last executing test programs: 2.690345227s ago: executing program 4 (id=863): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)={0xf4, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x43, 0xe, {{{}, {}, @broadcast, @device_b}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ibss_ssid}, @void, @void, @val={0x4, 0x6}, @void, @void, @val={0x25, 0x3}, @void, @val={0x3c, 0x4, {0x1, 0xb, 0x2, 0x6}}, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_TX_RATES={0x7c, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x78, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x6, 0x8, 0x0, 0xfffc, 0x0, 0xff, 0xa]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x7, 0x66, 0x2, 0x7, 0x1, 0x3ff, 0x9]}}, @NL80211_TXRATE_HT={0x26, 0x2, [{0x1, 0x6}, {0x1, 0x9}, {0x5, 0x9}, {0x1, 0xa}, {0x0, 0x6}, {0x0, 0x9}, {0x4, 0x1}, {0x3, 0x3}, {0x0, 0x7}, {0x5, 0x9}, {0x4, 0x9}, {0x1, 0x6}, {0x6, 0x8}, {0x2, 0x2}, {0x6, 0x2}, {0x6, 0x3}, {0x5, 0x4}, {0x0, 0x9}, {0x3, 0x9}, {0x4, 0x7}, {0x3, 0xa}, {0x2, 0x1}, {0x0, 0x1}, {0x2}, {0x4, 0xa}, {0x2, 0x5}, {0x4, 0x6}, {0x0, 0x1}, {0x4, 0xa}, {0x3, 0x3}, {0x2, 0x8}, {0x1, 0x3}, {0x4, 0x4}, {0x6, 0x7}]}, @NL80211_TXRATE_GI={0x5}]}]}]}, 0xf4}}, 0x0) 2.399557509s ago: executing program 4 (id=868): unshare(0x20000400) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f0000001500)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f00000035c0)=""/4106, 0x200045ca}], 0x1, 0x0, 0x46, 0x407006}, 0x104) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='bic\x00', 0x4) ioctl$FIBMAP(0xffffffffffffffff, 0x125f, 0x0) unshare(0xa2000a00) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8000}, 0x8) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r1, &(0x7f00000015c0)="f5", 0x1, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0x3f}}, 0x1c) shutdown(r1, 0x1) getsockopt$bt_hci(r1, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000001180)=0xfd9) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000000)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000ba49263d7477eab090046707f8b2be740a1d", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bc8900000000000035090100000000009500000000000000b7020000001ac81b7baaf8ff00000000b5090000000000007baaf0ff00000000bf8300000000000007080000fffdffffbca400000000000007040000f0ffffff740200000800000018220000", @ANYRES32, @ANYBLOB="0000000000000020b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) unshare(0x60000) 2.181170846s ago: executing program 1 (id=870): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140)) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6}]}) (async) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)={0x1b, 0x0, 0x0, 0x1, 0x0, 0x1, 0xfbd, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) (async) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(r3, &(0x7f0000000880)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000840)={&(0x7f0000000780)={0xb0, 0x0, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4000}, 0x80) (async, rerun: 32) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) (async, rerun: 32) r5 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r5, 0x107, 0xf, &(0x7f0000000000), 0x4) (async, rerun: 64) sendmsg$kcm(r5, &(0x7f0000000180)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0xc}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000040)="27031c00590400000000002f1eafbcf706e105000000894f000f1102ee1680ca82973d2bd4b8bf4a8291a14b8a34f90186cee844000000080000000019b0fb0bba", 0x41}, {&(0x7f0000000440)="63f805d7649496db72959832930469edc7b7d050139bf7ada300c9e37eed1153ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d33311e2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319b2b62c7cd9378c73ae90c801681f55ef26cb0000000000000000", 0xfeb9}, {&(0x7f0000000280)="fe112162c63e6da8bc8432294ef18af53cc330a62a2c7035246635093ba4d30fcf19a90804f04a10939db8f4e13069cda6d167bf1b68c94d8d694d6ad1a4d51a715975560ad48770706eb1b88d021e1119f2eb75275cfe77f862368649be0f7aff5e7826729816e3d3e7986d9434f891c71ca6e4210c6757083cfd8e732048c504f28b6d309fc129ed8eb5a82e224eb648f90134d1d315977c6ea360a7fece4baa3dd7dcc970759f29df0e86469e954e2b050e87b203ca27a2a519b7555c3b73f2681d49442d9647ff5ea64110cc5020fdeafe53a7d8be70f3260816bc376bcdc5352771fa55d9733e27730ec7103520e8359c78edd21ee6c68feb3685a55722f5da09ffe8ba9f05081a8d214156376f99906245f2f390ad717979d98f0574f8c5b52dcc2fa494f461be6c2560ddbaafb80c5b4583cbe56d24f14ab78fd718947077ea736251c7b8eee267267534c84daa6f095e94bfb85986a03ddea362cc7e6682884e710727c1163cd4f336c13b844605b7a815fe39e43bd0d2e414410a82958455b8a6bd9194c631d66295675fed64c04107a595c421111a3af6e9fadab5c9", 0x1a1}, {&(0x7f0000000540)="6fe4dd9eeb85271de1b87ef9440284", 0xf}], 0x4}, 0x200400c4) (async, rerun: 64) sendmsg$nl_route(r3, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newlink={0x5c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x24, 0x2, 0x0, 0x1, [@IFLA_IPTUN_COLLECT_METADATA={0x4}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @dev}, @IFLA_IPTUN_PROTO={0x5}]}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x5c}}, 0x0) (async) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000b00)=ANY=[@ANYBLOB="9feb0100180000000000000068000000680000000a0000000e000000070000060400000002000000ffffff7f01000000090000001000000000080000100000000001000006000000020000000c000000070000000200000006000000010000000000000b010020fc877d6e8f0f8683957e1e005afe0000000000000300000000050000000300000008000000022e2e5f2e00612e2e00f204c945"], &(0x7f0000000480)=""/249, 0x8a, 0xf9, 0x0, 0x10001}, 0x20) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x48) (async, rerun: 64) r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) (rerun: 64) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r8}, &(0x7f0000000280), &(0x7f00000002c0)=r7}, 0x20) (async, rerun: 64) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r8, r9, 0x5}, 0x10) (async, rerun: 64) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r8}, &(0x7f00000006c0), &(0x7f0000000700)=r7}, 0x20) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000940)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f00000008c0), &(0x7f0000000900)}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x2c, &(0x7f0000000980)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xf66, 0x0, 0x0, 0x0, 0x40}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x843}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x3}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r10}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x40}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @jmp={0x5, 0x0, 0x0, 0x2, 0x8, 0x10}, @call={0x85, 0x0, 0x0, 0xb5}, @tail_call={{0x18, 0x2, 0x1, 0x0, r10}}, @generic={0x9b, 0x3, 0x3, 0x7d0, 0x8}, @exit], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000100)='syzkaller\x00', 0xd, 0x9b, &(0x7f0000000300)=""/155, 0x40f00, 0x10, '\x00', r4, 0x0, r6, 0x8, &(0x7f0000000580)={0x1, 0x5}, 0x8, 0x10, &(0x7f00000005c0)={0x4, 0x0, 0x77f, 0x4}, 0x10, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000600)=[{0x4, 0x4, 0xc}, {0x3, 0x3, 0xb, 0x2}, {0x5, 0x5, 0x7, 0xa}, {0x1, 0x1, 0x1, 0x7}, {0x1, 0x3, 0x10, 0x6}, {0x0, 0x4, 0x6, 0x4}, {0x3, 0x3, 0x4, 0x7}], 0x10, 0xc}, 0x90) (async) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6}]}) 2.107556866s ago: executing program 4 (id=871): bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x18001, 0x9, 0x1}, 0x48) (async) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x18001, 0x9, 0x1}, 0x48) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'wg1\x00', &(0x7f0000000040)=@ethtool_wolinfo={0x6, 0x0, 0x0, "a1045cde3efc"}}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'ipvlan1\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000480)=ANY=[@ANYRESHEX=r1, @ANYRES32], 0x70}}, 0x0) (async) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000480)=ANY=[@ANYRESHEX=r1, @ANYRES32], 0x70}}, 0x0) syz_emit_ethernet(0x29a, &(0x7f00000001c0)={@dev, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x264, 0x3a, 0x0, @dev, @dev, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xd, "7db4265c9f6aa3b46521199ea778d105c24ab977edb940e63f49a7129f45462e5eecc39f468544e3c13aa9017ccd638e784912ef2c2589d0d45cf0ed4bbe909218459bcbeaf63697aef1702b895af582b2e3b5cd435f497d415f29c5d941df10c1ca58197441e0e9b3400d98"}, {0x0, 0x8, "1598a4a8a719ffe0621615f6d04dcae3360546cf06f2665bae2296931fd1d71c1f7e8f222b9ddc4e0bfb5e5c9a484353b785e79b4d8181cf146261723484c54803466e8b"}, {0x0, 0x34, "130c3818a2eaac43f1a6efc4f7772852ea05bff405aa28758ba53e0f2060e4e027f24bb723a5571d0da2ebeb3fe47f34e606cb3987e3681841f511126b773758e143f6be25d6965fcca35155fec3f970e2067f5db8a5de787eaf96b5957e6b988c02ae9fe26ec3118d9fdcca129d1269b290f687cde5b4eaba737c806335ca0d1e43697d144c6df4dc0d31e84004bc22e87b6e2daab5674479c76a1be360d309e7e7e5fa089032b331a3ceea18d92124681c0b78a0f1665ffcba0bee11950f6b4912bb302b3e648fad7ff4862ccc823e720fdb20af8ab0a6a09dfcdacf69923d60a0efeacf81e1e7e17db9547a4962bdec794c013af7210e54d43f3fe7da2f88c674f4cfd818f6a7461368bf62f1d5f98fd9394eb74bf0559f1c6b1ebec57dba007f143108ca4be3fa330cc21a411b0b7af23ebd9282be17fb702a5ca61650b283eec78e0280e4f2713b42bd4e3615c48c55c1abe5827601038109736f9c6b7242e7c9c917309397b864eedf5ca71db1debb609b6381b54955706017731319e0cc41083f99bd11da748b47d8715080899eb15caf19df36632b73bb22596b"}]}}}}}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r5, &(0x7f0000000040)='pids.max\x00', 0x2, 0x0) (async) r6 = openat$cgroup_int(r5, &(0x7f0000000040)='pids.max\x00', 0x2, 0x0) write$cgroup_subtree(r6, &(0x7f00000005c0)={[{0x0, 'cpu'}]}, 0x5) r7 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r7, 0x107, 0xf, &(0x7f0000000000), 0x4) (async) setsockopt$sock_attach_bpf(r7, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r7, &(0x7f0000000b00)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x2}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000840)="6203a105d755af176510122f1eafbcf72be12b30087f5c582d26116642c47a5f8786ee601e65ab3c06d4b8bf4a81cb3e247389af217beb9f96df82f618438a34f90186cee8441e2305e495d04ad68ab8fef69df82de6456fbb48b63f60c9c9097be968ea872c4801e5d0711b4373c7224ed7a9cbd49da73aeb6140f82bdb6afc0036824be26fc96e49a70e90797e6caa1b38ddacb3cb2b3eac7c068a185b644582f25edfa3d6a46e2a894ca809a422a6a29bd7145bb6e7dfd652684d6a710292ea0c3f97b7cbff701684b13c5593262534a7af9eab48f2ca2d746675f075b4ac181c58f39b4e81b926e187fb07f79d1d1e4bf025216c4618e698ed8806911263ec6a3e34ba008baf1edfa168b1327be3b036cdf0f1d6bfb3cde78ba88b4f062d7dfa9887ef3c555bc806452f552fa9e64d987122441a39f5a2ab9f7b9c275489a2101dd1d1d3e2acda321177f8a6e0b7a2df52aa81d9542593ea9523de9ecb0d1a76a319f4625484efb9d79b845a04640c9c8765302c0aee4e222afe6f981090d81b4886243e9144a7e5c7", 0x18b}, {&(0x7f00000014c0)="294f28dfe56d898ba23606bc7ecd1f634665cb5bed07bac5684da6eb21da1d6926910c5a0c653b0105869a804dd2a44cb2e32e2bf367e9d01a5e7380cc4fc8e7c9044cc4750b978ca7427d749beaefdf2e48b369cb169ad7b1ced26bb161297c7e56a36a8b449955e83e91b379c179017f8f4657d1b22eca6bca33036d33e1a684059c53cea91c8f637ac780ab2bcf85f774b0d4e5876fe9aee4724b7cb59731c97e70ebd706003994eb07de2f3c6a9448c3206cff6d290b433f331c2399", 0xbe}, {&(0x7f0000000040)="0a985d7879f1bbff16c7d66e33657e452299fd0ef8c2afda588eb05891b7da030e01452a7986bea19b59c98dc2996c0ea09604d00ea48336d0c813d83025aca8623a5915ddddce2c11c5e374f2e0f387d2398fe0b899ff60dc7a73addcf253cf32aafbe2b9f90799e7fc583bdd9b564697ba988080270bdceb48bbd3b52d4c229fffb0d86fb286e3553a8b3ac02badc66ada5fceabe5f63c79da96e641a45901128063d6e1e31b11bcfbc3e70bd3c8c6c0be9f653f977f16", 0xb8}, {&(0x7f0000000440)="6f4720baeb5434a1c17a4b697e4611c434c1947fafd44daee2d61fadd23c3505eee0cc5b6c76cf081390ae92516d567c4b49af0f4b3df75ae92efbfb0fbe60ac8c4e546500f4f8f3885d5622072fb9e9b948a5edc65602c644bee9ad04b655279f383ce068ad0c202a57f9a8804b73d1241fb306b2acd9d5e26a71b19a0b9859ff0f0d7cdbd80fdfacdf9f1d02a37ae44bb6ddd978d4a0e6d61b68f629915748d6d3d184ca2b4164192c60a3a383821d0e85f04d09b712814d4b0664799b7ae6657b7452214608d01d31bd7d9e03107c638353d89515692c24b11490b9e75cfcb489e80b9334f4660204b2a17409993ddc4b0d004709cd46cb2488cf3cecd965e978182dd42cfbbfa4ebda17cce9cfc970959fd29e1a802809aa4a65c8f1c6dd14fca85d83fc995f097a62c6f04fb0d1f0dec0faa41fe09b1eae67606123d908dd74c62e66ee2635ec9da7bc74103debf3e31f0794ca5fc2268bcb8a03aeb3bf860d164e0a6cba7c8dc469147cc7e1bb94731ec450525cf19275d4af40b115f2420ff7ab4eeb41c5ddc19aae1b2e535b796c0e7aa6e71b4e13c8023806a08638d13a8595e310321860c8d7670cf167c67b3b5217a66329505cdcdc3afb3233dbaec65ff45b0bfc3cfbd309a7ffd26507a8ffe782f3b84ad9dfc2b4f44d6716e8ad892ffc3acf6e7e09018041a27fcad1ee957d6fddccc3d41f9b04127dee7c471acf9fdc32f204afffc52b22b73844154285ce5ec58ec57b40ccf7b70215a4a27f9de2c2719dcb5897bc302ebb027c019e40aa6fc85d5b670aef709e40cbe597139537c10d2483b67c02ca781c5ce6c014b13c8dee248e8b75831cbee8f29cad33139e0b5bc86c203c71f54ad11573e8801b8cc623571b9c53ac723b51b2cdd09b60cf8a3a205a70814107251d962d603bf21f42e946462bf3d8bca96d7bdbdfa9ced20f6e9edba4ac6a", 0x2aa}], 0x4}, 0x0) (async) sendmsg$kcm(r7, &(0x7f0000000b00)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x2}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000840)="6203a105d755af176510122f1eafbcf72be12b30087f5c582d26116642c47a5f8786ee601e65ab3c06d4b8bf4a81cb3e247389af217beb9f96df82f618438a34f90186cee8441e2305e495d04ad68ab8fef69df82de6456fbb48b63f60c9c9097be968ea872c4801e5d0711b4373c7224ed7a9cbd49da73aeb6140f82bdb6afc0036824be26fc96e49a70e90797e6caa1b38ddacb3cb2b3eac7c068a185b644582f25edfa3d6a46e2a894ca809a422a6a29bd7145bb6e7dfd652684d6a710292ea0c3f97b7cbff701684b13c5593262534a7af9eab48f2ca2d746675f075b4ac181c58f39b4e81b926e187fb07f79d1d1e4bf025216c4618e698ed8806911263ec6a3e34ba008baf1edfa168b1327be3b036cdf0f1d6bfb3cde78ba88b4f062d7dfa9887ef3c555bc806452f552fa9e64d987122441a39f5a2ab9f7b9c275489a2101dd1d1d3e2acda321177f8a6e0b7a2df52aa81d9542593ea9523de9ecb0d1a76a319f4625484efb9d79b845a04640c9c8765302c0aee4e222afe6f981090d81b4886243e9144a7e5c7", 0x18b}, {&(0x7f00000014c0)="294f28dfe56d898ba23606bc7ecd1f634665cb5bed07bac5684da6eb21da1d6926910c5a0c653b0105869a804dd2a44cb2e32e2bf367e9d01a5e7380cc4fc8e7c9044cc4750b978ca7427d749beaefdf2e48b369cb169ad7b1ced26bb161297c7e56a36a8b449955e83e91b379c179017f8f4657d1b22eca6bca33036d33e1a684059c53cea91c8f637ac780ab2bcf85f774b0d4e5876fe9aee4724b7cb59731c97e70ebd706003994eb07de2f3c6a9448c3206cff6d290b433f331c2399", 0xbe}, {&(0x7f0000000040)="0a985d7879f1bbff16c7d66e33657e452299fd0ef8c2afda588eb05891b7da030e01452a7986bea19b59c98dc2996c0ea09604d00ea48336d0c813d83025aca8623a5915ddddce2c11c5e374f2e0f387d2398fe0b899ff60dc7a73addcf253cf32aafbe2b9f90799e7fc583bdd9b564697ba988080270bdceb48bbd3b52d4c229fffb0d86fb286e3553a8b3ac02badc66ada5fceabe5f63c79da96e641a45901128063d6e1e31b11bcfbc3e70bd3c8c6c0be9f653f977f16", 0xb8}, {&(0x7f0000000440)="6f4720baeb5434a1c17a4b697e4611c434c1947fafd44daee2d61fadd23c3505eee0cc5b6c76cf081390ae92516d567c4b49af0f4b3df75ae92efbfb0fbe60ac8c4e546500f4f8f3885d5622072fb9e9b948a5edc65602c644bee9ad04b655279f383ce068ad0c202a57f9a8804b73d1241fb306b2acd9d5e26a71b19a0b9859ff0f0d7cdbd80fdfacdf9f1d02a37ae44bb6ddd978d4a0e6d61b68f629915748d6d3d184ca2b4164192c60a3a383821d0e85f04d09b712814d4b0664799b7ae6657b7452214608d01d31bd7d9e03107c638353d89515692c24b11490b9e75cfcb489e80b9334f4660204b2a17409993ddc4b0d004709cd46cb2488cf3cecd965e978182dd42cfbbfa4ebda17cce9cfc970959fd29e1a802809aa4a65c8f1c6dd14fca85d83fc995f097a62c6f04fb0d1f0dec0faa41fe09b1eae67606123d908dd74c62e66ee2635ec9da7bc74103debf3e31f0794ca5fc2268bcb8a03aeb3bf860d164e0a6cba7c8dc469147cc7e1bb94731ec450525cf19275d4af40b115f2420ff7ab4eeb41c5ddc19aae1b2e535b796c0e7aa6e71b4e13c8023806a08638d13a8595e310321860c8d7670cf167c67b3b5217a66329505cdcdc3afb3233dbaec65ff45b0bfc3cfbd309a7ffd26507a8ffe782f3b84ad9dfc2b4f44d6716e8ad892ffc3acf6e7e09018041a27fcad1ee957d6fddccc3d41f9b04127dee7c471acf9fdc32f204afffc52b22b73844154285ce5ec58ec57b40ccf7b70215a4a27f9de2c2719dcb5897bc302ebb027c019e40aa6fc85d5b670aef709e40cbe597139537c10d2483b67c02ca781c5ce6c014b13c8dee248e8b75831cbee8f29cad33139e0b5bc86c203c71f54ad11573e8801b8cc623571b9c53ac723b51b2cdd09b60cf8a3a205a70814107251d962d603bf21f42e946462bf3d8bca96d7bdbdfa9ced20f6e9edba4ac6a", 0x2aa}], 0x4}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0xb6, &(0x7f0000000140)={@broadcast, @empty, @void, {@ipv6={0x86dd, @dccp_packet={0x0, 0x6, "33d790", 0x80, 0x21, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2, {[@hopopts={0x0, 0x0, '\x00', [@enc_lim]}, @dstopts={0x0, 0x5, '\x00', [@hao={0xc9, 0x10, @local}, @jumbo, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, @routing={0x0, 0x4, 0x0, 0x0, 0x0, [@private1, @mcast1]}], {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "1d8086", 0x0, "b88853"}}}}}}}, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async) r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="14010000250001000000000000000000030100800c0000000000000000000000140001"], 0x114}], 0x1}, 0x0) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) r12 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$nl_route(r4, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)=@ipv4_delrule={0x34, 0x21, 0x800, 0x70bd2c, 0x25dfdbfd, {0x2, 0x10, 0x10, 0xd, 0xf1, 0x0, 0x0, 0x3, 0x10}, [@FRA_GENERIC_POLICY=@FRA_SUPPRESS_IFGROUP={0x8, 0xd, 0x7f}, @FRA_DST={0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x33}}, @FRA_SRC={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x24}}]}, 0x34}}, 0x8803) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r12, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x0, @dev, 0x34}]}, &(0x7f0000002100)=0x10) (async) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r12, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x0, @dev, 0x34}]}, &(0x7f0000002100)=0x10) setsockopt(r12, 0x0, 0x29, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r10, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r11, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000780)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="4c240500000000001c0012800b0001006d616373656300000c000280060002400000000008000500", @ANYRES32=r3], 0x44}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r13 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r13}, 0x10) 2.045658144s ago: executing program 2 (id=873): socket$inet6_sctp(0xa, 0x5, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) (async) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) socket$key(0xf, 0x3, 0x2) (async) r3 = socket$key(0xf, 0x3, 0x2) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r4) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000002c0)={'syztnl0\x00', &(0x7f00000001c0)={'ip6tnl0\x00', 0x0, 0x4, 0xff, 0x20, 0xa39b, 0x22, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00', 0x7, 0x7800, 0x40, 0x9}}) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000002c0)={'syztnl0\x00', &(0x7f00000001c0)={'ip6tnl0\x00', 0x0, 0x4, 0xff, 0x20, 0xa39b, 0x22, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00', 0x7, 0x7800, 0x40, 0x9}}) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r6, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000540)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="00012abd7000fedbdf2d1100000058000180140002005476c2eda45ccbd5fbb4edd06f76657468315f766c616e000000000000140002006261746164765f736c6176655f3100000800030000000000140002006c6f000000000000000000000000000008000100", @ANYRES32=r8, @ANYBLOB="0800030001000000"], 0x6c}, 0x1, 0x0, 0x0, 0x14094}, 0x4040045) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x3, 0x1c, &(0x7f00000005c0)=@ringbuf={{0x18, 0x6}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@snprintf={{}, {0x5, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {0x3, 0x3, 0x3, 0xa, 0xa}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}, {}, {0x15, 0x0, 0x0, 0x76}}], {{}, {0x5}, {0x28}}}, &(0x7f00000003c0)='GPL\x00', 0x0, 0xffffffffffffff53, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="020f000014000000000000aabe3c85000000000005000600000000000a004e2400000000fc010000000000000000000000000000000000000000000005000500000000000a00000000000000fc0200000000000000000000000000000000000000000000080012000000020000000000000000000600000000000000000000000000000000000000000000000000000000000000ac1e00010000000000000000"], 0xa0}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async) r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r9, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r9, &(0x7f0000000200)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0xd) (async) write$binfmt_misc(r9, &(0x7f0000000200)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0xd) r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r10, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) (async) bind$bt_hci(r10, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r10, &(0x7f0000000200)=ANY=[@ANYBLOB='\''], 0xd) r11 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r11, 0x8933, &(0x7f0000000440)={'vcan0\x00'}) sendfile(r5, r4, 0x0, 0x0) (async) sendfile(r5, r4, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0xf, &(0x7f0000000080)=0x4, 0x4) socket(0x848000000015, 0x805, 0x0) (async) r12 = socket(0x848000000015, 0x805, 0x0) bind$inet6(r12, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c) 1.966599235s ago: executing program 0 (id=874): r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0) (async) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x60, r1, 0x400, 0x70bd26, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x0, 0x5c}}}}, [@NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xa}, @NL80211_ATTR_STA_PLINK_STATE={0x5, 0x74, 0x3}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x56c}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x5fd}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x4}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x56c}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x1}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0xf}]}, 0x60}, 0x1, 0x0, 0x0, 0x15}, 0x24000010) (async) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200), r0) sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r2, 0x100, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0x24}}, 0x40001) (async) r3 = socket$netlink(0x10, 0x3, 0xf) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), r0) sendmsg$TIPC_NL_LINK_RESET_STATS(r4, &(0x7f0000000780)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000740)={&(0x7f0000000380)={0x388, r5, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x140, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @multicast2}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x1bd33eba, @remote, 0x9}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @local}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xd9, @private0={0xfc, 0x0, '\x00', 0x1}, 0x2}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x299, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x200}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x101, @mcast2, 0x1ff}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xda}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9ef0}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4b13}]}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xa}]}]}, @TIPC_NLA_BEARER={0x60, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x16, 0x1, @l2={'eth', 0x3a, 'veth1_to_bond\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x2, @mcast1, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}, 0xa5}}}}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x10001}]}, @TIPC_NLA_LINK={0x118, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6fc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10001}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xe}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5c5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffeffff}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_SOCK={0xb0, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2c6}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_CON={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xd4000000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x36e4}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}]}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2e593eef}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x88}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xbb}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x388}, 0x1, 0x0, 0x0, 0x4060}, 0x0) (async) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f00000007c0)=0x400) (async) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000800)={0x0, {0x2, 0x4e24, @broadcast}, {0x2, 0x4e20, @loopback}, {0x2, 0x4e22, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x4, 0x0, 0x7fff}) (async) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000880)={0x2, 0xfffd, 0x3, 0x4, 0x6, 0xdb, 0x4}, 0xc) (async) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000940)={0x9, &(0x7f00000008c0)=[{0x1, 0x7, 0xdf, 0x7}, {0x6, 0x7f, 0x3d, 0xad2}, {0x3, 0x40, 0x10, 0x3}, {0x401, 0x0, 0xb, 0x6c}, {0x6, 0x81, 0xff, 0x1}, {0x5, 0x1, 0x0, 0x4}, {0x400, 0x8e, 0x1, 0x7}, {0xfffe, 0x8, 0x4, 0xa85}, {0x0, 0x31, 0x8, 0xfffff2e6}]}, 0x10) r6 = socket$inet_sctp(0x2, 0x5, 0x84) sendfile(r6, r3, &(0x7f0000000980)=0x5, 0x80) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000009c0)={0x0, @in6={{0xa, 0x4e21, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1}}, 0x8, 0xfffe, 0x8, 0x9, 0x10, 0x10, 0x3}, &(0x7f0000000a80)=0x9c) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000ac0)={r7, 0x9}, 0x8) (async) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000b40), r0) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r8, &(0x7f0000000c40)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b80)={0x4c, r9, 0x100, 0x70bd27, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5, 0x83, 0x1}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) (async) socket$packet(0x11, 0x3, 0x300) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000c80)='./cgroup/syz1\x00', 0x200002, 0x0) (async) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r11 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d00), 0xffffffffffffffff) sendmsg$IEEE802154_START_REQ(r10, &(0x7f0000000dc0)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000d40)={0x24, r11, 0x800, 0x70bd27, 0x25dfdbff, {}, [@IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x11}, @IEEE802154_ATTR_COORD_PAN_ID={0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x44}, 0xc040) (async) ioctl$sock_SIOCDELDLCI(r6, 0x8981, &(0x7f0000000e00)={'ipvlan0\x00', 0x45d}) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r4, &(0x7f0000001000)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000fc0)={&(0x7f0000000e80)={0x118, r9, 0x400, 0x70bd27, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xc}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9a7f0000}}]}, 0x118}, 0x1, 0x0, 0x0, 0x8000}, 0x40) (async) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000001040)={r7, 0x9, 0x4, 0x8, 0x1, 0x1}, &(0x7f0000001080)=0x14) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000010c0)={'batadv_slave_1\x00', 0x2000}) (async) ioctl$FIOCLEX(0xffffffffffffffff, 0x5451) 1.918695113s ago: executing program 3 (id=875): close(0xffffffffffffffff) close(0xffffffffffffffff) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000000c0)="ee", 0x1}], 0x1}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) socket$kcm(0x10, 0x3, 0x10) socket$inet6(0xa, 0x3, 0xff) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$alg(r2, &(0x7f00000006c0)=[{0x0, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24}, {0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000340)="9169a6bbab3636a892fc2e7894c899538832a141c5604b8be3cbc960d9572c47e7e6dad94a57f60d9b0aa2ca5d3975f3becc0dceca7cba9135e074424c16b211682bc9d24f6e1c5180c0b55bd3d4db8fd5276f379b783adbd87c13354e54d632d44f93de99dbd9c846913f6a88685e879681d643dd4f568c1f5a1a1f21530ba64ddea2d7daf93b8cdaae902d961a9d43438451b1529c0b2bc1", 0x99}, {&(0x7f0000000180)="24ef534e12db4e299575f62559807536d60e78ab24fa93623c4aa25517b47702a4b6a6d3ca5f8ba1b0c6319c75c73ee914f89334a2e5f7", 0x37}, {&(0x7f0000000400)="c3ae65d95d66c238c2da1834ba7973ad71a522733e411f15e1f7da2c7c8960cc86837d781a6f58d87663e433555126e1", 0x30}, {&(0x7f00000005c0)="dcbf63cb2a66dbc09d8c4ac1b068237d1e7b329256885dccda5f7cf117b3b5875d98c02560c63faaf4fda4162f593ef91f86077ea08bd31d2ac2a87597fb4a57c5220f28028a9faf21e851873d7cb802ead0bba86e34abdbdfff3fc015c887cd3f2ce500"/115, 0x73}], 0x4, &(0x7f0000000780)=[@assoc={0x63, 0x117, 0x4, 0xaa}, @iv={0x160, 0x117, 0x2, 0x14a, "4d6570df9fc5a30a9562dceb0afaf013d3184fd275c70532cd1d757ce2aa8ef446240ce9afaa0b7c923d9e199c3819fe083d47eb1017cf6610965cb68b4d825e216c846da80a3bd827d20a6a0bad046089408f5a76ec801601003083e142dd42904f56368a9a778d0ed8963550a2b5f74493c71a71e15c8e858ff4aad4165ff6f687e26cbc08e9918aee1e5d04008ab073271202ae7b6e9c3a1c3cc4e56edfab3f8e47863eb7d8c15613d15062aeb2d3c85f83cc4aaa13d4b51c92b5b84996b72263916f0a8a1e7bfe8bc69dbf92fb613f6677d790b28692b12eced368b24b075b7ab1c82eeb24ad059d2da104b8eeb7bd830a077c7260bfe17f5a10716f79f2657fab3d72c6b04a97ae513da1ffbbdbf9c86555f748261510598ba737643acae6509b10449db9cec724c62ff4e3ebad526d78e8173d444dc5208a7b49bd9b6819195adaff6fb6b9b902"}, @assoc={0x18, 0x117, 0x4, 0x1}, @op={0x18, 0x117, 0x3, 0x1}], 0x1a8, 0x44}], 0x3, 0x404c844) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x0, 0x0, 0x0, 0xe, @in={0x2, 0x0, @loopback}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x50}}, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x3a, &(0x7f0000000300)={@multicast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @broadcast, @multicast1}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data}}}}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, 0x24, 0x9, 0x0, 0x0, {0x6}}, 0x14}}, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000500)='R', 0xffcc}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 1.767955005s ago: executing program 0 (id=876): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x4c000) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x6, 0x12, r0, 0x0) (async) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r2}, 0x10) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r3) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000001000000000000000000850000004100000085000000d000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x8, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000000c0)={r4, &(0x7f0000000300), &(0x7f0000000000)=""/10, 0x2}, 0x20) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) (async, rerun: 32) ppoll(0x0, 0x0, &(0x7f0000000080)={0x77359400}, 0x0, 0x0) (rerun: 32) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$bt_BT_SECURITY(r5, 0x29, 0x3e, 0x0, 0x20000011) 1.706376364s ago: executing program 1 (id=877): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9feb010018000000000000000c00693bc5acd7fcdafe0000010000000c00000700000000005f00"], &(0x7f0000000600)=""/227, 0x27, 0xe3, 0x1}, 0x20) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000280)={r0, 0x0, 0xffffffffffffffff}, 0x10) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000140), 0x4) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4621, 0x0, @local}, 0x1c) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local}) write$tun(r2, &(0x7f0000000600)={@val, @void, @eth={@broadcast, @dev, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "8a2d55", 0x2, 0x0, 0x0, @dev, @dev, {[], "2ba0"}}}}}}, 0x3c) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x8, &(0x7f0000000380)=ANY=[@ANYBLOB="1d94936785f145f861a78442269805866a317c82ba2bd5b2d3f5357c2c7e0921078efe6f7e0481f2f689bbfe0fcf9c3d4192db8d67b859499459f1ed5e794baba1143f2f87e43b8c31da7ed355c251f9efeddfbd8477d377ecc6ae645e9694fc943050df9ade2d099594aaa2266c3346dae8c3bee0c8387d193fc09ac83f556331177fb674d70ffe13222a9c91a4c284a50c3bd94c2168df945dfcc8133c9af7493f89466385bfe974efae8a6870137fb36c942e7afc89f9aa43f8934219e1c106c7c9b0163be62867e9e2", @ANYRESDEC], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = socket$packet(0x11, 0x3, 0x300) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x6, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="360000000000ea74fe3fa37d02f36342fdf0ad41b71800000000000000000000850000deecbcbb44039cb10095500000"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$packet(0x11, 0x3, 0x300) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000040c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000400000000000e1ff95000000000000002ba76bb3019c1341056bd8174b79603123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee00ba19ce670d25010000020000040000009fc40400d2532e764975f03f1cbf9b0a4def23d410f6accd3641110bec4e90a6341965dac05c04683712a0b09ec39e9ef8f6e396ad200a011ea665c45a3449abe802f5ab3e89cf40b858e217ce740068720000074e468eea3fcfcf498278ad15f5f87e1c26433a8acdc0e65888b2007f00000000000000000100000000000000010000000000000053350000000034a70c2ab40c7cf5691db43a5c00000000000000000000e75a89faff01210cce39bf405f1e846c1242000000000040cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d01000000520655a8056085f4d431623c850af895abba14f6fbd7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c30891e7d87a79d6fce424c2200af6cb784a1975fa657de38a3a32a4fd67ce446adb431d07db79240aca1dd9ba02450500000000000000e645f091231b986e77d05d988d6edc6f9b4eb883ec8f878300cabf2b5543ffc1bdb92618242852e6e8b3e56fefbfff81669557b3809d8c396d2c0361629d1822f722ec23812770d72cd0010000007889b8c7044f563a1f68d4efe895fdbc463f747c08f4010586903500000000000000e800000000000000000000000000000000000000003ddf4aa4b1c8b0a0ae6feb6737c275dc2740f742b5425f1d581961471cdb51f8940290e99ccff4123f955267fe4a75c11448741f064fe7ce7e62ee4df874e086287547d4099aeec9f1538ee25a2a5ccf4a9b604e88e12ff251845d0fff45bdbaeba4d4e3c6f7f623579435b2c505fb711300000000040000000000000000000000004c00e67ccc02148a4fc43021cce9f24f4b2f9492c32e7a92a557ac2b44b84e88bbf7611589906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd0294bea179b0433f5c899119ec0c0acef5385c5a2720caeb68f1e9c05b0591d89467ded84da092dea262e51811e2d7fa515722516bd5ef6cfa4966e5937562a5649a1a0000a042a7097ddefe0671a5767014b09b78f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32879d326497e21e041254f06bd7f3a067e147e82e841dba3867da8bfbc101d3960e07d282f483e7be49833f3c435f9700bc84680549f9eb16682ecb72277ffaca907a3eac4bfc8e0a47c0076d7cc9d32b3cc96aa751d890881c3c33bd91f6ecf45ab3f12f816318346f9b883427b9190024edc1eddd68f34ce3bfedb5fe5d7beae4d3ca561e37570587783f9673e7ab17f5a09efc1114777d2707d2996961203aedff1c5a8"], 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x0}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) r7 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r7, 0x84, 0x83, 0x0, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x1c6, &(0x7f00000002c0)={@local, @link_local, @void, {@ipv6={0x86dd, @dccp_packet={0x0, 0x6, "922ff5", 0x190, 0x21, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, @local, {[@fragment={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64}, @hopopts={0x11, 0x23, '\x00', [@calipso={0x7, 0x18, {0x0, 0x4, 0x0, 0x0, [0x0, 0x0]}}, @calipso={0x7, 0x18, {0x0, 0x4, 0x0, 0x0, [0x0, 0x0]}}, @generic={0x0, 0xe3, "9a406896431cf8cebb1379b1cfca3ce3334fb0cd81c12766ff8351be2d961c40ce922dd8423e2de93ba96a5c90f772216e5e60c7d2a67cbcbc1d3b195d538eb920fc058775cc06baf8a87b4736fa0cf5161d47d4416aa6a1099c3aa4a927c4d93bcf1f4a781cbde0ee829f1276818415e192376437a6d4854c3c3ad346c7df7dfea9cd0463aa441a1b9cd514fedb8172d54cbf1353cf5f63fe58465c2d0e165df05ada44174919aaffc29df43606f9d49bcc571525c7aecc77ad523da96156400a63d03f15e4254c95ecb66cda9310041006d9d10e6b8a38bbdcac75348fe624c73bd8"}]}, @hopopts={0x0, 0x0, '\x00', [@enc_lim]}], {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "114f84", 0x0, "8e269c"}, "c52104e4fbd8be11e86055d5cec119bfa161827fb675e43744d104b96e26ecb84a318c4c1d7b4f70305e74abd64694eddc8e552b811b2a1c63e32b811f4e8296"}}}}}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000240)={'gre0\x00', 0x0}) sendto$packet(r5, &(0x7f0000000340)="0204000618", 0x5, 0x0, &(0x7f0000000000)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @multicast}, 0x14) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000040)='mm_compaction_kcompactd_sleep\x00', r4}, 0x10) ioctl$sock_inet_SIOCSIFBRDADDR(r1, 0x891a, &(0x7f0000000000)={'rose0\x00', {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}}) 1.676768259s ago: executing program 2 (id=878): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)={0xf4, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x43, 0xe, {{{}, {}, @broadcast, @device_b}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ibss_ssid}, @void, @void, @val={0x4, 0x6}, @void, @void, @val={0x25, 0x3}, @void, @val={0x3c, 0x4, {0x1, 0xb, 0x2, 0x6}}, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_TX_RATES={0x7c, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x78, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x6, 0x8, 0x0, 0xfffc, 0x0, 0xff, 0xa]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x7, 0x66, 0x2, 0x7, 0x1, 0x3ff, 0x9]}}, @NL80211_TXRATE_HT={0x26, 0x2, [{0x1, 0x6}, {0x1, 0x9}, {0x5, 0x9}, {0x1, 0xa}, {0x0, 0x6}, {0x0, 0x9}, {0x4, 0x1}, {0x3, 0x3}, {0x0, 0x7}, {0x5, 0x9}, {0x4, 0x9}, {0x1, 0x6}, {0x6, 0x8}, {0x2, 0x2}, {0x6, 0x2}, {0x6, 0x3}, {0x5, 0x4}, {0x0, 0x9}, {0x3, 0x9}, {0x4, 0x7}, {0x3, 0xa}, {0x2, 0x1}, {0x0, 0x1}, {0x2}, {0x4, 0xa}, {0x2, 0x5}, {0x4, 0x6}, {0x0, 0x1}, {0x4, 0xa}, {0x3, 0x3}, {0x2, 0x8}, {0x1, 0x3}, {0x4, 0x4}, {0x6, 0x7}]}, @NL80211_TXRATE_GI={0x5}]}]}]}, 0xf4}}, 0x0) 1.587933601s ago: executing program 0 (id=879): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES16, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r3, &(0x7f00000000c0), &(0x7f0000000000)=""/8, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r3, &(0x7f0000000100), &(0x7f0000000000)=""/8, 0x2}, 0x20) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f00000001c0)={r3, &(0x7f0000000480), 0x0}, 0x20) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='signal_deliver\x00', r4}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000340), 0x0, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r5, 0x0, 0x60, &(0x7f0000000480)={'filter\x00', 0x104, 0x4, 0x3c0, 0x0, 0xe8, 0x1f0, 0x2d8, 0x2d8, 0x2d8, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@local}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'dvmrp0\x00', 'macvlan0\x00'}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28}}, {{@arp={@loopback, @multicast2, 0x0, 0x0, 0x0, 0x0, {@mac=@local}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pim6reg0\x00', 'veth0\x00'}, 0xc0, 0x108}, @unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xe8}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x410) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000140)=r4, 0x4) sendmsg$NFT_BATCH(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000120a09000000000000000000020000000900020073797a31000000000c0011800800000440000000b00900020073797a300000000034000000140a03000000000000000000020000000900010073797a300000000008000340"], 0x9c}}, 0x0) write$tun(r1, &(0x7f0000000240)={@val={0x0, 0x800}, @val={0x1}, @mpls={[], @ipv4=@udp={{0x6, 0x4, 0x0, 0x0, 0xfc0, 0x0, 0x0, 0x0, 0x11, 0x0, @multicast1, @rand_addr, {[@end]}}, {0x0, 0x0, 0xfa8, 0x0, @wg=@data={0x4, 0x0, 0x0, "8b8b24fe310cd25ae5eeab756f98ae1600729d6f1a653e850405cb9d93b09c90c571815bcbfa91dccb070321c2dad9ec78abb8e684b0aece9431109982b6c1bc465387eaeb53b947fc72d9bb320236bcb3b58c09c7736d35bfa1db57f960164e3ee1295d549fa73d0c1e7b4b4c0e3041bc7f835825c74121ac7fdd12c20dca73b9711517c02c825391f7875527a47143fbc2b2b26eebc79f9d6a548718c4b10dbbc2b1ad7077849e2d0a36d8aa18c5afd14ee98f139eb55bba0c41df2b7a9e3a0381ad22f6a23fb3f6e1cd3981efa7ec14975436f989d6c26b3e01efa7f9dd86f147f8bafdecdbf78461af0e5ab0bf91ae42da279a0e2ad577dd61d2d06adb6ca4104da140a3e289e11f6f842ecd2c9c884a2ae9bae030751dda68b76dca2f0e93e01ad8dd38a6aff55ff010770ed0815e633bed501341661b791078734183b567e4fb638a8feeccb0d72eefc091fac2ba07ec6ad7050583d06e7b2d710b31bcea709b4f0b95a67fd68da7b5044aab3fa21652e10bfbfb425e59bb493e4eeb58458915cf44e172b78b4847ffc14ea978f5c0b4d7ece9b6ee2a894700479c2a666fb91fce8318bf4098aa359b80d2d52cfb61a427c545bfd8d26c8a1cb010bc070c31ba14fb305b5c93be757023fbad1da5ed60eb7c4d32d642483a995206de8d37140a2070f25bf2bdbc540ad0f9928fa4775c696ce2a5e72d047c5e277d197795098e4179a270f91a2aaa2c337b4e79ca43f35f0fbc7074b84b91658d5f5520d323d441db196e534f3e2be8b851ec7ab7e94e0cb05ed4a76f668828ce0fd93a513040534c45b01707f568827d21769659e7c86247a98fc7cc73b3051aebef854ede061d76a960eb727ce3eac51f22322e88dfb6b4491bab84a12a3b65a0da71b023721ddc9cd8c74a627a7e24173b6404fe6f9980f2b007e89be1cab6830aefcc7caaa02aa630b260044579037e59de1bfcc3e642f14e7ee274022ffc9620140e24bef9c66d83ccf74db8d62ae1517987908ae0dc3d5108db70d1387eee6e678fba052018ffa1c3cdc99e613dc449d94fe9c6790c3791f85c11446cce82064d515625cde1f081d3f263dd2776ed2ceac57f98a2e02efd2b055c09d5a6d1b552fa7865e9014f6f675686841355354b6ab7285acecab1dcda92502dd2e196d7ddc2afa44bf98c5558081e74e2d88ea1887d2b57db62761a27f468c839ec588d1aa6a7880806293270e63cf7e1d2478778d079c8c0fea71f7dc5da3351b5f42db5124960bdef5bf9100a75b2a249362239d4ec10c3301d03f3405bdaeebfa7cca348ff61fa296ebf60de178ba25cb046c5f7b8e782a6302a0120dc32b685353a444eb64bce7be970240c8929067aa8d5c32b6005c9f4c1b0e225b297f625163997029c5fcec14ff4dd5023709386276763274492f109ceedcb4c14cae5fe682ab9936fb84991cb782aa292acc53fa4af01aef67deb13a0c9543f7c808d3732f4391c809494d23c8b90e97bcc2dd054ee5b405a63e2363325b1af901fd71933c2837fc248cac025a39997e65bfecc74257c551f18102d9e74825d857c9c60f10637910b6dd17dd27035519f95fbb53bd2575d990698c4769eeabc78a1854128675b9ba4baa3da6dfb6ebbf0c3eca2a16fe49f6056111cc3026877939d80b223707369143f5d09e1340be9a9dd580f353e268b1062a9a3b9358bd4911ca68d4b3694a3fdd65e2b061b9c7d04c6f7d5a76769cc2e6c00189695f5c637c48fa7541986e79d7ee166cd88fa44a030bb0e617b3e957236dfc17256dd7832ee2616911734dfd2e5bc973a814ed0928ece64574746b55656fb3bdf4a5a9ea4c1a85c60b9bd266df04458976dc0a2f753ab6e89ac7cc9a76071d124446601bbb34a1c3fbb7e15457a7be2d7f6f37b4df25c9b630d126d453b5402521e00abdc532a80d2c177d27aecf901af7166e63aacf3898ddcccb72aae4dff7afe75915b743ccc6a8eccd0c38307e733def570408bf7ba8d931e83f5738555b6488dbfe9c3a5837a7f319443ab4f9e721b0b87ec75750f54acee9fc1efa2d424082974b1e3cab09d50e4cd141869d3d52a1cc7cc73efed15c3060d6bbed5054b84e077b1557cec035d79b32dec5b5b11a7a06a78da0ec5ca8eee72f860aefe69c0c9561e8eef62da05c33ef76c5f4e80d234f404d44ad75c560eecc6548becc23ba22a024813039f9b96fc0125d1e5ac0456e4c8ab3b503223e41e2b37e5050879927239ee78c1a820ae18297622c0c501958a714e3a7283a2e3c2a837844ad0a343074533f0c5c61ca081268fcd207b7cc09257a192ce2fd4706e5065ff9aca03b1e267c7e4267ec6f84c4bbf81898a0be7f15e894590bbc6ce2733a6ba3b0de48d858f18a52a7c1012e0ccc034abf950df741ae88f19a8f7d550ac54d9ee12f578900488d667158b3ef90c926d7544595ac809ac980683f5ae7ed4acdde071bfe6946951b51854705fabc80f994300b940d13b9ef71d5be8fcda093f081e5e7a1f3308f98d31363ef703b25569903375a97334769e25a10190d4a1a00f18830ba6c611aa62960ef1fa0cc3258092085eb9a6f1fa1ebb6a0868c469013d687aa1ca8ea85753906ab90b819c0d9db28e03bd33a3f4fcd93ce6b6214f09379416a27ac7789865cc89b782b5a764cfbfcb1e74d5961397480c0cd1f7d721caad6ad61b655400fef388edfade5e94be97078aa5a93512366dd2fa90a0adbd90a5cdf10da3a4a9a5844c3adb13a2af889232005fdb77ecb409378f7d571c21c386c9f9fbbbc7456861db20c94f3da655896078dcb33df7126344e14369a85991e873baeab63d467903944fc57102dc9410be67302720600c42ab73f3541f4d64508b8e792994e021729d8d7c3f8659dd7a3a69010ba97e08e1de24deb8f354298d995de95b56fe273b7585cea4ed0b73e5429fd3723a0098775915fe66cb982acb16e9d66bfb6ee62118e4bc96b1c55d4e101a0c4368b61d1e1e582b03e24b0b0772585adcc19257d7df0024ad8dae57b8674b977f9cc26fc12398a4490a335191fb6d49771eaa1637e4a209d31ca90676b1c0bae311905130176c0b26154399c7109afddf97aed3de8e8113ba16d07e56a7627b7ff2df1b28272ffc844b26f958367608a50f68b17a25d810a4e6e9413f03898c535d5a1498364c8e1ab53d401f8d115b437b221e90293d2d8f2829e21cf35bab483f82d635c96376f818bc17a2f44cecbf3fc68a8952be54bf1453f85da06a02941124faca6972dd29936048ef6fb3fa05937fe61d6d1c1eea4a60c96de7f325f307ef05aa302304a351caebe5a429343cc4ef19ede7b8c1c77564dc2b8557ba1109f38b420a14bec6d5b9e4bbc92f4d143df5e8535c165cde594cdb3f7c1ccb8e5260b8f8d86fd4c64d9dc7dbc40e12a829fe587eb21da4676e8ac55aefb4143a713c6581404c6772d5591281177c4f633b6520bce922eea833b2f528cbcdcda0d4948810c545a262c44e6595f9212af31757aba5e0aae4a3e81ae5c577aa4c9eb9a7b1be87f7cfe8c5b196ab151eefe1535b4e9c85312aecae74d448aa33bb9155b190f08bbadddb4cb9ceb00e01fe50f1e407236fa57718a8a04f4aa2542864acf3cfc118d01670e0d8d9c1579b26cad97a86d5ea33c21acfe9e9a8684b6637fda6e22affb085c644dc483c27d1aa633981f299faf595077fe6daaa4cd550549cd031c461db0de014d9b467b9fe804ff12a6529cf86544520b3341e24ca3af79246d7c6783ace4f3282da759c6577228d7a9b2e7ea714c1d1c1820a7b97804ca9c275b293b18370009955dc43c6200fa8585e7e65fce3183832a8239b23c0b71a58833f151526d0f43fb9688025aa8f332c6b6710eaf22f111b06cce091a0c6b68719ce3d84f3efd63aabe033c0226a48d0de956191caeb92cc27476cd0020071a58b650891573f30483be4e2a712533f29901f729e75f4abcb0f75138980f02f0d0d2f526b29c23fa1f985c0aafa37cc5e6ef49a2974fd592217dd4be4ee8324ed12bc22794d7857100976bac38fe15a1b360c672d3fadf027f93c97d31ae9e510b6bcfc71eeadc39788cff739948f1b26598483b59b22330c3754d1bb929273ecf4ce9badafe8a568a2a3d11fd0ce76786445e3972519affcf0c169c2587f119225cc52834a658cbda72633afd3453bc2b05d6b5478f9d4dcc4da33fed72903349b699324c3b8d21ced7152e838fdad03ace05571f47f1dd07e36854cb3fcefeb2544d7e5b040cdd9f7cadbf23acac40f05ccebe2ec62799c949a9547fb94a7ad511ee2c8049f45a44d3fc4bb343d6592627587f63a8af2267006b2b048e6e7c839556414013942116009973d7d9848dab2edd9370f12dc2567712f0c49b3de7d1cf5ec69113aaeefcd2dfc3ac542de728998ed4c65fbec2c58b3a97555e493ea0cc1c744088c67bfd7073d96230cceed332661748a974e12e12b241f9d4183eae8725499257cfa0dce8ff0f8856b0df9c1df025dc87fd28f100bef3756ce7459a263f5695e69f6f839189313259101042b1fc2e78aca4b6668f4fb84046f156d87113979348dd388447dd9b44dc954685e6aefe769e36c063a123c8ddfca4485ca241b24c02702f8451b9cfd6e40778a1aa3ebeba781024fe473625b3fe38d3ac2987e6f52edfbcf78d760b657a4ec052cb71ac5e13cd2edc7e86384734e95e8d1778badc72ec9ac8ff12c5c3f7b13522f4a405644135549de419a3704341f61a9ef72cc26e64c87069a3251769184bc137d86b655a406d6373afdfe3b37e86ad89229448b964328103b5bbcc8950d23097e603c38b4577735eb91be87531adb1c86928b36c9394897a2d51e576a9ff1df829bc9967f9e11ea1a74df7baa5920b6e3584fd6208fdb05cbcf7e19b0e9ab650a9035164e91ef34d1ecaefd0ba2b7c02890b0954e61d4355f2d90131f966ff10bc6d49b689a0add16396b47c1b54937f9189fd00f4b0eaa0c310c5c5643a8caadbb403d7023f2b9aeddf47c80d29c576c273650333eaa76182335a17aa63d982eedf66826cabfaaabd538df5ad9876ebfdcde7eb358c05f1ad19b82215141c927e87f2de5fe48e2143edf592e673896072ff09711ec4c14b934d402c943242d94d15e2ea082e1229ce12ee51e3fd5daf5458b569a495415fbf5323ca1c94ae0608963cf7dbcb42fc3eba4a3b05d47796d9362757bc5b880cc290e56cf2dccc9f5bea29d12efa0b9c7ae1fd235e7bbe7cbecad03456f6c3fe6553922591de3b8a330be4bc24ce88faf412463ac9bf66d2c4f99c17e0d68f772670fbbcbf8d5de219c1a47e46142ff5a7fcbd2970a7fe146a4ec509675699ace0ebfd754ba77283957e01fa29e5c1a994488dad1afe60cc01619aa33685d0b4dc203867d84febc1954b1009c99a69e729c27a5b6e82e4ed1a721843baf0e3d835f230133c337f25ea746c1eab993d39ba8b166c6a61c66e44ba9a62fdd44637e11ac20d0b982db82f2d6729960d0bf761573b88f0306bdab04244c2a6ffbb9835239d2d2236b8df5ba27c72887113d79806980d28a9ac16b0d5192992a4ba65b1f2a20b6038d91b9c4d775cac4a3f91b042d437531d6bc3bc2e588"}}}}}, 0xfce) sendmsg$sock(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000100)='&', 0x1}, {0x0, 0x4000}], 0x2}, 0x0) 1.585722715s ago: executing program 4 (id=880): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r0, &(0x7f0000000580)=ANY=[@ANYBLOB="5300000002"], 0x8) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000040), 0x8) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) r2 = socket$nl_sock_diag(0x10, 0x3, 0x4) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) shutdown(r3, 0x1) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000540)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_TREE_SEARCH(r1, 0xd0009411, &(0x7f0000002040)={{r4, 0x5, 0x1000, 0x4, 0x3, 0x38d, 0x8000000000000000, 0x8, 0x1000, 0x3, 0x2, 0x2, 0x9, 0x7f, 0x7ff}}) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r7, &(0x7f00000001c0), 0xe) listen(r7, 0x0) poll(&(0x7f0000000000)=[{r7}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x11, &(0x7f00000001c0)={r6}, &(0x7f0000000200)=0x8) sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000001400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="24000000000000000010000d00010045151ff6c3d5b83d6b00"/36], 0x24}}, 0x0) r8 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r8, 0x28, 0x8, &(0x7f0000000100)=0xffffffff00040000, 0x112) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x800}) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={0x1}, 0x4) r9 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="340000001000390400"/20, @ANYRES32=r11, @ANYBLOB="80000000000000000c002b800800040000000000080004"], 0x34}}, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280), 0x4) 1.538110724s ago: executing program 3 (id=881): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="000386dd0a00100000004000000060ec97000fc82b00fe8000400000000012000000000000aaff020000000000000000000000000001", @ANYRESHEX], 0xffe) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x2, 0x7, 0x0, 0x1}, 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r2, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) 1.479527794s ago: executing program 2 (id=882): socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000e00)=ANY=[], 0x8) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0xb, &(0x7f0000001740)=0x7ff, 0x4) recvmmsg(r1, &(0x7f0000000d00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=""/188, 0xbc}}], 0x1, 0x0, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$packet_int(r2, 0x107, 0x11, &(0x7f00000000c0)=0x6, 0x4) r3 = socket$inet_smc(0x2b, 0x1, 0x0) unshare(0x2000600) connect$inet(r3, 0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000008c0)={'wlan0\x00'}) r5 = socket$inet_dccp(0x2, 0x6, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NFC_CMD_GET_SE(r6, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r7, 0x100, 0x70bd29, 0x25dfdbfd, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x4c044) getsockopt$inet_int(r5, 0x10d, 0xd0, &(0x7f00000002c0), &(0x7f0000000080)=0x4) r8 = bpf$ITER_CREATE(0x21, &(0x7f0000000380), 0x8) ioctl$PPPIOCATTACH(r8, 0x4004743d, &(0x7f00000003c0)=0x4) sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4d69e6902839675adb90500bc871ab123c403886113bfe593aaffb691a6a0dc8cbfdebe081939d092fcc936a29b3356f10377407c332f5afad328d58085555230fee9d60ca2fe9fe9cda82482cf8b0476047081fbf8ad22cc4100f759165b13570bf7bbf94e6a2977f227acd8556f7c35a02d81350c5df88f3c9f586ae539d016d7b446b9c57e79789893c29a28f10a0c144f2f664e8792ecdfc65863ab3fd034a07de58b79a75c03b1a517d4a116a631bf76000c24b96014caa604d606bf1d4db47415b0811691a7d1a2596a71251ab6d5d87d93e26e53811c7afa0751b9513a552ae4e31d7b9bf813f33690e8655b2063f936e", @ANYRES16=r4, @ANYRESDEC=r3, @ANYBLOB="be8033f05ac9699d3e567cec50a85f27f7f34eb345", @ANYBLOB="0c0099000000000000000000140004006e6963766630000000000019000000000800050006000000"], 0x44}}, 0x10) 684.422754ms ago: executing program 1 (id=883): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) socket$tipc(0x1e, 0x5, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) (async) r3 = socket(0x1e, 0x1, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140), 0x24}}, 0x0) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtfilter={0x74, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xd}, {}, {0x2}}, [@filter_kind_options=@f_route={{0xa}, {0x44, 0x2, [@TCA_ROUTE4_POLICE={0x40, 0x5, [@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0xd04}}]}]}}]}, 0x74}}, 0x0) (async) r5 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000840)=ANY=[@ANYBLOB="380000000f6add00000000000000000000000000ed56e96d097bb1540a9fcd3250e139659a48ef415de9496374afb5ef80d1153efed5bfc0aca284485fe3d06ddfeaf66b7037025a3a299ef971a5b2a0b9f84bfdd87ee0e0195f2c815091b4a3b2f254cb176a321f0c842330766ed4486a96afb77d51a187299ddf7e635bac15f840220905769cbdcdbc1a5db4bb0a21b143c1008ed44b0c97f536054124a00379adc8f29a252ee4e2bc66931543766b9a009442b40430f52b31fa0ce9888deef724be0ad021259f59082efc3cb57e090119fc1c50957581c895b1e40cdddf2ece2477b963532a3679ffffffffb68f31f07528618ec7e05525fd619f4d1776c84d86d8119669e96bfa1a708b2a5fe7", @ANYRES32=r6, @ANYBLOB="000000000000000014001680100001800c000500000000000000000004001400"], 0x38}}, 0x0) (async) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000100)={0x8, 0x8002, 0x7, 0x4, 0x0}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f00000006c0)={r7, 0x4}, &(0x7f0000000700)=0x8) (async) r8 = socket$nl_generic(0x10, 0x3, 0x10) (async) r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)={0x1c, r9, 0x319, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x4}]}, 0x1c}}, 0x0) (async) bind$bt_sco(r1, &(0x7f0000000480), 0x8) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$packet(0x11, 0x0, 0x300) (async) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) (async) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x4da, &(0x7f00000001c0)={@dev, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x4a4, 0x3a, 0x0, @dev, @dev, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "7db4265c9f6aa3b46521199ea778d105c24ab977edb940e63f49a7129f45462e5eecc39f468544e3c13aa9017ccd638e784912ef2c2589d0d45cf0ed4bbe909218459bcbeaf63697aef1702b895af582b2"}, {0x0, 0x9, "1598a4a8a719ffe0621615f6d04dcae3360546cf06f2665bae2296931fd1d71c1f7e8f222b9ddc4e0bfb5e5c9a484353b785e79b4d8181cf146261723484c54803466e8bedb8ecd2"}, {0x0, 0x1, "d429145c793e823829b4"}, {0x0, 0x7d, "130c3818a2eaac43f1a6efc4f7772852ea05bff405aa28758ba53e0f2060e4e027f24bb723a5571d0da2ebeb3fe47f34e606cb3987e3681841f511126b773758e143f6be25d6965fcca35155fec3f970e2067f5db8a5de787eaf96b5957e6b988c02ae9fe26ec3118d9fdcca129d1269b290f687cde5b4eaba737c806335ca0d1e43697d144c6df4dc0d31e84004bc22e87b6e2daab5674479c76a1be360d309e7e7e5fa089032b331a3ceea18d92124681c0b78a0f1665ffcba0bee11950f6b4912bb302b3e648fad7ff4862ccc823e720fdb20af8ab0a6a09dfcdacf69923d60a0efeacf81e1e7e17db9547a4962bdec794c013af7210e54d43f3fe7da2f88c674f4cfd818f6a7461368bf62f1d5f98fd9394eb74bf0559f1c6b1ebec57dba007f143108ca4be3fa330cc21a411b0b7af23ebd9282be17fb702a5ca61650b283eec78e0280e4f2713b42bd4e3615c48c55c1abe5827601038109736f9c6b7242e7c9c917309397b864eedf5ca71db1debb609b6381b54955706017731319e0cc41083f99bd11da748b47d8715080899eb15caf19df36632b73bb22596b8e16186a2e51e277f8c78df609ca44a83914e8f7a8b053210573941b560ff8b114326678c6851c74596300b1c2a1ddc0af5b4cb5f15fa61e42214341368152275070973f3063f35fded9eeb535a0837783921dc2b705e0a0ceacca1882ff23813bc9199a9be39559c9f82a7452ce6113780cd7d26f532b72603afbfe994f5baf7257c9a33b9ac1ecd0b69da263daa9ac7e6a8d4400341926ed1f0c0e9086009c7945c0b255716f5b0dac45a9af480dc1f17beba2a2cddeafed29ecc91ce704895e28d0c46e639591c667a7f34500ea98ef557801dccf733fa61f3cf6740e40418745a42a738440ba9fc2ec415ba0fbf34800e6987b902302d552cf869eb350a9a862cd946f8285b03f03067dc9bae653dc701d97c7e6f7c1f0767624ac9e48b041c51697968b1e1733921270e569ac0b1ac7c25d00936ad05f14d67d3225d6a8cecd9fb63205ab14131e2e742977860e4a38ec056cda185aa357a059d0180056816a7902bdc0951253005099039bd945a6a4e525123cd4fcb8c5b335626464707fc21e92039b9190020eb9ef84c61cddede466a4c3ea2572927153997c33433ce9de0a7d2ed0b5fb0dce9cc6630bd0635a66be0cb490689169618184e896233d49b8f0e0717ae5d557333d54887ed8d983ee01091326af86e76583131104c66753efd58c32e499be23a05249b98e505c4c0237e2e70506fed29a33169d02b74ba5cbefad267e1107f4468e1144ece9656d35b88e405405fbb1438510f0395752c61e57e760de178a58a8da65040946656220817732fa0cd36189027287597cc5ebe709ca9d9a507babd39f"}]}}}}}}, 0x0) (async) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r11, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r12, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) 681.222463ms ago: executing program 2 (id=884): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f00000001c0)={0x5813}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001e008d2a04000000000000000a000000", @ANYRES32=0x0, @ANYBLOB="0000000014"], 0x44}}, 0x0) unshare(0x20000400) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f00000005c0)=""/210, &(0x7f0000000180)=0xd2) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r1}, 0x10) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000380)=@o_path={0x0, r2}, 0x18) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b706000014000000b7030000000d00008500000005000000bca900000000000035090100000000009500000000000000b7020000000000006b6af8ff00000000b5090000000000007baaf0ff00000000bf8700000000000007080000fffdffffbf2400000000000007060000f0ffffff740200000800000018260000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000000000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'netdevsim0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'ipvlan0\x00', 0x0}) r8 = socket$inet6_dccp(0xa, 0x6, 0x0) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) syz_emit_ethernet(0xe0, &(0x7f00000004c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, @val={@void, {0x8100, 0x7, 0x0, 0x4}}, {@llc_tr={0x11, {@snap={0xaa, 0x1, "beb1", "4ba001", 0x22eb, "5d67e81fae2ee41b0d7dba320ec55b77fcfaa8473a94a3127f04e5ca9f353282b36fd9f52a877f5b8906bdc87c61e86d2d6994801a54aebf99054b928acbe9ba2f0ccaba7f3a775613762f8703b92a9d6e6e1ed8dbfd0ff0263fe7f809aedc00e11fef0604fb16eb655c3a7c201f3d05842e5f9e452dcd42f2e6152f132abdeeadf3912daa2b79fb32f8ff140d84fdefe551d33d2ee9bda4952600c4777160537b0097a32f607353bb59639368c515646db6d909794167724a886c04a3806bdcd299fe931b"}}}}}, &(0x7f0000000080)={0x1, 0x3, [0x2e9, 0x8aa, 0xa99, 0x4a6]}) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r9, @ANYBLOB="0000000000000000b705000008000000850000000500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r10, 0x0, 0xe, 0x0, &(0x7f00000001c0)="3f6c00c2231bc4cb501d70870800", 0x0, 0xdbf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) getsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f00000006c0)={{{@in=@multicast2, @in=@initdev}}, {{@in=@multicast2}, 0x0, @in6=@loopback}}, &(0x7f0000000040)=0xe8) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r6}, @IFLA_HSR_SLAVE2={0x8, 0x2, r7}]}}}]}, 0x40}}, 0x0) 675.446913ms ago: executing program 3 (id=885): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r1, &(0x7f0000000040), 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x409, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @log={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LOG_FLAGS={0x8, 0x6, 0x1, 0x0, 0x27}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000005c0)={@ifindex, 0xffffffffffffffff, 0x2b}, 0x20) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r3) r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000003c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0xffffff2a, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x4}, 0x48) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000540)={'syztnl2\x00', &(0x7f0000000500)={'ip_vti0\x00', 0x0, 0x7, 0x10, 0x1, 0x0, {{0x6, 0x4, 0x1, 0x4, 0x18, 0x64, 0x0, 0x5, 0x2f, 0x0, @loopback, @empty, {[@ra={0x94, 0x4, 0x1}]}}}}}) pipe(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x6, 0x13, &(0x7f0000000c80)=ANY=[@ANYBLOB="180000000600000000000000cdc60000181100002c8c92bb3864e2ecd6c6cded7451cd44a13d881b2928ca13dcafcb1ad18fd957e96e9af27da6338b419a30de4a7a80046f98f6d3c9631092c68ee19782b09fbc2536751f29427578048f3c54ba61d752f8f7b9930e0c08b53817cc376bd7be9efbb086d3bbe1b707a4176f48df00952efc3b49224ad63518543482", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7080000990c00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400009662e471850000008200000018160000", @ANYRES32=0x1, @ANYBLOB="000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000009500000000000000"], &(0x7f0000000780)='GPL\x00', 0x100, 0x0, 0x0, 0x41000, 0x63, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000007c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000800)={0x5, 0x1, 0x1, 0xffffff7f}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000840)=[0x1, 0x1, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000880)=[{0x1, 0x4, 0x1, 0x6}, {0x5, 0x5, 0x4, 0x3}, {0x1, 0x5, 0x6}, {0x3, 0x5, 0x7, 0x6}, {0x3, 0x5, 0x8}, {0x1, 0x3, 0xd, 0x5}, {0x5, 0x5, 0xa, 0xb}], 0x10, 0x3}, 0x90) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000a40)=@bpf_tracing={0x1a, 0x5, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, [@map_fd={0x18, 0x8, 0x1, 0x0, r5}]}, &(0x7f0000000440)='syzkaller\x00', 0x9, 0x4c, &(0x7f0000000480)=""/76, 0x41100, 0x1, '\x00', r6, 0x1c, r8, 0x8, &(0x7f0000000640)={0x9, 0x4}, 0x8, 0x10, &(0x7f0000000680)={0x2, 0x1, 0x650, 0x1}, 0x10, 0x11a88, r9, 0x7, 0x0, &(0x7f00000009c0)=[{0x1, 0x4, 0xa, 0xc}, {0x1, 0x4, 0xb, 0xa}, {0x5, 0x2, 0xf, 0x2}, {0x4, 0x4, 0x8, 0x9}, {0x0, 0x1, 0x810, 0xa}, {0x0, 0x4, 0x4, 0x8}, {0x2, 0x2, 0x4, 0x7}], 0x10, 0x7}, 0x90) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r3) accept4(r1, &(0x7f0000000240)=@l2tp={0x2, 0x0, @loopback}, &(0x7f00000002c0)=0x80, 0x800) sendto$inet(r7, &(0x7f0000000b00)="546cca25e5e35c2465815c2ad5a48366fb30896f72d8154ca97859ede2ac75dd6ffc405b21baafe44d81d145484d", 0x2e, 0x1010, &(0x7f0000000b40)={0x2, 0x4e23, @multicast1}, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000001300)={'vxcan1\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x9, r10, 0x1, 0x9, 0x6, @link_local}, 0x14) sendmsg$ETHTOOL_MSG_PAUSE_GET(r3, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000000b80)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000000000000000150000000c00018008000100", @ANYRES32=r10, @ANYBLOB="35214acf508f4d9856421d0568560b51a91c55310fbda528647da2ce137a96e32181486b3b784ceab6e55e021cdc92ea329eb2638b1db34bf0903daa89e36dd4373016c7ea1cbaee70ebed740c963d3beaf804cf5592ef22db7262e3622e8bd3cf9b673ce4e67f2331b09b332a208d611fde231ef03ad4fbd3ea73609ac58c5cf21f02596e13d84ba970f97f2eb51398495b902ee4ab51fadfde2dae819c8a790c"], 0x20}}, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000000)={@multicast2, @dev, 0x0}, &(0x7f0000000040)=0xc) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@ipv6_newroute={0x40, 0x18, 0x200, 0x70bd28, 0x25dfdbfc, {0xa, 0x20, 0x10, 0x0, 0xfd, 0x4, 0xff, 0x0, 0x700}, [@RTA_PREF={0x5, 0x14, 0xfb}, @RTA_GATEWAY={0x14, 0x5, @private2={0xfc, 0x2, '\x00', 0x1}}, @RTA_IIF={0x8, 0x3, r11}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 674.139202ms ago: executing program 4 (id=886): socket(0x1, 0x803, 0x0) unshare(0x26020480) r0 = socket(0x1, 0x3, 0x0) bind$unix(r0, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0xfffffe98) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000001f00)=[{{&(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0) close(r1) connect$unix(r2, &(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xe, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="450a0000000000006111780000000000180000000000000000000000000000009500000000000000ae216bcc04fc8f10d332b7216ed60bc4368a60684d2aa27b8f6c400fb3ff2448d786ef2d5da9a46c86e5e8b039c982419084d4e0a77f5910df9746ad202b26dd68b0db4c0fd1d540655e6c9e85eadec04fb33237731ff75a72f1ba39c70651733c67b5fe8db86d554d113f9216ae30333c2a088d8b3c840ca219cf1e94ca3c8dcf037f091a37f76ebecd838da398628e31aad34bc21dfd3695c878e3"], &(0x7f0000000000)='GPL\x00'}, 0x80) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.stat\x00', 0x275a, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$kcm(0x2, 0xa, 0x2) write$tun(r3, &(0x7f0000000180)=ANY=[@ANYBLOB="000060030001080000000004000000aaaabbe0000001aaaaaaaaaaaaac14141a"], 0x20) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) r4 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004081) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events.local\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r4, 0x1, 0x3e, &(0x7f00000000c0)=r5, 0x4) 508.781471ms ago: executing program 1 (id=887): listen(0xffffffffffffffff, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x5, 0x6, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x20, 0x4}}}}}}, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0x3, &(0x7f0000000080)=0x90e, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = socket(0x1, 0x3, 0x0) r3 = epoll_create1(0x0) epoll_pwait(r3, &(0x7f00008c9fc4)=[{}], 0x1, 0xfffffffffffffff7, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000080)={0xa000200f}) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000340)=[@in6={0xa, 0x4e22, 0x8, @remote, 0x26458ed9}, @in={0x2, 0x4e20, @empty}], 0x2c) sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, 0x0, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), r4) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000f67b9bf945ccaa000000000000000100e91b820e0000088d6ab6e200030000008005000300050003e20600000008000100ffffffff0000000000000000"], 0x40}}, 0x0) r6 = socket$inet6(0xa, 0x2, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000940)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007de0b7030000010000006a0a00fe00000000850000000d000000b700000001000000950000000000000075cd67b5b18065752a3ad500000000000000cb450063bc36005400000000000000ff7f00000001000000000000000000cb04fcbb0b5ba9918d37b056b9bbd11b6b9f260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb4845124ef2e487204000000aaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aadffcc75fe369258673b5d053bdec75dca377232a790bce5a6f087ae8f5e64be2c9d2d29db3d36dd015c7bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67d4c6a06e828e5216f601b19db9af1b5d356d0f062137d866d11be4b1260b06cca9098a3f0151fdbbd4e97d62ecc6405003a60f1c6edc76683073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bdaeecc952a3fd2c46f3c1cde71a19d1a2982492abaa96765372831210e00d2bfea3b8df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f22542c133aadafdc96fdb49cc992dbdd5ac01ba51508951c7a7c5f5093bd6ca0916c3a12912715649c2b1c7193a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f000000000000000050572061dfb5248d3d4a1c37dcb92d9ef99e2f638f7eb12f63be72a3d817b324d6e417b1c2cbfdcada0a16e31790e26cf19524cf30f810da3204f4c93f4f5d7321acfefc4d1c9139ca4b65b9990995000000000000000000000000000000c8a3988cca41217c950554bb043cf364d709c2bf3ec46b75f1bce43e726210b53d362072bc120c076b4647afc595d97c288f5017088ac2b02ed97fc883a102ae6000044542e3aa7ada6d13ff93ec634a0fa0b5f41ed317b48b8b8c03b243d6e14b7087e2c5d41f8a51408e27283b54d04212cbb0f5af76b70b1bdcec7c0abe6407e7fa204b9919490af8bffca6fbbd2174a84328af4acc9c7ec655729125fc15da558cb6edfcdd0c3fca7130863d13369f79f1d13ac166249e4bffa4a272a0116b591a63bfca11205d216b34000000000000000045b5ade570aeb7cf89e900004dc6c89355082bdcb0b08b810cf63fd19a17f4d440f1546e8e5f8addedb88c7f7990947505d2fcd8cb14"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000300), 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x90) r8 = socket$nl_generic(0x11, 0x3, 0x10) sendmsg(r8, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x11000000}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000880)=@bpf_tracing={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000007c0)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0x1f2f, 0xb, 0x0, &(0x7f00000007c0)="9f44948721919580684010", 0x0, 0x1e8, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39"}, 0x50) connect$inet6(r6, &(0x7f00000002c0), 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r6, 0x29, 0x3b, &(0x7f0000000040)=ANY=[], 0x8) sendmmsg(r6, &(0x7f00000092c0), 0x4ff, 0x97) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x7a, &(0x7f0000000280)={@broadcast, @dev, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "dd690b", 0x44, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x8848, 0x3c00}}}}}}}, 0x0) r9 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r9, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffa, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r9, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x0, @rand_addr=0x64010100}], 0x10) 506.808202ms ago: executing program 0 (id=888): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write(r0, &(0x7f0000000100)="520003000100b8", 0x7) 493.071972ms ago: executing program 3 (id=889): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1) syz_genetlink_get_family_id$gtp(&(0x7f00000001c0), r1) (async) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x21020000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x5c, r2, 0x8, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x0, 0x47}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x64}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x18}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6a}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x24}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40080d0}, 0x4008041) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c00028005000300050000000800024000000016080001400000dc020900010073797a30000000000900020073797a32"], 0x80}}, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NOTIFY_RADAR(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r3, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) (async) setsockopt$inet_int(r3, 0x0, 0xc, &(0x7f0000000180)=0x6, 0x4) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) (async) syz_emit_ethernet(0x2e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0163988c52b8939ae74b7680c2000000080045000020000000000011907800000000fffdffff0000"], 0x0) connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) (async) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000280)=@assoc_value, &(0x7f00000002c0)=0x8) 372.09093ms ago: executing program 0 (id=890): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r2, r1, 0x2, 0x0, 0x4000}, 0x10) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r3, r4, 0x2, 0x2}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128009000100626f6e64000000001c0002800500010004002000080020"], 0x4c}}, 0x0) 354.661474ms ago: executing program 4 (id=891): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'vlan0\x00', 0x0}) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0xf3e, 0x4) sendto$packet(r1, &(0x7f0000000200)="3f030e00f0e812002c001e0089e9aaa911d7c2290f0088471327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c152cfdf9435e3ffe460f54", 0x4a, 0x0, &(0x7f0000000540)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) socket$igmp6(0xa, 0x3, 0x2) getsockopt$MRT6(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000300)) socket$inet6_sctp(0xa, 0x0, 0x84) r3 = socket(0x10, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='blkio.bfq.io_serviced\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r4}, 0x10) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r5, 0xc004743e, 0x20001400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x90) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r3, 0x10f, 0x84, &(0x7f0000000340), &(0x7f0000000380)=0x4) ioctl$PPPIOCSMRRU(r5, 0x4004743b, &(0x7f00000002c0)=0x5) socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x20, 0x10, 0x403}, 0x20}}, 0x0) r7 = socket$inet_smc(0x2b, 0x1, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) ioctl$int_in(r7, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1e, &(0x7f0000000180)=0x1, 0x4) connect$inet(r7, &(0x7f0000000280)={0x2, 0x0, @dev}, 0x10) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040), 0x4) sendmmsg$inet6(r0, &(0x7f0000005c80)=[{{&(0x7f0000000200)={0xa, 0x4e22, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0xb80b) 347.09673ms ago: executing program 2 (id=892): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)={0xf4, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x43, 0xe, {{{}, {}, @broadcast, @device_b}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ibss_ssid}, @void, @void, @val={0x4, 0x6}, @void, @void, @val={0x25, 0x3}, @void, @val={0x3c, 0x4, {0x1, 0xb, 0x2, 0x6}}, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_TX_RATES={0x7c, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x78, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x6, 0x8, 0x0, 0xfffc, 0x0, 0xff, 0xa]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x7, 0x66, 0x2, 0x7, 0x1, 0x3ff, 0x9]}}, @NL80211_TXRATE_HT={0x26, 0x2, [{0x1, 0x6}, {0x1, 0x9}, {0x5, 0x9}, {0x1, 0xa}, {0x0, 0x6}, {0x0, 0x9}, {0x4, 0x1}, {0x3, 0x3}, {0x0, 0x7}, {0x5, 0x9}, {0x4, 0x9}, {0x1, 0x6}, {0x6, 0x8}, {0x2, 0x2}, {0x6, 0x2}, {0x6, 0x3}, {0x5, 0x4}, {0x0, 0x9}, {0x3, 0x9}, {0x4, 0x7}, {0x3, 0xa}, {0x2, 0x1}, {0x0, 0x1}, {0x2}, {0x4, 0xa}, {0x2, 0x5}, {0x4, 0x6}, {0x0, 0x1}, {0x4, 0xa}, {0x3, 0x3}, {0x2, 0x8}, {0x1, 0x3}, {0x4, 0x4}, {0x6, 0x7}]}, @NL80211_TXRATE_GI={0x5}]}]}]}, 0xf4}}, 0x0) 283.983377ms ago: executing program 3 (id=893): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) (async) r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_DEL(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000021c0)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="0100000000000000000003020200"], 0x14}, 0x1, 0x40030000000000}, 0x0) (async) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e21}, 0x1c) (async) listen(r0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000020240), 0x10010) (async) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r3, 0x0) (async) unshare(0x400) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000010c0)={0x6, 0x4, &(0x7f0000000640)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0xb6}]}, &(0x7f0000000a80)='syzkaller\x00', 0x3219, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000fc0)={0x2, 0x4}, 0x8, 0x10, &(0x7f0000001000)={0x4, 0x8, 0x1000, 0x401}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000001040)=[r3, r3, r3], &(0x7f0000001080)=[{0x1, 0x5, 0xd, 0xb}, {0x3, 0x1, 0x2, 0x2}, {0x2, 0x3, 0xa, 0x3}, {0x2, 0x3, 0x3, 0x3}], 0x10, 0x200}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000011c0)={{r3}, &(0x7f0000000600), &(0x7f0000001180)=r5}, 0x20) (async) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000a00)={r0, 0x3, 0x7, 0x1}) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) (async) socket(0x10, 0x3, 0x0) (async) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000000301010200000000000000000000000008000740000000015811ecf6c90ee5c8a1819b93"], 0x1c}}, 0x0) (async) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) (async) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000005200010000000000000000520a00000000"], 0x20}}, 0x0) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) 231.473136ms ago: executing program 1 (id=894): socket$nl_route(0x10, 0x3, 0x0) (async) r0 = socket(0x1, 0x3, 0x0) (async) r1 = socket$netlink(0x10, 0x3, 0x0) (async) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000300)=ANY=[@ANYBLOB="bb3045f63003ce2cdd241400ed0027a6c113dd00f363b02c0b7e2ed7affe846ac5b40ea191d38594bad5ccd47564e0dfc9406941dbcc2853e3be69519e19c76a4fddbe346c41032d501ff194fa732567678764fd1a042b6f7ce2aa7677c74a67be8efc45766b2102167d1702a497796836c372bb39f9bdd481d4f4259eb135552c156d68fab418db3c48d1945130e88937f8", @ANYRES16=0x0, @ANYBLOB="000000000000000000000e000000"], 0x14}}, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x2, 0x1000}, 0x4) (async) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="1d44f4a323ce29edc9745c43d025d4b614848b0111336bda4110d644bb0a2313fcd1171f9d401c6bed56ea71256b8fd45b735e3610736c5e2012fe9906f42f5097f2c0ba8b2cb8222cb7f518fa56ca944db859fe4a42fc3f79d1c4116be8b707e3f1086fea8304d61b55449a36265d3aac3c69124ef6e9278d38", @ANYRESHEX=r1, @ANYRESHEX=0x0, @ANYBLOB="b471022185a301e6356b9bb624d26fa4ecf5ccd53e2ea462778dfe2d26968091521ed8a01f38d19622eb020c8a8070f1c7fbb24fe34616340487c52b9703656f2e932c2211c776858ed30027b659679376", @ANYRESOCT=r2, @ANYBLOB="c01f9dedfcb0397856922142aa1e7e30b0c302a73bea704ed2cc489dc1561a365462808046c3829316a638ae04f74731b4cccd7e1430cd2699eb8fdfa9279ec48667b4d0676fd47708d483a2cc66847a4c12d46428c9b6d5a8d69b61a9dac6662215e608b4fa9a29defde1a9e609c950cc67f44d9f9a125acf02561bccf8bc7cbed6ce53937d99d079b80a7d5ec00d97bb8ba52814", @ANYRESDEC, @ANYRES16=r0, @ANYRES16=0xffffffffffffffff], 0x3c}}, 0x8810) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) (async) socket$inet(0x2, 0x0, 0x0) (async) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000001300)={0x0, 0x0, &(0x7f00000012c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="0000070605000000000000000000000020001f0001000700000009000200fdad2127d09192e36ad81073797a30000000000900020073797a30000000000900020073797a32000000000000"], 0x40}}, 0x0) socket$tipc(0x1e, 0x0, 0x0) (async) sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) (async) r6 = syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) (async) r7 = socket(0xa, 0x1, 0x0) close(r7) (async) r8 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000002f00)={0x0, 0x10, &(0x7f0000002ec0)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000002f40)=0x10) r9 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r9, &(0x7f0000000140), 0x10) sendmsg$can_bcm(r9, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000500)=ANY=[@ANYRES64=r5, @ANYRES64=0x0, @ANYRES32=r3, @ANYBLOB="de0456dd018d5cde8ab9ebbe5db308c2a851679587386bcec10041420015165d449e567ee6e35e71a3386bacffc809ebea4ec30988afb0ee982d336f1966f3d555f5bf9b9deda07869fa91e21f51dd4bd3146c748a56882efa2a02b04895b8e32215c2efdeaebb3bb905a9069c40a729ee3dc7098c640d3047a88a56ff5376a170b69bea2074eea01b757af254fc6904203be06ff9d575e5c28ee31821", @ANYRESHEX=r6], 0x48}, 0x1, 0x0, 0x0, 0x46004}, 0x20008800) (async) ioctl$SIOCGSTAMPNS(r9, 0x8907, 0x0) recvmsg$can_bcm(r9, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) (async) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x8) sendmmsg$inet_sctp(r7, &(0x7f00000019c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="3000000000000000840000000100000000000000f302000008000000000000000000000000000000cd000000", @ANYRES32=r10], 0x30}], 0x1, 0x0) (async) socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000140)={0x1, 'ip6erspan0\x00', {}, 0x9}) 112.649962ms ago: executing program 2 (id=895): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="000386dd0a00100000004000000060ec97000fc82b00fe8000400000000040000000000000aaff020000000000000000000000000001", @ANYRESHEX], 0xffe) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x2, 0x7, 0x0, 0x1}, 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r2, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48) 40.005761ms ago: executing program 3 (id=896): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r0, &(0x7f0000000580)=ANY=[@ANYBLOB="5300000002"], 0x8) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000040), 0x8) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) r2 = socket$nl_sock_diag(0x10, 0x3, 0x4) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) shutdown(r3, 0x1) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000540)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_TREE_SEARCH(r1, 0xd0009411, &(0x7f0000002040)={{r4, 0x5, 0x1000, 0x4, 0x3, 0x38d, 0x8000000000000000, 0x8, 0x1000, 0x3, 0x2, 0x2, 0x9, 0x7f, 0x7ff}}) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r7, &(0x7f00000001c0), 0xe) listen(r7, 0x0) poll(&(0x7f0000000000)=[{r7}], 0x1, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x11, &(0x7f00000001c0)={r6}, &(0x7f0000000200)=0x8) sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000001400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="24000000000000000010000d00010045151ff6c3d5b83d6b00"/36], 0x24}}, 0x0) r8 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r8, 0x28, 0x8, &(0x7f0000000100)=0xffffffff00040000, 0x112) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x800}) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={0x1}, 0x4) r9 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="340000001000390400"/20, @ANYRES32=r11, @ANYBLOB="80000000000000000c002b800800040000000000080004"], 0x34}}, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000280), 0x4) 20.578426ms ago: executing program 0 (id=897): r0 = socket$nl_rdma(0x10, 0x3, 0x14) (async) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) (async) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x3ff}, 0x48) (async) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async) r4 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f00000001c0)={r5, @in={{0x2, 0x0, @empty}}}, 0x9c) (async) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f00000001c0)={r5, 0x5}, &(0x7f0000000240)=0x8) (async) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000600)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf35d0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c6ccb5960748a5c85c7056f2c43757123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399eb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba051aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54020000005c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c5bad2e5ec65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000000000000000000000000000000000000000ce0727b957880edc37cb9a7530281bb61a93c53ecf8d378634c2edaf98fc462233b42486bea9e4a653605813a0ec1bf39f27928c920fa62c4769063af644fe8104ce2e71ace16988de006997a44d42061bd8ae374034d1b83543475003c0b3a65f362769ecc12540ff6688c62685ec8d3257a29911527d42652cf23aec0381618b4f4b9bd8b5b6dd928bb60932005ab52f1492dc94d939d2ad88243fe245d179870ffe93fd2b74b672233f94b7e011fd20db75a3d44b6bf6f39c925e4be3d85f", @ANYRES64=r0, @ANYRESOCT=r2], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x1}, 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r7}, 0x10) (async) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000040), 0x208e24b) (async) r9 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r9, &(0x7f00000001c0)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @dev}, 0x10) (async) recvmmsg(r9, &(0x7f00000005c0)=[{{0x0, 0xe8, 0x0, 0x0, 0x0, 0x0, 0xffffffff00003f00}}], 0x4000000000001db, 0x0, 0x0) (async) sendfile(r9, r8, 0x0, 0xffefffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="20008000000000fc00"], 0x20}}, 0x0) (async) bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) (async) write$binfmt_misc(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="4c00030007"], 0xd) (async) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) (async) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x1c, &(0x7f0000000340)=[@in6={0xa, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}]}, &(0x7f0000000180)=0x10) (async) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0xf, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}}}, &(0x7f0000000000)=0x9c) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="b9ff03076003008cb89e08f086dd", 0x0, 0x0, 0x60000000, 0x0, 0xfffffffffffffce7, 0x0, 0x0}, 0x50) (async) r11 = socket$inet6(0xa, 0x2, 0xd) bind$inet6(r11, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r11, 0x29, 0x2, &(0x7f0000000040)=0x40000006, 0x4) (async) recvmmsg(r11, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) (async) sendto$inet6(r11, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x8, @mcast1}, 0x1c) 0s ago: executing program 1 (id=898): r0 = socket$inet(0x2, 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r2, 0x0) syz_emit_ethernet(0x5e, &(0x7f0000000540)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x50, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @broadcast}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x11, 0x0, 0x0, 0x0, {[@md5sig={0x13, 0x12, "e6fb1c4cc784283dc5abd7fff427b706"}, @mss={0x2, 0x4}, @md5sig={0x13, 0x12, "c5d7cb3485609d71e4b75c20d03d4ae9"}]}}}}}}}, 0x0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x60, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x6}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x60}}, 0x0) getsockopt$EBT_SO_GET_INFO(r0, 0x0, 0x80, &(0x7f00000000c0)={'filter\x00', 0x0, 0x0, 0x0, [0x3a, 0x0, 0x101, 0x6, 0x10001, 0x9]}, &(0x7f0000000000)=0x78) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) r3 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4) bind$inet(r3, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10) syz_emit_ethernet(0x3a, &(0x7f0000000140)=ANY=[@ANYRESHEX=r0, @ANYRES8=r3], 0x0) kernel console output (not intermixed with test programs): lter on device bond0 [ 79.489990][ T5153] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.497233][ T5153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.508958][ T5153] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.516099][ T5153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.589581][ T5104] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.667364][ T5153] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.674660][ T5153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.707070][ T5153] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.714240][ T5153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.728690][ T5101] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 79.753390][ T5114] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.858610][ T5105] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.057030][ T5105] veth0_vlan: entered promiscuous mode [ 80.153437][ T5105] veth1_vlan: entered promiscuous mode [ 80.188110][ T5101] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.334154][ T5099] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.354364][ T5105] veth0_macvtap: entered promiscuous mode [ 80.387928][ T5105] veth1_macvtap: entered promiscuous mode [ 80.427373][ T5101] veth0_vlan: entered promiscuous mode [ 80.445162][ T5104] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.468839][ T5105] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.490166][ T5105] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.500123][ T5101] veth1_vlan: entered promiscuous mode [ 80.537055][ T5105] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.546218][ T5105] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.555265][ T5105] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.564341][ T5105] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.597999][ T5099] veth0_vlan: entered promiscuous mode [ 80.638141][ T5114] veth0_vlan: entered promiscuous mode [ 80.656415][ T5099] veth1_vlan: entered promiscuous mode [ 80.711214][ T5114] veth1_vlan: entered promiscuous mode [ 80.733834][ T5101] veth0_macvtap: entered promiscuous mode [ 80.753678][ T5104] veth0_vlan: entered promiscuous mode [ 80.803429][ T5101] veth1_macvtap: entered promiscuous mode [ 80.843406][ T5114] veth0_macvtap: entered promiscuous mode [ 80.844492][ T2912] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.859371][ T2912] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.876123][ T5104] veth1_vlan: entered promiscuous mode [ 80.902787][ T5114] veth1_macvtap: entered promiscuous mode [ 80.913965][ T5099] veth0_macvtap: entered promiscuous mode [ 80.948188][ T5099] veth1_macvtap: entered promiscuous mode [ 80.970144][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.980338][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.991640][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.996761][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.006063][ T5101] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.034769][ T5101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.049187][ T5101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.059750][ T5108] Bluetooth: hci0: command tx timeout [ 81.059877][ T5110] Bluetooth: hci1: command tx timeout [ 81.069287][ T5101] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.089583][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.100266][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.110684][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.123784][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.134258][ T5108] Bluetooth: hci2: command tx timeout [ 81.134351][ T5110] Bluetooth: hci4: command tx timeout [ 81.141364][ T5110] Bluetooth: hci3: command tx timeout [ 81.149047][ T5114] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.184467][ T5101] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.193492][ T5101] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.203825][ T5101] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.214402][ T5101] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.227366][ T5099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.238824][ T5099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.250511][ T5099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.263398][ T5099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.273512][ T5099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.284411][ T5099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.296392][ T5099] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.310670][ T5099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.323477][ T5099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.338605][ T5099] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.363106][ T5099] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.376948][ T5099] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.413913][ T5099] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.424344][ T5099] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.433987][ T5099] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.442955][ T5099] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.458173][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.469050][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.479846][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.494023][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.504425][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.516215][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.528908][ T5114] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.579656][ T5114] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.588945][ T5114] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.599986][ T5114] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.609359][ T5114] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.656091][ T5104] veth0_macvtap: entered promiscuous mode [ 81.690025][ T5104] veth1_macvtap: entered promiscuous mode [ 81.712909][ T5104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.732656][ T5104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.748717][ T5104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.759790][ T5104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.780269][ T5104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.791097][ T5104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.802215][ T5104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.812828][ T5104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.832132][ T5104] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.883993][ T5104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.899855][ T5104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.910428][ T5104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.922171][ T5104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.935130][ T5104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.961251][ T5104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.990821][ T5104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.007851][ T5104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.023294][ T5104] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.113583][ T994] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.133452][ T994] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.147357][ T5104] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.179391][ T5104] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.188666][ T5104] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.216920][ T5104] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.245568][ T2912] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.270696][ T2912] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.334205][ T5199] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 82.382833][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.390700][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.483178][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.500629][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.606596][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.641035][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.761577][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.791560][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.885846][ T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.914852][ T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.007307][ T5209] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 83.041120][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.053806][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.132415][ T5211] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1'. [ 83.141934][ T5110] Bluetooth: hci1: command tx timeout [ 83.147376][ T5110] Bluetooth: hci0: command tx timeout [ 83.213415][ T5110] Bluetooth: hci3: command tx timeout [ 83.218917][ T5108] Bluetooth: hci4: command tx timeout [ 83.218927][ T5113] Bluetooth: hci2: command tx timeout [ 83.253634][ T5211] Êü: entered promiscuous mode [ 83.259399][ T5214] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11'. [ 83.271311][ T5218] netlink: 'syz.4.5': attribute type 6 has an invalid length. [ 83.376050][ T5218] netlink: 780 bytes leftover after parsing attributes in process `syz.4.5'. [ 83.594538][ T5233] x_tables: ip_tables: osf match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT/FORWARD [ 83.656907][ T5233] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13'. [ 83.690192][ T5233] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13'. [ 83.825962][ T5237] pimreg: entered allmulticast mode [ 83.956860][ T5244] syz.3.17 uses obsolete (PF_INET,SOCK_PACKET) [ 84.022881][ T5243] ip6t_REJECT: ECHOREPLY is not supported [ 84.038528][ T5243] netlink: 'syz.0.18': attribute type 1 has an invalid length. [ 84.047147][ T5243] netlink: 112860 bytes leftover after parsing attributes in process `syz.0.18'. [ 84.068362][ T5243] netlink: 'syz.0.18': attribute type 1 has an invalid length. [ 84.427046][ T5265] netlink: 20 bytes leftover after parsing attributes in process `syz.0.21'. [ 84.451592][ T5259] netlink: 4 bytes leftover after parsing attributes in process `syz.1.23'. [ 84.528319][ T5259] netlink: 4 bytes leftover after parsing attributes in process `syz.1.23'. [ 84.637138][ T5237] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 84.669474][ T5267] netlink: 20 bytes leftover after parsing attributes in process `syz.3.24'. [ 85.439981][ T5273] netlink: 'syz.2.26': attribute type 6 has an invalid length. [ 85.567817][ T5276] team0: entered promiscuous mode [ 85.583889][ T5276] team_slave_0: entered promiscuous mode [ 85.590025][ T5276] team_slave_1: entered promiscuous mode [ 85.646870][ T5282] team_slave_0: entered allmulticast mode [ 85.658871][ T5156] IPVS: starting estimator thread 0... [ 85.734633][ T5282] team0: Port device team_slave_0 removed [ 85.773107][ T5275] team0: left promiscuous mode [ 85.778368][ T5284] IPVS: using max 19 ests per chain, 45600 per kthread [ 85.787159][ T5275] team_slave_1: left promiscuous mode [ 85.864699][ T5292] FAULT_INJECTION: forcing a failure. [ 85.864699][ T5292] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 85.923972][ T5292] CPU: 0 PID: 5292 Comm: syz.1.33 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 85.933584][ T5292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 85.943685][ T5292] Call Trace: [ 85.947010][ T5292] [ 85.949965][ T5292] dump_stack_lvl+0x241/0x360 [ 85.954691][ T5292] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.959926][ T5292] ? __pfx__printk+0x10/0x10 [ 85.964553][ T5292] ? __pfx_lock_release+0x10/0x10 [ 85.969619][ T5292] should_fail_ex+0x3b0/0x4e0 [ 85.974329][ T5292] _copy_from_iter+0x1f6/0x1960 [ 85.979219][ T5292] ? __virt_addr_valid+0x183/0x530 [ 85.984371][ T5292] ? __pfx_lock_release+0x10/0x10 [ 85.989436][ T5292] ? __alloc_skb+0x28f/0x440 [ 85.994070][ T5292] ? __pfx__copy_from_iter+0x10/0x10 [ 85.999394][ T5292] ? __virt_addr_valid+0x183/0x530 [ 86.004540][ T5292] ? __virt_addr_valid+0x183/0x530 [ 86.009689][ T5292] ? __virt_addr_valid+0x45f/0x530 [ 86.014836][ T5292] ? __check_object_size+0x49c/0x900 [ 86.020150][ T5292] netlink_sendmsg+0x73d/0xcb0 [ 86.024936][ T5292] ? __pfx_netlink_sendmsg+0x10/0x10 [ 86.030233][ T5292] ? __import_iovec+0x536/0x820 [ 86.035092][ T5292] ? aa_sock_msg_perm+0x91/0x160 [ 86.040044][ T5292] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 86.045339][ T5292] ? security_socket_sendmsg+0x87/0xb0 [ 86.050817][ T5292] ? __pfx_netlink_sendmsg+0x10/0x10 [ 86.056114][ T5292] __sock_sendmsg+0x221/0x270 [ 86.060802][ T5292] ____sys_sendmsg+0x525/0x7d0 [ 86.065590][ T5292] ? __pfx_____sys_sendmsg+0x10/0x10 [ 86.070925][ T5292] __sys_sendmsg+0x2b0/0x3a0 [ 86.075531][ T5292] ? __pfx___sys_sendmsg+0x10/0x10 [ 86.080661][ T5292] ? vfs_write+0x7c4/0xc90 [ 86.085109][ T5292] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 86.091452][ T5292] ? do_syscall_64+0x100/0x230 [ 86.096223][ T5292] ? do_syscall_64+0xb6/0x230 [ 86.100905][ T5292] do_syscall_64+0xf3/0x230 [ 86.105414][ T5292] ? clear_bhb_loop+0x35/0x90 [ 86.110114][ T5292] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.116049][ T5292] RIP: 0033:0x7fad78175f19 [ 86.120476][ T5292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.140086][ T5292] RSP: 002b:00007fad79030048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 86.148502][ T5292] RAX: ffffffffffffffda RBX: 00007fad78305f60 RCX: 00007fad78175f19 [ 86.156475][ T5292] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 86.164452][ T5292] RBP: 00007fad790300a0 R08: 0000000000000000 R09: 0000000000000000 [ 86.172436][ T5292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 86.180406][ T5292] R13: 000000000000000b R14: 00007fad78305f60 R15: 00007fffcfc67618 [ 86.188391][ T5292] [ 86.319129][ T5302] IPVS: dh: TCP 172.20.20.170:0 - no destination available [ 86.426812][ T5310] FAULT_INJECTION: forcing a failure. [ 86.426812][ T5310] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 86.442386][ T5310] CPU: 1 PID: 5310 Comm: syz.2.41 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 86.451965][ T5310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 86.462019][ T5310] Call Trace: [ 86.465306][ T5310] [ 86.468240][ T5310] dump_stack_lvl+0x241/0x360 [ 86.472942][ T5310] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.478155][ T5310] ? __pfx__printk+0x10/0x10 [ 86.482758][ T5310] ? __pfx_lock_release+0x10/0x10 [ 86.487798][ T5310] should_fail_ex+0x3b0/0x4e0 [ 86.492485][ T5310] _copy_from_iter+0x1f6/0x1960 [ 86.497360][ T5310] ? __virt_addr_valid+0x183/0x530 [ 86.502485][ T5310] ? __pfx_lock_release+0x10/0x10 [ 86.507530][ T5310] ? __alloc_skb+0x28f/0x440 [ 86.512128][ T5310] ? __pfx__copy_from_iter+0x10/0x10 [ 86.517421][ T5310] ? __virt_addr_valid+0x183/0x530 [ 86.522561][ T5310] ? __virt_addr_valid+0x183/0x530 [ 86.527685][ T5310] ? __virt_addr_valid+0x45f/0x530 [ 86.532809][ T5310] ? __check_object_size+0x49c/0x900 [ 86.538109][ T5310] netlink_sendmsg+0x73d/0xcb0 [ 86.542908][ T5310] ? __pfx_netlink_sendmsg+0x10/0x10 [ 86.548201][ T5310] ? aa_sock_msg_perm+0x91/0x160 [ 86.553146][ T5310] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 86.558465][ T5310] ? security_socket_sendmsg+0x87/0xb0 [ 86.563932][ T5310] ? __pfx_netlink_sendmsg+0x10/0x10 [ 86.569218][ T5310] __sock_sendmsg+0x221/0x270 [ 86.573909][ T5310] sock_write_iter+0x2dd/0x400 [ 86.578690][ T5310] ? __pfx_sock_write_iter+0x10/0x10 [ 86.583998][ T5310] do_iter_readv_writev+0x60a/0x890 [ 86.589211][ T5310] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 86.594945][ T5310] ? bpf_lsm_file_permission+0x9/0x10 [ 86.600322][ T5310] ? security_file_permission+0x7f/0xa0 [ 86.605877][ T5310] ? rw_verify_area+0x1d2/0x6b0 [ 86.610744][ T5310] vfs_writev+0x37c/0xbb0 [ 86.615100][ T5310] ? __pfx_lock_acquire+0x10/0x10 [ 86.620136][ T5310] ? __pfx_vfs_writev+0x10/0x10 [ 86.625076][ T5310] ? vfs_write+0x7c4/0xc90 [ 86.629510][ T5310] ? __fget_files+0x29/0x470 [ 86.634115][ T5310] do_writev+0x1b1/0x350 [ 86.638367][ T5310] ? __pfx_do_writev+0x10/0x10 [ 86.643140][ T5310] ? do_syscall_64+0x100/0x230 [ 86.647911][ T5310] ? do_syscall_64+0xb6/0x230 [ 86.652614][ T5310] do_syscall_64+0xf3/0x230 [ 86.657126][ T5310] ? clear_bhb_loop+0x35/0x90 [ 86.661815][ T5310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.667716][ T5310] RIP: 0033:0x7fa66e975f19 [ 86.672133][ T5310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.691744][ T5310] RSP: 002b:00007fa66e3ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 86.700168][ T5310] RAX: ffffffffffffffda RBX: 00007fa66eb05f60 RCX: 00007fa66e975f19 [ 86.708151][ T5310] RDX: 0000000000000001 RSI: 0000000020000280 RDI: 0000000000000003 [ 86.716123][ T5310] RBP: 00007fa66e3ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 86.724096][ T5310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 86.732068][ T5310] R13: 000000000000000b R14: 00007fa66eb05f60 R15: 00007fffc8e43468 [ 86.740055][ T5310] [ 86.901809][ T928] cfg80211: failed to load regulatory.db [ 88.359105][ T5321] __nla_validate_parse: 10 callbacks suppressed [ 88.359126][ T5321] netlink: 24 bytes leftover after parsing attributes in process `syz.4.43'. [ 88.430099][ T5334] team0: entered promiscuous mode [ 88.458302][ T5334] team_slave_0: entered promiscuous mode [ 88.488323][ T5334] team_slave_1: entered promiscuous mode [ 88.545120][ T5335] team_slave_0: entered allmulticast mode [ 88.555493][ T5342] netlink: 76 bytes leftover after parsing attributes in process `syz.0.48'. [ 88.620328][ T5335] team0: Port device team_slave_0 removed [ 88.659724][ T5342] openvswitch: Êü: Dropping previously announced user features [ 88.715812][ T5332] team0: left promiscuous mode [ 88.738956][ T5332] team_slave_1: left promiscuous mode [ 88.768304][ T5348] bridge0: port 3(team0) entered blocking state [ 88.799555][ T5348] bridge0: port 3(team0) entered disabled state [ 88.816822][ T5348] team0: entered allmulticast mode [ 88.849653][ T5348] team_slave_0: entered allmulticast mode [ 88.902505][ T5348] team_slave_1: entered allmulticast mode [ 88.940464][ T5348] team0: entered promiscuous mode [ 88.983337][ T5348] team_slave_0: entered promiscuous mode [ 88.986443][ T5359] netlink: 12 bytes leftover after parsing attributes in process `syz.4.56'. [ 89.011362][ T5348] team_slave_1: entered promiscuous mode [ 89.037497][ T5348] bridge0: port 3(team0) entered blocking state [ 89.044170][ T5348] bridge0: port 3(team0) entered forwarding state [ 89.112930][ T5364] FAULT_INJECTION: forcing a failure. [ 89.112930][ T5364] name failslab, interval 1, probability 0, space 0, times 1 [ 89.148963][ T5364] CPU: 0 PID: 5364 Comm: syz.3.58 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 89.158569][ T5364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 89.168661][ T5364] Call Trace: [ 89.170253][ T5357] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 89.171950][ T5364] [ 89.171980][ T5364] dump_stack_lvl+0x241/0x360 [ 89.194709][ T5364] ? __pfx_dump_stack_lvl+0x10/0x10 [ 89.199921][ T5364] ? __pfx__printk+0x10/0x10 [ 89.204544][ T5364] ? __pfx___might_resched+0x10/0x10 [ 89.209845][ T5364] should_fail_ex+0x3b0/0x4e0 [ 89.214535][ T5364] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 89.220788][ T5364] should_failslab+0x9/0x20 [ 89.225310][ T5364] __kmalloc_noprof+0xd8/0x400 [ 89.230090][ T5364] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 89.236185][ T5364] genl_rcv_msg+0x802/0xec0 [ 89.240713][ T5364] ? mark_lock+0x9a/0x350 [ 89.245061][ T5364] ? __pfx_genl_rcv_msg+0x10/0x10 [ 89.250139][ T5364] ? __pfx_lock_acquire+0x10/0x10 [ 89.255168][ T5364] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 89.260371][ T5364] ? __pfx___might_resched+0x10/0x10 [ 89.265698][ T5364] netlink_rcv_skb+0x1e3/0x430 [ 89.270470][ T5364] ? __pfx_genl_rcv_msg+0x10/0x10 [ 89.275505][ T5364] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 89.280808][ T5364] ? __netlink_deliver_tap+0x77e/0x7c0 [ 89.286284][ T5364] genl_rcv+0x28/0x40 [ 89.290273][ T5364] netlink_unicast+0x7f0/0x990 [ 89.295046][ T5364] ? __pfx_netlink_unicast+0x10/0x10 [ 89.300339][ T5364] ? __virt_addr_valid+0x183/0x530 [ 89.305460][ T5364] ? __check_object_size+0x49c/0x900 [ 89.310753][ T5364] ? bpf_lsm_netlink_send+0x9/0x10 [ 89.315871][ T5364] netlink_sendmsg+0x8e4/0xcb0 [ 89.320649][ T5364] ? __pfx_netlink_sendmsg+0x10/0x10 [ 89.325945][ T5364] ? __import_iovec+0x536/0x820 [ 89.330799][ T5364] ? aa_sock_msg_perm+0x91/0x160 [ 89.335741][ T5364] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 89.341035][ T5364] ? security_socket_sendmsg+0x87/0xb0 [ 89.346518][ T5364] ? __pfx_netlink_sendmsg+0x10/0x10 [ 89.351809][ T5364] __sock_sendmsg+0x221/0x270 [ 89.356498][ T5364] ____sys_sendmsg+0x525/0x7d0 [ 89.361280][ T5364] ? __pfx_____sys_sendmsg+0x10/0x10 [ 89.366585][ T5364] __sys_sendmsg+0x2b0/0x3a0 [ 89.371176][ T5364] ? __pfx___sys_sendmsg+0x10/0x10 [ 89.376295][ T5364] ? vfs_write+0x7c4/0xc90 [ 89.380781][ T5364] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 89.387130][ T5364] ? do_syscall_64+0x100/0x230 [ 89.391900][ T5364] ? do_syscall_64+0xb6/0x230 [ 89.396584][ T5364] do_syscall_64+0xf3/0x230 [ 89.401094][ T5364] ? clear_bhb_loop+0x35/0x90 [ 89.405782][ T5364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.411681][ T5364] RIP: 0033:0x7fde7ff75f19 [ 89.416103][ T5364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.435717][ T5364] RSP: 002b:00007fde80ce0048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 89.444310][ T5364] RAX: ffffffffffffffda RBX: 00007fde80105f60 RCX: 00007fde7ff75f19 [ 89.452300][ T5364] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 89.460278][ T5364] RBP: 00007fde80ce00a0 R08: 0000000000000000 R09: 0000000000000000 [ 89.468257][ T5364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 89.476227][ T5364] R13: 000000000000000b R14: 00007fde80105f60 R15: 00007ffc1602d818 [ 89.484310][ T5364] [ 89.671788][ T5371] netlink: 20 bytes leftover after parsing attributes in process `syz.0.57'. [ 90.076914][ T5379] netlink: 28 bytes leftover after parsing attributes in process `syz.3.60'. [ 90.209083][ T5382] netlink: 20 bytes leftover after parsing attributes in process `syz.0.64'. [ 90.258114][ T5386] pim6reg: entered allmulticast mode [ 90.305037][ T5386] pim6reg: left allmulticast mode [ 90.489039][ T5388] netlink: 8 bytes leftover after parsing attributes in process `syz.2.67'. [ 90.684594][ T5409] netlink: 76 bytes leftover after parsing attributes in process `syz.4.72'. [ 90.711185][ T5409] FAULT_INJECTION: forcing a failure. [ 90.711185][ T5409] name failslab, interval 1, probability 0, space 0, times 0 [ 90.810952][ T5409] CPU: 1 PID: 5409 Comm: syz.4.72 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 90.820580][ T5409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 90.830666][ T5409] Call Trace: [ 90.833975][ T5409] [ 90.836938][ T5409] dump_stack_lvl+0x241/0x360 [ 90.841664][ T5409] ? __pfx_dump_stack_lvl+0x10/0x10 [ 90.846908][ T5409] ? __pfx__printk+0x10/0x10 [ 90.851539][ T5409] ? rcu_is_watching+0x15/0xb0 [ 90.856342][ T5409] should_fail_ex+0x3b0/0x4e0 [ 90.861049][ T5409] ? __alloc_skb+0x1c3/0x440 [ 90.865672][ T5409] should_failslab+0x9/0x20 [ 90.870206][ T5409] kmem_cache_alloc_node_noprof+0x71/0x320 [ 90.876056][ T5409] __alloc_skb+0x1c3/0x440 [ 90.880516][ T5409] ? __pfx___alloc_skb+0x10/0x10 [ 90.885496][ T5409] ovs_dp_cmd_new+0x169/0xc10 [ 90.885523][ T5415] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 90.890198][ T5409] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 90.910535][ T5409] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 90.916896][ T5409] genl_rcv_msg+0xb14/0xec0 [ 90.921441][ T5409] ? mark_lock+0x9a/0x350 [ 90.925812][ T5409] ? __pfx_genl_rcv_msg+0x10/0x10 [ 90.930900][ T5409] ? __pfx_lock_acquire+0x10/0x10 [ 90.935957][ T5409] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 90.941213][ T5409] ? __pfx___might_resched+0x10/0x10 [ 90.946541][ T5409] netlink_rcv_skb+0x1e3/0x430 [ 90.951336][ T5409] ? __pfx_genl_rcv_msg+0x10/0x10 [ 90.956400][ T5409] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 90.961739][ T5409] ? __netlink_deliver_tap+0x77e/0x7c0 [ 90.967246][ T5409] genl_rcv+0x28/0x40 [ 90.971263][ T5409] netlink_unicast+0x7f0/0x990 [ 90.976075][ T5409] ? __pfx_netlink_unicast+0x10/0x10 [ 90.981401][ T5409] ? __virt_addr_valid+0x183/0x530 [ 90.986561][ T5409] ? __check_object_size+0x49c/0x900 [ 90.991899][ T5409] ? bpf_lsm_netlink_send+0x9/0x10 [ 90.997055][ T5409] netlink_sendmsg+0x8e4/0xcb0 [ 91.001874][ T5409] ? __pfx_netlink_sendmsg+0x10/0x10 [ 91.007202][ T5409] ? __import_iovec+0x536/0x820 [ 91.012086][ T5409] ? aa_sock_msg_perm+0x91/0x160 [ 91.017062][ T5409] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 91.022386][ T5409] ? security_socket_sendmsg+0x87/0xb0 [ 91.027905][ T5409] ? __pfx_netlink_sendmsg+0x10/0x10 [ 91.033233][ T5409] __sock_sendmsg+0x221/0x270 [ 91.037954][ T5409] ____sys_sendmsg+0x525/0x7d0 [ 91.042772][ T5409] ? __pfx_____sys_sendmsg+0x10/0x10 [ 91.048114][ T5409] __sys_sendmsg+0x2b0/0x3a0 [ 91.052739][ T5409] ? __pfx___sys_sendmsg+0x10/0x10 [ 91.057895][ T5409] ? vfs_write+0x7c4/0xc90 [ 91.062400][ T5409] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 91.068759][ T5409] ? do_syscall_64+0x100/0x230 [ 91.073541][ T5409] ? do_syscall_64+0xb6/0x230 [ 91.078235][ T5409] do_syscall_64+0xf3/0x230 [ 91.082752][ T5409] ? clear_bhb_loop+0x35/0x90 [ 91.087447][ T5409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.093370][ T5409] RIP: 0033:0x7f9002f75f19 [ 91.097792][ T5409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.117402][ T5409] RSP: 002b:00007f90029ff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 91.125827][ T5409] RAX: ffffffffffffffda RBX: 00007f9003105f60 RCX: 00007f9002f75f19 [ 91.133809][ T5409] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 91.141787][ T5409] RBP: 00007f90029ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 91.149760][ T5409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.157734][ T5409] R13: 000000000000000b R14: 00007f9003105f60 R15: 00007fff922d5758 [ 91.165723][ T5409] [ 91.352112][ T5420] netlink: 20 bytes leftover after parsing attributes in process `syz.0.74'. [ 91.479261][ T5429] netlink: 'syz.4.79': attribute type 1 has an invalid length. [ 91.497957][ T5429] netlink: 9384 bytes leftover after parsing attributes in process `syz.4.79'. [ 91.860449][ T5434] Êü: entered promiscuous mode [ 91.908863][ T5436] netlink: 'syz.3.82': attribute type 1 has an invalid length. [ 91.942880][ T5436] netlink: 'syz.3.82': attribute type 4 has an invalid length. [ 92.383526][ T5451] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 92.409880][ T5466] netlink: 'syz.3.92': attribute type 1 has an invalid length. [ 93.443930][ T5476] netlink: 'syz.0.97': attribute type 1 has an invalid length. [ 93.478175][ T5476] __nla_validate_parse: 6 callbacks suppressed [ 93.478196][ T5476] netlink: 8 bytes leftover after parsing attributes in process `syz.0.97'. [ 93.545257][ T5478] netlink: 76 bytes leftover after parsing attributes in process `syz.3.98'. [ 93.587020][ T5478] Êü: entered promiscuous mode [ 93.873084][ T5484] netlink: 76 bytes leftover after parsing attributes in process `syz.3.101'. [ 93.937378][ T5484] openvswitch: Êü: Dropping previously announced user features [ 94.013765][ T5490] netlink: 8 bytes leftover after parsing attributes in process `syz.0.102'. [ 94.111519][ T5108] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 94.120375][ T5108] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 94.129308][ T5108] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 94.139873][ T5108] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 94.148903][ T5108] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 94.161088][ T5108] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 94.277450][ T5502] bridge0: port 3(team0) entered blocking state [ 94.284194][ T5502] bridge0: port 3(team0) entered disabled state [ 94.290696][ T5502] team0: entered allmulticast mode [ 94.297782][ T5502] team_slave_0: entered allmulticast mode [ 94.303837][ T5502] team_slave_1: entered allmulticast mode [ 94.316633][ T5502] team0: entered promiscuous mode [ 94.322050][ T5502] team_slave_0: entered promiscuous mode [ 94.329153][ T5502] team_slave_1: entered promiscuous mode [ 94.352153][ T5502] bridge0: port 3(team0) entered blocking state [ 94.358659][ T5502] bridge0: port 3(team0) entered forwarding state [ 94.599176][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 94.798672][ T5509] netlink: 20 bytes leftover after parsing attributes in process `syz.0.109'. [ 94.927951][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.063976][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.295237][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.701139][ C1] eth0: bad gso: type: 1, size: 1408 [ 95.811193][ T5536] netlink: 76 bytes leftover after parsing attributes in process `syz.4.117'. [ 95.915409][ T5536] Êü: entered promiscuous mode [ 96.042361][ T11] team0: left allmulticast mode [ 96.063815][ T11] team_slave_0: left allmulticast mode [ 96.069591][ T11] team_slave_1: left allmulticast mode [ 96.097948][ T11] team0: left promiscuous mode [ 96.120569][ T11] team_slave_0: left promiscuous mode [ 96.128971][ T11] team_slave_1: left promiscuous mode [ 96.142293][ T11] bridge0: port 3(team0) entered disabled state [ 96.168192][ T5549] FAULT_INJECTION: forcing a failure. [ 96.168192][ T5549] name failslab, interval 1, probability 0, space 0, times 0 [ 96.220940][ T5549] CPU: 0 PID: 5549 Comm: syz.4.121 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 96.230644][ T5549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 96.240746][ T5549] Call Trace: [ 96.244052][ T5549] [ 96.247010][ T5549] dump_stack_lvl+0x241/0x360 [ 96.251735][ T5549] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.256975][ T5549] ? __pfx__printk+0x10/0x10 [ 96.261602][ T5549] ? ref_tracker_alloc+0x332/0x490 [ 96.266762][ T5549] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 96.272260][ T5549] should_fail_ex+0x3b0/0x4e0 [ 96.277006][ T5549] ? skb_clone+0x20c/0x390 [ 96.281453][ T5549] should_failslab+0x9/0x20 [ 96.286000][ T5549] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 96.291405][ T5549] skb_clone+0x20c/0x390 [ 96.295687][ T5549] __netlink_deliver_tap+0x3cc/0x7c0 [ 96.301024][ T5549] ? netlink_deliver_tap+0x2e/0x1b0 [ 96.306260][ T5549] netlink_deliver_tap+0x19d/0x1b0 [ 96.311410][ T5549] __netlink_sendskb+0x60/0xd0 [ 96.316214][ T5549] netlink_dump+0x97d/0xd80 [ 96.320771][ T5549] ? __pfx_netlink_dump+0x10/0x10 [ 96.325851][ T5549] ? __inet_diag_dump_start+0x8c9/0xa50 [ 96.331440][ T5549] __netlink_dump_start+0x59f/0x780 [ 96.336677][ T5549] inet_diag_handler_cmd+0x1de/0x2b0 [ 96.341994][ T5549] ? __pfx_inet_diag_handler_cmd+0x10/0x10 [ 96.346711][ T5559] netlink: 4 bytes leftover after parsing attributes in process `syz.3.122'. [ 96.347804][ T5549] ? __pfx_inet_diag_dump_start+0x10/0x10 [ 96.362295][ T5549] ? __pfx_inet_diag_dump+0x10/0x10 [ 96.367537][ T5549] ? __pfx_inet_diag_dump_done+0x10/0x10 [ 96.373219][ T5549] ? sock_diag_lock_handler+0x19/0x280 [ 96.378719][ T5549] ? __pfx_inet_diag_handler_cmd+0x10/0x10 [ 96.384562][ T5549] sock_diag_rcv_msg+0x3dc/0x5f0 [ 96.389559][ T5549] netlink_rcv_skb+0x1e3/0x430 [ 96.394356][ T5549] ? __pfx_sock_diag_rcv_msg+0x10/0x10 [ 96.399871][ T5549] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 96.405214][ T5549] ? netlink_deliver_tap+0x2e/0x1b0 [ 96.410449][ T5549] netlink_unicast+0x7f0/0x990 [ 96.415254][ T5549] ? __pfx_netlink_unicast+0x10/0x10 [ 96.420589][ T5549] ? __virt_addr_valid+0x183/0x530 [ 96.425743][ T5549] ? __check_object_size+0x49c/0x900 [ 96.431056][ T5549] ? bpf_lsm_netlink_send+0x9/0x10 [ 96.436199][ T5549] netlink_sendmsg+0x8e4/0xcb0 [ 96.441023][ T5549] ? __pfx_netlink_sendmsg+0x10/0x10 [ 96.446344][ T5549] ? aa_sock_msg_perm+0x91/0x160 [ 96.451315][ T5549] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 96.456635][ T5549] ? security_socket_sendmsg+0x87/0xb0 [ 96.462139][ T5549] ? __pfx_netlink_sendmsg+0x10/0x10 [ 96.467464][ T5549] __sock_sendmsg+0x221/0x270 [ 96.472188][ T5549] sock_write_iter+0x2dd/0x400 [ 96.476988][ T5549] ? __pfx_sock_write_iter+0x10/0x10 [ 96.482322][ T5549] do_iter_readv_writev+0x60a/0x890 [ 96.487555][ T5549] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 96.493306][ T5549] ? bpf_lsm_file_permission+0x9/0x10 [ 96.498707][ T5549] ? security_file_permission+0x7f/0xa0 [ 96.504270][ T5549] ? rw_verify_area+0x1d2/0x6b0 [ 96.509157][ T5549] vfs_writev+0x37c/0xbb0 [ 96.513534][ T5549] ? __pfx_lock_acquire+0x10/0x10 [ 96.518605][ T5549] ? __pfx_vfs_writev+0x10/0x10 [ 96.523490][ T5549] ? vfs_write+0x7c4/0xc90 [ 96.527941][ T5549] ? __fget_files+0x29/0x470 [ 96.532606][ T5549] do_writev+0x1b1/0x350 [ 96.536893][ T5549] ? __pfx_do_writev+0x10/0x10 [ 96.541676][ T5549] ? do_syscall_64+0x100/0x230 [ 96.546480][ T5549] ? do_syscall_64+0xb6/0x230 [ 96.551185][ T5549] do_syscall_64+0xf3/0x230 [ 96.555711][ T5549] ? clear_bhb_loop+0x35/0x90 [ 96.560396][ T5549] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.566294][ T5549] RIP: 0033:0x7f9002f75f19 [ 96.570719][ T5549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.590346][ T5549] RSP: 002b:00007f90029ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 96.598764][ T5549] RAX: ffffffffffffffda RBX: 00007f9003105f60 RCX: 00007f9002f75f19 [ 96.606737][ T5549] RDX: 0000000000000001 RSI: 0000000020000280 RDI: 0000000000000003 [ 96.614717][ T5549] RBP: 00007f90029ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 96.622714][ T5549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 96.630793][ T5549] R13: 000000000000000b R14: 00007f9003105f60 R15: 00007fff922d5758 [ 96.638807][ T5549] [ 96.657952][ T5108] Bluetooth: hci1: command tx timeout [ 96.674609][ T11] bridge_slave_1: left allmulticast mode [ 96.683623][ T11] bridge_slave_1: left promiscuous mode [ 96.689514][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.714524][ T11] bridge_slave_0: left allmulticast mode [ 96.735491][ T11] bridge_slave_0: left promiscuous mode [ 96.758171][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.088394][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 97.101213][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 97.115338][ T11] bond0 (unregistering): Released all slaves [ 97.135830][ T5492] chnl_net:caif_netlink_parms(): no params data found [ 97.164576][ T5561] netlink: 8 bytes leftover after parsing attributes in process `syz.0.118'. [ 97.239092][ T5557] team0: Port device team_slave_0 removed [ 97.261898][ T5569] netlink: 32 bytes leftover after parsing attributes in process `syz.4.124'. [ 97.491636][ T5582] netlink: 20 bytes leftover after parsing attributes in process `syz.0.125'. [ 98.154515][ T5492] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.195847][ T5492] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.237486][ T5492] bridge_slave_0: entered allmulticast mode [ 98.290486][ T5492] bridge_slave_0: entered promiscuous mode [ 98.304548][ C1] eth0: bad gso: type: 1, size: 1408 [ 98.375719][ T5602] openvswitch: Êü: Dropping previously announced user features [ 98.385354][ T11] hsr_slave_0: left promiscuous mode [ 98.406083][ T11] hsr_slave_1: left promiscuous mode [ 98.430955][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 98.438446][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 98.479037][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 98.504158][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 98.584323][ T11] veth1_macvtap: left promiscuous mode [ 98.590314][ T11] veth0_macvtap: left promiscuous mode [ 98.618601][ T11] veth1_vlan: left promiscuous mode [ 98.624487][ T11] veth0_vlan: left promiscuous mode [ 98.733622][ T5108] Bluetooth: hci1: command tx timeout [ 98.882527][ T11] pimreg (unregistering): left allmulticast mode [ 99.198523][ T11] team0 (unregistering): Port device team_slave_1 removed [ 99.270427][ T11] team0 (unregistering): Port device team_slave_0 removed [ 99.625790][ T5492] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.633462][ T5492] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.640653][ T5492] bridge_slave_1: entered allmulticast mode [ 99.648610][ T5492] bridge_slave_1: entered promiscuous mode [ 99.695295][ T5625] __nla_validate_parse: 3 callbacks suppressed [ 99.695320][ T5625] netlink: 8 bytes leftover after parsing attributes in process `syz.1.134'. [ 99.712099][ T5628] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 99.821228][ T5492] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.857688][ T5641] netlink: 76 bytes leftover after parsing attributes in process `syz.1.140'. [ 99.877054][ T5641] openvswitch: Êü: Dropping previously announced user features [ 99.904762][ T5492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.990822][ T5636] netlink: 32 bytes leftover after parsing attributes in process `syz.3.139'. [ 100.123754][ T5492] team0: Port device team_slave_0 added [ 100.136479][ T5492] team0: Port device team_slave_1 added [ 100.206015][ T5657] netlink: 'syz.3.146': attribute type 3 has an invalid length. [ 100.223037][ T5657] netlink: 'syz.3.146': attribute type 4 has an invalid length. [ 100.249218][ T5657] netlink: 'syz.3.146': attribute type 7 has an invalid length. [ 100.284590][ T5657] netlink: 'syz.3.146': attribute type 8 has an invalid length. [ 100.322994][ T5492] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.329989][ T5492] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.361423][ T5657] netlink: 'syz.3.146': attribute type 7 has an invalid length. [ 100.369169][ T5657] netlink: 198180 bytes leftover after parsing attributes in process `syz.3.146'. [ 100.414013][ T5492] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.441715][ T5492] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.449097][ T5492] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.504336][ T5666] netlink: 8 bytes leftover after parsing attributes in process `syz.1.150'. [ 100.532028][ T5666] netlink: 40 bytes leftover after parsing attributes in process `syz.1.150'. [ 100.550009][ T5492] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.563180][ T5666] netlink: 40 bytes leftover after parsing attributes in process `syz.1.150'. [ 100.582341][ T5666] netlink: 40 bytes leftover after parsing attributes in process `syz.1.150'. [ 100.631395][ T5666] netlink: 40 bytes leftover after parsing attributes in process `syz.1.150'. [ 100.660252][ T5663] netlink: 8 bytes leftover after parsing attributes in process `syz.4.149'. [ 100.795434][ T5677] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 100.811934][ T5108] Bluetooth: hci1: command tx timeout [ 100.928128][ T5492] hsr_slave_0: entered promiscuous mode [ 100.957192][ T5492] hsr_slave_1: entered promiscuous mode [ 100.974660][ T5492] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 100.982920][ T5492] Cannot create hsr debugfs directory [ 101.208925][ T5695] openvswitch: Êü: Dropping previously announced user features [ 101.520152][ T5707] sctp: [Deprecated]: syz.3.162 (pid 5707) Use of int in max_burst socket option deprecated. [ 101.520152][ T5707] Use struct sctp_assoc_value instead [ 101.706225][ T5712] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 102.085472][ T5492] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 102.134257][ T5492] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 102.185941][ T5492] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 102.222885][ T5492] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 102.677239][ T5492] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.774582][ T5492] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.845669][ T928] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.852896][ T928] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.896964][ T5108] Bluetooth: hci1: command tx timeout [ 102.949035][ T5157] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.956564][ T5157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.081974][ T5492] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 103.276262][ T5748] netlink: 'syz.1.175': attribute type 33 has an invalid length. [ 103.425330][ T5759] vlan2: entered promiscuous mode [ 103.430431][ T5759] dummy0: entered promiscuous mode [ 103.436312][ T5759] vlan2: entered allmulticast mode [ 103.451907][ T5759] dummy0: entered allmulticast mode [ 103.465609][ T5759] dummy0: left allmulticast mode [ 103.511731][ T5759] dummy0: left promiscuous mode [ 103.672383][ T5492] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.043589][ T5492] veth0_vlan: entered promiscuous mode [ 104.107575][ T5492] veth1_vlan: entered promiscuous mode [ 104.263855][ T5492] veth0_macvtap: entered promiscuous mode [ 104.319907][ T5492] veth1_macvtap: entered promiscuous mode [ 104.446917][ T5492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.480887][ T5492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.513621][ T5492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.537423][ T5492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.548466][ T5492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.559390][ T5492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.569663][ T5492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.580821][ T5492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.598584][ T5492] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.609356][ T5780] openvswitch: Êü: Dropping previously announced user features [ 104.610189][ T5492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.629294][ T5492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.639278][ T5492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.651205][ T5492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.663289][ T5492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.673844][ T5492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.685887][ T5492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.696439][ T5492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.710002][ T5492] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.719497][ T5782] __nla_validate_parse: 69 callbacks suppressed [ 104.719514][ T5782] netlink: 32 bytes leftover after parsing attributes in process `syz.3.186'. [ 104.776333][ T5492] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.794006][ T5492] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.818567][ T5492] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.839182][ T5492] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.028288][ T5799] netlink: 8 bytes leftover after parsing attributes in process `syz.4.190'. [ 105.142031][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.149909][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.257366][ T2472] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.266067][ T5806] FAULT_INJECTION: forcing a failure. [ 105.266067][ T5806] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 105.289122][ T5809] netlink: 20 bytes leftover after parsing attributes in process `syz.3.191'. [ 105.307791][ T2472] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.316013][ T5806] CPU: 1 PID: 5806 Comm: syz.0.194 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 105.325686][ T5806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 105.335763][ T5806] Call Trace: [ 105.339056][ T5806] [ 105.342002][ T5806] dump_stack_lvl+0x241/0x360 [ 105.346708][ T5806] ? __pfx_dump_stack_lvl+0x10/0x10 [ 105.351934][ T5806] ? __pfx__printk+0x10/0x10 [ 105.356550][ T5806] ? __pfx_lock_release+0x10/0x10 [ 105.361604][ T5806] ? validate_chain+0x11e/0x5900 [ 105.366581][ T5806] should_fail_ex+0x3b0/0x4e0 [ 105.371291][ T5806] _copy_from_iter+0x1f6/0x1960 [ 105.376177][ T5806] ? __pfx_validate_chain+0x10/0x10 [ 105.381418][ T5806] ? __pfx__copy_from_iter+0x10/0x10 [ 105.386745][ T5806] tun_get_user+0x445/0x4720 [ 105.391389][ T5806] ? __lock_acquire+0x137a/0x2040 [ 105.396467][ T5806] ? __pfx_tun_get_user+0x10/0x10 [ 105.401543][ T5806] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 105.407031][ T5806] ? tun_get+0x1e/0x2f0 [ 105.411227][ T5806] ? __pfx_lock_release+0x10/0x10 [ 105.416282][ T5806] ? tun_get+0x1e/0x2f0 [ 105.420452][ T5806] ? tun_get+0x27d/0x2f0 [ 105.424705][ T5806] tun_chr_write_iter+0x113/0x1f0 [ 105.429750][ T5806] vfs_write+0xa72/0xc90 [ 105.433997][ T5806] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 105.439550][ T5806] ? __pfx_vfs_write+0x10/0x10 [ 105.444351][ T5806] ksys_write+0x1a0/0x2c0 [ 105.448683][ T5806] ? __pfx_ksys_write+0x10/0x10 [ 105.453537][ T5806] ? do_syscall_64+0x100/0x230 [ 105.458312][ T5806] ? do_syscall_64+0xb6/0x230 [ 105.463003][ T5806] do_syscall_64+0xf3/0x230 [ 105.467520][ T5806] ? clear_bhb_loop+0x35/0x90 [ 105.472206][ T5806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.478104][ T5806] RIP: 0033:0x7f338f175f19 [ 105.482520][ T5806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.502142][ T5806] RSP: 002b:00007f338fe8f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 105.510557][ T5806] RAX: ffffffffffffffda RBX: 00007f338f305f60 RCX: 00007f338f175f19 [ 105.518528][ T5806] RDX: 0000000000000ffe RSI: 00000000200003c0 RDI: 0000000000000003 [ 105.526502][ T5806] RBP: 00007f338fe8f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 105.534502][ T5806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.542484][ T5806] R13: 000000000000000b R14: 00007f338f305f60 R15: 00007ffdc78215a8 [ 105.550470][ T5806] [ 106.016937][ T5820] netlink: 8 bytes leftover after parsing attributes in process `syz.1.196'. [ 106.075849][ T5822] netlink: 48 bytes leftover after parsing attributes in process `syz.1.196'. [ 106.185053][ T5826] netlink: 20 bytes leftover after parsing attributes in process `syz.4.197'. [ 106.921245][ T5832] netlink: 76 bytes leftover after parsing attributes in process `syz.3.200'. [ 106.942561][ T5832] openvswitch: Êü: Dropping previously announced user features [ 106.962979][ T5836] netlink: 76 bytes leftover after parsing attributes in process `syz.4.204'. [ 107.008937][ T5836] openvswitch: Êü: Dropping previously announced user features [ 107.159548][ T5833] syzkaller0: entered promiscuous mode [ 107.169477][ T5833] syzkaller0: entered allmulticast mode [ 107.716687][ T5860] trusted_key: syz.1.212 sent an empty control message without MSG_MORE. [ 108.280042][ T5874] netlink: 20 bytes leftover after parsing attributes in process `syz.3.214'. [ 109.678551][ T5847] netlink: 8 bytes leftover after parsing attributes in process `syz.4.207'. [ 109.701332][ T5866] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 109.886722][ T5882] netlink: 8 bytes leftover after parsing attributes in process `syz.0.215'. [ 109.897500][ T5884] netlink: 76 bytes leftover after parsing attributes in process `syz.2.218'. [ 109.973340][ T5884] Êü: entered promiscuous mode [ 110.203138][ T5893] netlink: 4 bytes leftover after parsing attributes in process `syz.3.222'. [ 110.300111][ T5904] netlink: 4 bytes leftover after parsing attributes in process `syz.3.226'. [ 110.322417][ T5901] netlink: 52 bytes leftover after parsing attributes in process `syz.0.224'. [ 110.572189][ T5915] netlink: 8 bytes leftover after parsing attributes in process `syz.2.227'. [ 110.729389][ T5909] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 111.095355][ T5933] FAULT_INJECTION: forcing a failure. [ 111.095355][ T5933] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 111.130983][ T5933] CPU: 0 PID: 5933 Comm: syz.3.233 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 111.140686][ T5933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 111.150774][ T5933] Call Trace: [ 111.154080][ T5933] [ 111.157046][ T5933] dump_stack_lvl+0x241/0x360 [ 111.161766][ T5933] ? __pfx_dump_stack_lvl+0x10/0x10 [ 111.167000][ T5933] ? __pfx__printk+0x10/0x10 [ 111.171638][ T5933] should_fail_ex+0x3b0/0x4e0 [ 111.176358][ T5933] prepare_alloc_pages+0x1da/0x5d0 [ 111.181521][ T5933] __alloc_pages_noprof+0x166/0x6c0 [ 111.186760][ T5933] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 111.192518][ T5933] ? kmalloc_reserve+0xa8/0x2a0 [ 111.197446][ T5933] ? __build_skb_around+0x245/0x3d0 [ 111.202692][ T5933] alloc_pages_mpol_noprof+0x3e8/0x680 [ 111.208208][ T5933] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 111.214231][ T5933] ? __pfx___might_resched+0x10/0x10 [ 111.219552][ T5933] ? alloc_pages_noprof+0xef/0x170 [ 111.224702][ T5933] alloc_skb_with_frags+0x21c/0x770 [ 111.229955][ T5933] sock_alloc_send_pskb+0x91a/0xa60 [ 111.235215][ T5933] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 111.240975][ T5933] ? iov_iter_advance+0x8f/0x1b0 [ 111.245939][ T5933] tun_get_user+0xcf3/0x4720 [ 111.250569][ T5933] ? __lock_acquire+0x137a/0x2040 [ 111.255634][ T5933] ? __pfx_tun_get_user+0x10/0x10 [ 111.260705][ T5933] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 111.266192][ T5933] ? tun_get+0x1e/0x2f0 [ 111.270373][ T5933] ? __pfx_lock_release+0x10/0x10 [ 111.275450][ T5933] ? tun_get+0x1e/0x2f0 [ 111.279636][ T5933] ? tun_get+0x27d/0x2f0 [ 111.283915][ T5933] tun_chr_write_iter+0x113/0x1f0 [ 111.288980][ T5933] vfs_write+0xa72/0xc90 [ 111.293256][ T5933] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 111.298838][ T5933] ? __pfx_vfs_write+0x10/0x10 [ 111.303667][ T5933] ksys_write+0x1a0/0x2c0 [ 111.308038][ T5933] ? __pfx_ksys_write+0x10/0x10 [ 111.312923][ T5933] ? do_syscall_64+0x100/0x230 [ 111.317725][ T5933] ? do_syscall_64+0xb6/0x230 [ 111.322434][ T5933] do_syscall_64+0xf3/0x230 [ 111.326967][ T5933] ? clear_bhb_loop+0x35/0x90 [ 111.331684][ T5933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.337622][ T5933] RIP: 0033:0x7fde7ff75f19 [ 111.342061][ T5933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.361693][ T5933] RSP: 002b:00007fde80ce0048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 111.370135][ T5933] RAX: ffffffffffffffda RBX: 00007fde80105f60 RCX: 00007fde7ff75f19 [ 111.378133][ T5933] RDX: 0000000000000ffe RSI: 00000000200003c0 RDI: 0000000000000003 [ 111.386131][ T5933] RBP: 00007fde80ce00a0 R08: 0000000000000000 R09: 0000000000000000 [ 111.394135][ T5933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.402133][ T5933] R13: 000000000000000b R14: 00007fde80105f60 R15: 00007ffc1602d818 [ 111.410146][ T5933] [ 111.484062][ T5941] lo speed is unknown, defaulting to 1000 [ 111.526134][ T5941] lo speed is unknown, defaulting to 1000 [ 111.535277][ T5944] netlink: 4 bytes leftover after parsing attributes in process `syz.0.237'. [ 111.623551][ T5941] lo speed is unknown, defaulting to 1000 [ 111.646492][ T5947] netlink: 4 bytes leftover after parsing attributes in process `syz.4.238'. [ 111.687221][ T5947] team0: entered promiscuous mode [ 111.704684][ T5947] team_slave_0: entered promiscuous mode [ 111.710574][ T5947] team_slave_1: entered promiscuous mode [ 111.776487][ T5946] team0: left promiscuous mode [ 111.799027][ T5946] team_slave_0: left promiscuous mode [ 111.817907][ T5946] team_slave_1: left promiscuous mode [ 111.923578][ T5955] netlink: 8 bytes leftover after parsing attributes in process `syz.3.240'. [ 112.207575][ T5941] infiniband syz0: set active [ 112.215066][ T928] lo speed is unknown, defaulting to 1000 [ 112.231033][ T5941] infiniband syz0: added lo [ 112.322180][ T5968] x_tables: duplicate underflow at hook 1 [ 112.352099][ T5956] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 112.353277][ T5941] RDS/IB: syz0: added [ 112.438901][ T5941] smc: adding ib device syz0 with port count 1 [ 112.466406][ T5941] smc: ib device syz0 port 1 has pnetid [ 112.482427][ T5153] lo speed is unknown, defaulting to 1000 [ 112.528225][ T5941] lo speed is unknown, defaulting to 1000 [ 112.736634][ T5981] netlink: 4 bytes leftover after parsing attributes in process `syz.3.249'. [ 113.221871][ T5941] lo speed is unknown, defaulting to 1000 [ 113.271815][ T6003] x_tables: duplicate underflow at hook 1 [ 113.332359][ T6006] FAULT_INJECTION: forcing a failure. [ 113.332359][ T6006] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 113.370365][ T6006] CPU: 0 PID: 6006 Comm: syz.3.258 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 113.380056][ T6006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 113.390137][ T6006] Call Trace: [ 113.393445][ T6006] [ 113.396399][ T6006] dump_stack_lvl+0x241/0x360 [ 113.401114][ T6006] ? __pfx_dump_stack_lvl+0x10/0x10 [ 113.406368][ T6006] ? __pfx__printk+0x10/0x10 [ 113.410994][ T6006] ? __pfx_lock_release+0x10/0x10 [ 113.416061][ T6006] should_fail_ex+0x3b0/0x4e0 [ 113.420768][ T6006] _copy_from_iter+0x1f6/0x1960 [ 113.425672][ T6006] ? __virt_addr_valid+0x183/0x530 [ 113.430817][ T6006] ? skb_set_owner_w+0x238/0x3e0 [ 113.435784][ T6006] ? __pfx_lock_release+0x10/0x10 [ 113.440833][ T6006] ? __pfx__copy_from_iter+0x10/0x10 [ 113.446131][ T6006] ? __virt_addr_valid+0x183/0x530 [ 113.451269][ T6006] ? __virt_addr_valid+0x183/0x530 [ 113.456403][ T6006] ? __virt_addr_valid+0x45f/0x530 [ 113.461532][ T6006] ? __phys_addr_symbol+0x2f/0x70 [ 113.466571][ T6006] ? __check_object_size+0x49c/0x900 [ 113.471867][ T6006] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 113.477597][ T6006] skb_copy_datagram_from_iter+0xf3/0x6c0 [ 113.483332][ T6006] ? skb_put+0x114/0x1f0 [ 113.487597][ T6006] tun_get_user+0xec3/0x4720 [ 113.492223][ T6006] ? __lock_acquire+0x137a/0x2040 [ 113.497261][ T6006] ? __pfx_tun_get_user+0x10/0x10 [ 113.502312][ T6006] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 113.507779][ T6006] ? tun_get+0x1e/0x2f0 [ 113.511943][ T6006] ? __pfx_lock_release+0x10/0x10 [ 113.516985][ T6006] ? tun_get+0x1e/0x2f0 [ 113.521159][ T6006] ? tun_get+0x27d/0x2f0 [ 113.525439][ T6006] tun_chr_write_iter+0x113/0x1f0 [ 113.530473][ T6006] vfs_write+0xa72/0xc90 [ 113.534730][ T6006] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 113.540289][ T6006] ? __pfx_vfs_write+0x10/0x10 [ 113.545077][ T6006] ksys_write+0x1a0/0x2c0 [ 113.549410][ T6006] ? __pfx_ksys_write+0x10/0x10 [ 113.554263][ T6006] ? do_syscall_64+0x100/0x230 [ 113.559066][ T6006] ? do_syscall_64+0xb6/0x230 [ 113.563769][ T6006] do_syscall_64+0xf3/0x230 [ 113.568278][ T6006] ? clear_bhb_loop+0x35/0x90 [ 113.572964][ T6006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.578863][ T6006] RIP: 0033:0x7fde7ff75f19 [ 113.583284][ T6006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.602912][ T6006] RSP: 002b:00007fde80ce0048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 113.611345][ T6006] RAX: ffffffffffffffda RBX: 00007fde80105f60 RCX: 00007fde7ff75f19 [ 113.619326][ T6006] RDX: 0000000000000ffe RSI: 00000000200003c0 RDI: 0000000000000003 [ 113.627298][ T6006] RBP: 00007fde80ce00a0 R08: 0000000000000000 R09: 0000000000000000 [ 113.635276][ T6006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 113.643272][ T6006] R13: 000000000000000b R14: 00007fde80105f60 R15: 00007ffc1602d818 [ 113.651268][ T6006] [ 113.718026][ T6000] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 113.969590][ T5941] lo speed is unknown, defaulting to 1000 [ 114.411851][ T6037] x_tables: duplicate underflow at hook 1 [ 114.543098][ T6043] FAULT_INJECTION: forcing a failure. [ 114.543098][ T6043] name failslab, interval 1, probability 0, space 0, times 0 [ 114.571052][ T6043] CPU: 0 PID: 6043 Comm: syz.1.273 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 114.580766][ T6043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 114.590849][ T6043] Call Trace: [ 114.594139][ T6043] [ 114.597087][ T6043] dump_stack_lvl+0x241/0x360 [ 114.601788][ T6043] ? __pfx_dump_stack_lvl+0x10/0x10 [ 114.606998][ T6043] ? __pfx__printk+0x10/0x10 [ 114.611604][ T6043] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 114.617514][ T6043] should_fail_ex+0x3b0/0x4e0 [ 114.622202][ T6043] ? ovs_vport_set_upcall_portids+0xfa/0x2e0 [ 114.628190][ T6043] should_failslab+0x9/0x20 [ 114.632703][ T6043] __kmalloc_noprof+0xd8/0x400 [ 114.637486][ T6043] ovs_vport_set_upcall_portids+0xfa/0x2e0 [ 114.643319][ T6043] ovs_vport_alloc+0x261/0x300 [ 114.648101][ T6043] internal_dev_create+0x2b/0x440 [ 114.653147][ T6043] ovs_vport_add+0x13f/0x420 [ 114.657753][ T6043] new_vport+0x1a/0x190 [ 114.661923][ T6043] ovs_dp_cmd_new+0x79c/0xc10 [ 114.666617][ T6043] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 114.671837][ T6043] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 114.678175][ T6043] genl_rcv_msg+0xb14/0xec0 [ 114.682692][ T6043] ? mark_lock+0x9a/0x350 [ 114.687042][ T6043] ? __pfx_genl_rcv_msg+0x10/0x10 [ 114.692096][ T6043] ? __pfx_lock_acquire+0x10/0x10 [ 114.697127][ T6043] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 114.702342][ T6043] ? __pfx___might_resched+0x10/0x10 [ 114.707646][ T6043] netlink_rcv_skb+0x1e3/0x430 [ 114.712421][ T6043] ? __pfx_genl_rcv_msg+0x10/0x10 [ 114.717462][ T6043] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 114.722765][ T6043] ? __netlink_deliver_tap+0x77e/0x7c0 [ 114.728248][ T6043] genl_rcv+0x28/0x40 [ 114.732241][ T6043] netlink_unicast+0x7f0/0x990 [ 114.737019][ T6043] ? __pfx_netlink_unicast+0x10/0x10 [ 114.742311][ T6043] ? __virt_addr_valid+0x183/0x530 [ 114.747439][ T6043] ? __check_object_size+0x49c/0x900 [ 114.752733][ T6043] ? bpf_lsm_netlink_send+0x9/0x10 [ 114.757853][ T6043] netlink_sendmsg+0x8e4/0xcb0 [ 114.762655][ T6043] ? __pfx_netlink_sendmsg+0x10/0x10 [ 114.767949][ T6043] ? __import_iovec+0x536/0x820 [ 114.772808][ T6043] ? aa_sock_msg_perm+0x91/0x160 [ 114.777754][ T6043] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 114.783070][ T6043] ? security_socket_sendmsg+0x87/0xb0 [ 114.788546][ T6043] ? __pfx_netlink_sendmsg+0x10/0x10 [ 114.793929][ T6043] __sock_sendmsg+0x221/0x270 [ 114.798638][ T6043] ____sys_sendmsg+0x525/0x7d0 [ 114.803429][ T6043] ? __pfx_____sys_sendmsg+0x10/0x10 [ 114.808745][ T6043] __sys_sendmsg+0x2b0/0x3a0 [ 114.813341][ T6043] ? __pfx___sys_sendmsg+0x10/0x10 [ 114.818464][ T6043] ? vfs_write+0x7c4/0xc90 [ 114.822941][ T6043] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 114.829287][ T6043] ? do_syscall_64+0x100/0x230 [ 114.834153][ T6043] ? do_syscall_64+0xb6/0x230 [ 114.838843][ T6043] do_syscall_64+0xf3/0x230 [ 114.843358][ T6043] ? clear_bhb_loop+0x35/0x90 [ 114.848051][ T6043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.853963][ T6043] RIP: 0033:0x7fad78175f19 [ 114.858382][ T6043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.877991][ T6043] RSP: 002b:00007fad79030048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 114.886437][ T6043] RAX: ffffffffffffffda RBX: 00007fad78305f60 RCX: 00007fad78175f19 [ 114.894412][ T6043] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 114.902446][ T6043] RBP: 00007fad790300a0 R08: 0000000000000000 R09: 0000000000000000 [ 114.910413][ T6043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 114.918383][ T6043] R13: 000000000000000b R14: 00007fad78305f60 R15: 00007fffcfc67618 [ 114.926379][ T6043] [ 114.965131][ T5941] lo speed is unknown, defaulting to 1000 [ 115.050338][ T6039] __nla_validate_parse: 2 callbacks suppressed [ 115.050357][ T6039] netlink: 20 bytes leftover after parsing attributes in process `syz.3.272'. [ 115.428928][ T5941] lo speed is unknown, defaulting to 1000 [ 115.494952][ T6055] netlink: 4 bytes leftover after parsing attributes in process `syz.3.278'. [ 115.811587][ T6066] FAULT_INJECTION: forcing a failure. [ 115.811587][ T6066] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 115.855295][ T6066] CPU: 0 PID: 6066 Comm: syz.1.282 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 115.864990][ T6066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 115.875149][ T6066] Call Trace: [ 115.878430][ T6066] [ 115.881365][ T6066] dump_stack_lvl+0x241/0x360 [ 115.886060][ T6066] ? __pfx_dump_stack_lvl+0x10/0x10 [ 115.891315][ T6066] ? __pfx__printk+0x10/0x10 [ 115.895914][ T6066] ? __pfx_lock_release+0x10/0x10 [ 115.900956][ T6066] should_fail_ex+0x3b0/0x4e0 [ 115.905728][ T6066] _copy_from_iter+0x1f6/0x1960 [ 115.910587][ T6066] ? __virt_addr_valid+0x183/0x530 [ 115.915709][ T6066] ? skb_set_owner_w+0x238/0x3e0 [ 115.920651][ T6066] ? __pfx__copy_from_iter+0x10/0x10 [ 115.925948][ T6066] ? __pfx__copy_from_iter+0x10/0x10 [ 115.931245][ T6066] ? __virt_addr_valid+0x183/0x530 [ 115.936365][ T6066] ? __virt_addr_valid+0x183/0x530 [ 115.941514][ T6066] ? __virt_addr_valid+0x45f/0x530 [ 115.946631][ T6066] ? page_copy_sane+0x46/0x260 [ 115.951407][ T6066] copy_page_from_iter+0x7a/0x100 [ 115.956451][ T6066] skb_copy_datagram_from_iter+0x2d8/0x6c0 [ 115.962279][ T6066] tun_get_user+0xec3/0x4720 [ 115.966919][ T6066] ? __lock_acquire+0x137a/0x2040 [ 115.971978][ T6066] ? __pfx_tun_get_user+0x10/0x10 [ 115.977042][ T6066] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 115.982518][ T6066] ? tun_get+0x1e/0x2f0 [ 115.986706][ T6066] ? __pfx_lock_release+0x10/0x10 [ 115.991753][ T6066] ? tun_get+0x1e/0x2f0 [ 115.995920][ T6066] ? tun_get+0x27d/0x2f0 [ 116.000180][ T6066] tun_chr_write_iter+0x113/0x1f0 [ 116.005224][ T6066] vfs_write+0xa72/0xc90 [ 116.009475][ T6066] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 116.015032][ T6066] ? __pfx_vfs_write+0x10/0x10 [ 116.019819][ T6066] ksys_write+0x1a0/0x2c0 [ 116.024153][ T6066] ? __pfx_ksys_write+0x10/0x10 [ 116.029008][ T6066] ? do_syscall_64+0x100/0x230 [ 116.033800][ T6066] ? do_syscall_64+0xb6/0x230 [ 116.038497][ T6066] do_syscall_64+0xf3/0x230 [ 116.043008][ T6066] ? clear_bhb_loop+0x35/0x90 [ 116.047708][ T6066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.053612][ T6066] RIP: 0033:0x7fad78175f19 [ 116.058046][ T6066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.077664][ T6066] RSP: 002b:00007fad79030048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 116.086081][ T6066] RAX: ffffffffffffffda RBX: 00007fad78305f60 RCX: 00007fad78175f19 [ 116.094071][ T6066] RDX: 0000000000000ffe RSI: 00000000200003c0 RDI: 0000000000000003 [ 116.102059][ T6066] RBP: 00007fad790300a0 R08: 0000000000000000 R09: 0000000000000000 [ 116.110039][ T6066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 116.118015][ T6066] R13: 000000000000000b R14: 00007fad78305f60 R15: 00007fffcfc67618 [ 116.126041][ T6066] [ 116.214170][ T5941] syz.2.235 (5941) used greatest stack depth: 19152 bytes left [ 116.433286][ T6078] x_tables: duplicate underflow at hook 1 [ 116.929337][ T6096] netlink: 4 bytes leftover after parsing attributes in process `syz.2.294'. [ 116.955673][ T6088] netlink: 'syz.3.289': attribute type 16 has an invalid length. [ 117.007308][ T6088] netlink: 'syz.3.289': attribute type 17 has an invalid length. [ 117.019618][ T6107] netlink: 76 bytes leftover after parsing attributes in process `syz.4.296'. [ 117.048749][ T6107] FAULT_INJECTION: forcing a failure. [ 117.048749][ T6107] name failslab, interval 1, probability 0, space 0, times 0 [ 117.084657][ T6107] CPU: 0 PID: 6107 Comm: syz.4.296 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 117.094350][ T6107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 117.104480][ T6107] Call Trace: [ 117.107803][ T6107] [ 117.110765][ T6107] dump_stack_lvl+0x241/0x360 [ 117.115518][ T6107] ? __pfx_dump_stack_lvl+0x10/0x10 [ 117.120753][ T6107] ? __pfx__printk+0x10/0x10 [ 117.125389][ T6107] should_fail_ex+0x3b0/0x4e0 [ 117.130112][ T6107] should_failslab+0x9/0x20 [ 117.134741][ T6107] __kmalloc_node_noprof+0xdf/0x440 [ 117.139979][ T6107] ? __kvmalloc_node_noprof+0x72/0x190 [ 117.145566][ T6107] ? nla_memcpy+0x8b/0xc0 [ 117.149936][ T6107] ? __pfx_do_setup+0x10/0x10 [ 117.154650][ T6107] __kvmalloc_node_noprof+0x72/0x190 [ 117.159954][ T6107] alloc_netdev_mqs+0x9b/0x1000 [ 117.164812][ T6107] ? __pfx_do_setup+0x10/0x10 [ 117.169501][ T6107] ? ovs_vport_alloc+0x2a6/0x300 [ 117.174461][ T6107] internal_dev_create+0x8a/0x440 [ 117.179507][ T6107] ovs_vport_add+0x13f/0x420 [ 117.184113][ T6107] new_vport+0x1a/0x190 [ 117.188305][ T6107] ovs_dp_cmd_new+0x79c/0xc10 [ 117.193011][ T6107] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 117.198232][ T6107] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 117.204572][ T6107] genl_rcv_msg+0xb14/0xec0 [ 117.209078][ T6107] ? mark_lock+0x9a/0x350 [ 117.213430][ T6107] ? __pfx_genl_rcv_msg+0x10/0x10 [ 117.218491][ T6107] ? __pfx_lock_acquire+0x10/0x10 [ 117.223524][ T6107] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 117.228736][ T6107] ? __pfx___might_resched+0x10/0x10 [ 117.234031][ T6107] netlink_rcv_skb+0x1e3/0x430 [ 117.238803][ T6107] ? __pfx_genl_rcv_msg+0x10/0x10 [ 117.243856][ T6107] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 117.249163][ T6107] ? __netlink_deliver_tap+0x77e/0x7c0 [ 117.254643][ T6107] genl_rcv+0x28/0x40 [ 117.258634][ T6107] netlink_unicast+0x7f0/0x990 [ 117.263410][ T6107] ? __pfx_netlink_unicast+0x10/0x10 [ 117.268698][ T6107] ? __virt_addr_valid+0x183/0x530 [ 117.273850][ T6107] ? __check_object_size+0x49c/0x900 [ 117.279145][ T6107] ? bpf_lsm_netlink_send+0x9/0x10 [ 117.284271][ T6107] netlink_sendmsg+0x8e4/0xcb0 [ 117.289056][ T6107] ? __pfx_netlink_sendmsg+0x10/0x10 [ 117.294355][ T6107] ? __import_iovec+0x536/0x820 [ 117.299244][ T6107] ? aa_sock_msg_perm+0x91/0x160 [ 117.304199][ T6107] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 117.309493][ T6107] ? security_socket_sendmsg+0x87/0xb0 [ 117.314968][ T6107] ? __pfx_netlink_sendmsg+0x10/0x10 [ 117.320258][ T6107] __sock_sendmsg+0x221/0x270 [ 117.324944][ T6107] ____sys_sendmsg+0x525/0x7d0 [ 117.329727][ T6107] ? __pfx_____sys_sendmsg+0x10/0x10 [ 117.335044][ T6107] __sys_sendmsg+0x2b0/0x3a0 [ 117.339640][ T6107] ? __pfx___sys_sendmsg+0x10/0x10 [ 117.344758][ T6107] ? vfs_write+0x7c4/0xc90 [ 117.349219][ T6107] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 117.355557][ T6107] ? do_syscall_64+0x100/0x230 [ 117.360341][ T6107] ? do_syscall_64+0xb6/0x230 [ 117.365027][ T6107] do_syscall_64+0xf3/0x230 [ 117.369541][ T6107] ? clear_bhb_loop+0x35/0x90 [ 117.374232][ T6107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.380136][ T6107] RIP: 0033:0x7f9002f75f19 [ 117.384559][ T6107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.404172][ T6107] RSP: 002b:00007f90029ff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 117.412600][ T6107] RAX: ffffffffffffffda RBX: 00007f9003105f60 RCX: 00007f9002f75f19 [ 117.420574][ T6107] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 117.428547][ T6107] RBP: 00007f90029ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 117.436539][ T6107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 117.444514][ T6107] R13: 000000000000000b R14: 00007f9003105f60 R15: 00007fff922d5758 [ 117.452509][ T6107] [ 117.661897][ T6113] netlink: 'syz.4.298': attribute type 4 has an invalid length. [ 117.734105][ T6118] netlink: 'syz.4.298': attribute type 4 has an invalid length. [ 117.762307][ T6117] netlink: 76 bytes leftover after parsing attributes in process `syz.0.301'. [ 117.832581][ T6117] openvswitch: Êü: Dropping previously announced user features [ 117.848782][ T6123] FAULT_INJECTION: forcing a failure. [ 117.848782][ T6123] name failslab, interval 1, probability 0, space 0, times 0 [ 117.861764][ T6123] CPU: 0 PID: 6123 Comm: syz.1.303 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 117.871427][ T6123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 117.881505][ T6123] Call Trace: [ 117.884830][ T6123] [ 117.887785][ T6123] dump_stack_lvl+0x241/0x360 [ 117.892502][ T6123] ? __pfx_dump_stack_lvl+0x10/0x10 [ 117.897777][ T6123] ? __pfx__printk+0x10/0x10 [ 117.902457][ T6123] should_fail_ex+0x3b0/0x4e0 [ 117.907185][ T6123] ? dst_alloc+0x12b/0x190 [ 117.911636][ T6123] should_failslab+0x9/0x20 [ 117.916188][ T6123] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 117.921593][ T6123] ? __pfx_rt6_find_cached_rt+0x10/0x10 [ 117.927179][ T6123] ? __pfx_ip6_dst_gc+0x10/0x10 [ 117.932065][ T6123] dst_alloc+0x12b/0x190 [ 117.936347][ T6123] ip6_pol_route+0xb87/0x15d0 [ 117.941055][ T6123] ? ip6_pol_route+0x198/0x15d0 [ 117.945938][ T6123] ? __pfx_ip6_pol_route+0x10/0x10 [ 117.951094][ T6123] ? nf_ct_get_tuple+0x226/0x810 [ 117.956064][ T6123] ? nf_ct_key_equal+0x4b9/0x690 [ 117.961038][ T6123] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 117.967056][ T6123] fib6_rule_lookup+0x58c/0x790 [ 117.971954][ T6123] ? __pfx_ip6_pol_route_input+0x10/0x10 [ 117.977624][ T6123] ? __pfx_fib6_rule_lookup+0x10/0x10 [ 117.983079][ T6123] ? ip6t_do_table+0x205/0x18a0 [ 117.987979][ T6123] ? __pfx_nf_nat_inet_fn+0x10/0x10 [ 117.993215][ T6123] ? nf_conntrack_in+0x15e6/0x1880 [ 117.998378][ T6123] ip6_route_input+0x859/0xd90 [ 118.003185][ T6123] ? __pfx_ip6_route_input+0x10/0x10 [ 118.008565][ T6123] ? __pfx_lock_release+0x10/0x10 [ 118.013639][ T6123] ? ip6_rcv_finish_core+0x20f/0x410 [ 118.018987][ T6123] ip6_rcv_finish+0x144/0x180 [ 118.023714][ T6123] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 118.024284][ T6128] netlink: 188 bytes leftover after parsing attributes in process `syz.2.306'. [ 118.028949][ T6123] NF_HOOK+0x3a4/0x450 [ 118.028992][ T6123] ? skb_orphan+0x4b/0xd0 [ 118.029023][ T6123] ? NF_HOOK+0x9a/0x450 [ 118.038316][ T6128] netlink: 56 bytes leftover after parsing attributes in process `syz.2.306'. [ 118.041990][ T6123] ? __pfx_NF_HOOK+0x10/0x10 [ 118.042024][ T6123] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 118.042058][ T6123] ? __pfx_ipv6_rcv+0x10/0x10 [ 118.042085][ T6123] __netif_receive_skb+0x1ea/0x650 [ 118.042114][ T6123] ? __pfx_lock_acquire+0x10/0x10 [ 118.042139][ T6123] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 118.042166][ T6123] ? __pfx___netif_receive_skb+0x10/0x10 [ 118.042193][ T6123] ? read_tsc+0x9/0x20 [ 118.100076][ T6123] ? timekeeping_get_ns+0x2c0/0x420 [ 118.105409][ T6123] ? netif_receive_skb+0x131/0x890 [ 118.110552][ T6123] ? netif_receive_skb+0x131/0x890 [ 118.115695][ T6123] netif_receive_skb+0x1e8/0x890 [ 118.120670][ T6123] ? tun_rx_batched+0x160/0x8f0 [ 118.125557][ T6123] ? __pfx_netif_receive_skb+0x10/0x10 [ 118.131055][ T6123] ? tun_rx_batched+0x160/0x8f0 [ 118.135938][ T6123] tun_rx_batched+0x1b7/0x8f0 [ 118.140642][ T6123] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 118.147015][ T6123] ? __pfx_lock_acquire+0x10/0x10 [ 118.152082][ T6123] ? __pfx_tun_rx_batched+0x10/0x10 [ 118.157337][ T6123] tun_get_user+0x2f84/0x4720 [ 118.162049][ T6123] ? tun_get_user+0x2a78/0x4720 [ 118.166947][ T6123] ? __lock_acquire+0x137a/0x2040 [ 118.172020][ T6123] ? __pfx_tun_get_user+0x10/0x10 [ 118.177100][ T6123] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 118.182617][ T6123] ? tun_get+0x1e/0x2f0 [ 118.186830][ T6123] ? __pfx_lock_release+0x10/0x10 [ 118.191936][ T6123] ? tun_get+0x1e/0x2f0 [ 118.196134][ T6123] ? tun_get+0x27d/0x2f0 [ 118.200404][ T6123] tun_chr_write_iter+0x113/0x1f0 [ 118.205461][ T6123] vfs_write+0xa72/0xc90 [ 118.209761][ T6123] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 118.215347][ T6123] ? __pfx_vfs_write+0x10/0x10 [ 118.220195][ T6123] ksys_write+0x1a0/0x2c0 [ 118.224563][ T6123] ? __pfx_ksys_write+0x10/0x10 [ 118.229451][ T6123] ? do_syscall_64+0x100/0x230 [ 118.234276][ T6123] ? do_syscall_64+0xb6/0x230 [ 118.238988][ T6123] do_syscall_64+0xf3/0x230 [ 118.243526][ T6123] ? clear_bhb_loop+0x35/0x90 [ 118.248265][ T6123] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.254199][ T6123] RIP: 0033:0x7fad78175f19 [ 118.258640][ T6123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.278270][ T6123] RSP: 002b:00007fad79030048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 118.286714][ T6123] RAX: ffffffffffffffda RBX: 00007fad78305f60 RCX: 00007fad78175f19 [ 118.294735][ T6123] RDX: 0000000000000ffe RSI: 00000000200003c0 RDI: 0000000000000003 [ 118.302753][ T6123] RBP: 00007fad790300a0 R08: 0000000000000000 R09: 0000000000000000 [ 118.310751][ T6123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.318743][ T6123] R13: 000000000000000b R14: 00007fad78305f60 R15: 00007fffcfc67618 [ 118.326774][ T6123] [ 118.369739][ T6136] netlink: 'syz.3.309': attribute type 16 has an invalid length. [ 118.391844][ T6136] netlink: 'syz.3.309': attribute type 17 has an invalid length. [ 118.520457][ T6145] netlink: 4 bytes leftover after parsing attributes in process `syz.0.311'. [ 118.611271][ T6149] netlink: 76 bytes leftover after parsing attributes in process `syz.4.314'. [ 118.640574][ T6149] FAULT_INJECTION: forcing a failure. [ 118.640574][ T6149] name failslab, interval 1, probability 0, space 0, times 0 [ 118.665448][ T6149] CPU: 0 PID: 6149 Comm: syz.4.314 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 118.675133][ T6149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 118.685212][ T6149] Call Trace: [ 118.688498][ T6149] [ 118.691432][ T6149] dump_stack_lvl+0x241/0x360 [ 118.696126][ T6149] ? __pfx_dump_stack_lvl+0x10/0x10 [ 118.701335][ T6149] ? __pfx__printk+0x10/0x10 [ 118.705930][ T6149] ? __pfx___might_resched+0x10/0x10 [ 118.711220][ T6149] ? obj_cgroup_charge+0x3e2/0x630 [ 118.716340][ T6149] should_fail_ex+0x3b0/0x4e0 [ 118.721025][ T6149] should_failslab+0x9/0x20 [ 118.725533][ T6149] __kmalloc_node_noprof+0xdf/0x440 [ 118.730742][ T6149] ? alloc_slab_obj_exts+0x3a/0xa0 [ 118.735872][ T6149] alloc_slab_obj_exts+0x3a/0xa0 [ 118.740824][ T6149] __memcg_slab_post_alloc_hook+0x31c/0x7e0 [ 118.746728][ T6149] ? kasan_unpoison+0x46/0x70 [ 118.751418][ T6149] __kmalloc_node_noprof+0x2a5/0x440 [ 118.756708][ T6149] ? __kvmalloc_node_noprof+0x72/0x190 [ 118.762180][ T6149] ? __pfx_do_setup+0x10/0x10 [ 118.766867][ T6149] __kvmalloc_node_noprof+0x72/0x190 [ 118.772162][ T6149] alloc_netdev_mqs+0x9b/0x1000 [ 118.777016][ T6149] ? __pfx_do_setup+0x10/0x10 [ 118.781747][ T6149] ? ovs_vport_alloc+0x2a6/0x300 [ 118.786710][ T6149] internal_dev_create+0x8a/0x440 [ 118.791758][ T6149] ovs_vport_add+0x13f/0x420 [ 118.796363][ T6149] new_vport+0x1a/0x190 [ 118.800545][ T6149] ovs_dp_cmd_new+0x79c/0xc10 [ 118.805241][ T6149] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 118.810458][ T6149] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 118.816810][ T6149] genl_rcv_msg+0xb14/0xec0 [ 118.821321][ T6149] ? mark_lock+0x9a/0x350 [ 118.825669][ T6149] ? __pfx_genl_rcv_msg+0x10/0x10 [ 118.830748][ T6149] ? __pfx_lock_acquire+0x10/0x10 [ 118.835792][ T6149] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 118.841002][ T6149] ? __pfx___might_resched+0x10/0x10 [ 118.846315][ T6149] netlink_rcv_skb+0x1e3/0x430 [ 118.851098][ T6149] ? __pfx_genl_rcv_msg+0x10/0x10 [ 118.856144][ T6149] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 118.861453][ T6149] ? __netlink_deliver_tap+0x77e/0x7c0 [ 118.866937][ T6149] genl_rcv+0x28/0x40 [ 118.870936][ T6149] netlink_unicast+0x7f0/0x990 [ 118.875729][ T6149] ? __pfx_netlink_unicast+0x10/0x10 [ 118.881015][ T6149] ? __virt_addr_valid+0x183/0x530 [ 118.886137][ T6149] ? __check_object_size+0x49c/0x900 [ 118.891519][ T6149] ? bpf_lsm_netlink_send+0x9/0x10 [ 118.896643][ T6149] netlink_sendmsg+0x8e4/0xcb0 [ 118.901450][ T6149] ? __pfx_netlink_sendmsg+0x10/0x10 [ 118.906772][ T6149] ? __import_iovec+0x536/0x820 [ 118.911630][ T6149] ? aa_sock_msg_perm+0x91/0x160 [ 118.916580][ T6149] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 118.921877][ T6149] ? security_socket_sendmsg+0x87/0xb0 [ 118.927437][ T6149] ? __pfx_netlink_sendmsg+0x10/0x10 [ 118.932729][ T6149] __sock_sendmsg+0x221/0x270 [ 118.937421][ T6149] ____sys_sendmsg+0x525/0x7d0 [ 118.942209][ T6149] ? __pfx_____sys_sendmsg+0x10/0x10 [ 118.947522][ T6149] __sys_sendmsg+0x2b0/0x3a0 [ 118.952119][ T6149] ? __pfx___sys_sendmsg+0x10/0x10 [ 118.957247][ T6149] ? vfs_write+0x7c4/0xc90 [ 118.961718][ T6149] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 118.968052][ T6149] ? do_syscall_64+0x100/0x230 [ 118.972860][ T6149] ? do_syscall_64+0xb6/0x230 [ 118.977571][ T6149] do_syscall_64+0xf3/0x230 [ 118.982096][ T6149] ? clear_bhb_loop+0x35/0x90 [ 118.986806][ T6149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.992715][ T6149] RIP: 0033:0x7f9002f75f19 [ 118.997138][ T6149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.016746][ T6149] RSP: 002b:00007f90029ff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 119.025197][ T6149] RAX: ffffffffffffffda RBX: 00007f9003105f60 RCX: 00007f9002f75f19 [ 119.033176][ T6149] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 119.041156][ T6149] RBP: 00007f90029ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 119.049155][ T6149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 119.057128][ T6149] R13: 000000000000000b R14: 00007f9003105f60 R15: 00007fff922d5758 [ 119.065136][ T6149] [ 119.079412][ T6149] openvswitch: Êü: Dropping previously announced user features [ 119.136197][ T6156] netlink: 28 bytes leftover after parsing attributes in process `syz.0.315'. [ 119.608335][ T6164] openvswitch: Êü: Dropping previously announced user features [ 119.840155][ T6175] ieee802154 phy0 wpan0: encryption failed: -22 [ 119.890903][ T6167] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 120.186639][ T6198] __nla_validate_parse: 3 callbacks suppressed [ 120.186658][ T6198] netlink: 76 bytes leftover after parsing attributes in process `syz.1.329'. [ 120.259748][ T6198] FAULT_INJECTION: forcing a failure. [ 120.259748][ T6198] name failslab, interval 1, probability 0, space 0, times 0 [ 120.295578][ T6198] CPU: 0 PID: 6198 Comm: syz.1.329 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 120.305273][ T6198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 120.315352][ T6198] Call Trace: [ 120.318656][ T6198] [ 120.321652][ T6198] dump_stack_lvl+0x241/0x360 [ 120.326370][ T6198] ? __pfx_dump_stack_lvl+0x10/0x10 [ 120.331604][ T6198] ? __pfx__printk+0x10/0x10 [ 120.336239][ T6198] should_fail_ex+0x3b0/0x4e0 [ 120.340949][ T6198] should_failslab+0x9/0x20 [ 120.345577][ T6198] __kmalloc_node_noprof+0xdf/0x440 [ 120.350811][ T6198] ? __kvmalloc_node_noprof+0x72/0x190 [ 120.356315][ T6198] ? nla_memcpy+0x8b/0xc0 [ 120.360682][ T6198] ? __pfx_do_setup+0x10/0x10 [ 120.365404][ T6198] __kvmalloc_node_noprof+0x72/0x190 [ 120.370735][ T6198] alloc_netdev_mqs+0x9b/0x1000 [ 120.375628][ T6198] ? __pfx_do_setup+0x10/0x10 [ 120.380351][ T6198] ? ovs_vport_alloc+0x2a6/0x300 [ 120.385334][ T6198] internal_dev_create+0x8a/0x440 [ 120.390407][ T6198] ovs_vport_add+0x13f/0x420 [ 120.395044][ T6198] new_vport+0x1a/0x190 [ 120.399245][ T6198] ovs_dp_cmd_new+0x79c/0xc10 [ 120.403978][ T6198] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 120.409228][ T6198] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 120.415598][ T6198] genl_rcv_msg+0xb14/0xec0 [ 120.420136][ T6198] ? mark_lock+0x9a/0x350 [ 120.424518][ T6198] ? __pfx_genl_rcv_msg+0x10/0x10 [ 120.429621][ T6198] ? __pfx_lock_acquire+0x10/0x10 [ 120.434683][ T6198] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 120.439920][ T6198] ? __pfx___might_resched+0x10/0x10 [ 120.445255][ T6198] netlink_rcv_skb+0x1e3/0x430 [ 120.450061][ T6198] ? __pfx_genl_rcv_msg+0x10/0x10 [ 120.455129][ T6198] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 120.460464][ T6198] ? __netlink_deliver_tap+0x77e/0x7c0 [ 120.465979][ T6198] genl_rcv+0x28/0x40 [ 120.469996][ T6198] netlink_unicast+0x7f0/0x990 [ 120.474788][ T6198] ? __pfx_netlink_unicast+0x10/0x10 [ 120.480080][ T6198] ? __virt_addr_valid+0x183/0x530 [ 120.485211][ T6198] ? __check_object_size+0x49c/0x900 [ 120.490509][ T6198] ? bpf_lsm_netlink_send+0x9/0x10 [ 120.495640][ T6198] netlink_sendmsg+0x8e4/0xcb0 [ 120.500432][ T6198] ? __pfx_netlink_sendmsg+0x10/0x10 [ 120.505734][ T6198] ? __import_iovec+0x536/0x820 [ 120.510600][ T6198] ? aa_sock_msg_perm+0x91/0x160 [ 120.515555][ T6198] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 120.520854][ T6198] ? security_socket_sendmsg+0x87/0xb0 [ 120.526420][ T6198] ? __pfx_netlink_sendmsg+0x10/0x10 [ 120.531716][ T6198] __sock_sendmsg+0x221/0x270 [ 120.536412][ T6198] ____sys_sendmsg+0x525/0x7d0 [ 120.541202][ T6198] ? __pfx_____sys_sendmsg+0x10/0x10 [ 120.546518][ T6198] __sys_sendmsg+0x2b0/0x3a0 [ 120.551126][ T6198] ? __pfx___sys_sendmsg+0x10/0x10 [ 120.556251][ T6198] ? vfs_write+0x7c4/0xc90 [ 120.560714][ T6198] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 120.567065][ T6198] ? do_syscall_64+0x100/0x230 [ 120.571844][ T6198] ? do_syscall_64+0xb6/0x230 [ 120.576540][ T6198] do_syscall_64+0xf3/0x230 [ 120.581064][ T6198] ? clear_bhb_loop+0x35/0x90 [ 120.585780][ T6198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.591691][ T6198] RIP: 0033:0x7fad78175f19 [ 120.596124][ T6198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.615751][ T6198] RSP: 002b:00007fad79030048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 120.624205][ T6198] RAX: ffffffffffffffda RBX: 00007fad78305f60 RCX: 00007fad78175f19 [ 120.632183][ T6198] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 120.640158][ T6198] RBP: 00007fad790300a0 R08: 0000000000000000 R09: 0000000000000000 [ 120.648129][ T6198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 120.656101][ T6198] R13: 000000000000000b R14: 00007fad78305f60 R15: 00007fffcfc67618 [ 120.664087][ T6198] [ 120.926488][ T6207] netlink: 20 bytes leftover after parsing attributes in process `syz.3.331'. [ 121.447141][ T6216] bond0: option arp_interval: invalid value (18446744073709551615) [ 121.467038][ T6216] bond0: option arp_interval: allowed values 0 - 2147483647 [ 121.493381][ T6220] netlink: 4 bytes leftover after parsing attributes in process `syz.4.338'. [ 121.695012][ T6229] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 121.885910][ T6225] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 121.908560][ T6245] netlink: 'syz.2.345': attribute type 16 has an invalid length. [ 121.949199][ T6245] netlink: 'syz.2.345': attribute type 17 has an invalid length. [ 121.964630][ T6245] infiniband syz0: set active [ 121.976361][ T6245] infiniband syz0: set active [ 122.025655][ T25] lo speed is unknown, defaulting to 1000 [ 122.033794][ T58] lo speed is unknown, defaulting to 1000 [ 122.447958][ T6260] netlink: 76 bytes leftover after parsing attributes in process `syz.4.350'. [ 122.484759][ T6260] FAULT_INJECTION: forcing a failure. [ 122.484759][ T6260] name failslab, interval 1, probability 0, space 0, times 0 [ 122.509788][ T6264] netlink: 4 bytes leftover after parsing attributes in process `syz.2.352'. [ 122.523372][ T6260] CPU: 1 PID: 6260 Comm: syz.4.350 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 122.533058][ T6260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 122.543144][ T6260] Call Trace: [ 122.546450][ T6260] [ 122.549397][ T6260] dump_stack_lvl+0x241/0x360 [ 122.554114][ T6260] ? __pfx_dump_stack_lvl+0x10/0x10 [ 122.559351][ T6260] ? __pfx__printk+0x10/0x10 [ 122.563980][ T6260] ? __asan_memset+0x23/0x50 [ 122.568610][ T6260] ? lockdep_init_map_type+0xa1/0x910 [ 122.574021][ T6260] should_fail_ex+0x3b0/0x4e0 [ 122.578732][ T6260] should_failslab+0x9/0x20 [ 122.583448][ T6260] __kmalloc_node_noprof+0xdf/0x440 [ 122.588684][ T6260] ? __kvmalloc_node_noprof+0x72/0x190 [ 122.594181][ T6260] __kvmalloc_node_noprof+0x72/0x190 [ 122.599510][ T6260] alloc_netdev_mqs+0xa49/0x1000 [ 122.604488][ T6260] internal_dev_create+0x8a/0x440 [ 122.609571][ T6260] ovs_vport_add+0x13f/0x420 [ 122.614220][ T6260] new_vport+0x1a/0x190 [ 122.618427][ T6260] ovs_dp_cmd_new+0x79c/0xc10 [ 122.623157][ T6260] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 122.628404][ T6260] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 122.634765][ T6260] genl_rcv_msg+0xb14/0xec0 [ 122.639297][ T6260] ? mark_lock+0x9a/0x350 [ 122.643686][ T6260] ? __pfx_genl_rcv_msg+0x10/0x10 [ 122.648798][ T6260] ? __pfx_lock_acquire+0x10/0x10 [ 122.653853][ T6260] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 122.659117][ T6260] ? __pfx___might_resched+0x10/0x10 [ 122.664449][ T6260] netlink_rcv_skb+0x1e3/0x430 [ 122.669237][ T6260] ? __pfx_genl_rcv_msg+0x10/0x10 [ 122.674284][ T6260] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 122.679573][ T6260] ? __netlink_deliver_tap+0x77e/0x7c0 [ 122.685058][ T6260] genl_rcv+0x28/0x40 [ 122.689251][ T6260] netlink_unicast+0x7f0/0x990 [ 122.694055][ T6260] ? __pfx_netlink_unicast+0x10/0x10 [ 122.699364][ T6260] ? __virt_addr_valid+0x183/0x530 [ 122.704511][ T6260] ? __check_object_size+0x49c/0x900 [ 122.709824][ T6260] ? bpf_lsm_netlink_send+0x9/0x10 [ 122.714969][ T6260] netlink_sendmsg+0x8e4/0xcb0 [ 122.719777][ T6260] ? __pfx_netlink_sendmsg+0x10/0x10 [ 122.725148][ T6260] ? __import_iovec+0x536/0x820 [ 122.730035][ T6260] ? aa_sock_msg_perm+0x91/0x160 [ 122.735037][ T6260] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 122.740351][ T6260] ? security_socket_sendmsg+0x87/0xb0 [ 122.745847][ T6260] ? __pfx_netlink_sendmsg+0x10/0x10 [ 122.746669][ T6271] netlink: 4 bytes leftover after parsing attributes in process `syz.3.356'. [ 122.751144][ T6260] __sock_sendmsg+0x221/0x270 [ 122.751207][ T6260] ____sys_sendmsg+0x525/0x7d0 [ 122.769420][ T6260] ? __pfx_____sys_sendmsg+0x10/0x10 [ 122.774765][ T6260] __sys_sendmsg+0x2b0/0x3a0 [ 122.779392][ T6260] ? __pfx___sys_sendmsg+0x10/0x10 [ 122.784536][ T6260] ? vfs_write+0x7c4/0xc90 [ 122.789042][ T6260] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 122.795406][ T6260] ? do_syscall_64+0x100/0x230 [ 122.800209][ T6260] ? do_syscall_64+0xb6/0x230 [ 122.804962][ T6260] do_syscall_64+0xf3/0x230 [ 122.809488][ T6260] ? clear_bhb_loop+0x35/0x90 [ 122.814172][ T6260] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.820068][ T6260] RIP: 0033:0x7f9002f75f19 [ 122.824489][ T6260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.844121][ T6260] RSP: 002b:00007f90029ff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 122.852576][ T6260] RAX: ffffffffffffffda RBX: 00007f9003105f60 RCX: 00007f9002f75f19 [ 122.860561][ T6260] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 122.868555][ T6260] RBP: 00007f90029ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 122.876550][ T6260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 122.884595][ T6260] R13: 000000000000000b R14: 00007f9003105f60 R15: 00007fff922d5758 [ 122.892630][ T6260] [ 123.065211][ T6279] netlink: 76 bytes leftover after parsing attributes in process `syz.4.357'. [ 123.087667][ T6278] netlink: 'syz.0.360': attribute type 1 has an invalid length. [ 123.094837][ T6279] openvswitch: Êü: Dropping previously announced user features [ 123.319882][ T6294] netlink: 'syz.4.363': attribute type 16 has an invalid length. [ 123.339740][ T6294] netlink: 'syz.4.363': attribute type 17 has an invalid length. [ 123.703740][ T6311] netlink: 4 bytes leftover after parsing attributes in process `syz.0.368'. [ 123.742723][ T6314] netlink: 76 bytes leftover after parsing attributes in process `syz.2.369'. [ 123.782790][ T6315] netlink: 4 bytes leftover after parsing attributes in process `syz.3.370'. [ 123.805029][ T6314] FAULT_INJECTION: forcing a failure. [ 123.805029][ T6314] name failslab, interval 1, probability 0, space 0, times 0 [ 123.849511][ T6314] CPU: 1 PID: 6314 Comm: syz.2.369 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 123.859206][ T6314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 123.869293][ T6314] Call Trace: [ 123.872619][ T6314] [ 123.875582][ T6314] dump_stack_lvl+0x241/0x360 [ 123.880300][ T6314] ? __pfx_dump_stack_lvl+0x10/0x10 [ 123.885532][ T6314] ? __pfx__printk+0x10/0x10 [ 123.890151][ T6314] ? __pfx___might_resched+0x10/0x10 [ 123.895479][ T6314] ? obj_cgroup_charge+0x3e2/0x630 [ 123.900631][ T6314] should_fail_ex+0x3b0/0x4e0 [ 123.905350][ T6314] should_failslab+0x9/0x20 [ 123.909884][ T6314] __kmalloc_node_noprof+0xdf/0x440 [ 123.915128][ T6314] ? alloc_slab_obj_exts+0x3a/0xa0 [ 123.920283][ T6314] alloc_slab_obj_exts+0x3a/0xa0 [ 123.925258][ T6314] __memcg_slab_post_alloc_hook+0x31c/0x7e0 [ 123.931194][ T6314] ? kasan_unpoison+0x46/0x70 [ 123.935919][ T6314] __kmalloc_node_noprof+0x2a5/0x440 [ 123.941240][ T6314] ? __kvmalloc_node_noprof+0x72/0x190 [ 123.946733][ T6314] __kvmalloc_node_noprof+0x72/0x190 [ 123.952061][ T6314] alloc_netdev_mqs+0x8ab/0x1000 [ 123.957026][ T6314] internal_dev_create+0x8a/0x440 [ 123.962071][ T6314] ovs_vport_add+0x13f/0x420 [ 123.966671][ T6314] new_vport+0x1a/0x190 [ 123.970836][ T6314] ovs_dp_cmd_new+0x79c/0xc10 [ 123.975529][ T6314] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 123.980737][ T6314] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 123.987070][ T6314] genl_rcv_msg+0xb14/0xec0 [ 123.991574][ T6314] ? mark_lock+0x9a/0x350 [ 123.995922][ T6314] ? __pfx_genl_rcv_msg+0x10/0x10 [ 124.001078][ T6314] ? __pfx_lock_acquire+0x10/0x10 [ 124.006120][ T6314] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 124.011343][ T6314] ? __pfx___might_resched+0x10/0x10 [ 124.016640][ T6314] netlink_rcv_skb+0x1e3/0x430 [ 124.021411][ T6314] ? __pfx_genl_rcv_msg+0x10/0x10 [ 124.026447][ T6314] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 124.031752][ T6314] ? __netlink_deliver_tap+0x77e/0x7c0 [ 124.037224][ T6314] genl_rcv+0x28/0x40 [ 124.041212][ T6314] netlink_unicast+0x7f0/0x990 [ 124.045983][ T6314] ? __pfx_netlink_unicast+0x10/0x10 [ 124.051278][ T6314] ? __virt_addr_valid+0x183/0x530 [ 124.056426][ T6314] ? __check_object_size+0x49c/0x900 [ 124.061719][ T6314] ? bpf_lsm_netlink_send+0x9/0x10 [ 124.066836][ T6314] netlink_sendmsg+0x8e4/0xcb0 [ 124.071618][ T6314] ? __pfx_netlink_sendmsg+0x10/0x10 [ 124.076910][ T6314] ? __import_iovec+0x536/0x820 [ 124.081773][ T6314] ? aa_sock_msg_perm+0x91/0x160 [ 124.086718][ T6314] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 124.092007][ T6314] ? security_socket_sendmsg+0x87/0xb0 [ 124.097497][ T6314] ? __pfx_netlink_sendmsg+0x10/0x10 [ 124.102804][ T6314] __sock_sendmsg+0x221/0x270 [ 124.107515][ T6314] ____sys_sendmsg+0x525/0x7d0 [ 124.112297][ T6314] ? __pfx_____sys_sendmsg+0x10/0x10 [ 124.117599][ T6314] __sys_sendmsg+0x2b0/0x3a0 [ 124.122212][ T6314] ? __pfx___sys_sendmsg+0x10/0x10 [ 124.127328][ T6314] ? vfs_write+0x7c4/0xc90 [ 124.131778][ T6314] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 124.138109][ T6314] ? do_syscall_64+0x100/0x230 [ 124.142883][ T6314] ? do_syscall_64+0xb6/0x230 [ 124.147568][ T6314] do_syscall_64+0xf3/0x230 [ 124.152075][ T6314] ? clear_bhb_loop+0x35/0x90 [ 124.156776][ T6314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.162681][ T6314] RIP: 0033:0x7f2307575f19 [ 124.167115][ T6314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.186718][ T6314] RSP: 002b:00007f230835c048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 124.195132][ T6314] RAX: ffffffffffffffda RBX: 00007f2307705f60 RCX: 00007f2307575f19 [ 124.203105][ T6314] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 124.211078][ T6314] RBP: 00007f230835c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 124.219055][ T6314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 124.227022][ T6314] R13: 000000000000000b R14: 00007f2307705f60 R15: 00007ffd09b826e8 [ 124.235002][ T6314] [ 124.271622][ T6314] openvswitch: Êü: Dropping previously announced user features [ 125.425683][ T6351] __nla_validate_parse: 2 callbacks suppressed [ 125.425703][ T6351] netlink: 4 bytes leftover after parsing attributes in process `syz.2.384'. [ 125.451018][ T6348] netlink: 'syz.3.381': attribute type 1 has an invalid length. [ 125.456424][ T6353] Bluetooth: MGMT ver 1.23 [ 125.499024][ T6348] netlink: 112860 bytes leftover after parsing attributes in process `syz.3.381'. [ 125.543103][ T6356] bond0: option miimon: invalid value (18446744073072082944) [ 125.552815][ T6348] netlink: 'syz.3.381': attribute type 1 has an invalid length. [ 125.568381][ T6356] bond0: option miimon: allowed values 0 - 2147483647 [ 125.752953][ T6367] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 125.897601][ T6372] netlink: 76 bytes leftover after parsing attributes in process `syz.4.388'. [ 125.919046][ T6372] openvswitch: Êü: Dropping previously announced user features [ 126.191518][ T6384] netlink: 8 bytes leftover after parsing attributes in process `syz.4.392'. [ 126.282002][ T6390] netlink: 24 bytes leftover after parsing attributes in process `syz.0.395'. [ 126.329023][ T6390] Zero length message leads to an empty skb [ 126.471601][ T6391] netlink: 20 bytes leftover after parsing attributes in process `syz.2.393'. [ 127.191443][ T6396] netlink: 4 bytes leftover after parsing attributes in process `syz.3.398'. [ 127.464440][ T6418] warning: `syz.3.404' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 127.537356][ T5108] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 127.545626][ T6418] netlink: 76 bytes leftover after parsing attributes in process `syz.3.404'. [ 127.613149][ T6410] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 127.658134][ T6418] openvswitch: Êü: Dropping previously announced user features [ 127.888876][ T6439] netlink: 8 bytes leftover after parsing attributes in process `syz.3.409'. [ 128.066536][ T6444] x_tables: ip_tables: ah match: only valid for protocol 51 [ 128.129771][ T6450] netlink: 4 bytes leftover after parsing attributes in process `syz.0.415'. [ 128.199067][ T6453] team0: entered promiscuous mode [ 128.210473][ T6453] team_slave_1: entered promiscuous mode [ 128.296993][ T6449] team0: left promiscuous mode [ 128.310872][ T6449] team_slave_1: left promiscuous mode [ 129.016511][ T6464] openvswitch: Êü: Dropping previously announced user features [ 129.036891][ T6466] openvswitch: Êü: Dropping previously announced user features [ 129.383985][ T6472] geneve2: entered promiscuous mode [ 129.395043][ T6472] geneve2: entered allmulticast mode [ 129.535565][ T6486] team0: entered promiscuous mode [ 129.557351][ T6486] team_slave_0: entered promiscuous mode [ 129.575963][ T6486] team_slave_1: entered promiscuous mode [ 129.628118][ T6490] vlan2: entered promiscuous mode [ 129.648894][ T6490] bond0: entered promiscuous mode [ 129.658498][ T6490] bond_slave_0: entered promiscuous mode [ 129.664873][ T6490] bond_slave_1: entered promiscuous mode [ 129.673341][ T6490] vlan2: entered allmulticast mode [ 129.681884][ T6490] bond0: entered allmulticast mode [ 129.690151][ T6490] bond_slave_0: entered allmulticast mode [ 129.700923][ T6490] bond_slave_1: entered allmulticast mode [ 129.708570][ T6490] bond0: left allmulticast mode [ 129.713968][ T6490] bond_slave_0: left allmulticast mode [ 129.719446][ T6490] bond_slave_1: left allmulticast mode [ 129.725062][ T6490] bond0: left promiscuous mode [ 129.729859][ T6490] bond_slave_0: left promiscuous mode [ 129.736322][ T6490] bond_slave_1: left promiscuous mode [ 129.758890][ T6494] openvswitch: Êü: Dropping previously announced user features [ 129.767641][ T6497] openvswitch: Êü: Dropping previously announced user features [ 129.776533][ T6483] team0: left promiscuous mode [ 129.799716][ T6483] team_slave_0: left promiscuous mode [ 129.821734][ T6483] team_slave_1: left promiscuous mode [ 129.945114][ T5108] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 130.709188][ C1] eth0: bad gso: type: 1, size: 1408 [ 131.057055][ T6522] geneve2: entered promiscuous mode [ 131.083706][ T6522] geneve2: entered allmulticast mode [ 131.083731][ T6528] __nla_validate_parse: 10 callbacks suppressed [ 131.083744][ T6528] netlink: 4 bytes leftover after parsing attributes in process `syz.1.448'. [ 131.130115][ T6525] netlink: 76 bytes leftover after parsing attributes in process `syz.0.447'. [ 131.132903][ T6530] netlink: 76 bytes leftover after parsing attributes in process `syz.2.449'. [ 131.150226][ T6528] team0: entered promiscuous mode [ 131.157066][ T6528] team_slave_1: entered promiscuous mode [ 131.169583][ T6525] openvswitch: Êü: Dropping previously announced user features [ 131.180987][ T6528] netlink: 28 bytes leftover after parsing attributes in process `syz.1.448'. [ 131.204095][ T6532] netlink: 8 bytes leftover after parsing attributes in process `syz.4.446'. [ 131.204181][ T6530] openvswitch: Êü: Dropping previously announced user features [ 131.232422][ T6526] team0: left promiscuous mode [ 131.234710][ T6530] FAULT_INJECTION: forcing a failure. [ 131.234710][ T6530] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 131.249785][ T6526] team_slave_1: left promiscuous mode [ 131.293067][ T6530] CPU: 0 PID: 6530 Comm: syz.2.449 Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 131.302758][ T6530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 131.312821][ T6530] Call Trace: [ 131.316104][ T6530] [ 131.319035][ T6530] dump_stack_lvl+0x241/0x360 [ 131.323726][ T6530] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.328947][ T6530] ? __pfx__printk+0x10/0x10 [ 131.333556][ T6530] ? snprintf+0xda/0x120 [ 131.337812][ T6530] should_fail_ex+0x3b0/0x4e0 [ 131.342496][ T6530] _copy_to_user+0x2f/0xb0 [ 131.346926][ T6530] simple_read_from_buffer+0xca/0x150 [ 131.352317][ T6530] proc_fail_nth_read+0x1e9/0x250 [ 131.357355][ T6530] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 131.362919][ T6530] ? rw_verify_area+0x520/0x6b0 [ 131.367780][ T6530] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 131.373339][ T6530] vfs_read+0x204/0xbc0 [ 131.377507][ T6530] ? __pfx_lock_release+0x10/0x10 [ 131.382541][ T6530] ? __pfx_vfs_read+0x10/0x10 [ 131.387255][ T6530] ? __fget_files+0x29/0x470 [ 131.391847][ T6530] ? __fget_files+0x3f6/0x470 [ 131.396536][ T6530] ksys_read+0x1a0/0x2c0 [ 131.400793][ T6530] ? __pfx_ksys_read+0x10/0x10 [ 131.405556][ T6530] ? do_syscall_64+0x100/0x230 [ 131.410327][ T6530] ? do_syscall_64+0xb6/0x230 [ 131.415031][ T6530] do_syscall_64+0xf3/0x230 [ 131.419536][ T6530] ? clear_bhb_loop+0x35/0x90 [ 131.424223][ T6530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.430129][ T6530] RIP: 0033:0x7f23075749fc [ 131.434555][ T6530] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 131.454169][ T6530] RSP: 002b:00007f230835c040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 131.462606][ T6530] RAX: ffffffffffffffda RBX: 00007f2307705f60 RCX: 00007f23075749fc [ 131.470580][ T6530] RDX: 000000000000000f RSI: 00007f230835c0b0 RDI: 0000000000000004 [ 131.478549][ T6530] RBP: 00007f230835c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 131.486522][ T6530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 131.494491][ T6530] R13: 000000000000000b R14: 00007f2307705f60 R15: 00007ffd09b826e8 [ 131.502475][ T6530] [ 132.031879][ T6562] netlink: 76 bytes leftover after parsing attributes in process `syz.2.461'. [ 132.050234][ T6562] openvswitch: Êü: Dropping previously announced user features [ 132.110428][ T6553] netlink: 20 bytes leftover after parsing attributes in process `syz.1.457'. [ 132.283603][ T6556] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 132.992335][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.998725][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.103546][ T6589] netlink: 8 bytes leftover after parsing attributes in process `syz.2.466'. [ 133.540993][ T6604] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 133.873535][ T6624] netlink: 20 bytes leftover after parsing attributes in process `syz.0.480'. [ 134.806526][ T6636] netlink: 8 bytes leftover after parsing attributes in process `syz.1.484'. [ 135.211557][ T6656] Bluetooth: MGMT ver 1.23 [ 135.399125][ T6654] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 135.503969][ T6671] team0: entered promiscuous mode [ 135.515105][ T6671] team_slave_1: entered promiscuous mode [ 135.525072][ T6673] lo speed is unknown, defaulting to 1000 [ 135.561027][ T6667] team0: left promiscuous mode [ 135.576471][ T6667] team_slave_1: left promiscuous mode [ 135.803527][ T6681] Bluetooth: hci3: invalid length 0, exp 2 for type 16 [ 136.196290][ T6706] infiniband syz0: set active [ 136.211845][ T6706] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 136.236097][ T928] lo speed is unknown, defaulting to 1000 [ 136.504159][ T6717] __nla_validate_parse: 4 callbacks suppressed [ 136.504178][ T6717] netlink: 4 bytes leftover after parsing attributes in process `syz.1.511'. [ 136.580137][ T6717] team0: entered promiscuous mode [ 136.589234][ T6717] team_slave_1: entered promiscuous mode [ 136.641892][ T6717] netlink: 28 bytes leftover after parsing attributes in process `syz.1.511'. [ 136.696574][ T6678] lo speed is unknown, defaulting to 1000 [ 136.701303][ T6716] team0: left promiscuous mode [ 136.718542][ T6716] team_slave_1: left promiscuous mode [ 136.833016][ T6719] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 136.928101][ T6726] netlink: 4 bytes leftover after parsing attributes in process `syz.1.514'. [ 137.168538][ T6738] netlink: 8 bytes leftover after parsing attributes in process `syz.2.517'. [ 137.193031][ T6738] netlink: 8 bytes leftover after parsing attributes in process `syz.2.517'. [ 137.427529][ T6751] netlink: 8 bytes leftover after parsing attributes in process `syz.3.519'. [ 137.694945][ T6766] netlink: 76 bytes leftover after parsing attributes in process `syz.2.523'. [ 137.819984][ T6766] openvswitch: Êü: Dropping previously announced user features [ 137.828078][ T6768] netlink: 'syz.3.524': attribute type 2 has an invalid length. [ 137.841150][ T6768] netlink: 12 bytes leftover after parsing attributes in process `syz.3.524'. [ 137.905713][ T6773] netlink: 4 bytes leftover after parsing attributes in process `syz.1.525'. [ 138.102313][ T6778] team0: entered promiscuous mode [ 138.107648][ T6778] team_slave_1: entered promiscuous mode [ 138.140469][ T6779] netlink: 12 bytes leftover after parsing attributes in process `syz.0.526'. [ 138.166144][ T6779] netlink: 'syz.0.526': attribute type 20 has an invalid length. [ 138.259304][ T6772] team0: left promiscuous mode [ 138.277527][ T6772] team_slave_1: left promiscuous mode [ 139.070315][ T6810] netlink: 'syz.3.537': attribute type 1 has an invalid length. [ 139.294279][ T6821] team0: entered promiscuous mode [ 139.320214][ T6821] team_slave_1: entered promiscuous mode [ 139.337835][ T6820] team0: left promiscuous mode [ 139.342930][ T6820] team_slave_1: left promiscuous mode [ 139.477167][ T6833] sctp: [Deprecated]: syz.4.546 (pid 6833) Use of int in max_burst socket option deprecated. [ 139.477167][ T6833] Use struct sctp_assoc_value instead [ 139.591659][ T6839] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 139.636550][ T6840] xt_TCPMSS: Only works on TCP SYN packets [ 140.182372][ T6873] team0: entered promiscuous mode [ 140.187473][ T6873] team_slave_1: entered promiscuous mode [ 140.252688][ T6870] team0: left promiscuous mode [ 140.257613][ T6870] team_slave_1: left promiscuous mode [ 140.349621][ T6879] Driver unsupported XDP return value 0 on prog (id 102) dev N/A, expect packet loss! [ 140.633534][ T6909] netlink: 'syz.4.571': attribute type 16 has an invalid length. [ 140.865170][ T6918] veth1_macvtap: left promiscuous mode [ 141.148859][ T6927] openvswitch: Êü: Dropping previously announced user features [ 141.235071][ T6932] team0: entered promiscuous mode [ 141.240186][ T6932] team_slave_0: entered promiscuous mode [ 141.272990][ T6932] team_slave_1: entered promiscuous mode [ 141.311018][ T6932] team_slave_0: entered allmulticast mode [ 141.367967][ T6931] team0: left promiscuous mode [ 141.385341][ T6931] team_slave_1: left promiscuous mode [ 141.628759][ T6955] __nla_validate_parse: 15 callbacks suppressed [ 141.628778][ T6955] netlink: 8 bytes leftover after parsing attributes in process `syz.4.585'. [ 141.727257][ T6958] netlink: 20 bytes leftover after parsing attributes in process `syz.3.586'. [ 141.760147][ T6951] infiniband syz0: set down [ 141.784719][ T6951] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 141.834541][ T5156] lo speed is unknown, defaulting to 1000 [ 141.842804][ T5156] lo speed is unknown, defaulting to 1000 [ 142.565386][ T6970] syzkaller0: entered promiscuous mode [ 142.574760][ T6970] syzkaller0: entered allmulticast mode [ 142.624859][ T6972] netlink: 40 bytes leftover after parsing attributes in process `syz.1.591'. [ 142.657405][ T6975] netlink: 76 bytes leftover after parsing attributes in process `syz.3.592'. [ 142.679974][ T6972] pim6reg: entered allmulticast mode [ 142.688003][ T6975] openvswitch: Êü: Dropping previously announced user features [ 142.691646][ T6972] vxcan1: entered allmulticast mode [ 142.714190][ T6972] netlink: 24 bytes leftover after parsing attributes in process `syz.1.591'. [ 143.013679][ T6992] netlink: 8 bytes leftover after parsing attributes in process `syz.0.597'. [ 143.052208][ T6990] netlink: 4 bytes leftover after parsing attributes in process `syz.4.596'. [ 143.138868][ T7001] team0: entered promiscuous mode [ 143.158572][ T7001] team_slave_1: entered promiscuous mode [ 143.215389][ T6990] netlink: 8 bytes leftover after parsing attributes in process `syz.4.596'. [ 143.256813][ T6986] team0: left promiscuous mode [ 143.283629][ T6991] netlink: 'syz.1.598': attribute type 1 has an invalid length. [ 143.294565][ T6986] team_slave_1: left promiscuous mode [ 143.315883][ T6991] netlink: 'syz.1.598': attribute type 1 has an invalid length. [ 143.324717][ T6991] netlink: 9328 bytes leftover after parsing attributes in process `syz.1.598'. [ 143.348191][ T6991] netlink: 'syz.1.598': attribute type 1 has an invalid length. [ 143.572876][ T7016] netlink: 20 bytes leftover after parsing attributes in process `syz.4.602'. [ 144.443115][ T7023] openvswitch: Êü: Dropping previously announced user features [ 146.399742][ T7082] team0: entered promiscuous mode [ 146.409774][ T7082] team_slave_1: entered promiscuous mode [ 146.455578][ T7078] team0: left promiscuous mode [ 146.460517][ T7078] team_slave_1: left promiscuous mode [ 146.689906][ T7104] x_tables: duplicate underflow at hook 1 [ 146.716040][ T7081] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 146.932115][ T7117] __nla_validate_parse: 11 callbacks suppressed [ 146.932137][ T7117] netlink: 8 bytes leftover after parsing attributes in process `syz.1.638'. [ 147.047261][ T7124] netlink: 4 bytes leftover after parsing attributes in process `syz.0.643'. [ 147.100456][ T7124] team0: entered promiscuous mode [ 147.116106][ T7124] team_slave_1: entered promiscuous mode [ 147.123552][ T7124] netlink: 8 bytes leftover after parsing attributes in process `syz.0.643'. [ 147.137884][ T7122] team0: left promiscuous mode [ 147.143048][ T7122] team_slave_1: left promiscuous mode [ 147.176723][ T7127] netlink: 20 bytes leftover after parsing attributes in process `syz.2.641'. [ 148.201940][ T7164] netlink: 8 bytes leftover after parsing attributes in process `syz.3.647'. [ 148.704839][ T7193] netlink: 4 bytes leftover after parsing attributes in process `syz.4.651'. [ 148.787792][ T7199] netlink: 72 bytes leftover after parsing attributes in process `syz.2.654'. [ 148.991910][ T7207] netlink: 4 bytes leftover after parsing attributes in process `syz.3.656'. [ 149.025696][ T7207] netlink: 8 bytes leftover after parsing attributes in process `syz.3.656'. [ 149.281522][ T7229] netlink: 8 bytes leftover after parsing attributes in process `syz.1.663'. [ 150.121622][ T7236] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 150.159785][ T7236] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 150.458648][ T7251] team0: entered promiscuous mode [ 150.465754][ T7251] team_slave_1: entered promiscuous mode [ 150.485631][ T7250] team0: left promiscuous mode [ 150.493955][ T7250] team_slave_1: left promiscuous mode [ 151.011870][ T7277] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 151.272388][ T7287] team0: entered promiscuous mode [ 151.288053][ T7287] team_slave_1: entered promiscuous mode [ 151.331300][ T7286] team0: left promiscuous mode [ 151.336311][ T7286] team_slave_1: left promiscuous mode [ 151.443203][ T7300] Bluetooth: hci0: load_link_keys: too big key_count value 65280 [ 151.474238][ T7300] team_slave_1: entered promiscuous mode [ 151.485023][ T7300] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 151.534953][ T7300] team_slave_1: left promiscuous mode [ 151.654615][ T7297] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 152.050323][ T7327] __nla_validate_parse: 10 callbacks suppressed [ 152.050347][ T7327] netlink: 40 bytes leftover after parsing attributes in process `syz.2.702'. [ 152.230576][ T7337] netlink: 4 bytes leftover after parsing attributes in process `syz.3.705'. [ 152.281318][ T29] audit: type=1107 audit(1721678034.585:2): pid=7338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='ØÊø|Þª˜ 95Á/NŸZR ¾ e©Q' [ 152.394541][ T7343] TCP: request_sock_TCP: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies. [ 152.466992][ T7347] netlink: 4 bytes leftover after parsing attributes in process `syz.1.712'. [ 152.678220][ C1] eth0: bad gso: type: 1, size: 1408 [ 152.771826][ T7364] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x5 [ 152.968533][ T7376] netlink: 4 bytes leftover after parsing attributes in process `syz.2.722'. [ 153.002633][ T7375] netlink: 8 bytes leftover after parsing attributes in process `syz.0.721'. [ 153.020220][ T7376] team0: entered promiscuous mode [ 153.032893][ T7376] team_slave_0: entered promiscuous mode [ 153.038923][ T7376] team_slave_1: entered promiscuous mode [ 153.071052][ T7376] netlink: 28 bytes leftover after parsing attributes in process `syz.2.722'. [ 153.098395][ T7371] team0: left promiscuous mode [ 153.111789][ T7371] team_slave_0: left promiscuous mode [ 153.117395][ T7371] team_slave_1: left promiscuous mode [ 153.173226][ T7384] netlink: 4 bytes leftover after parsing attributes in process `syz.4.725'. [ 153.271170][ T7390] tap0: tun_chr_ioctl cmd 1074025673 [ 153.432516][ T7402] netlink: 4 bytes leftover after parsing attributes in process `syz.0.731'. [ 153.481712][ T7402] netlink: 12 bytes leftover after parsing attributes in process `syz.0.731'. [ 153.843843][ T7420] netlink: 4 bytes leftover after parsing attributes in process `syz.3.737'. [ 153.856958][ T7417] (unnamed net_device) (uninitialized): up delay (5) is not a multiple of miimon (4), value rounded to 4 ms [ 154.205653][ T7436] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 154.560165][ T7456] netlink: 'syz.3.749': attribute type 149 has an invalid length. [ 154.629220][ T7459] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 154.760980][ T7465] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 154.867256][ T7473] team0: entered promiscuous mode [ 154.872819][ T7473] team_slave_1: entered promiscuous mode [ 154.876415][ T7456] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 154.893358][ T7467] team0: left promiscuous mode [ 154.898286][ T7467] team_slave_1: left promiscuous mode [ 155.027465][ T7482] syzkaller0: entered allmulticast mode [ 155.088244][ T7484] Cannot find add_set index 0 as target [ 155.273354][ T7503] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 155.874222][ T7545] sctp: [Deprecated]: syz.1.773 (pid 7545) Use of struct sctp_assoc_value in delayed_ack socket option. [ 155.874222][ T7545] Use struct sctp_sack_info instead [ 156.335407][ T7572] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 156.423425][ T7579] netlink: 'syz.4.780': attribute type 11 has an invalid length. [ 157.301930][ T7636] __nla_validate_parse: 7 callbacks suppressed [ 157.301952][ T7636] netlink: 16 bytes leftover after parsing attributes in process `syz.2.795'. [ 157.380179][ T7640] xt_CT: You must specify a L4 protocol and not use inversions on it [ 157.478611][ T7647] sctp: [Deprecated]: syz.4.799 (pid 7647) Use of int in max_burst socket option deprecated. [ 157.478611][ T7647] Use struct sctp_assoc_value instead [ 157.495229][ T7648] netlink: 8 bytes leftover after parsing attributes in process `syz.3.798'. [ 157.507266][ T7648] netlink: 20 bytes leftover after parsing attributes in process `syz.3.798'. [ 157.568343][ T7636] vxcan0: entered promiscuous mode [ 157.576350][ T7636] vlan2: entered allmulticast mode [ 157.581574][ T7636] vxcan0: entered allmulticast mode [ 157.590310][ T7648] netlink: 'syz.3.798': attribute type 4 has an invalid length. [ 157.600147][ T7636] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 157.642555][ T7636] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 157.771143][ T7666] netlink: 48 bytes leftover after parsing attributes in process `syz.0.800'. [ 157.878390][ T7674] netlink: 'syz.3.805': attribute type 25 has an invalid length. [ 157.888925][ T7674] netlink: 'syz.3.805': attribute type 44 has an invalid length. [ 157.922695][ T7661] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 157.949925][ T7675] netlink: 4 bytes leftover after parsing attributes in process `syz.1.804'. [ 158.251466][ T7687] netlink: 4 bytes leftover after parsing attributes in process `syz.2.809'. [ 158.502777][ T7696] netlink: 48 bytes leftover after parsing attributes in process `syz.3.812'. [ 158.514016][ T7702] netlink: 4 bytes leftover after parsing attributes in process `syz.4.815'. [ 158.528896][ T7701] netlink: 4 bytes leftover after parsing attributes in process `syz.2.814'. [ 158.550399][ T7698] netlink: 20 bytes leftover after parsing attributes in process `syz.0.813'. [ 158.575750][ T7701] team0: entered promiscuous mode [ 158.590828][ T7701] team_slave_0: entered promiscuous mode [ 158.613668][ T7701] team_slave_1: entered promiscuous mode [ 158.670350][ T7700] team0: left promiscuous mode [ 158.683534][ T7700] team_slave_0: left promiscuous mode [ 158.689277][ T7700] team_slave_1: left promiscuous mode [ 158.730502][ C1] eth0: bad gso: type: 1, size: 1408 [ 158.811170][ C1] eth0: bad gso: type: 1, size: 1408 [ 158.844873][ T7708] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 159.162771][ T7729] pimreg: entered allmulticast mode [ 160.298760][ T7757] sctp: [Deprecated]: syz.1.830 (pid 7757) Use of struct sctp_assoc_value in delayed_ack socket option. [ 160.298760][ T7757] Use struct sctp_sack_info instead [ 160.621357][ T7758] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 160.977879][ T7795] nlmon0: Master is either lo or non-ether device [ 161.086336][ T7798] pimreg: entered allmulticast mode [ 161.181862][ T7805] delete_channel: no stack [ 162.020359][ T7821] netlink: 'syz.0.845': attribute type 1 has an invalid length. [ 162.030034][ T7821] netlink: 'syz.0.845': attribute type 1 has an invalid length. [ 162.332130][ T7840] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 162.468238][ T7824] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 162.499038][ T7847] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 162.646465][ T7857] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 162.727580][ T7857] lo speed is unknown, defaulting to 1000 [ 162.802499][ T7865] veth1_macvtap: left promiscuous mode [ 162.808653][ T7865] macsec0: entered promiscuous mode [ 162.819941][ T7865] macsec0: entered allmulticast mode [ 163.184253][ T7878] __nla_validate_parse: 13 callbacks suppressed [ 163.184272][ T7878] netlink: 20 bytes leftover after parsing attributes in process `syz.0.861'. [ 164.242030][ T7883] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 164.279142][ T7894] netlink: 32 bytes leftover after parsing attributes in process `syz.3.867'. [ 164.312156][ T7890] netlink: 8 bytes leftover after parsing attributes in process `syz.2.864'. [ 164.572499][ T7909] netlink: 'syz.4.871': attribute type 1 has an invalid length. [ 164.616997][ T7909] netlink: 224 bytes leftover after parsing attributes in process `syz.4.871'. [ 165.132284][ T7948] dccp_v6_rcv: dropped packet with invalid checksum [ 165.229060][ T7953] netlink: 20 bytes leftover after parsing attributes in process `syz.0.879'. [ 165.477133][ T7944] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 166.046539][ T7968] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 166.099498][ T7968] ipvlan0: entered promiscuous mode [ 166.119388][ T7968] ipvlan0: left promiscuous mode [ 166.128295][ T7968] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 166.235562][ T7981] netlink: 'syz.0.890': attribute type 32 has an invalid length. [ 166.286395][ T7981] netlink: 8 bytes leftover after parsing attributes in process `syz.0.890'. [ 166.326191][ T7981] (unnamed net_device) (uninitialized): Setting coupled_control to off (0) [ 166.605087][ T5099] [ 166.607561][ T5099] ====================================================== [ 166.614597][ T5099] WARNING: possible circular locking dependency detected [ 166.621627][ T5099] 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 Not tainted [ 166.628404][ T5099] ------------------------------------------------------ [ 166.635435][ T5099] syz-executor/5099 is trying to acquire lock: [ 166.641605][ T5099] ffff888021d64078 (&hdev->lock){+.+.}-{3:3}, at: mgmt_remove_adv_monitor_complete+0xaf/0x550 [ 166.651915][ T5099] [ 166.651915][ T5099] but task is already holding lock: [ 166.659293][ T5099] ffff888021d64690 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x4e/0x220 [ 166.669602][ T5099] [ 166.669602][ T5099] which lock already depends on the new lock. [ 166.669602][ T5099] [ 166.680018][ T5099] [ 166.680018][ T5099] the existing dependency chain (in reverse order) is: [ 166.689060][ T5099] [ 166.689060][ T5099] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 166.697608][ T5099] lock_acquire+0x1ed/0x550 [ 166.702664][ T5099] __mutex_lock+0x136/0xd70 [ 166.703255][ T8006] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 166.707698][ T5099] hci_cmd_sync_queue_once+0x43/0x240 [ 166.707733][ T5099] le_conn_complete_evt+0xae1/0x12e0 [ 166.734528][ T5099] hci_le_conn_complete_evt+0x18c/0x420 [ 166.740618][ T5099] hci_event_packet+0xa55/0x1540 [ 166.746109][ T5099] hci_rx_work+0x3e8/0xca0 [ 166.751090][ T5099] process_scheduled_works+0xa2c/0x1830 [ 166.757176][ T5099] worker_thread+0x86d/0xd40 [ 166.762335][ T5099] kthread+0x2f0/0x390 [ 166.766942][ T5099] ret_from_fork+0x4b/0x80 [ 166.771875][ T5099] ret_from_fork_asm+0x1a/0x30 [ 166.777186][ T5099] [ 166.777186][ T5099] -> #0 (&hdev->lock){+.+.}-{3:3}: [ 166.784551][ T5099] validate_chain+0x18e0/0x5900 [ 166.789938][ T5099] __lock_acquire+0x137a/0x2040 [ 166.795330][ T5099] lock_acquire+0x1ed/0x550 [ 166.800355][ T5099] __mutex_lock+0x136/0xd70 [ 166.805383][ T5099] mgmt_remove_adv_monitor_complete+0xaf/0x550 [ 166.812061][ T5099] hci_cmd_sync_clear+0x107/0x220 [ 166.817609][ T5099] hci_unregister_dev+0x181/0x510 [ 166.823157][ T5099] vhci_release+0x83/0xd0 [ 166.828014][ T5099] __fput+0x24a/0x8a0 [ 166.832525][ T5099] task_work_run+0x24f/0x310 [ 166.837656][ T5099] do_exit+0xa2f/0x27f0 [ 166.842343][ T5099] do_group_exit+0x207/0x2c0 [ 166.847479][ T5099] __x64_sys_exit_group+0x3f/0x40 [ 166.853028][ T5099] x64_sys_call+0x26c3/0x26d0 [ 166.858235][ T5099] do_syscall_64+0xf3/0x230 [ 166.863275][ T5099] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.869716][ T5099] [ 166.869716][ T5099] other info that might help us debug this: [ 166.869716][ T5099] [ 166.879937][ T5099] Possible unsafe locking scenario: [ 166.879937][ T5099] [ 166.887381][ T5099] CPU0 CPU1 [ 166.892741][ T5099] ---- ---- [ 166.898101][ T5099] lock(&hdev->cmd_sync_work_lock); [ 166.903390][ T5099] lock(&hdev->lock); [ 166.909979][ T5099] lock(&hdev->cmd_sync_work_lock); [ 166.917784][ T5099] lock(&hdev->lock); [ 166.921859][ T5099] [ 166.921859][ T5099] *** DEADLOCK *** [ 166.921859][ T5099] [ 166.930004][ T5099] 1 lock held by syz-executor/5099: [ 166.935279][ T5099] #0: ffff888021d64690 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_clear+0x4e/0x220 [ 166.946102][ T5099] [ 166.946102][ T5099] stack backtrace: [ 166.952021][ T5099] CPU: 0 PID: 5099 Comm: syz-executor Not tainted 6.10.0-syzkaller-09703-gd7e78951a8b8 #0 [ 166.961920][ T5099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 166.971999][ T5099] Call Trace: [ 166.975296][ T5099] [ 166.978223][ T5099] dump_stack_lvl+0x241/0x360 [ 166.982910][ T5099] ? __pfx_dump_stack_lvl+0x10/0x10 [ 166.988123][ T5099] ? print_circular_bug+0x130/0x1a0 [ 166.993334][ T5099] check_noncircular+0x36a/0x4a0 [ 166.998293][ T5099] ? __pfx_check_noncircular+0x10/0x10 [ 167.003793][ T5099] ? lockdep_lock+0x123/0x2b0 [ 167.008492][ T5099] ? validate_chain+0x11e/0x5900 [ 167.013480][ T5099] validate_chain+0x18e0/0x5900 [ 167.018353][ T5099] ? validate_chain+0x11e/0x5900 [ 167.023297][ T5099] ? __pfx_validate_chain+0x10/0x10 [ 167.028507][ T5099] ? __pfx_validate_chain+0x10/0x10 [ 167.033711][ T5099] ? __lock_acquire+0x137a/0x2040 [ 167.038781][ T5099] ? __pfx_validate_chain+0x10/0x10 [ 167.043991][ T5099] ? mark_lock+0x9a/0x350 [ 167.048363][ T5099] ? mark_lock+0x9a/0x350 [ 167.052717][ T5099] __lock_acquire+0x137a/0x2040 [ 167.057581][ T5099] lock_acquire+0x1ed/0x550 [ 167.062125][ T5099] ? mgmt_remove_adv_monitor_complete+0xaf/0x550 [ 167.068472][ T5099] ? __pfx_lock_acquire+0x10/0x10 [ 167.073522][ T5099] ? __pfx___might_resched+0x10/0x10 [ 167.078822][ T5099] __mutex_lock+0x136/0xd70 [ 167.083335][ T5099] ? mgmt_remove_adv_monitor_complete+0xaf/0x550 [ 167.089681][ T5099] ? __pfx___mutex_trylock_common+0x10/0x10 [ 167.095582][ T5099] ? mgmt_remove_adv_monitor_complete+0xaf/0x550 [ 167.101919][ T5099] ? __pfx___mutex_lock+0x10/0x10 [ 167.106958][ T5099] ? rcu_is_watching+0x15/0xb0 [ 167.111738][ T5099] ? __mutex_lock+0x2ef/0xd70 [ 167.116434][ T5099] ? lockdep_hardirqs_on+0x99/0x150 [ 167.121642][ T5099] mgmt_remove_adv_monitor_complete+0xaf/0x550 [ 167.127816][ T5099] ? __pfx___mutex_lock+0x10/0x10 [ 167.132851][ T5099] ? __pfx_mgmt_remove_adv_monitor_complete+0x10/0x10 [ 167.139636][ T5099] ? __pfx_enable_work+0x10/0x10 [ 167.144592][ T5099] ? __pfx_mgmt_remove_adv_monitor_complete+0x10/0x10 [ 167.151350][ T5099] hci_cmd_sync_clear+0x107/0x220 [ 167.156377][ T5099] hci_unregister_dev+0x181/0x510 [ 167.161406][ T5099] vhci_release+0x83/0xd0 [ 167.165757][ T5099] ? __pfx_vhci_release+0x10/0x10 [ 167.170794][ T5099] __fput+0x24a/0x8a0 [ 167.174809][ T5099] task_work_run+0x24f/0x310 [ 167.179394][ T5099] ? __pfx_task_work_run+0x10/0x10 [ 167.184505][ T5099] ? do_exit+0xa2a/0x27f0 [ 167.188837][ T5099] ? kmem_cache_free+0x145/0x350 [ 167.193783][ T5099] do_exit+0xa2f/0x27f0 [ 167.197952][ T5099] ? __pfx_do_exit+0x10/0x10 [ 167.202558][ T5099] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 167.208561][ T5099] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 167.214916][ T5099] ? _raw_spin_unlock_irq+0x23/0x50 [ 167.220144][ T5099] ? lockdep_hardirqs_on+0x99/0x150 [ 167.225361][ T5099] do_group_exit+0x207/0x2c0 [ 167.229965][ T5099] __x64_sys_exit_group+0x3f/0x40 [ 167.235001][ T5099] x64_sys_call+0x26c3/0x26d0 [ 167.239687][ T5099] do_syscall_64+0xf3/0x230 [ 167.244248][ T5099] ? clear_bhb_loop+0x35/0x90 [ 167.248941][ T5099] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.254864][ T5099] RIP: 0033:0x7f338f175f19 [ 167.259274][ T5099] Code: Unable to access opcode bytes at 0x7f338f175eef. [ 167.266298][ T5099] RSP: 002b:00007ffdc78210a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 167.274735][ T5099] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f338f175f19 [ 167.282724][ T5099] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 167.290714][ T5099] RBP: 00007f338f1d29d8 R08: 00007ffdc781ee47 R09: 0000000000000bb8 [ 167.298697][ T5099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 167.306704][ T5099] R13: 0000000000000bb8 R14: 0000000000000000 R15: 0000000000028917 [ 167.314702][ T5099] [ 167.611569][ T7159] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.671666][ T7159] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.727831][ T7159] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.789087][ T7159] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 167.889190][ T7159] bridge_slave_1: left allmulticast mode [ 167.895437][ T7159] bridge_slave_1: left promiscuous mode [ 167.904181][ T7159] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.914372][ T7159] bridge_slave_0: left allmulticast mode [ 167.920078][ T7159] bridge_slave_0: left promiscuous mode [ 167.927910][ T7159] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.168585][ T7159] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 168.185636][ T7159] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 168.198073][ T7159] bond0 (unregistering): Released all slaves [ 168.214932][ T7159] bond1 (unregistering): Released all slaves [ 168.283042][ T7159] Êü: left promiscuous mode [ 168.687903][ T7159] hsr_slave_0: left promiscuous mode [ 168.693976][ T7159] hsr_slave_1: left promiscuous mode [ 168.701638][ T7159] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 168.709163][ T7159] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 168.717001][ T7159] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 168.724976][ T7159] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 168.734904][ T7159] veth1_macvtap: left promiscuous mode [ 168.740449][ T7159] veth0_macvtap: left promiscuous mode [ 168.748295][ T7159] veth1_vlan: left promiscuous mode [ 168.753776][ T7159] veth0_vlan: left promiscuous mode [ 169.029445][ T7159] team0 (unregistering): Port device team_slave_1 removed