610][ T30] Kernel Offset: disabled [ 301.878927][ T30] Rebooting in 86400 seconds..