last executing test programs: 15.13513846s ago: executing program 4 (id=6276): socket$packet(0x11, 0x0, 0x300) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=@deltaction={0x14}, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="4000000010003904000000000400000000000000", @ANYRES32=r3, @ANYBLOB="030000007f0000002000128008000100736974001400028008000100", @ANYRES32], 0x40}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8108a0d0000000080000000000000000000ca0000cc3ddc9e81b13004baefea1622f7e4a86cf33f8fd98d27e314077a5d4b7385d004ea98d43d163dc9", @ANYRES32=r2, @ANYBLOB="00000000000000001800128008000100736974000c00028008000300e0000001"], 0x38}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e0000000400028008000a00", @ANYRES32], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x5, 0x3, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0xb83a}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x17, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000034bb9abb0cc33404000000009500000000000000"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000940)={0x6, 0xf, &(0x7f00000007c0)=ANY=[@ANYBLOB="1802000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b502000014000000b70300000000000085000000d2000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000000000000b7000000000000009500000000000000ba8da9942c549f55938fbf3def1c1867fac4dba6e89e7e4d07ce1e07cec9db22de305ea3091d0e7039d53159776b86582e64a7bf3fe6afd2f145ff0d50f56822cf97c89135d4c027cd9d60c104f6677fd17ad17aee0968e64978b487b56b0fafa3eef4ffb05acae842ba51e2f9ed17ecb654bca0a47c21da63fdaaa93080942bf30384c5a90e3e4f97ff4bb85e94b1c5011937b9c4d02cdc92741681867fb08bf270c43ceb179f7d58d2827aa014c35e06fccfdc5da1543cd0d8231cc0377d1bf6c2eac40d6aae3caa508a1ec9da73ec3be12dd7aabcf481909c3b10449cac899a9a50046053a5a88d6195e36e16"], &(0x7f0000000780)='GPL\x00'}, 0x90) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) r7 = accept$alg(r6, 0x0, 0x0) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0) recvmmsg(r7, &(0x7f0000006100), 0x49f, 0x0, 0x0) socket(0x23, 0x800, 0x401) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000530000001801000020786c2500000000002020207b1af8ff00100000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000720000009500000000000000"], &(0x7f0000000080)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r8, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) socket(0x10, 0x80002, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) r9 = socket$inet(0x2, 0x3, 0x0) setsockopt$inet_int(r9, 0x0, 0xf, &(0x7f0000000040)=0x7, 0x4) 15.039967444s ago: executing program 2 (id=6279): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="5000000002020104f0000000000000000a0000003c0002800c00028005000100000000002c000180140003"], 0x50}}, 0x0) 14.440675133s ago: executing program 2 (id=6281): socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000280)) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x79, &(0x7f0000000080)={r1}, 0x8) 14.176284589s ago: executing program 2 (id=6286): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b400000000000000791048000000000079001800000000009500000000000000db74589d4b38cc306ac390649f72dea0e50e2317db042855d6c74ff3493c7e31e3f6c643155a8e2e01d50bc3347475750472719cc516fa14b769e7f385ba72c60242263c05ddab05e37efe81b8bffc35cdf2ac0d93263ff755d611c4cca1684b1470af6a83366aa430ad2d700b186da622d6fba70000000000000000000000000200"/173], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000006d40)=[{{&(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, &(0x7f00000015c0)=[{&(0x7f0000000400)="ce1e22fbdec065789b1ecc66daa4019d901d3c0a37d19469aec0e18b87364d6dbee7dd3f1eee5c6f29b19194c54abda08c84053e91c6cc7268a12cbd019b111206c078074dbf6324f2ff7bb7d990bcea2c377b257f0464a4f353a47acae3a5d5f97990d74a7496474937d01408ae3cdc543ab36f65adb27bbe41f0f068146986b662f54d31120070ae5d6269e915182b0ca8fb61d66b6908bf652f3d00f16e536f4fde2d965766e0133f13730a639a70e7f36bed3b43b71cbf65acc6f80a537f9666a2d059fc941469cbee912198351b4d43895e9160841c81a47d1f66307f2e63f0af2623d5e8efa5fd01b17f6360825ab340589bbbdcc29037932a1e6bc255dbfd2ace2fe4b416efff6a1801f7cf49eb4588f077671463c32a33531830e2e15b8fa9884e0bddc9c9df2cb452cfd0e19d17b3f2afb793ae8dcd823892c109b2503d37359379fc9d7214825f38eba06805bfe62adb1c83f101a7c3c9daa58e2408f40640839530f0da6c78e99058b8e698e46a2c934b6eb1decfa8f9b558b16aeca3adbc02fd7f59e6270da912f57ecc577a147ad2d4200ddff887a449ff95348db1fd085b6619de7bce2016355859b5db102a92fcc53d99adac10a04eb14d36c216f1907365fe9b0e7bc1488c8c3bea8d2d1146cb41bca2dc1c24250fa016df71a3feac781b7a2d1ccc0d79138143fed3e51d9637b0be99538a33d02bcfe0af53ec1884cac0b9382ffa004e7863a4ddbaa5fc1757b7cf73519e34e5f26097332f4599e9dd2d76ec4aad743bcaf9f4d752e0b115d0f7cf0d1fae8d5953a0583ab7d6195d2e6c0e6435a64c557fd962880016c02fca3eea0db96a8a6ee0d3a16e8727bbc4eb41941f0fcd0d9e6ddc421e4145fe3d1117fedfb0bcf80020ddc677cd7524881befbb976370646e4473f83eeff1e13f82cf70e8fb12e40e442408858cd081613a36f8120d5ab0613505e9c16b09d67c0cc00b0c312048ebfada2d532f6be77407920d86d07ec1194e8a8ea2717686563d25e1bddcff6c295df513f14c837b4258cbb26b003f860e3b27cb23876d04d417e1233a924c0a0e6a81d4b34eb113b4ed9d90d2d967fd3d33c540c8a3bed953c882dc789ddbc0f959cce33a445d755514eccc393f402f567e277ce577b9a42a4a6249f891c7cddb6b492857c80206d4ebb8e7740a215f0cbdb322b2eef72fb5180b2e9f9bc8d06ac1422e3d852be4ef147f54d90d24828b66af1c8cb30f18332cffa55849432025ce50be9eaeebce4c49efe1c8bfdc714acff1be638e8168d340ae9e4964e5a8f62f4d26497c272675b87e6ce3fc7d721dfae48d0e4473fb5d7dbe27f9bad0248b06c32af2b5714959113cb0e579a909d844b2c0c63799987ac07544ec567977777100f47a461e328954bd7fc7e4e9a97f1edcc26b6b61fe4d1778d8916387e4d00dd05b59d48575603b30bf9f08b3633f66c437afc37844107a2a373e7eea074bef81fc02df944e4cb9c61debf45f244d8594b7706755a34097d08fa95664663ef69507ed8875651c46c48f66c59e40e05caf48fb3de6983d84a9523bfe3ef18bdc9e63769f067cf975d2435e999c1749ce651fe9e282423ca7e3f2a678410974ecfee34cd24df9f660a2ecef05bd7eea1fc227117e60019e4418fc01774c36c5ea272c7639a8de96404f13d3efb13b28cf92d627603c56f1b3a28c254d87ec52f19b5314360038e69e12dd37c7c76e916849e26c37b4ae5b71101c60a271a92ab60a2a8d3c5c22b36a7c0da75cbae7bbeb6a3ee46b275db558c4a57adac9f8eda327614e3bedc338840f8be5ec14e919d5f692c762aa018220463df1bf509e5d199417671babed4ca387b108bc400355d57d236d7866eb8c729b83faeb60888242998504f3e398fb0b493b8fe8dc72a166c1b88e5b8d4a7cfe69fe22b3cfadab62306296ad519a", 0x563}, {&(0x7f0000000340)="3055e736d100abe0337be90556f3b926b1d4cfc38ddcb5c34e22cbfd681ec7cec55e162c8b35792445168ed440c3ebf19cbc00f91b96867128a14f032e0f4f73099398d1a76a68cbb8228d6a63d1c4b28584a30e0d6e492a42e015801b62a4550cfa90ae74730ebbe6f757684787a0dab4ce2fe633cd98d18cdba7ea9c512efd25852abbe3f2bc5c9cc69330960d97aaa3fbe8bf0ec8b258377e7e7da95556bb22198a19a8004b69fcf31a137fa4", 0xae}, {&(0x7f0000001400)="e536ce7a4f7d4fd09164447124fd5b6d6ac9ba4e45381a65c9feec8988eabe3bae357ada2c3964e65a5461edb50fd8e6e9490777e1c3f47085226b47a9c32f55e4ad2c9e4d886ad63902a93bbd57d186187fd34746a07e5ac682f795ab70111cf776ec19f21a9001", 0x68}], 0x3}}], 0x1, 0x0) recvmmsg(r3, &(0x7f0000001040)=[{{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000dc0)={'veth1_macvtap\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@getchain={0x24, 0x66, 0x921, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xc}}}, 0x24}}, 0x0) r5 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0xab) ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f00000000c0)=0x6) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f00000001c0)=0x8) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="b70000000000000062020000000000000000000000000000950000000000005b"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x90) r9 = openat$cgroup_ro(r8, &(0x7f0000000080)='rdma.current\x00', 0x275a, 0x0) preadv(r9, &(0x7f0000000040)=[{&(0x7f0000000200)=""/77, 0x4d}], 0x1, 0xdffffffd, 0x0) sendmsg$nl_route(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@getnexthop={0x20, 0x6a, 0x48e274f25096b26b, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r6}]}, 0x20}}, 0x0) 14.176016617s ago: executing program 4 (id=6287): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$can_bcm(0x1d, 0x2, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="6000000004060500000000000000000000000000140007800800064000000000080013400000000005000100060000000900020073797a32000000000500040000000000050005000a00000011000300686173683a69702c6d61726b"], 0x60}}, 0x0) 14.061766752s ago: executing program 4 (id=6289): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x4, 0x4}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000200000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0}, 0x50) 13.892137728s ago: executing program 4 (id=6290): socket$inet6_tcp(0xa, 0x1, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x8) r0 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x7, &(0x7f0000000000)=0x1, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r2, 0x8, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0xffffffffffffffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004b80)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000000c0)}, {&(0x7f0000000140)="06", 0x1}], 0x2}}], 0x1, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r4) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="410000000000000000030603000014000300024d141e0e50001806e8ffffffffffff08000700263a0909140002"], 0x44}, 0x2, 0x1000000}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000300), 0x16, 0x0, 0x0, 0xfffffffffffffdfd) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0xbe}, [@ldst={0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r6, r7, 0x2}, 0x10) socket$inet_dccp(0x2, 0x6, 0x0) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1) bind$bt_hci(r8, &(0x7f0000000000)={0x27}, 0x74) sendmmsg$sock(r8, &(0x7f0000000500)=[{{&(0x7f0000000200)=@un=@file={0x0, './file0\x00'}, 0x80, &(0x7f0000000340)=[{0x0, 0x2}], 0x2}}], 0x1, 0x0) socket(0x1d, 0x2, 0x6) bind$alg(r6, &(0x7f0000000480)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) 13.765778036s ago: executing program 4 (id=6292): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000140)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=ANY=[@ANYBLOB="68101000", @ANYRES16=r2, @ANYBLOB="010000000000000000001e00000008000300", @ANYRES32=r4, @ANYBLOB], 0x1c}}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x180000}, [@printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4000}, {0x85, 0x0, 0x0, 0x10}}]}, &(0x7f0000000040)='syzkaller\x00', 0x1, 0xfe7, &(0x7f0000001e00)=""/4071}, 0x90) connect$x25(r5, &(0x7f0000000300)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x3}}, 0x12) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f00000013c0)=ANY=[@ANYBLOB="850000000b0000003500000000000020a5000000050000009500000000000000f4670880271e3503200ffa95b2c8c037c5a142c9a8d76287066c51adde96fcc309926fa391b87b3e0cc7444a2391511c97fabd5f9810e81ae0b737136ea6f7be39cd34d5ae35de38dde54704d25c79949c00a7c09cc28d7673294f42a5f0a8761b30d64b741a226d67bad76402320e13822c45c0f861fbffb1f3c075ff1ebb755a2dd5760903000000000000006c6386d7ec7209d031f40f3012e9576e51a7f578602f5807785b92e544fc46c744aeeee4418d6af3e4195cc03710212436a4ff3274cac948d85cec074c6949e1298901ebb39522f6649dd76d067a82f5fe47fe5f17f99ab1e394ab800f4104dbffff0000000000de1b03a6e5cb56005c6d1d224b64be6c4d7f47ef21eb7e46f9aa4a9779f8555eaea768c1f2c221c410ef4b253d110ee282ab94de93d928cf95846be6277c04b4f07c58ad6907d0e6393c941d9541c86238d0703394d8a4f8070000000b1b2d2747c45b0c52087b5efabf84960ba0e3c4c00322de328c10752a42dca52fb98c1452b6518a6ef7297f7b2f44419a2f238f173d0caf2fcb5500f53e7309ec91d83cf4fbf975d9c07d8d3c76e65760ff000000b78863e629b3b200000000000000000000000000008b0000000a449c810d3174c87ee545867a3125e73f4220744ea9a8ea63e3e7000860000000004a2147c1128c697d9966b3c9f0e9e203911a3fac929a4fc6e625247510bc24e20ad88d4fe6a3ae2f7967546c4aae83352106057ab9cd4b3442a5d10451b95e22f30a85f5681ca3000000000000000000000396e7b6e1aa007018f6d93e79fce95d405b809238cca421ee51f581d124216e8bd9b1855f77138e438bdc037865f07f98c068be4c6155ec2736541086605947571485cf2026cbe37e0000000000ef6dc4dd63bb928ff58b3bd2a600089d172a02000000b9f9050297815a371deec596838e38068b5e438cbcd585a8cf37c596a8d2dab79d4242a353917ebdf2dc7926d80260898d4e1ca5e3a833f8f65429845bc3c3092af2bc4ee7263d3cbd9cab24eafd961a2d0c7bbfca952475c7e6158bfbb32f187d18f977117101076bad4167d5559ac12ff1473fa0ac0c0e71925a25933bfe309a040034b0cc8f69074670efc8101b89477d23823605dfa8e5945c71a0225b50d18a010ecf3c349cba000000003d78726b9ab4bff5e05027ca5b338a62e955e514da8ca2846919b7b56c192bb43f7032eb7ec224663855e92af01efa4ad90a47e485cc664921b7f9133bdbc2ba36d845997b0dd103c784a53ad0243624566e0dacfe4029ffbe59e7e7751b3a9e61910fbde39bfa81711ff0e4577055528aef46891c3c3bba988c37d03cf6893db7b0f1fe95f8a096159869db71853b6bb5c08ce5fc61353f1e659d7ac53f54a721994930a423ac7f84ed873a76b0dda0a4b4c5f87eef3164a0c03bc2a7f08290ddf300b298de3fd9167fb8b9c2f26e27f97cf53e6df03c5f982ca02ae90586ea50b85eb5b420eebe171893782b8326148ef5f5174e7ea5dd7f1caa69014a241291c2f43e9edbf44c0ffb8ee32a1896e8f0010000006e2eab9a747800c2c91190c96cf88466adf775b4cf517dc5e39be99c4ab471f381c3915203cd2f27466c8943a80ba03150699c787696de272affa4e4940e59d8b7c69f804d6d3fa7543176a4df033532e5053d72521d097dda0c7a70bd1278c61513c1b87b01d9a9ec4d5ef793096dab53d3224f245fd5d87984d58dc09d11ba0094ba8c39942be41f362e29bba1cdcf8068a4d8d67d2d6d79aa2d089bc4d475097d7523860ec41dab4fa4b0cfe674c163ad419753bd73882336d42036a179bb33162b31f2a58436ea88fba598fad929062e1084cc3bbf2187a60b1847cc63a77c2bb30477ecbe83b5bdee66ba048a6eaaa590cde56be4102d0365987eed64bdf01bbd9aaeb77dde491845e612557f0bd4ed417223b04813dc381c7685c4a02f082913a4b1ffa953dbec0b4f2bdda95a16ad11fb7f522fb65e871fd5302121ed95f3c69e3c238e0b287840f50ffa4a3834c73c1134f8d4fba26806b1978cea1d9c2274e1b8b3cdaf83c9155aec13069c53e964166d75082a2bc7db48c7ee973e771c8f363622d9cd3c1230a75c72f5a1f261a3d7338da29ca0971d82c2b8e53c19a4608191dabbda936b30968f52d9458ff5f6ea50df036e9184daedbb819abc2ec8f909000000f67989d55b68f432adfbc58f3727c9984fe17417365d6ac1cd714d830e4db2cf1f6e54bc431922783db03fe21ff13a510b1d383b05a1144efc18858d456caae1fe3cc3bf65de18d92ccab0a3010088a1e664167454caeeb8a829543469d33c5cea72a2238a9ed4caff6e17181860ad8d7fe0767241e60b4f8281f33e50d9cce19505b8eabe03dad7a26b8b4add0bd8933d2d7003979f9fb98e5c863d79ea87bb08d6e290d05aaa9bb2d1368800"/1781], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc1a}, 0x15) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = openat$cgroup_ro(r5, &(0x7f00000002c0)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r7, &(0x7f0000000200), 0x43400) getsockopt$TIPC_SRC_DROPPABLE(r7, 0x10f, 0x80, &(0x7f0000000000), &(0x7f0000000080)=0x4) r8 = socket$packet(0x11, 0x3, 0x300) socket$igmp6(0xa, 0x3, 0x2) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000000)=@routing={0x0, 0x4, 0x4, 0x0, 0x0, [@private0, @mcast1]}, 0x28) socketpair(0x22, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r9, 0x89f2, &(0x7f00000003c0)={'ip6tnl0\x00', &(0x7f00000004c0)={'ip6gre0\x00', 0x0, 0x29, 0x3, 0x8, 0x10000, 0x1, @private2, @dev={0xfe, 0x80, '\x00', 0x12}, 0x10, 0x7800, 0x1, 0x6}}) r10 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) sendmsg$can_raw(r10, &(0x7f0000000000)={&(0x7f00000000c0)={0x1d, r11}, 0x10, &(0x7f0000000140)={&(0x7f0000000180)=@can={{}, 0x0, 0x0, 0x4, 0x0, "1b2bc764c7ed2890"}, 0x10}, 0x2}, 0x0) r12 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r12, 0x0) r13 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000002e00)=ANY=[@ANYRESHEX, @ANYBLOB="a3d1eb1c74c0176108f50c4ba2a8c9b8de9a4eb4227a84505540971de0faa6d8233c8209b96d1e103dd13d5d07cd39c0a364a1a69555a63dec1cbcac57563676eae38bfec0d3594e07eda273178ce4a17fa33ecf2d843737b2fe4e32e4ee4901f62d401f5d5eed3de2b2f5bce1a8e7f0fd49d379f3a15ce32918e6a4a1844710f04e682f5b3cc03876fc2d72742a5e288a88be6c72a82dc7dc10b8b92e4c316c177a484ce8010a6102b3c536cdd318242fabc39daf05af6168e5c28de2433fdc79ca9dbf428bb612140599ed3118969f0719af59397f44af47870b2a7c53d63575b6b69514b48324dca263821eefb6b24fe76cb39cf039b08e4a78a2e7f8d85b9705c09ff07a71dc106b901d2aa9010c41d3ba00cb375b9b04ee403c66a92c8b9f9c950b1d05d5026d6dafbcb993c78fffaf9d0ec413b21f2ecddaff3c611d6bca48609203154f546c3b89396d0262bf778bf39320a99ce2d0183156e53604709d3c6b7c3a5ba00abdf58229167290d17bfad1d818f2eef662d29f745de1009c1ec6cf0d7791f057cadc1c847dfcda9465f59de895d6baa6d562b37d24e76a369470ef1b170de7ea72be38209e3eb2cb62e89dcc1e68c82c3c3a3a9337cd5fe8624b0e0eaad8ef058c57ef831845e056b42a80ae6f494152d3ac7e993ec0d286769667d8326678676ff56893cc9832e2a10c719522c494ce08f21c3abc116f7658ff82278635b890afd498a3603112e4d8a0c13cdc2cad26ffd7d41c8b992ba2804130264093ef7da11175e45896822bfa952d4177c1899f68e9ad5d02e497c9673169876d2e7ab265ed26f30d91372f5a5e7bab45ea14a8dab375f3d15f87069163a76754370aa4d8dc63d3ffaeeee30aecf18df7beacf64a55136223bc4ab40efe038a4537022cc79f30a64297a2a400c06c64621ecedc73878974dab373c477f1f35dbcee24c29377d5ca0a0889ead9d33f1c9f4f4499e8c0f11d0ee73fa9f8a207fa2b0ca6aade31f61c3c1ebd5c3135c402af07bc191d73fc90085f56d1a51c59dbea3081b74f001ef3c49de95d0f3502da805f2e557727ae97e0fd044a5ce95959962d259782ce29e90dd4359f211b9d322c3696217572627be6a00e8cae756004c7933ec12c98c40535223933bc2f9a6aa684433704ad3cf1372fccf8e2b02a41f6fbe66542cc6ccc4db996e6b0d3e40578a7de08fdde8f0debe5eccf351bfe6c26b6c624136bd19f9dd36cc8da4c63739fafd20e931818ca7c2c3a8d7f9ff80e93cdc01a63fa11cdf6eb4c4a63ab0dc89df85631faa29f6c0860026cec6152707ab2723a18fdc0f6773d73ea506a84130658d1f4dac4cebb000f78262644507a784059028f6ae9078f9fb9bba3c97a20ec1902087d7ea654fd3cbadc2301423b939f5f87f53af87a8de2f3bbc64205efb1a4d65719027e42da2fd37dcefe5019e7674aa014b0484cd593c96732f9b678c25e5a62d1bd6160b66cbc98ea2f29470a1c3b227965f67ac0c7f6c3b62f24d04d09e6126eab3203c508a8afc92308cdd11fecb22c6d40088969116d0454454d058bcaef575e0628ddbd2feee633fa6b3a30378edd9581ef3ffec9c56ff757db98d3ddc5fce7885d38c875ec0a0b72a3078f2c742009fc7160ff573423ade16fd01c6d2904115814b18db5b37ccc327bf617aabb1e2095acfd40905cca680c985a8f5a4dee8df09256fe44054ef7d2d84b11fda9d03d98ce6aeef2831318d247382537a457a3cc0dc4da53c7baa753bf57ef45caa8ad25e8eba0e0bb9c8f66a559627cd30e7faed32e01a76bacb9a0c1ddd66669ceefcd884b6319ac500e1bf0692b01326005cd5634153cc1093af4e18469093994c8d99d7f74c9eeceaf31d94ec735599676f6feda16989bdf100a0f00cfc036128c9ef6a0ae66b7e4cbfd882cff7463dadb0520068eb36e575eaedc7b2b224cbd814814fd135d510a836526a1d052ad014011678f4d8b783bd0fb1f6ed795095ec0ecbd7f71fb321ca57518284ac631215cfa34a02df739e44defd86bb782aff670dda5cd4774668661d2aa22d420a899ae2d8091ea0fc578c8d5324e20b36eb8c02c8d65c2c71e51b16a72881e1f91c2e90714faa47c72230b276615f93f9a9e6970c2f91025b773c76ff1b8ae213f6c471a2e48ee0ccd1def00e158cc9d95d0cf762610a1ecf7d631cda61aaeca402e9daacd98c48a40f1a0889431c22e919d4a0d5df6edd1df8b845ae1fb877187b73a1cd7d93a51ecf011eac579ae4e2b948ef083e1cdd15edee5ffbcb4d726da3990cf7825732c34b635e5e4f0779f89142228dbb3cff5e6670ed6703bd58ef40a1ee2ff80baac478133cb7042ddf3cb13f7bbd12e861041a75fa0492855e903b491c3b2c52721c5552472473715fcf29f6165849eb29afc8d2a9bf56435a6da0dfc99bb63fc365b9981cc0ddb5a62fe3e1b9d6d7f5baf7fbccfa46d062ce6af55411d6456dbafd129c3557101b5923f9abe5b681451d89f20057af883822343acf67d2150afc4a184a5436509636a3f5f02f3176ed84bd7352a875b70b2198c22c161cc2454a73aeea90a19b818589b7ec66b14bc8b479d58c4e8c1b9686686346a58d1384ab58c87df44b2d040511935dd230877baf6ee7c56b74427f5815caa42611f8588397e187ea7dc921a41f5c906191bdc3f207c43d2264e10f2a9008ee1795cf0f091ff205bef5bda440f22bce3bb61744aa97af6b30c1a3878368a4209f695e7c722f051b26fa119e98cfc90528863612bdf069053ad9f46ac79d7cea4826b135120f25a3b0616218782645b561096cfc04e40dfffa76edd2d08643f4f832dba0ad4ea4fb8ef12459b36457042fe9cd6520ecb769fdb7ebcc8e6b39c95f3fc950b8bbded0fdde5af053219b38a9c4a69c4154b025650653a2a0b03ed8d8385017e9ec3a00a5dd67c2421d14c4e4ec78feb73f8ec591b9238d7a91a8586db65b839fd6ba8802bfebaf80305efa52d51e25d012854f6d0fc60f280be604f0b6bf6848813dd7c370f10c48a512c206972c1717f0fafe625c18b5d5b6f9274d4b1df667f121dcc6657113f83474b9b3f6f4ac2d01c847b3deae24bccc75cd8bb959cc537998ce17885c886a4ca19338cd863b92500d6506e23783fc3c58c5fcbaed78d60963b75389d16e6358df9f67f363b0938880030ac41ecaf7b8c823d5591517b08cf74aa70ea4bd1f91b5cfa21b2b4cb4c7c4af00218682e9eead734f4c4c4f71763f0e8e61393b8ba8615011a91ae300718e78805421b56df40154c45ff479f20afcccf632bbf9d284a1f8bfa02e0b1fd5b934478630263d4761269b3a5a33fbd9dbb41cb1d47ca1743d9e1efefb691d81d702378ae81dd3baffb6cc67e01a6fe85ce975cd95fca31e0c054667944415bbe3d65d8a7c22950ad128eed8dc768ac6db8b9ffdddae3f9da36fd89903c2703d8d7058d1fc077c5b8b1a36d78baff4f57fcc82d0d2b346501a480e1335092b4b3ef4326a07b4ae34e0d7b5212609c373d7e7d2d003eba358dcca67ba7edf809a46861c4498fc0e6c36f72527026cd0958e4f08b8686fbd138703e9ec9dcfaf6fe8281c5a862825c3b2452900979d6bc9e2eb9911b01f52b2e3d5f9755f0a3fda8b79d872cc00c8f882a986d2de3cf236254ee9f26c99dba3b9626e315c095e0ffaf733d4158c8016799a2b9b50db59b4d138257befe39a844b9110689f8b10b333c97c087e52e7eb3d8ccdd84fb414ec62d4e0928b4b3f6ef3997b6304316f101db1efd97036bce1f6d43d968f7e205fcc99a3b54cbe3fb9dfb61557d793a6098c7d34b37b583fe7e60116342c93a92ac5802034818c37db45ddff54fd5bb28a34dccc58effabf3c550afecd7b8d8a6923026533665069b0f6f77ed1383dfabe723a43fb95d9a2ac802a0585b0e6d0a2670cfb9d5881307325fafe29c33f6ea8dd321db6ed252c22e112bd43b8f139382dffb078e2f064d756eb12bf3c29ed692ee9cdd0a5bc5bab78e090e6fe2513a391eef3b9e13f59a897fa9cea9371b57239201308bd645293d78ecb83491c86454aa1f5e881352e35d62ba546d815931e63d169ac0ed9d238078aed6ca811015fb1c22ab543fa0b493b5f35d8cb5035a364f3390247e94f40c3b7f97fdd063c6bdd03f49bd342cb5eeab6846b919f53d984042fe3eb79f5a0e07af07f9bc37d71cda92f09302ccc7d7604f001ad3a25802cfd1b1842653737921245df6f5d441f63baaa62559318cb31ab72930191497e3f708ce1560b6b3ae9e5d05b57b304d63a02381199c567460c68b3195821245e22cfeef794d4ecbb9d6cc279c9c824ee656012f06a2375466aef25f25cd43c782c6059b82d812555af0c1c38b90fadc55101c9d1bc49153875e09b1fc68ecf5a29be239cb5efab909fcd11af57640743c131e88b687a77e997c17b5942e87c6e7d56fc8c00b6f8d08b0f2c4ce443ef75fa0cf329cb518cb61e01004c66e7fb8cc99a44f6b61cf29df2b2320405bd865af25ee595ac139cf8a331f955793b06275310d80a28536944f90651e536eb542511b9700fc775fe413200d39ffaac76a14b39a19d6c180809fa33dd4fc5c22688650d9f965381d43ac10d854a00de7d61d143841aa902851f9f7f32020131e10607e335c9af85c53af10f3da7eefdcc81437ec5a369c9bd5d57229cdfacf15be9ee43046073cca022999cb1cfd58c5269cb31c902fb295fda5169aca17fe74d5f7a9193c00897322c5d1ded4476b3be1fff94fd5fbb5ef595528b665bf697313657254b8c2de652c19b8df6e4dec60ce485dee8c5a0949d68fc5505245a8c20aa6e2ddfdf8c758e4fcbadbe6866c1bd1e6fc7dd98d616fd05a6bee80e717a8b8d7bcd5426260fb59a888facc585cb3fcf8b0557a2f9feb764777eb542620f7050c958f9694f46993f70ae5d39faca09c8068b557ed999be05cc1f6d8ba10bfc387375eee59767614369301ca8affb659b7b9e1fd78f92c2a7f2ca8d62403d3a5a65c5ef576d64616fc623dad391651b750a27c72133a526b5a5f17ed97b5c7f8a2a6287f5c03637235257343a19d28178e7095b56d5baf43234df6c212d299bb61465941e9603e49175d3fcbe42b9558cc00782f9db63d22c022d6935077b89f82227b6872512a4f1fe0594ce7d1af553f6361ce0510aa1f02e6e07c0bcf3a4724498cf52f915eb08581257520886f44d1ac7d60d60b1db3d5bd7d6676814870e10299989e1fb5f72e641ceae8d30d4b54baf6a0a05d1905557aa2f04299d0ef0f16380c01d71d85f35f2d8083aee7dfdb7c5e50a203827244eaceb317dea4ff3c509a520c0565fdc06dc5bd473ac88c5d2b86c94f299f554059b342266364667ea6133bbfb1c9b75d9ec20069d56648d6b4dd007aad6b95a66281911cef59a3d2e8a279ea731e668b679817975f20dbac3cc0fe41dd84031673fa6f9fc405ae68676afbed8a9e5c54fca197d0f9a8b6d0998803d211b238400a7d60df023bf5d6005d1227f909ed32b4fc55832c40cdd76e7db2050d27ffc248ae531bfd904e396faa680bd012d3b8ce02ddd4d0f5d6fa41dabca7c58f03c6204c3c74945d67eeeae97de94a2de285b392c5d2b262486a31d8944e8d780a1fe5c9db545be672bea972b87f068933bd35e8f0dca367184dfea392164baead4a44b1722845b98dc1b87a5618fae87f2c20d0542032af8bfcba2a28b47cd5c068aeedacd4eff3a049326ee92a4b8247de3a250c9eda5f5c16d42043dbaa28112e48f2e82061da73de", @ANYRESHEX=r7], &(0x7f00002bf000)='syzkaller\x00', 0x937, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, 0x0, r7, 0x8, &(0x7f0000000000)={0x0, 0xfffffffd}, 0x8}, 0x90) r14 = socket$kcm(0x29, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r14, 0x89e0, &(0x7f0000000180)={r12, r13}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYRESHEX, @ANYRES32=r1, @ANYBLOB="9cbe", @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0) 11.630432016s ago: executing program 4 (id=6299): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x0, &(0x7f0000000180)=0x6, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r1 = socket$packet(0x11, 0x0, 0x300) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$sock(r2, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x4000001) ioctl(r1, 0x4, &(0x7f0000001900)="0d73a42478403bcae81ac429827a35f4a42d2f718e3ee2e530b34d952ef1c5b164abb138d29a0118fed78d39ad739dfc3edfb90af8c848f258ec2f6fb670008d2b1641bfea5322122bc2e61fbd94b7745215b648d1063d7f2fc920a4631b54041774c642a390dd12f4ed034f8427a529f4d52359fc5b847c9d24b743eeeff75278a332bf29b4c7e1f928850ff8e8ddb1d1489a45f07d626cae0eb2a2fc5261c2715d7b60410cca8a123b393e731c910df8576aa11333a2bb1c29410f8075a2c4ecf0e3a3cd6e711a6645da26d85c8c36824e0ee222e1fb7a126180a4c695a41276acfb55cd08c50252ee58fd4a980d4fd72dd817757787cec6d08e04cb52b70bac375abef78fa4a2e3b063e79b81e247df18b05b5f75e921da7075c62ab492c156ac748b786403e25c7386698f729008c527088a9d8ba0ccdf948209698d8824054646baf516fe289a7053132f1e06dc127b364b31edb247140859b6a2dc599e7b363ba63878732dca8da42aaebc7b57210e442bc4f808ebb6cc9055c74da5edc7ef010ca29baffeb32fdabb7c3493763f459d953204b535b4236d6f5b3b34adb6bd32f14e4d9c1f452bf1b2c83de4323fb1938ecc3d5aa0fd5b210a72d5311c72bb1770d2f1ed35d48dec0b4518d878c5f0cb13f494fdf35590482e0630be53fcb43ccce851c78929b3003841bf98d4075a1003b2bf5181078fc4b0a9493d70447bdafdf4219e1e2ebec46ece2a0940284f0c7c6859b8618ef724b9908af3848bde88ad1627d0ea26675dbeb2791503bc178771a64343a0f19371ce64bd589ec7bc249bfff4fb3230deec464296e3e23af461a5ee21283eac28517dbf590a134fb79faf8c6db79a62d832db31d7d0fdcbaaa8cae51b5ea3e11822d31c746edf02d34716c6c61106c343063ec8654ae3cc81f9fad4eb8d07eae29e902b7dc2bf8d800587e95517e1f79b432a0413af86c36c0604f88bcccbe965d054cd1c41fba706f4371fa94f4e8e01aaa53117fe26f2961413cb576d8b5a8cd1dafb3d6a511cf8aff4c8bc75f71bdaa04017e3e2909c96fa2c4a4abd7598dc55fd8aa3820a3183bb520f7c4963bc41ce38cd3a5636c8af1ced3096dcba486fce45e370eff5300cf2daeada741ea7691dfc151dc176d39ac1ab8e12a2e24ba60c2453578c8cafb86c557a6c46968f4a90bb67720c30cc9fd4991386c2c203bee2b799faa1901a94b2583492c40bef1010edfea1a1ea2cff12ff24768f910ad79f5c90c49927aa4036212ee9fdba176781b145ad7d33070a5de4a16793f09a454d6fcb518a502a123cef10d21428773ef5cdaf3159d43ac3cc37759b9d2bea5152e5075db12bbdfe133f7c6bb897588e907e114974630aeb32b8302794051b1f5672f3d705c515f4a2b7ae7b5521ba34474d0f8fb3aa96b98de2f97df12a1b894afb7c4c91994dce884879e66a02a08a8f1d3a6fd5c2bcc51187906a1d46bede4b400dff57c9f1e01feedf1eccb148347b145dbce9b5e5fc1fe76ee8cdc9afef98232dd470bd2a0f66a9fc559bcc964cde4ee3ec2b93e7c0bc1e14cbed4d2653fb3905a4e351aba69dc8bbb1a5f080c82db1e2a33acadf26101bb2edf4520213c9a178f1262cc9b5ad2927f460b5f9689551d6a5c7563e32b1dc657189ee4d8836e66f9e4b44f02ba65cd99c9ac3cf878c9006af33c4448cb82a113811c050c9bbb527b945a98cda7358a42c35ff041c2c84bdd85a7dd565c8f95ada0f99af7b61acf37f2976365102f87f422d5849215d1ed83dbad1470fee77a23c82400358c573cbd14f402b9c417638105ee9c65eb44e0e2cd2540654d280d346b2536870de5d3a7c6b7dc8b0fc3031dfb8ac4769847d580b254a5f06f3eb454da9263d190f7751c80d05ad95f1e7a3e4dfe9a44f30af0610640c54243cb1f4baca34a8ec4a69f165f65c17a213cb9b5e2eaa8ef48cc8745bdaac00c794ce5f986ced604f0d1021d2986bd6d201faf6260b9cbc2010dfbe3967f9c68a603c3bc9d7ac5c058ce9a86232770faa872b49ab071839dd449d597bce17e3c4c5b9e39b5f9e82b23f268aa8404e59f7e5edbdd54400d161b7ba57c8a471a99fd997ce33be40d7a379bd4857ff04bd0b86f7e257942701312da75970b330819436a4601232c89e9691296f628de5e483fffe49b665fa7ef92674a425a68a04f7d3b612d53c493a1944bcabc0578f5319934fec8cdd0be1f8eff0a6aee07669fa692c57c6e5d4cb9edc77545dd13a3f02bda2669b6e645b85671e060472a3bf3b78ea65950ffb73ef4aacfc98a9b1dbdc6db5985ebd6bbe380985d9c727b221282aa336b9a5ed88da3599c7cc25cb8c20b674ed2b49b522dc636bcc0b877e68f5ba70e2c3f0bb8c54433db32ef692082d345d91d7966ef93a5370d5d4f61938cbc99cf737f92e6c341749413ccd79be818d806b888cdf66af6321cac5722075691398dab12847139b022fab7df46d2656c8008c2fe9b7a96df44f630fad3e366fe8ec686b46e2af37179c45a4b4a35c27f00f41fad5024f2b2697d9a327d2719dae11375a77b6c439af4d2eeace3264775078e248d44065679d0294063d2df51c12ed29fb268d8643a4e270d02516c86bf3e86e851e2ef529bcb4b40f2f194a2d795fdfe8db72bc21f833f055459d4000b1b0fbc47ed659273e59d8ceecaf06ae5d41fc4bb225db9c9544014545f0621e595b83ef65ec560d588ea5ec1685d2800bfcc1965287cf3153b433d910341459dd5d54c2ad950abc034a4e173b4ab744df29175c0b3f5a43a445d6cb310dbc4c9765fa25e18822f8fc8ba51be9cd41534fec18d876ed2f74bf84f4623148f3766409bee64ee467247ac0681377bbf8879204ca63dc45bd35569db29587bce9be9b329770837fbff4d4711813bc986821e1d4aba09957b48e51b13f19f180ca578a6be67b5b48177bf30615d25b77d13e0f1eaca188ace3de24e559930bfb397c13f444be2327beb3eafd522300a6aafe0f53faa14dbcc486532c1742f5149c492cc31644e3596be3959c5896df4a9513b7c485370db8ef9ee3e919305e40c999fd49cdda56941dca8d3cf3e1bbaeeacb4bb12168c3318a3384adeb762755878f2371972ffaae0c37505ab9a67dcf6f8c4343f363bd20845569ffe2f7c9162724fa7787d4c7c97764c97e0dfe7e5236e6efcd1e9f126a625791c457cae775edf8c73c18628e98ca92df8c907be1993eade647cdafa1da38ab622eef5fa67fe82de424db61d1d58011a62c72a8aebf88b25b9269909ef0b3d73e16ade58d7a19f5a14c5d387fff0717b01b76b13a67eaddef641d0fc36fe319ab9f840a4082ce9a3f9b4e9558311ad82e87f507d2426b21687c608ba0d35ed54f2fa207c75cce9b0d504ed0a39de8eb1d2cd03e1466b14b5a641e8dfba8921b30c48727c944c1e58c9a0c5a77721f8da077f0575d545cdb872745f467dcd7c1adfd0c19f88319ddb4b9364096b85a47e739bc1b8f718301ef025a72a1b7cf046a40b0fe44bed0213c3e07713a1748c2ae41cecfa6d0c48465f7c239f9a3660da8cbc352eee171904173bc848c6978bbe636b16e4fbaf6f9f489d36be95dca1d471266a1aff5f21c0b3b097a45ab973cf6b0462aa95dc4c756fc81e7a02b1924567cf8a3b66a0b1f1756b84b18c1e8b062e33296b3cece68e2ba25d325af73c69ca47ea7fa2ddd4ee7ae4a6bf42a935ed913b3fbc53809619f09ff2ada16677076e01c7cc4bb010754ffede40a60c7334668425e9f307db06fb8f0e728572c3a9c5d46c1bfdfbd3bb641e079d6122486214697e29f9b82d104383b94075b514473fa0bfc5396d070d0cce6681b2590c1bfff210cc0a3812931af5b84fc5b3fae73ff7cb12f2cbbb0c406473ecb0d9a65a1c2d69048d9d288e5c276142a29b52bacc8712d0f6f69c2ce33d118cd176ef3499cad7e00d9adbc4163db7fb5179cfd68d1add8c4d749196a8cb8ce19f6941a7700b9e4701e81355ffe9fc69bca00003cd8a71041d182bf3fded049b01790e2a3637b76f6ed51fbed36f6cab67b197a75baad190ca1c795a5fb1db36cef4152532c20604039dac495b55dec462cd6f58dc972597bae66ee867a6ad1005a270d9de889cb3b4c6d5c9abe908cd4be380549f44dcfd9b9261ffdcdf070e72f6edd55120f8029a9bcada0d451a3e8ba2ccf26a551d7656d35c16c52cd94c6213480cb6801de3ebeb838ed3157873b7afbdff06107e8698e3f8f79807ffe21e5465cda433d9118e1781614e29443e65e28cb2928ea9fd40abf5e23f11cee874ab756a39d20cf816c4bf1e9132738f5a4d91bf156b5a50219") r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000006a0083b0cbe05f0000000000000000000000000008000e0004"], 0x20}}, 0x0) epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = socket$inet6(0xa, 0x3, 0x2) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f00000000c0)) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000040)={{{@in6=@empty, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x32}, 0x0, @in=@private}}, 0xe8) r6 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000180)="71e67a15cdf0311cfcf33a", 0xb) r7 = accept4$alg(r6, 0x0, 0x0, 0x0) sendmmsg$alg(r7, 0x0, 0x0, 0x0) write$binfmt_misc(r7, &(0x7f0000001240)={'syz1'}, 0x4) read$alg(r7, &(0x7f0000000180)=""/4096, 0x10) sendmmsg$inet6(r5, &(0x7f00000090c0)=[{{&(0x7f00000002c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-ssse3\x00'}, 0x58) r9 = accept4(r8, 0x0, 0x0, 0x0) recvmmsg(r9, &(0x7f00000005c0)=[{{0x0, 0xfffffffffffffea3, 0x0}}], 0x3ffffffffffff62, 0x0, 0x0) (fail_nth: 39) ioctl$sock_x25_SIOCDELRT(r9, 0x890c, &(0x7f0000001280)={@remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x0}, 0x3, 'lo\x00'}) 11.406034432s ago: executing program 2 (id=6302): socket$inet6_tcp(0xa, 0x1, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, 0x0, 0x8) r0 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x7, &(0x7f0000000000)=0x1, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r2, 0x8, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0xffffffffffffffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004b80)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000000c0)}, {&(0x7f0000000140)="06", 0x1}], 0x2}}], 0x1, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r4) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="410000000000000000030603000014000300024d141e0e50001806e8ffffffffffff08000700263a0909140002"], 0x44}, 0x2, 0x1000000}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000300), 0x16, 0x0, 0x0, 0xfffffffffffffdfd) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0xbe}, [@ldst={0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r6, r7, 0x2}, 0x10) socket$inet_dccp(0x2, 0x6, 0x0) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1) bind$bt_hci(r8, &(0x7f0000000000)={0x27}, 0x74) sendmmsg$sock(r8, &(0x7f0000000500)=[{{&(0x7f0000000200)=@un=@file={0x0, './file0\x00'}, 0x80, &(0x7f0000000340)=[{0x0, 0x2}], 0x2}}], 0x1, 0x0) socket(0x1d, 0x2, 0x6) bind$alg(r6, &(0x7f0000000480)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) 11.189868839s ago: executing program 2 (id=6305): socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x24, 0x10, 0x701, 0x0, 0x0, {}, [@typed={0x6, 0x1, 0x0, 0x0, @str='\x17\x00'}, @typed={0x8, 0xa, 0x0, 0x0, @fd}]}, 0x24}}, 0x0) 10.912080849s ago: executing program 2 (id=6308): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$inet6(r0, &(0x7f0000000000)={&(0x7f00000000c0)={0xa, 0x4e20, 0x80000, @dev, 0x6c}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=[@hopopts_2292={{0x18}}], 0x18}, 0x0) 2.592107091s ago: executing program 3 (id=6363): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r1, &(0x7f0000000140), 0x9) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r2 = socket(0xa, 0x6, 0x0) getsockopt$inet6_mreq(r2, 0x10d, 0xfc, 0x0, &(0x7f0000000000)) 2.392165172s ago: executing program 3 (id=6365): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000001000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x7, 0xff, 0x84}, 0x48) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000940)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}]}]}]}, @ETHTOOL_A_FEATURES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}]}]}, 0x4c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000080)={0x18, 0x0, {0x1, @link_local, 'geneve0\x00'}}, 0x1e) unshare(0x20000400) ioctl$PPPIOCATTCHAN(0xffffffffffffffff, 0x40047438, &(0x7f0000000100)=0x1) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x16, 0x0, 0x0, 0x0, 0xee4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x90) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$netlink(0x10, 0x3, 0x14) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000280)={'geneve0\x00'}) ioctl$PPPIOCGUNIT(0xffffffffffffffff, 0x80047456, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter, 0x48) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001a00010000000000000000008180"], 0x30}}, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r0}, 0x38) 2.124370716s ago: executing program 0 (id=6369): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9fe7010966eb0100180000000000000060000000600000ce9dfdcb34b3d90d411a60000300000002000000090000060400000007000000af0c00000b0000000000090006000000c7000000080000000400000002000000020000000f000000010000000f0000080400000002000000b90ae72b0e00000009000000"], 0x0, 0x7b}, 0x20) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x26e1, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)) ioctl$SIOCSIFHWADDR(r1, 0x40049409, &(0x7f0000000000)={'wlan1\x00', @random='\x00\x00\\ \x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0), 0x48) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c0100002bd97fc20000000000000000ac1414bb0000200001000008000000062889ac0000000000040000c00000000000d03a43b79e59113adc2fb81a9af8d9642b122449e5132ae4e5d0fd7124e22bc9fd582fe3d8d8a97b10309c68101bd0e7b7e2903faec238d243b4a204171fda3364f41486dab342bd7ba7dbabeb8eb209c9b9bbad36401f711cc20001559411d615215d21125472f09cbf056c1b9d0cadde550cc5945c2a31545bc3fbf5f0fd662148263559d5fc4e0000", @ANYRES32=0x0, @ANYRESOCT=r1, @ANYRES32=r2, @ANYRES32=r0, @ANYRES32], 0x19d}, 0x1, 0x0, 0x0, 0x20000000}, 0x4) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000000)={0x0, {0x2, 0x0, @local}, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2f}}, {0x2, 0x0, @private}, 0x7e}) socket$igmp(0x2, 0x3, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70200000000000085000000a000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$inet6(0xa, 0x6, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl$SIOCAX25CTLCON(r4, 0x89e8, &(0x7f0000000100)={@default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x0, 0xffffffffffff0001, 0x0, [@default, @null, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default]}) syz_genetlink_get_family_id$nl80211(&(0x7f0000007bc0), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) 2.103522384s ago: executing program 1 (id=6370): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000000)=0xb7c, 0x4) r1 = accept$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000080)=0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x4e24, 0x7, @private1={0xfc, 0x1, '\x00', 0x1}, 0x98a0}}, 0x0, 0x0, 0x3c, 0x0, "1536e3d8befa5d1fe08c826174836ddbf8b39613401a087c8e822b2469e3170b209af538866002808a6572a07f330bbfe8599d301c3022936750871acf41b79afbf31c167fc728d121d890903dce882f"}, 0xd8) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000001c0)={r0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10020}, 0xc, &(0x7f00000003c0)={&(0x7f0000000280)={0x158, r3, 0x400, 0x70bd26, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x6b, 0x80}}}}, [@NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0x4}, @NL80211_ATTR_IE={0xa8, 0x2a, [@perr={0x84, 0x9c, {0x9, 0xa, [{{0x0, 0x1}, @device_a, 0x1, @value=@device_b, 0x3b}, {{}, @broadcast, 0x4, @void, 0x30}, {{}, @device_a, 0x3, @void, 0x800}, {{0x0, 0x1}, @broadcast, 0x10001, @value, 0x18}, {{}, @broadcast, 0x4, @void, 0x1}, {{}, @device_a, 0x0, @void, 0xf}, {{0x0, 0x1}, @device_b, 0x5d04, @value, 0x6}, {{0x0, 0x1}, @device_a, 0x3, @value=@device_b, 0x24}, {{}, @device_a, 0x8, @void, 0x18}, {{}, @device_b, 0x953, @void, 0x3a}]}}, @ext_channel_switch={0x3c, 0x4, {0x0, 0x96, 0x24, 0x3}}]}, @NL80211_ATTR_BSSID={0xa}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_SCAN_FREQUENCIES={0xc, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x7}]}, @NL80211_ATTR_SCAN_FREQUENCIES={0x4c, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x7}, {0x8, 0x0, 0x80}, {0x8}, {0x8, 0x0, 0x5}, {0x8, 0x0, 0x2}, {0x8, 0x0, 0x6}, {0x8, 0x0, 0x1ff}, {0x8, 0x0, 0xf2b1}, {0x8, 0x0, 0x10000}]}, @NL80211_ATTR_SCAN_FREQUENCIES={0x14, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0xee}, {0x8, 0x0, 0x1}]}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0xff}]}, 0x158}, 0x1, 0x0, 0x0, 0x4000}, 0x20000840) r4 = accept$ax25(0xffffffffffffffff, &(0x7f0000000440)={{0x3, @default}, [@remote, @null, @null, @rose, @bcast, @netrom, @rose, @default]}, &(0x7f00000004c0)=0x48) ioctl$sock_ax25_SIOCADDRT(r4, 0x890b, &(0x7f0000000500)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x3, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000580)=0x7, 0x4) r5 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f00000005c0)={0x0, 0x4}, &(0x7f0000000600)=0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000640)=@assoc_id=r6, &(0x7f0000000680)=0x4) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000006c0), 0x4) setsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, &(0x7f0000000700)=0x7, 0x4) ioctl$FS_IOC_GETVERSION(r5, 0x80087601, &(0x7f0000000740)) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000780)={'wlan0\x00', 0x0}) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000007c0)='cpuacct.stat\x00', 0x0, 0x0) r9 = openat$cgroup_ro(r8, &(0x7f0000000800)='blkio.bfq.io_service_bytes_recursive\x00', 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f00000008c0)={'syztnl1\x00', &(0x7f0000000840)={'ip6_vti0\x00', r7, 0x2f, 0x2, 0x0, 0xf0000000, 0x7c8c01842e1987f1, @loopback, @empty, 0x8, 0x10, 0x401, 0xbd}}) setsockopt$bt_hci_HCI_FILTER(r8, 0x0, 0x2, &(0x7f0000000900)={0x300000, [0x9, 0xa84], 0x2}, 0x10) sendmsg$BATADV_CMD_SET_HARDIF(r9, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x34, 0x0, 0x100, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x10000001) socket$alg(0x26, 0x5, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000d80)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000d40)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_DELTABLE={0xec, 0x2, 0xa, 0x3, 0x0, 0x0, {0xa, 0x0, 0xa}, [@NFTA_TABLE_USERDATA={0xa7, 0x6, "11a4ee97b7233c9208c0fcd333f1d75546e30714d405c1e4583f3908ee93440d399b14b7d2052832570233f8b068d48f7ff1e2bd3af7b5db0f8888a0867f4a1a8282f656afad46689094dd48017ddfba90102415579b57db68766b553a5739d8a93446e5af612e60eb89596a7d250203fd4527f7af46ea9e86c080a30963760ebc5ba61a90881e4f935b60b700c649e185a65e70548db1bd02e9925851e5db7177b121"}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELRULE={0x30, 0x8, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x9}, [@NFTA_RULE_USERDATA={0x7, 0x7, 0x1, 0x0, "f021e5"}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_RULE_POSITION_ID={0x8}]}, @NFT_MSG_DELOBJ={0x50, 0x14, 0xa, 0x401, 0x0, 0x0, {0x3, 0x0, 0x9}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x5}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x4}]}, @NFT_MSG_NEWSET={0xd8, 0x9, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFTA_SET_EXPR={0xc, 0x11, 0x0, 0x1, @osf={{0x8}, @void}}, @NFTA_SET_EXPR={0x40, 0x11, 0x0, 0x1, @fwd={{0x8}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0xb}, @NFTA_FWD_NFPROTO={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_FWD_NFPROTO={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_FWD_SREG_ADDR={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FWD_NFPROTO={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_FWD_NFPROTO={0x8, 0x3, 0x1, 0x0, 0xa}]}}}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x44}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_EXPRESSIONS={0x30, 0x12, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_QUEUE_NUM={0x6, 0x1, 0x1, 0x0, 0x6}, @NFTA_QUEUE_NUM={0x6}, @NFTA_QUEUE_TOTAL={0x6, 0x2, 0x1, 0x0, 0x7}]}}}]}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @match={{0xa}, @void}}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x40}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x1}, @NFT_OBJECT_CT_HELPER=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}}, @NFT_MSG_NEWSETELEM={0x28, 0xc, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x2b4}, 0x1, 0x0, 0x0, 0x20044884}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000e00)={&(0x7f0000000dc0)='afs_dir_check_failed\x00', r8}, 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r8, 0x84, 0x1c, &(0x7f0000000e40), &(0x7f0000000e80)=0x4) recvmmsg(r9, &(0x7f0000004bc0)=[{{&(0x7f0000000ec0)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f00000021c0)=[{&(0x7f0000000f40)=""/94, 0x5e}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000001fc0)=""/11, 0xb}, {&(0x7f0000002000)=""/3, 0x3}, {&(0x7f0000002040)=""/40, 0x28}, {&(0x7f0000002080)=""/76, 0x4c}, {&(0x7f0000002100)=""/151, 0x97}], 0x7, &(0x7f0000002240)=""/19, 0x13}, 0x7b}, {{&(0x7f0000002280)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f00000024c0)=[{&(0x7f0000002300)=""/76, 0x4c}, {&(0x7f0000002380)=""/31, 0x1f}, {&(0x7f00000023c0)=""/212, 0xd4}], 0x3}, 0x8}, {{0x0, 0x0, &(0x7f0000004a40)=[{&(0x7f0000002500)=""/4096, 0x1000}, {&(0x7f0000003500)=""/73, 0x49}, {&(0x7f0000003580)=""/229, 0xe5}, {&(0x7f0000003680)=""/47, 0x2f}, {&(0x7f00000036c0)=""/119, 0x77}, {&(0x7f0000003740)=""/129, 0x81}, {&(0x7f0000003800)=""/41, 0x29}, {&(0x7f0000003840)=""/4096, 0x1000}, {&(0x7f0000004840)=""/222, 0xde}, {&(0x7f0000004940)=""/255, 0xff}], 0xa, &(0x7f0000004b00)=""/144, 0x90}, 0x5}], 0x3, 0x10000, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000004d00)={'ip6gre0\x00', &(0x7f0000004c80)={'syztnl1\x00', r10, 0x4, 0x6, 0x6f, 0x7, 0x8, @empty, @private0={0xfc, 0x0, '\x00', 0x1}, 0x700, 0x7966, 0x7fffffff, 0x7e33}}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000004d40)={0x1b, 0x0, 0x0, 0x0, 0x0, r9, 0x3dd9, '\x00', r11, r9, 0x3, 0x1, 0x1}, 0x48) 1.985257514s ago: executing program 0 (id=6371): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$netlink(r1, &(0x7f0000000000), &(0x7f0000000040)=0xc) sendto(r1, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1) r2 = socket$inet(0xa, 0x801, 0x84) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) listen(r2, 0x81) r3 = accept4(r2, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_channels={0x10}}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x1c, r5, 0x0, 0x70bd2b, 0x4, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_DEL_MPATH(r4, &(0x7f0000000c80)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000c40)={&(0x7f0000000c00)={0x38, r5, 0x4, 0x70bd26, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x75adc41b, 0x1a}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x38}, 0x1, 0x0, 0x0, 0x89}, 0x24000000) sendmsg$NL80211_CMD_DEAUTHENTICATE(r6, &(0x7f0000000b80)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000b40)={&(0x7f0000000ac0)={0x50, r5, 0x0, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0xfffffff9, 0x1}}}}, [@NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_REASON_CODE={0x6}, @NL80211_ATTR_SSID={0x15, 0x34, @random="6a46d3402049cfdf23cbb4e13d40bb18c5"}, @NL80211_ATTR_MAC={0xa, 0x6, @random="ec0f4aef314d"}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), 0xffffffffffffffff) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8914, &(0x7f0000000040)={'bond0\x00', 0x400}) getpeername$packet(r3, &(0x7f0000000cc0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000d00)=0x14) ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8923, &(0x7f0000000040)={'bond0\x00', 0x1001}) sendmsg$NFT_MSG_GETOBJ(r8, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f0000000780)={&(0x7f0000000980)=ANY=[@ANYBLOB="20000004130a01030000000000000000010000e794874a74738e4655030c0006400000140900000005d0723de324dd78f2b1c145e6fb71bfc79d8d07e2769c5b18fca4bb294362b42c7e98beccb6d4fdc64cb29ddaa8ba065da3b54dddac64cde301f19cc22ef87c904cd248e1a1fd32b554dad090a8547d24113fdc29483160c0f20000000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x20004090}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000006c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r7, 0x8, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x30}, @void, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x840}, 0x40004) sendmsg$NL80211_CMD_ABORT_SCAN(r6, &(0x7f0000000840)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c65d6d5", @ANYRES16=r7, @ANYBLOB="000426bd7000fbdbdf257200000008000300", @ANYRES32=r9, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x6) sendmsg$NL80211_CMD_GET_MPATH(r3, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x40, r5, 0x8, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x40000001, 0x16}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MAC={0xa}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x28014044) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000300)={&(0x7f0000000880)={0xd4, r5, 0x200, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x1, 0x39}}}}, [@NL80211_ATTR_IE={0xa9, 0x2a, [@supported_rates={0x1, 0x1, [{0x18, 0x1}]}, @mic={0x8c, 0x18, {0x594, "16f0453bb598", @long="567995d02a062a5f301f7e8992318e92"}}, @sec_chan_ofs={0x3e, 0x1, 0x1}, @random={0x8, 0x7d, "494fe4690213f38abb0ca46483d360d297387521940def8344d261e47a58b04da60b857022afc7cfe8f51b4201cbb690834e58b07e3fe25656144accd5600d4ba385fe65763f65884cdba4ad6a00c55c2a81026c6fec677e2d8f1318f9973d57a6637ec978f740bd3883247fe667b561184cd98dd0a8dc6e0237d5b217"}, @challenge={0x10, 0x1, 0x29}, @erp={0x2a, 0x1}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x8c1}, 0x400a9) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/110, 0x14b}, {&(0x7f0000000280)=""/85, 0x53}, {&(0x7f0000000fc0)=""/4096, 0x84}, {&(0x7f0000000400)=""/106, 0x464}, {&(0x7f0000000740)=""/73, 0x60}, {&(0x7f0000000200)=""/77, 0x630}, {&(0x7f00000007c0)=""/154, 0x4a}, {&(0x7f0000000100)=""/16, 0x2ac}], 0x8, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) sendmsg$NFT_MSG_GETRULE(r8, &(0x7f0000000a40)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000580)={0x40, 0x7, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_RULE_COMPAT={0x2c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x809b}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x67}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x73}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x880}, 0x4005) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN={0x4, 0x8004}]}]}, @IFLA_GROUP={0x8}]}, 0x40}}, 0x0) 1.980688526s ago: executing program 3 (id=6372): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000140)={'wpan4\x00'}) r3 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000000)=0x200, 0x4) bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r4 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r4, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x44}}, 0x0) 1.9143767s ago: executing program 1 (id=6373): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000080)) write(0xffffffffffffffff, 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x60, r2, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x2c, 0x51, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "a7fd4531296b6353d1f3e08847"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8}]}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}]]}, 0x60}}, 0x0) 1.283727521s ago: executing program 1 (id=6374): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000380)={@ipv4={'\x00', '\xff\xff', @loopback}, @private1, @mcast1, 0xfffffffd, 0x0, 0xa3, 0x0, 0x0, 0x1820020}) 1.205762049s ago: executing program 3 (id=6375): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x4, &(0x7f00000006c0)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xbc}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x5000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x4a) socket$inet(0x2, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) 1.120469221s ago: executing program 0 (id=6376): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000c40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="8252", 0x5aa}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="90"], 0x190}}], 0x2, 0x4000c020) 1.093889735s ago: executing program 0 (id=6377): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000006c0)=@newlink={0x38, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x4048b}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r3}]}}}]}, 0x38}}, 0x0) sendmsg$inet(r0, &(0x7f0000000640)={&(0x7f0000000440)={0x2, 0xa00, @private=0xa010101}, 0x10, &(0x7f0000000500)=[{&(0x7f00000004c0)="9e01", 0x2}], 0x1, &(0x7f0000000240)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @empty, @local}}}], 0x20}, 0x0) 293.605946ms ago: executing program 1 (id=6378): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x16, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xb2}]}, &(0x7f0000000040)='GPL\x00'}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x90) 243.472906ms ago: executing program 3 (id=6379): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14, 0x10, 0x1, 0x0, 0x38}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xa4}}, 0x0) 140.185131ms ago: executing program 0 (id=6380): r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, 0x0, 0x0, 0x1, 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @mcast2, 0x10005}, 0x1c) r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000180)=@base={0x12, 0x12, 0x8, 0x2, 0x1480}, 0x48) r3 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000140), &(0x7f0000000240)=@udp6=r3}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r2, &(0x7f0000000000), &(0x7f0000000140)=@udp6=r3}, 0x20) sendmmsg$inet6(r1, &(0x7f0000000c40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="29d00d8e6e12ae60b585a8cf5a355469c5a413533c46c22d3ceedf3c9cdfbd462122fae1bb74ee12ec3db3a7eb241a0d405e1d72b626f0f077693f5e5bffda5518b7bbb334352d0479a7eaea6cc4f47ad394ed66374fc8f261774f0da36d4c46c85cbd4f72127f6b64edd9c77ed7bc063f659f68279bf018ff9ac625109d88506da0b69e8fc7394838172292a126c53eea69456e8305f9a9818f48ae407a", 0x9e}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYRES16=r1], 0x190}}], 0x2, 0x4000c020) 139.966181ms ago: executing program 1 (id=6381): syz_emit_ethernet(0x1f, &(0x7f0000000180)=ANY=[@ANYBLOB="ffffffffffff000000e8ff000011424203"], 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) socket(0x0, 0x0, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0x0, &(0x7f0000000000), 0x0) setsockopt$TIPC_GROUP_LEAVE(0xffffffffffffffff, 0x10f, 0x88) bind$inet(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000040)=0x4, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0x900, 0x4) 106.094115ms ago: executing program 3 (id=6382): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000001000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x7, 0xff, 0x84}, 0x48) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000940)={0x4c, r2, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}]}]}]}, @ETHTOOL_A_FEATURES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}]}]}, 0x4c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000080)={0x18, 0x0, {0x1, @link_local, 'geneve0\x00'}}, 0x1e) unshare(0x20000400) ioctl$PPPIOCATTCHAN(0xffffffffffffffff, 0x40047438, &(0x7f0000000100)=0x1) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x16, 0x0, 0x0, 0x0, 0xee4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x90) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$netlink(0x10, 0x3, 0x14) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000280)={'geneve0\x00'}) ioctl$PPPIOCGUNIT(0xffffffffffffffff, 0x80047456, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter, 0x48) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001a00010000000000000000008180"], 0x30}}, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r0}, 0x38) 53.251315ms ago: executing program 0 (id=6383): r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00') r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gre={{0x8}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_TYPE={0x6}]}}}]}, 0x3c}}, 0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0x8004b708, 0x0) 0s ago: executing program 1 (id=6384): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000080)) write(0xffffffffffffffff, 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x60, r2, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x2c, 0x51, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "a7fd4531296b6353d1f3e08847"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8}]}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}]]}, 0x60}}, 0x0) kernel console output (not intermixed with test programs): licy: neither incoming nor outgoing policy selected [ 472.454084][T19707] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 472.573503][T19716] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 472.746506][T19729] Bluetooth: hci3: invalid length 0, exp 2 for type 14 [ 472.833914][T19734] __nla_validate_parse: 2 callbacks suppressed [ 472.833937][T19734] netlink: 76 bytes leftover after parsing attributes in process `syz.3.4998'. [ 473.154843][T19748] validate_nla: 2 callbacks suppressed [ 473.154866][T19748] netlink: 'syz.3.5003': attribute type 6 has an invalid length. [ 473.170762][T19748] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.5003'. [ 473.375981][T19760] IPv6: Can't replace route, no match found [ 474.255295][T19800] FAULT_INJECTION: forcing a failure. [ 474.255295][T19800] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 474.269103][T19800] CPU: 1 PID: 19800 Comm: syz.0.5020 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 474.279070][T19800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 474.289215][T19800] Call Trace: [ 474.292532][T19800] [ 474.295490][T19800] dump_stack_lvl+0x241/0x360 [ 474.300216][T19800] ? __pfx_dump_stack_lvl+0x10/0x10 [ 474.305467][T19800] ? __pfx__printk+0x10/0x10 [ 474.310108][T19800] should_fail_ex+0x3b0/0x4e0 [ 474.314833][T19800] prepare_alloc_pages+0x1da/0x5d0 [ 474.320001][T19800] __alloc_pages_noprof+0x166/0x6c0 [ 474.325254][T19800] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 474.331041][T19800] alloc_pages_mpol_noprof+0x3e8/0x680 [ 474.336565][T19800] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 474.342678][T19800] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 474.348626][T19800] ? alloc_pages_noprof+0xef/0x170 [ 474.353789][T19800] get_free_pages_noprof+0xc/0x30 [ 474.358852][T19800] __pollwait+0x134/0x430 [ 474.363262][T19800] ? __pfx___pollwait+0x10/0x10 [ 474.368165][T19800] pipe_poll+0x17f/0x4b0 [ 474.372446][T19800] ? __pfx_pipe_poll+0x10/0x10 [ 474.377250][T19800] do_sys_poll+0x7ce/0x1300 [ 474.381793][T19800] ? __lock_acquire+0x1346/0x1fd0 [ 474.386892][T19800] ? __pfx_do_sys_poll+0x10/0x10 [ 474.391875][T19800] ? __lock_acquire+0x1346/0x1fd0 [ 474.396955][T19800] ? __pfx___pollwait+0x10/0x10 [ 474.401861][T19800] ? __pfx_pollwake+0x10/0x10 [ 474.406580][T19800] ? __pfx_pollwake+0x10/0x10 [ 474.411296][T19800] ? __pfx_pollwake+0x10/0x10 [ 474.416016][T19800] ? __pfx_pollwake+0x10/0x10 [ 474.420734][T19800] ? __pfx_pollwake+0x10/0x10 [ 474.425468][T19800] ? __pfx_pollwake+0x10/0x10 [ 474.430209][T19800] ? __pfx_pollwake+0x10/0x10 [ 474.434933][T19800] ? __pfx_pollwake+0x10/0x10 [ 474.439653][T19800] ? __pfx_pollwake+0x10/0x10 [ 474.444372][T19800] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 474.450316][T19800] ? ksys_write+0x23e/0x2c0 [ 474.454870][T19800] ? __pfx_lock_release+0x10/0x10 [ 474.459958][T19800] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 474.465988][T19800] ? __pfx_set_user_sigmask+0x10/0x10 [ 474.471410][T19800] ? __fget_files+0x3f6/0x470 [ 474.476134][T19800] __se_sys_ppoll+0x2a0/0x330 [ 474.480873][T19800] ? __pfx___se_sys_ppoll+0x10/0x10 [ 474.486107][T19800] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 474.492475][T19800] ? do_syscall_64+0x100/0x230 [ 474.497287][T19800] ? __x64_sys_ppoll+0x20/0xc0 [ 474.502090][T19800] do_syscall_64+0xf3/0x230 [ 474.506634][T19800] ? clear_bhb_loop+0x35/0x90 [ 474.511352][T19800] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.517284][T19800] RIP: 0033:0x7fa8a5d75a19 [ 474.521737][T19800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 474.541386][T19800] RSP: 002b:00007fa8a6b63048 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 474.549850][T19800] RAX: ffffffffffffffda RBX: 00007fa8a5f03f60 RCX: 00007fa8a5d75a19 [ 474.557861][T19800] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00000000200000c0 [ 474.565853][T19800] RBP: 00007fa8a6b630a0 R08: 0000000000000000 R09: 0000000000000000 [ 474.573840][T19800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 474.581822][T19800] R13: 000000000000004d R14: 00007fa8a5f03f60 R15: 00007ffd3ba941f8 [ 474.589822][T19800] [ 474.696410][T19801] sch_tbf: peakrate 7462380593465401512 is lower than or equals to rate 18428595723600419182 ! [ 474.976687][T19817] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 475.102469][T19824] netlink: 'syz.1.5026': attribute type 4 has an invalid length. [ 475.110280][T19824] netlink: 128124 bytes leftover after parsing attributes in process `syz.1.5026'. [ 475.140808][T19817] lo speed is unknown, defaulting to 1000 [ 475.244037][T19830] netlink: 'syz.3.5029': attribute type 6 has an invalid length. [ 475.273349][T19830] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.5029'. [ 475.680922][T19838] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5031'. [ 476.216970][T19856] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5036'. [ 476.623281][T19879] netlink: 1010 bytes leftover after parsing attributes in process `syz.4.5044'. [ 476.970817][T19897] netlink: 'syz.1.5050': attribute type 6 has an invalid length. [ 477.006405][T19897] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.5050'. [ 477.428440][T19919] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5058'. [ 477.454178][T19919] netlink: 'syz.0.5058': attribute type 2 has an invalid length. [ 478.418454][T19964] netlink: 'syz.1.5075': attribute type 1 has an invalid length. [ 478.426568][T19964] netlink: 'syz.1.5075': attribute type 1 has an invalid length. [ 478.438295][T19964] netlink: 9328 bytes leftover after parsing attributes in process `syz.1.5075'. [ 478.468499][T19964] netlink: 'syz.1.5075': attribute type 1 has an invalid length. [ 478.595449][T19971] netlink: 108 bytes leftover after parsing attributes in process `syz.0.5078'. [ 479.020094][T19994] bond0: (slave macsec4): Error -34 calling dev_set_mtu [ 479.145724][T20000] netlink: 56 bytes leftover after parsing attributes in process `syz.0.5090'. [ 479.826198][T20041] netlink: 'syz.0.5101': attribute type 1 has an invalid length. [ 479.846615][T20041] netlink: 113592 bytes leftover after parsing attributes in process `syz.0.5101'. [ 479.982098][T20050] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT [ 480.192985][T20059] netlink: 'syz.4.5108': attribute type 1 has an invalid length. [ 480.201010][T20059] netlink: 'syz.4.5108': attribute type 2 has an invalid length. [ 480.260584][T20061] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 480.666606][T20078] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5116'. [ 480.684776][T20078] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 480.771407][T20082] netlink: 164 bytes leftover after parsing attributes in process `syz.3.5118'. [ 480.810742][T20084] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5119'. [ 481.446165][T20115] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5132'. [ 482.186889][T20161] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5149'. [ 482.232640][T20161] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5149'. [ 482.742734][T20189] syzkaller1: entered promiscuous mode [ 482.772156][T20189] syzkaller1: entered allmulticast mode [ 483.038181][T20208] netlink: 'syz.2.5165': attribute type 3 has an invalid length. [ 483.179799][T20219] netlink: 'syz.4.5168': attribute type 15 has an invalid length. [ 483.199694][T20219] netlink: 'syz.4.5168': attribute type 18 has an invalid length. [ 483.227763][T20219] vxlan1: entered promiscuous mode [ 483.547576][T20234] macvlan2: entered promiscuous mode [ 484.084194][T20251] netlink: 'syz.1.5181': attribute type 13 has an invalid length. [ 484.489863][T20271] __nla_validate_parse: 2 callbacks suppressed [ 484.489887][T20271] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5189'. [ 484.561020][T20271] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5189'. [ 484.594058][T20271] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5189'. [ 484.640405][T20276] netlink: 84 bytes leftover after parsing attributes in process `syz.3.5190'. [ 484.673500][T20276] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5190'. [ 484.679896][T20271] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5189'. [ 484.706910][T20271] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5189'. [ 484.730512][T20271] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5189'. [ 484.909240][T20287] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5195'. [ 484.952866][T20288] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5195'. [ 484.993829][T20288] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 485.026784][T20288] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 485.118852][T20288] bond0: (slave batadv0): Releasing backup interface [ 485.485338][T20311] : entered promiscuous mode [ 486.035215][T20352] netlink: 'syz.3.5214': attribute type 1 has an invalid length. [ 486.391064][T20373] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (4) [ 486.421945][T20375] netlink: 'syz.3.5222': attribute type 10 has an invalid length. [ 486.717430][T20390] netlink: 'syz.2.5228': attribute type 2 has an invalid length. [ 486.726178][T20390] netlink: 'syz.2.5228': attribute type 1 has an invalid length. [ 487.747262][ T7722] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.771693][ T7722] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.806433][T20453] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 488.492086][T20494] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 489.448035][T20541] netpci0: tun_chr_ioctl cmd 2148553947 [ 489.463655][T20541] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 489.717730][T20550] x_tables: duplicate underflow at hook 2 [ 489.961457][T20565] __nla_validate_parse: 22 callbacks suppressed [ 489.961478][T20565] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5289'. [ 490.125075][T20564] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 490.539877][T20596] netlink: 'syz.1.5300': attribute type 29 has an invalid length. [ 490.570148][T20596] netlink: 'syz.1.5300': attribute type 29 has an invalid length. [ 490.587416][T20596] netlink: 'syz.1.5300': attribute type 29 has an invalid length. [ 490.654953][T20601] netlink: 'syz.1.5303': attribute type 25 has an invalid length. [ 490.663126][T20601] netlink: 'syz.1.5303': attribute type 7 has an invalid length. [ 490.772664][T20609] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5304'. [ 491.478200][T20637] lo speed is unknown, defaulting to 1000 [ 491.614716][T20647] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5319'. [ 491.670196][T20647] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5319'. [ 492.038406][T20657] skbuff: bad partial csum: csum=65504/2 headroom=144 headlen=65534 [ 492.045783][T20661] tipc: Enabling of bearer rejected, failed to enable media [ 492.654641][T20637] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 492.705324][T20684] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5330'. [ 492.737552][T20684] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5330'. [ 493.022717][T20695] netlink: 'syz.0.5333': attribute type 1 has an invalid length. [ 493.120809][T20695] netlink: 9 bytes leftover after parsing attributes in process `syz.0.5333'. [ 493.169480][T20695] 0: renamed from hsr_slave_1 (while UP) [ 493.235896][T20695] 0: entered allmulticast mode [ 493.281372][T20695] A link change request failed with some changes committed already. Interface c0 may have been left with an inconsistent configuration, please check. [ 493.813424][T20725] FAULT_INJECTION: forcing a failure. [ 493.813424][T20725] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 493.848960][T20725] CPU: 1 PID: 20725 Comm: syz.3.5341 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 493.858848][T20725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 493.868943][T20725] Call Trace: [ 493.872257][T20725] [ 493.875213][T20725] dump_stack_lvl+0x241/0x360 [ 493.879930][T20725] ? __pfx_dump_stack_lvl+0x10/0x10 [ 493.885168][T20725] ? __pfx__printk+0x10/0x10 [ 493.889796][T20725] ? __pfx_lock_release+0x10/0x10 [ 493.894873][T20725] should_fail_ex+0x3b0/0x4e0 [ 493.899594][T20725] _copy_from_user+0x2f/0xe0 [ 493.904229][T20725] generic_map_update_batch+0x5ba/0x900 [ 493.909846][T20725] ? __pfx_generic_map_update_batch+0x10/0x10 [ 493.915951][T20725] ? __pfx_generic_map_update_batch+0x10/0x10 [ 493.922105][T20725] bpf_map_do_batch+0x3e0/0x690 [ 493.927015][T20725] __sys_bpf+0x377/0x810 [ 493.931310][T20725] ? __pfx___sys_bpf+0x10/0x10 [ 493.936135][T20725] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 493.942162][T20725] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 493.948534][T20725] ? do_syscall_64+0x100/0x230 [ 493.953343][T20725] __x64_sys_bpf+0x7c/0x90 [ 493.957818][T20725] do_syscall_64+0xf3/0x230 [ 493.962370][T20725] ? clear_bhb_loop+0x35/0x90 [ 493.967095][T20725] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 493.973099][T20725] RIP: 0033:0x7f9c4c175a19 [ 493.977555][T20725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 493.997206][T20725] RSP: 002b:00007f9c4ce79048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 494.005668][T20725] RAX: ffffffffffffffda RBX: 00007f9c4c303f60 RCX: 00007f9c4c175a19 [ 494.013683][T20725] RDX: 0000000000000038 RSI: 0000000020000200 RDI: 000000000000001a [ 494.021694][T20725] RBP: 00007f9c4ce790a0 R08: 0000000000000000 R09: 0000000000000000 [ 494.029700][T20725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 494.037703][T20725] R13: 000000000000000b R14: 00007f9c4c303f60 R15: 00007ffe4abb78a8 [ 494.045731][T20725] [ 494.266539][T20744] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5350'. [ 494.296136][T20744] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 494.316827][T20744] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 494.373677][T20744] netlink: 'syz.0.5350': attribute type 10 has an invalid length. [ 494.419716][T20753] (unnamed net_device) (uninitialized): Unable to set down delay as MII monitoring is disabled [ 494.745644][T20768] netlink: 'syz.3.5358': attribute type 8 has an invalid length. [ 494.792863][T20768] FAULT_INJECTION: forcing a failure. [ 494.792863][T20768] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 494.825339][T20768] CPU: 1 PID: 20768 Comm: syz.3.5358 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 494.829860][T20774] bridge0: entered allmulticast mode [ 494.835280][T20768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 494.835300][T20768] Call Trace: [ 494.835311][T20768] [ 494.835320][T20768] dump_stack_lvl+0x241/0x360 [ 494.835361][T20768] ? __pfx_dump_stack_lvl+0x10/0x10 [ 494.835386][T20768] ? __pfx__printk+0x10/0x10 [ 494.835416][T20768] ? snprintf+0xda/0x120 [ 494.835449][T20768] should_fail_ex+0x3b0/0x4e0 [ 494.835481][T20768] _copy_to_user+0x2f/0xb0 [ 494.835515][T20768] simple_read_from_buffer+0xca/0x150 [ 494.835551][T20768] proc_fail_nth_read+0x1e9/0x250 [ 494.835586][T20768] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 494.835619][T20768] ? rw_verify_area+0x520/0x6b0 [ 494.860409][T20774] bridge0: port 1(bridge_slave_0) entered blocking state [ 494.861873][T20768] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 494.861915][T20768] vfs_read+0x204/0xbc0 [ 494.861959][T20768] ? __pfx_vfs_read+0x10/0x10 [ 494.861993][T20768] ? do_sys_openat2+0x17a/0x1d0 [ 494.867317][T20774] bridge0: port 1(bridge_slave_0) entered forwarding state [ 494.871771][T20768] ksys_read+0x1a0/0x2c0 [ 494.871816][T20768] ? __pfx_ksys_read+0x10/0x10 [ 494.893815][T20774] bridge0: entered promiscuous mode [ 494.895505][T20768] ? do_syscall_64+0x100/0x230 [ 494.895544][T20768] ? do_syscall_64+0xb6/0x230 [ 494.963098][T20768] do_syscall_64+0xf3/0x230 [ 494.967640][T20768] ? clear_bhb_loop+0x35/0x90 [ 494.972375][T20768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.978320][T20768] RIP: 0033:0x7f9c4c1744fc [ 494.982767][T20768] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 495.002413][T20768] RSP: 002b:00007f9c4ce79040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 495.010871][T20768] RAX: ffffffffffffffda RBX: 00007f9c4c303f60 RCX: 00007f9c4c1744fc [ 495.018880][T20768] RDX: 000000000000000f RSI: 00007f9c4ce790b0 RDI: 0000000000000008 [ 495.026889][T20768] RBP: 00007f9c4ce790a0 R08: 0000000000000000 R09: 0000000000000000 [ 495.034901][T20768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 495.042912][T20768] R13: 000000000000000b R14: 00007f9c4c303f60 R15: 00007ffe4abb78a8 [ 495.050937][T20768] [ 495.322955][T20789] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5365'. [ 495.396736][T20784] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5363'. [ 495.455028][T20784] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5363'. [ 495.803947][T20809] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5369'. [ 495.836237][T20809] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5369'. [ 495.928015][T20815] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5372'. [ 496.166386][T20830] netlink: 60 bytes leftover after parsing attributes in process `syz.1.5376'. [ 496.208399][T20830] openvswitch: netlink: Flow actions attr not present in new flow. [ 496.284864][T20823] "syz.1.5376" (20823) uses obsolete ecb(arc4) skcipher [ 496.447088][T20842] ICMPv6: NA: aa:aa:aa:aa:aa:00 advertised our address fe80::aa on syz_tun! [ 496.480363][T20847] FAULT_INJECTION: forcing a failure. [ 496.480363][T20847] name failslab, interval 1, probability 0, space 0, times 0 [ 496.493138][T20847] CPU: 0 PID: 20847 Comm: syz.0.5380 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 496.502985][T20847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 496.513080][T20847] Call Trace: [ 496.516390][T20847] [ 496.519359][T20847] dump_stack_lvl+0x241/0x360 [ 496.524099][T20847] ? __pfx_dump_stack_lvl+0x10/0x10 [ 496.529334][T20847] ? __pfx__printk+0x10/0x10 [ 496.533975][T20847] should_fail_ex+0x3b0/0x4e0 [ 496.538696][T20847] ? skb_clone+0x20c/0x390 [ 496.543158][T20847] should_failslab+0x9/0x20 [ 496.547697][T20847] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 496.553117][T20847] skb_clone+0x20c/0x390 [ 496.557409][T20847] bpf_clone_redirect+0xab/0x3d0 [ 496.562412][T20847] bpf_prog_dde6c29962cc7727+0x5e/0x63 [ 496.567911][T20847] ? down_write_nested+0x70/0x220 [ 496.572987][T20847] ? timekeeping_get_ns+0x5c/0x420 [ 496.578138][T20847] ? bpf_test_run+0x370/0xa90 [ 496.582855][T20847] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 496.588610][T20847] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 496.594972][T20847] ? ktime_get+0x3c/0xb0 [ 496.599260][T20847] ? bpf_test_run+0x370/0xa90 [ 496.603971][T20847] ? __pfx___cant_migrate+0x10/0x10 [ 496.609200][T20847] ? bpf_test_run+0x370/0xa90 [ 496.613911][T20847] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 496.619676][T20847] ? bpf_test_timer_continue+0x11a/0x350 [ 496.625352][T20847] bpf_test_run+0x4f0/0xa90 [ 496.629909][T20847] ? do_syscall_64+0xf3/0x230 [ 496.634621][T20847] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 496.640734][T20847] ? bpf_test_run+0x370/0xa90 [ 496.645473][T20847] ? __pfx_bpf_test_run+0x10/0x10 [ 496.650533][T20847] ? eth_type_trans+0x3d1/0x7a0 [ 496.655429][T20847] ? __pfx_eth_type_trans+0x10/0x10 [ 496.660673][T20847] ? convert___skb_to_skb+0x41/0x620 [ 496.666000][T20847] bpf_prog_test_run_skb+0xc97/0x1820 [ 496.671445][T20847] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 496.677293][T20847] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 496.683140][T20847] bpf_prog_test_run+0x33a/0x3b0 [ 496.688135][T20847] __sys_bpf+0x48d/0x810 [ 496.692424][T20847] ? __pfx___sys_bpf+0x10/0x10 [ 496.697238][T20847] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 496.703264][T20847] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 496.709632][T20847] ? do_syscall_64+0x100/0x230 [ 496.714439][T20847] __x64_sys_bpf+0x7c/0x90 [ 496.718910][T20847] do_syscall_64+0xf3/0x230 [ 496.723452][T20847] ? clear_bhb_loop+0x35/0x90 [ 496.728182][T20847] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 496.734290][T20847] RIP: 0033:0x7fa8a5d75a19 [ 496.738744][T20847] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 496.758397][T20847] RSP: 002b:00007fa8a6b63048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 496.766864][T20847] RAX: ffffffffffffffda RBX: 00007fa8a5f03f60 RCX: 00007fa8a5d75a19 [ 496.774872][T20847] RDX: 000000000000002c RSI: 0000000020000080 RDI: 000000000000000a [ 496.782874][T20847] RBP: 00007fa8a6b630a0 R08: 0000000000000000 R09: 0000000000000000 [ 496.790879][T20847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 496.794409][T20860] netlink: 'syz.3.5389': attribute type 30 has an invalid length. [ 496.798861][T20847] R13: 000000000000004d R14: 00007fa8a5f03f60 R15: 00007ffd3ba941f8 [ 496.798905][T20847] [ 496.907498][T20861] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5386'. [ 497.114735][T20866] lo speed is unknown, defaulting to 1000 [ 497.392241][T20884] netlink: 'syz.1.5397': attribute type 10 has an invalid length. [ 497.401732][T20884] bridge0: port 3(team0) entered blocking state [ 497.434773][T20884] bridge0: port 3(team0) entered disabled state [ 497.472489][T20884] team0: entered allmulticast mode [ 497.504641][T20884] team_slave_0: entered allmulticast mode [ 497.534347][T20884] team_slave_1: entered allmulticast mode [ 497.561582][T20884] mac80211_hwsim hwsim23 wlan1: entered allmulticast mode [ 497.612741][T20884] team0: entered promiscuous mode [ 497.617846][T20884] team_slave_0: entered promiscuous mode [ 497.643520][T20884] team_slave_1: entered promiscuous mode [ 497.650969][T20884] mac80211_hwsim hwsim23 wlan1: entered promiscuous mode [ 497.672379][T20884] bridge0: port 3(team0) entered blocking state [ 497.678837][T20884] bridge0: port 3(team0) entered forwarding state [ 498.391633][T20921] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5410'. [ 498.680031][T20866] xt_policy: input policy not valid in POSTROUTING and OUTPUT [ 498.693895][T20942] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5417'. [ 498.740599][T20944] tipc: Disabling bearer [ 499.079665][T20953] FAULT_INJECTION: forcing a failure. [ 499.079665][T20953] name failslab, interval 1, probability 0, space 0, times 0 [ 499.128693][T20953] CPU: 1 PID: 20953 Comm: syz.3.5422 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 499.138586][T20953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 499.148686][T20953] Call Trace: [ 499.152175][T20953] [ 499.155148][T20953] dump_stack_lvl+0x241/0x360 [ 499.159970][T20953] ? __pfx_dump_stack_lvl+0x10/0x10 [ 499.165221][T20953] ? __pfx__printk+0x10/0x10 [ 499.169877][T20953] should_fail_ex+0x3b0/0x4e0 [ 499.174695][T20953] ? sctp_add_bind_addr+0x89/0x3a0 [ 499.179843][T20953] should_failslab+0x9/0x20 [ 499.184363][T20953] kmalloc_trace_noprof+0x6c/0x2c0 [ 499.189497][T20953] sctp_add_bind_addr+0x89/0x3a0 [ 499.194457][T20953] sctp_copy_local_addr_list+0x311/0x500 [ 499.200139][T20953] ? sctp_copy_local_addr_list+0xab/0x500 [ 499.205874][T20953] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 499.212051][T20953] ? sctp_v4_is_any+0x35/0x60 [ 499.216752][T20953] sctp_bind_addr_copy+0xad/0x3b0 [ 499.221794][T20953] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 499.228142][T20953] sctp_connect_new_asoc+0x2f3/0x6c0 [ 499.233454][T20953] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 499.239272][T20953] ? sctp_sendmsg+0xbb9/0x3520 [ 499.244060][T20953] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 499.249622][T20953] ? security_sctp_bind_connect+0x90/0xb0 [ 499.255451][T20953] sctp_sendmsg+0x219a/0x3520 [ 499.260172][T20953] ? __pfx_sctp_sendmsg+0x10/0x10 [ 499.265221][T20953] ? __pfx_aa_sk_perm+0x10/0x10 [ 499.270094][T20953] ? inet_sendmsg+0x330/0x390 [ 499.274789][T20953] __sock_sendmsg+0x1a6/0x270 [ 499.279485][T20953] ____sys_sendmsg+0x525/0x7d0 [ 499.284282][T20953] ? __pfx_____sys_sendmsg+0x10/0x10 [ 499.289605][T20953] __sys_sendmmsg+0x3b2/0x740 [ 499.294331][T20953] ? __pfx___sys_sendmmsg+0x10/0x10 [ 499.299609][T20953] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 499.305531][T20953] ? ksys_write+0x23e/0x2c0 [ 499.310058][T20953] ? __pfx_lock_release+0x10/0x10 [ 499.315104][T20953] ? vfs_write+0x7c4/0xc90 [ 499.319547][T20953] ? __mutex_unlock_slowpath+0x21d/0x750 [ 499.325223][T20953] ? __pfx_vfs_write+0x10/0x10 [ 499.330033][T20953] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 499.336032][T20953] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 499.342378][T20953] ? do_syscall_64+0x100/0x230 [ 499.347162][T20953] __x64_sys_sendmmsg+0xa0/0xb0 [ 499.352034][T20953] do_syscall_64+0xf3/0x230 [ 499.356550][T20953] ? clear_bhb_loop+0x35/0x90 [ 499.361247][T20953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.367186][T20953] RIP: 0033:0x7f9c4c175a19 [ 499.371624][T20953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 499.391260][T20953] RSP: 002b:00007f9c4ce79048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 499.399692][T20953] RAX: ffffffffffffffda RBX: 00007f9c4c303f60 RCX: 00007f9c4c175a19 [ 499.407693][T20953] RDX: 0000000000000002 RSI: 0000000020000c80 RDI: 0000000000000003 [ 499.415671][T20953] RBP: 00007f9c4ce790a0 R08: 0000000000000000 R09: 0000000000000000 [ 499.423651][T20953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 499.431633][T20953] R13: 000000000000000b R14: 00007f9c4c303f60 R15: 00007ffe4abb78a8 [ 499.439640][T20953] [ 499.881164][T20972] netlink: 'syz.0.5428': attribute type 21 has an invalid length. [ 499.904593][T20972] netlink: 'syz.0.5428': attribute type 1 has an invalid length. [ 500.816667][T21023] __nla_validate_parse: 7 callbacks suppressed [ 500.816689][T21023] netlink: 104 bytes leftover after parsing attributes in process `syz.0.5445'. [ 500.989371][T21033] FAULT_INJECTION: forcing a failure. [ 500.989371][T21033] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 501.003989][T21033] CPU: 1 PID: 21033 Comm: syz.0.5448 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 501.013859][T21033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 501.023958][T21033] Call Trace: [ 501.027273][T21033] [ 501.030238][T21033] dump_stack_lvl+0x241/0x360 [ 501.034964][T21033] ? __pfx_dump_stack_lvl+0x10/0x10 [ 501.040207][T21033] ? __pfx__printk+0x10/0x10 [ 501.044837][T21033] ? __pfx_lock_release+0x10/0x10 [ 501.049912][T21033] should_fail_ex+0x3b0/0x4e0 [ 501.054635][T21033] _copy_from_iter+0x1f6/0x1960 [ 501.059525][T21033] ? __virt_addr_valid+0x183/0x530 [ 501.064779][T21033] ? __pfx_lock_release+0x10/0x10 [ 501.069849][T21033] ? __alloc_skb+0x28f/0x440 [ 501.074646][T21033] ? __pfx__copy_from_iter+0x10/0x10 [ 501.079949][T21033] ? __virt_addr_valid+0x183/0x530 [ 501.085101][T21033] ? __virt_addr_valid+0x183/0x530 [ 501.090226][T21033] ? __virt_addr_valid+0x45f/0x530 [ 501.095357][T21033] ? __check_object_size+0x49c/0x900 [ 501.100655][T21033] netlink_sendmsg+0x73d/0xcb0 [ 501.105445][T21033] ? __pfx_netlink_sendmsg+0x10/0x10 [ 501.110742][T21033] ? __import_iovec+0x536/0x820 [ 501.115615][T21033] ? aa_sock_msg_perm+0x91/0x160 [ 501.120570][T21033] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 501.125865][T21033] ? security_socket_sendmsg+0x87/0xb0 [ 501.131349][T21033] ? __pfx_netlink_sendmsg+0x10/0x10 [ 501.136643][T21033] __sock_sendmsg+0x221/0x270 [ 501.141345][T21033] ____sys_sendmsg+0x525/0x7d0 [ 501.146142][T21033] ? __pfx_____sys_sendmsg+0x10/0x10 [ 501.151450][T21033] ? __might_fault+0xaa/0x120 [ 501.156142][T21033] __sys_sendmmsg+0x3b2/0x740 [ 501.160836][T21033] ? __pfx___sys_sendmmsg+0x10/0x10 [ 501.166080][T21033] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 501.171987][T21033] ? ksys_write+0x23e/0x2c0 [ 501.176513][T21033] ? __pfx_lock_release+0x10/0x10 [ 501.181554][T21033] ? vfs_write+0x7c4/0xc90 [ 501.185994][T21033] ? __mutex_unlock_slowpath+0x21d/0x750 [ 501.191646][T21033] ? __pfx_vfs_write+0x10/0x10 [ 501.196447][T21033] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 501.202442][T21033] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 501.208780][T21033] ? do_syscall_64+0x100/0x230 [ 501.213556][T21033] __x64_sys_sendmmsg+0xa0/0xb0 [ 501.218425][T21033] do_syscall_64+0xf3/0x230 [ 501.222940][T21033] ? clear_bhb_loop+0x35/0x90 [ 501.227635][T21033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.233540][T21033] RIP: 0033:0x7fa8a5d75a19 [ 501.237962][T21033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 501.257580][T21033] RSP: 002b:00007fa8a6b63048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 501.266006][T21033] RAX: ffffffffffffffda RBX: 00007fa8a5f03f60 RCX: 00007fa8a5d75a19 [ 501.273990][T21033] RDX: 04000000000001f2 RSI: 0000000020000000 RDI: 0000000000000004 [ 501.281970][T21033] RBP: 00007fa8a6b630a0 R08: 0000000000000000 R09: 0000000000000000 [ 501.289968][T21033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 501.297946][T21033] R13: 000000000000004d R14: 00007fa8a5f03f60 R15: 00007ffd3ba941f8 [ 501.305938][T21033] [ 501.556991][T21047] FAULT_INJECTION: forcing a failure. [ 501.556991][T21047] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 501.582642][T21047] CPU: 0 PID: 21047 Comm: syz.1.5455 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 501.592521][T21047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 501.602620][T21047] Call Trace: [ 501.605937][T21047] [ 501.608899][T21047] dump_stack_lvl+0x241/0x360 [ 501.613632][T21047] ? __pfx_dump_stack_lvl+0x10/0x10 [ 501.618871][T21047] ? __pfx__printk+0x10/0x10 [ 501.623509][T21047] ? snprintf+0xda/0x120 [ 501.627795][T21047] should_fail_ex+0x3b0/0x4e0 [ 501.632510][T21047] _copy_to_user+0x2f/0xb0 [ 501.636969][T21047] simple_read_from_buffer+0xca/0x150 [ 501.642396][T21047] proc_fail_nth_read+0x1e9/0x250 [ 501.647468][T21047] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 501.653063][T21047] ? rw_verify_area+0x520/0x6b0 [ 501.657959][T21047] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 501.663551][T21047] vfs_read+0x204/0xbc0 [ 501.667754][T21047] ? __pfx_lock_release+0x10/0x10 [ 501.672922][T21047] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 501.678856][T21047] ? __pfx_vfs_read+0x10/0x10 [ 501.683585][T21047] ? __fget_files+0x29/0x470 [ 501.688214][T21047] ? __fget_files+0x3f6/0x470 [ 501.692949][T21047] ksys_read+0x1a0/0x2c0 [ 501.697243][T21047] ? __pfx_ksys_read+0x10/0x10 [ 501.702047][T21047] ? do_syscall_64+0x100/0x230 [ 501.706849][T21047] ? do_syscall_64+0xb6/0x230 [ 501.711569][T21047] do_syscall_64+0xf3/0x230 [ 501.716104][T21047] ? clear_bhb_loop+0x35/0x90 [ 501.720821][T21047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.726749][T21047] RIP: 0033:0x7fbbf15744fc [ 501.731200][T21047] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 501.750846][T21047] RSP: 002b:00007fbbf23c6040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 501.759315][T21047] RAX: ffffffffffffffda RBX: 00007fbbf1703f60 RCX: 00007fbbf15744fc [ 501.767334][T21047] RDX: 000000000000000f RSI: 00007fbbf23c60b0 RDI: 0000000000000005 [ 501.775348][T21047] RBP: 00007fbbf23c60a0 R08: 0000000000000000 R09: 0000000000000000 [ 501.783334][T21047] R10: 9999999999999999 R11: 0000000000000246 R12: 0000000000000001 [ 501.791332][T21047] R13: 000000000000004d R14: 00007fbbf1703f60 R15: 00007ffd17469848 [ 501.799373][T21047] [ 501.997911][T21058] bond_slave_0: entered promiscuous mode [ 502.004423][T21058] bond_slave_1: entered promiscuous mode [ 502.052089][T21058] macsec3: entered promiscuous mode [ 502.061325][T21058] bond0: entered promiscuous mode [ 502.088542][T21058] macsec3: entered allmulticast mode [ 502.111786][T21058] bond0: entered allmulticast mode [ 502.121285][T21058] bond_slave_0: entered allmulticast mode [ 502.143947][T21058] bond_slave_1: entered allmulticast mode [ 502.173929][T21058] bond0: left allmulticast mode [ 502.191302][T21058] bond_slave_0: left allmulticast mode [ 502.198024][T21058] bond_slave_1: left allmulticast mode [ 502.211318][T21058] bond0: left promiscuous mode [ 502.222132][T21058] bond_slave_0: left promiscuous mode [ 502.227787][T21058] bond_slave_1: left promiscuous mode [ 502.623948][T21083] FAULT_INJECTION: forcing a failure. [ 502.623948][T21083] name failslab, interval 1, probability 0, space 0, times 0 [ 502.653511][T21083] CPU: 1 PID: 21083 Comm: syz.4.5469 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 502.663392][T21083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 502.673487][T21083] Call Trace: [ 502.676792][T21083] [ 502.679758][T21083] dump_stack_lvl+0x241/0x360 [ 502.684487][T21083] ? __pfx_dump_stack_lvl+0x10/0x10 [ 502.689810][T21083] ? __pfx__printk+0x10/0x10 [ 502.694461][T21083] should_fail_ex+0x3b0/0x4e0 [ 502.699274][T21083] ? sock_kmalloc+0xd7/0x160 [ 502.703920][T21083] should_failslab+0x9/0x20 [ 502.708443][T21083] __kmalloc_noprof+0xd8/0x400 [ 502.713223][T21083] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 502.718950][T21083] ? do_raw_spin_unlock+0x13c/0x8b0 [ 502.724159][T21083] sock_kmalloc+0xd7/0x160 [ 502.728598][T21083] hash_recvmsg+0x287/0x7d0 [ 502.733119][T21083] ? __pfx_hash_recvmsg+0x10/0x10 [ 502.738155][T21083] sock_recvmsg_nosec+0x18e/0x1d0 [ 502.743200][T21083] ____sys_recvmsg+0x3c0/0x470 [ 502.748016][T21083] ? __pfx_____sys_recvmsg+0x10/0x10 [ 502.753435][T21083] ? __might_fault+0xaa/0x120 [ 502.758138][T21083] do_recvmmsg+0x474/0xae0 [ 502.762599][T21083] ? __pfx_lock_release+0x10/0x10 [ 502.767839][T21083] ? __pfx_do_recvmmsg+0x10/0x10 [ 502.772834][T21083] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 502.778757][T21083] ? ksys_write+0x23e/0x2c0 [ 502.783284][T21083] ? __pfx_lock_release+0x10/0x10 [ 502.788332][T21083] ? vfs_write+0x7c4/0xc90 [ 502.792776][T21083] ? __mutex_unlock_slowpath+0x21d/0x750 [ 502.798437][T21083] ? __fget_files+0x3f6/0x470 [ 502.803140][T21083] __x64_sys_recvmmsg+0x199/0x250 [ 502.808184][T21083] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 502.813755][T21083] ? do_syscall_64+0x100/0x230 [ 502.818536][T21083] ? do_syscall_64+0xb6/0x230 [ 502.823225][T21083] do_syscall_64+0xf3/0x230 [ 502.827742][T21083] ? clear_bhb_loop+0x35/0x90 [ 502.832439][T21083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.838348][T21083] RIP: 0033:0x7feb7f575a19 [ 502.842774][T21083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 502.862740][T21083] RSP: 002b:00007feb803c7048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 502.871171][T21083] RAX: ffffffffffffffda RBX: 00007feb7f703f60 RCX: 00007feb7f575a19 [ 502.879159][T21083] RDX: 03ffffffffffff62 RSI: 00000000200005c0 RDI: 000000000000000b [ 502.887138][T21083] RBP: 00007feb803c70a0 R08: 0000000000000000 R09: 0000000000000000 [ 502.895118][T21083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 502.903096][T21083] R13: 000000000000004d R14: 00007feb7f703f60 R15: 00007ffce7ce3218 [ 502.911638][T21083] [ 502.940204][ T5107] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 502.960913][ T5107] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 502.975743][ T5107] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 502.996283][ T5107] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 503.007473][ T5107] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 503.015742][ T5107] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 503.088268][T21091] netlink: 72 bytes leftover after parsing attributes in process `syz.1.5471'. [ 503.151118][ T7753] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.212774][T21084] lo speed is unknown, defaulting to 1000 [ 503.219207][T21098] netlink: 'syz.0.5473': attribute type 13 has an invalid length. [ 503.240441][T21098] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5473'. [ 503.334682][ T7753] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.483925][ T7753] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.634817][ T7753] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.713870][T21110] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5475'. [ 503.813135][T21123] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5481'. [ 503.840272][T21123] netlink: 'syz.4.5481': attribute type 2 has an invalid length. [ 503.857399][T21123] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5481'. [ 504.075416][ T7753] bridge_slave_1: left allmulticast mode [ 504.101130][ T7753] bridge_slave_1: left promiscuous mode [ 504.128042][T21139] FAULT_INJECTION: forcing a failure. [ 504.128042][T21139] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 504.131103][ T7753] bridge0: port 2(bridge_slave_1) entered disabled state [ 504.190711][T21139] CPU: 0 PID: 21139 Comm: syz.0.5483 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 504.200595][T21139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 504.210785][T21139] Call Trace: [ 504.214101][T21139] [ 504.217069][T21139] dump_stack_lvl+0x241/0x360 [ 504.221802][T21139] ? __pfx_dump_stack_lvl+0x10/0x10 [ 504.227227][T21139] ? __pfx__printk+0x10/0x10 [ 504.231884][T21139] should_fail_ex+0x3b0/0x4e0 [ 504.236627][T21139] _copy_from_user+0x2f/0xe0 [ 504.241283][T21139] move_addr_to_kernel+0x82/0x150 [ 504.246364][T21139] __sys_sendto+0x2a3/0x4f0 [ 504.250937][T21139] ? __pfx___sys_sendto+0x10/0x10 [ 504.256038][T21139] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 504.262075][T21139] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 504.268474][T21139] __x64_sys_sendto+0xde/0x100 [ 504.273301][T21139] do_syscall_64+0xf3/0x230 [ 504.277849][T21139] ? clear_bhb_loop+0x35/0x90 [ 504.282578][T21139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 504.288527][T21139] RIP: 0033:0x7fa8a5d777ac [ 504.292984][T21139] Code: 2a 5a 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5a 02 00 48 8b [ 504.312637][T21139] RSP: 002b:00007fa8a6b1fed0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 504.321102][T21139] RAX: ffffffffffffffda RBX: 00007fa8a6b1ffd0 RCX: 00007fa8a5d777ac [ 504.329121][T21139] RDX: 0000000000000024 RSI: 00007fa8a6b20020 RDI: 0000000000000006 [ 504.337136][T21139] RBP: 0000000000000000 R08: 00007fa8a6b1ff24 R09: 000000000000000c [ 504.345155][T21139] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000006 [ 504.353166][T21139] R13: 00007fa8a6b1ff78 R14: 00007fa8a6b20020 R15: 0000000000000000 [ 504.361198][T21139] [ 504.370468][ T7753] bridge_slave_0: left allmulticast mode [ 504.386743][ T7753] bridge_slave_0: left promiscuous mode [ 504.403957][ T7753] bridge0: port 1(bridge_slave_0) entered disabled state [ 505.115111][ T5112] Bluetooth: hci0: command tx timeout [ 505.259070][ T7753] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 505.286267][ T7753] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 505.313272][ T7753] bond0 (unregistering): Released all slaves [ 505.392811][T21165] netlink: 'syz.3.5493': attribute type 2 has an invalid length. [ 505.585408][T21084] chnl_net:caif_netlink_parms(): no params data found [ 505.967420][T21190] netlink: 72 bytes leftover after parsing attributes in process `syz.0.5502'. [ 506.124029][T21084] bridge0: port 1(bridge_slave_0) entered blocking state [ 506.137087][T21084] bridge0: port 1(bridge_slave_0) entered disabled state [ 506.145321][T21084] bridge_slave_0: entered allmulticast mode [ 506.153501][T21084] bridge_slave_0: entered promiscuous mode [ 506.162717][T21084] bridge0: port 2(bridge_slave_1) entered blocking state [ 506.180822][T21084] bridge0: port 2(bridge_slave_1) entered disabled state [ 506.206814][T21084] bridge_slave_1: entered allmulticast mode [ 506.215772][T21084] bridge_slave_1: entered promiscuous mode [ 506.404124][T21084] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 506.463670][T21084] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 506.514250][ T7753] hsr_slave_0: left promiscuous mode [ 506.520335][ T7753] hsr_slave_1: left promiscuous mode [ 506.531163][ T7753] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 506.538712][ T7753] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 506.555046][ T7753] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 506.563076][ T7753] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 506.594763][ T7753] veth1_macvtap: left promiscuous mode [ 506.600745][ T7753] veth0_macvtap: left promiscuous mode [ 506.606716][ T7753] veth1_vlan: left promiscuous mode [ 506.612400][ T7753] veth0_vlan: left promiscuous mode [ 507.192552][ T5112] Bluetooth: hci0: command tx timeout [ 507.394477][ T7753] team0 (unregistering): Port device team_slave_1 removed [ 507.450393][ T7753] team0 (unregistering): Port device team_slave_0 removed [ 508.162962][T21222] FAULT_INJECTION: forcing a failure. [ 508.162962][T21222] name failslab, interval 1, probability 0, space 0, times 0 [ 508.177160][T21222] CPU: 0 PID: 21222 Comm: syz.3.5509 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 508.187050][T21222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 508.197158][T21222] Call Trace: [ 508.200483][T21222] [ 508.203451][T21222] dump_stack_lvl+0x241/0x360 [ 508.208144][T21222] ? __pfx_dump_stack_lvl+0x10/0x10 [ 508.213371][T21222] ? __pfx__printk+0x10/0x10 [ 508.218011][T21222] ? __pfx___might_resched+0x10/0x10 [ 508.223352][T21222] should_fail_ex+0x3b0/0x4e0 [ 508.228068][T21222] should_failslab+0x9/0x20 [ 508.232601][T21222] __kmalloc_node_noprof+0xdf/0x440 [ 508.237924][T21222] ? kvmalloc_node_noprof+0x72/0x190 [ 508.243252][T21222] ? __pfx_ip6_tnl_dev_setup+0x10/0x10 [ 508.248745][T21222] kvmalloc_node_noprof+0x72/0x190 [ 508.253871][T21222] alloc_netdev_mqs+0x9b/0x1000 [ 508.258732][T21222] ? __pfx_ip6_tnl_dev_setup+0x10/0x10 [ 508.264198][T21222] ? read_word_at_a_time+0xe/0x20 [ 508.269229][T21222] ? sized_strscpy+0x8d/0x220 [ 508.273917][T21222] ip6_tnl_locate+0x607/0x820 [ 508.278619][T21222] ? __pfx_ip6_tnl_locate+0x10/0x10 [ 508.283837][T21222] ? __might_fault+0xc6/0x120 [ 508.288529][T21222] ? ip6_tnl_siocdevprivate+0x9c3/0x1700 [ 508.294181][T21222] ip6_tnl_siocdevprivate+0x9e9/0x1700 [ 508.299669][T21222] ? __pfx_ip6_tnl_siocdevprivate+0x10/0x10 [ 508.305582][T21222] ? do_raw_spin_unlock+0x13c/0x8b0 [ 508.310800][T21222] ? full_name_hash+0x93/0xe0 [ 508.315494][T21222] dev_ifsioc+0xaec/0xe70 [ 508.319845][T21222] ? __pfx_dev_ifsioc+0x10/0x10 [ 508.324715][T21222] ? dev_load+0x21/0x1f0 [ 508.328975][T21222] dev_ioctl+0x881/0x1340 [ 508.333327][T21222] sock_ioctl+0x7f2/0x8e0 [ 508.337672][T21222] ? __pfx_sock_ioctl+0x10/0x10 [ 508.342539][T21222] ? __fget_files+0x3f6/0x470 [ 508.347242][T21222] ? __fget_files+0x29/0x470 [ 508.351851][T21222] ? bpf_lsm_file_ioctl+0x9/0x10 [ 508.356809][T21222] ? security_file_ioctl+0x87/0xb0 [ 508.361929][T21222] ? __pfx_sock_ioctl+0x10/0x10 [ 508.366787][T21222] __se_sys_ioctl+0xfc/0x170 [ 508.371400][T21222] do_syscall_64+0xf3/0x230 [ 508.375913][T21222] ? clear_bhb_loop+0x35/0x90 [ 508.380607][T21222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.386512][T21222] RIP: 0033:0x7f9c4c175a19 [ 508.390936][T21222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 508.410549][T21222] RSP: 002b:00007f9c4ce79048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 508.418979][T21222] RAX: ffffffffffffffda RBX: 00007f9c4c303f60 RCX: 00007f9c4c175a19 [ 508.426961][T21222] RDX: 0000000020000200 RSI: 00000000000089f1 RDI: 0000000000000004 [ 508.434943][T21222] RBP: 00007f9c4ce790a0 R08: 0000000000000000 R09: 0000000000000000 [ 508.442931][T21222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 508.450924][T21222] R13: 000000000000000b R14: 00007f9c4c303f60 R15: 00007ffe4abb78a8 [ 508.458935][T21222] [ 508.489436][T21084] team0: Port device team_slave_0 added [ 508.516471][T21084] team0: Port device team_slave_1 added [ 508.683450][T21084] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 508.701899][T21084] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 508.738701][T21084] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 508.783261][T21084] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 508.811051][T21084] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 508.916084][T21084] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 509.146681][T21084] hsr_slave_0: entered promiscuous mode [ 509.162239][T21084] hsr_slave_1: entered promiscuous mode [ 509.178637][T21084] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 509.197714][T21084] Cannot create hsr debugfs directory [ 509.271928][ T5112] Bluetooth: hci0: command tx timeout [ 509.453450][T21276] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5527'. [ 509.486225][T21276] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5527'. [ 509.549391][T21276] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5527'. [ 509.572459][T21276] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5527'. [ 509.599862][T21276] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5527'. [ 509.632303][T21276] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5527'. [ 509.653098][T21276] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5527'. [ 509.685949][T21276] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5527'. [ 509.705739][T21276] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5527'. [ 509.947442][T21288] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 509.965163][T21288] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 510.008978][T21084] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 510.030570][T21084] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 510.042696][T21084] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 510.042855][T21288] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 510.063927][T21084] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 510.198969][T21291] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 510.237997][T21288] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 510.273967][T21295] netlink: 'syz.3.5534': attribute type 3 has an invalid length. [ 510.356347][T21084] 8021q: adding VLAN 0 to HW filter on device bond0 [ 510.424657][T21084] 8021q: adding VLAN 0 to HW filter on device team0 [ 510.464450][ T5191] bridge0: port 1(bridge_slave_0) entered blocking state [ 510.471699][ T5191] bridge0: port 1(bridge_slave_0) entered forwarding state [ 510.510945][T21299] FAULT_INJECTION: forcing a failure. [ 510.510945][T21299] name failslab, interval 1, probability 0, space 0, times 0 [ 510.540984][T21299] CPU: 0 PID: 21299 Comm: syz.3.5535 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 510.550880][T21299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 510.560990][T21299] Call Trace: [ 510.564305][T21299] [ 510.567276][T21299] dump_stack_lvl+0x241/0x360 [ 510.572009][T21299] ? __pfx_dump_stack_lvl+0x10/0x10 [ 510.577258][T21299] ? __pfx__printk+0x10/0x10 [ 510.581914][T21299] ? __lock_acquire+0x1346/0x1fd0 [ 510.586994][T21299] should_fail_ex+0x3b0/0x4e0 [ 510.591738][T21299] ? __alloc_skb+0x1c3/0x440 [ 510.596379][T21299] should_failslab+0x9/0x20 [ 510.601015][T21299] kmem_cache_alloc_node_noprof+0x71/0x320 [ 510.606906][T21299] __alloc_skb+0x1c3/0x440 [ 510.611387][T21299] ? __pfx___alloc_skb+0x10/0x10 [ 510.616475][T21299] __ipv6_ifa_notify+0x2e9/0x1230 [ 510.621550][T21299] ? __pfx___ipv6_ifa_notify+0x10/0x10 [ 510.627073][T21299] ? mark_lock+0x9a/0x350 [ 510.631467][T21299] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 510.637498][T21299] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 510.643881][T21299] ? __local_bh_enable_ip+0x168/0x200 [ 510.649297][T21299] ? lockdep_hardirqs_on+0x99/0x150 [ 510.654546][T21299] ? __local_bh_enable_ip+0x168/0x200 [ 510.659971][T21299] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 510.665757][T21299] ? inet6_addr_modify+0x646/0x1ca0 [ 510.671010][T21299] inet6_addr_modify+0x938/0x1ca0 [ 510.676103][T21299] ? __pfx_inet6_addr_modify+0x10/0x10 [ 510.681617][T21299] ? __pfx_lock_acquire+0x10/0x10 [ 510.686697][T21299] ? ipv6_get_ifaddr+0x107/0x770 [ 510.691679][T21299] ? trace_contention_end+0x3c/0x120 [ 510.697102][T21299] ? __pfx_lock_release+0x10/0x10 [ 510.702206][T21299] ? __mutex_lock+0x2ef/0xd70 [ 510.706954][T21299] ? ipv6_get_ifaddr+0x708/0x770 [ 510.711962][T21299] ? ipv6_get_ifaddr+0x107/0x770 [ 510.716952][T21299] ? __pfx_ipv6_get_ifaddr+0x10/0x10 [ 510.722291][T21299] ? ipv6_mc_up+0x3c9/0x570 [ 510.726863][T21299] inet6_rtm_newaddr+0x858/0xc80 [ 510.731864][T21299] ? __pfx_inet6_rtm_newaddr+0x10/0x10 [ 510.737478][T21299] ? __pfx___mutex_lock+0x10/0x10 [ 510.742567][T21299] ? __pfx_inet6_rtm_newaddr+0x10/0x10 [ 510.748087][T21299] rtnetlink_rcv_msg+0x73f/0xcf0 [ 510.753075][T21299] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 510.758235][T21299] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 510.763745][T21299] ? ref_tracker_free+0x643/0x7e0 [ 510.768819][T21299] netlink_rcv_skb+0x1e3/0x430 [ 510.773623][T21299] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 510.779124][T21299] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 510.784486][T21299] ? netlink_deliver_tap+0x2e/0x1b0 [ 510.789730][T21299] netlink_unicast+0x7f0/0x990 [ 510.794543][T21299] ? __pfx_netlink_unicast+0x10/0x10 [ 510.799860][T21299] ? __virt_addr_valid+0x183/0x530 [ 510.805022][T21299] ? __check_object_size+0x49c/0x900 [ 510.810347][T21299] ? bpf_lsm_netlink_send+0x9/0x10 [ 510.815501][T21299] netlink_sendmsg+0x8e4/0xcb0 [ 510.820319][T21299] ? __pfx_netlink_sendmsg+0x10/0x10 [ 510.825657][T21299] ? __import_iovec+0x536/0x820 [ 510.830551][T21299] ? aa_sock_msg_perm+0x91/0x160 [ 510.835541][T21299] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 510.840887][T21299] ? security_socket_sendmsg+0x87/0xb0 [ 510.846412][T21299] ? __pfx_netlink_sendmsg+0x10/0x10 [ 510.851753][T21299] __sock_sendmsg+0x221/0x270 [ 510.856492][T21299] ____sys_sendmsg+0x525/0x7d0 [ 510.861326][T21299] ? __pfx_____sys_sendmsg+0x10/0x10 [ 510.866690][T21299] __sys_sendmsg+0x2b0/0x3a0 [ 510.871332][T21299] ? __pfx___sys_sendmsg+0x10/0x10 [ 510.876505][T21299] ? vfs_write+0x7c4/0xc90 [ 510.881024][T21299] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 510.887399][T21299] ? do_syscall_64+0x100/0x230 [ 510.892212][T21299] ? do_syscall_64+0xb6/0x230 [ 510.896937][T21299] do_syscall_64+0xf3/0x230 [ 510.901486][T21299] ? clear_bhb_loop+0x35/0x90 [ 510.906212][T21299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.912144][T21299] RIP: 0033:0x7f9c4c175a19 [ 510.916579][T21299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 510.936239][T21299] RSP: 002b:00007f9c4ce79048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 510.944670][T21299] RAX: ffffffffffffffda RBX: 00007f9c4c303f60 RCX: 00007f9c4c175a19 [ 510.952651][T21299] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000006 [ 510.960631][T21299] RBP: 00007f9c4ce790a0 R08: 0000000000000000 R09: 0000000000000000 [ 510.968615][T21299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 510.976611][T21299] R13: 000000000000000b R14: 00007f9c4c303f60 R15: 00007ffe4abb78a8 [ 510.984608][T21299] [ 511.020912][ T5191] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.028265][ T5191] bridge0: port 2(bridge_slave_1) entered forwarding state [ 511.076100][T21310] __nla_validate_parse: 27 callbacks suppressed [ 511.076121][T21310] netlink: 72 bytes leftover after parsing attributes in process `syz.1.5538'. [ 511.094799][T21307] netlink: 596 bytes leftover after parsing attributes in process `syz.0.5537'. [ 511.109256][T21310] netlink: 72 bytes leftover after parsing attributes in process `syz.1.5538'. [ 511.145141][T21309] netlink: 'syz.1.5538': attribute type 10 has an invalid length. [ 511.176836][T21309] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 511.186094][T21309] team0: Port device netdevsim0 added [ 511.352446][ T5112] Bluetooth: hci0: command tx timeout [ 511.746098][T21341] netlink: 'syz.1.5546': attribute type 2 has an invalid length. [ 511.791723][T21341] netlink: 'syz.1.5546': attribute type 1 has an invalid length. [ 511.809165][T21084] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 511.822505][T21341] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.5546'. [ 511.952682][T21084] veth0_vlan: entered promiscuous mode [ 512.000150][T21343] lo speed is unknown, defaulting to 1000 [ 512.010280][T21084] veth1_vlan: entered promiscuous mode [ 512.125220][T21084] veth0_macvtap: entered promiscuous mode [ 512.177312][T21084] veth1_macvtap: entered promiscuous mode [ 512.279398][T21084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 512.351805][T21084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.380405][T21084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 512.392333][T21084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.411450][T21084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 512.442090][T21084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.480564][T21084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 512.532182][T21084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.569462][T21084] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 512.592929][T21084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 512.632201][T21084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.661635][T21084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 512.684800][T21084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.731722][T21084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 512.782390][T21084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.801432][T21084] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 512.831431][T21084] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.863493][T21084] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 512.931426][T21084] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.940199][T21084] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.975127][T21084] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 513.011329][T21084] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 513.522397][T21375] netlink: 'syz.3.5557': attribute type 2 has an invalid length. [ 513.572620][T21375] netlink: 'syz.3.5557': attribute type 1 has an invalid length. [ 513.580435][T21375] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.5557'. [ 513.596326][ T7750] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 513.611498][ T7750] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 513.667244][T21385] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5560'. [ 513.748487][T21380] netlink: 'syz.0.5547': attribute type 4 has an invalid length. [ 513.787935][T21380] netlink: 17 bytes leftover after parsing attributes in process `syz.0.5547'. [ 513.834008][ T7750] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 513.866667][ T7750] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 514.160892][T21397] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5564'. [ 514.402106][T21406] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5567'. [ 514.480725][T21406] netlink: 596 bytes leftover after parsing attributes in process `syz.3.5567'. [ 514.648369][T21417] netlink: 'syz.4.5571': attribute type 2 has an invalid length. [ 514.681399][T21417] netlink: 'syz.4.5571': attribute type 1 has an invalid length. [ 515.241619][T21446] vlan2: entered promiscuous mode [ 515.364087][T21452] xt_ecn: cannot match TCP bits for non-tcp packets [ 515.462506][T21458] netlink: 'syz.0.5584': attribute type 1 has an invalid length. [ 515.670810][T21473] netlink: 'syz.0.5588': attribute type 5 has an invalid length. [ 515.720447][T21473] netlink: 'syz.0.5588': attribute type 3 has an invalid length. [ 516.172914][T21493] netlink: 'syz.1.5598': attribute type 1 has an invalid length. [ 516.212420][T21493] __nla_validate_parse: 9 callbacks suppressed [ 516.212444][T21493] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.5598'. [ 516.381931][T21509] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5606'. [ 516.473756][T21515] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5608'. [ 516.525699][T21518] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5608'. [ 516.612110][T21524] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5612'. [ 516.621308][T21526] netlink: 192 bytes leftover after parsing attributes in process `syz.2.5611'. [ 516.653204][T21524] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5612'. [ 516.950067][T21545] FAULT_INJECTION: forcing a failure. [ 516.950067][T21545] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 516.982294][T21546] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5618'. [ 516.995882][T21545] CPU: 1 PID: 21545 Comm: syz.2.5620 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 517.005764][T21545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 517.015857][T21545] Call Trace: [ 517.019167][T21545] [ 517.022130][T21545] dump_stack_lvl+0x241/0x360 [ 517.026856][T21545] ? __pfx_dump_stack_lvl+0x10/0x10 [ 517.032094][T21545] ? __pfx__printk+0x10/0x10 [ 517.036726][T21545] ? __pfx_lock_release+0x10/0x10 [ 517.041799][T21545] should_fail_ex+0x3b0/0x4e0 [ 517.046520][T21545] _copy_from_user+0x2f/0xe0 [ 517.051160][T21545] copy_msghdr_from_user+0xae/0x680 [ 517.056400][T21545] ? _parse_integer_limit+0x1b5/0x200 [ 517.061820][T21545] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 517.067692][T21545] __sys_sendmmsg+0x374/0x740 [ 517.072431][T21545] ? __pfx___sys_sendmmsg+0x10/0x10 [ 517.077722][T21545] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 517.083663][T21545] ? ksys_write+0x23e/0x2c0 [ 517.088211][T21545] ? __pfx_lock_release+0x10/0x10 [ 517.093379][T21545] ? vfs_write+0x7c4/0xc90 [ 517.097943][T21545] ? __mutex_unlock_slowpath+0x21d/0x750 [ 517.103733][T21545] ? __pfx_vfs_write+0x10/0x10 [ 517.109557][T21545] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 517.115597][T21545] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 517.121981][T21545] ? do_syscall_64+0x100/0x230 [ 517.126795][T21545] __x64_sys_sendmmsg+0xa0/0xb0 [ 517.131702][T21545] do_syscall_64+0xf3/0x230 [ 517.136254][T21545] ? clear_bhb_loop+0x35/0x90 [ 517.140991][T21545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.146934][T21545] RIP: 0033:0x7fc8edd75a19 [ 517.151401][T21545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 517.171071][T21545] RSP: 002b:00007fc8eeac4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 517.179552][T21545] RAX: ffffffffffffffda RBX: 00007fc8edf03f60 RCX: 00007fc8edd75a19 [ 517.187570][T21545] RDX: 0000000000000001 RSI: 0000000020000f00 RDI: 0000000000000004 [ 517.195623][T21545] RBP: 00007fc8eeac40a0 R08: 0000000000000000 R09: 0000000000000000 [ 517.203635][T21545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 517.211650][T21545] R13: 000000000000000b R14: 00007fc8edf03f60 R15: 00007ffeb43d6218 [ 517.219683][T21545] [ 517.453857][T21567] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5626'. [ 517.492008][T21567] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5626'. [ 517.927521][T21591] nbd: must specify a size in bytes for the device [ 518.469870][T21621] bond2: (slave gre1): The slave device specified does not support setting the MAC address [ 518.482344][T21621] bond2: (slave gre1): Error -95 calling set_mac_address [ 518.606871][T21620] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 518.801730][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 518.808424][ C1] vxcan0: j1939_xtp_rx_dat: no rx connection found [ 518.815154][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 518.821733][ C1] vxcan0: j1939_xtp_rx_dat: no rx connection found [ 518.828428][ C1] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 518.835021][ C1] vxcan0: j1939_xtp_rx_dat: no rx connection found [ 518.841778][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 518.849709][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 518.857844][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 518.865824][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 518.873946][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 518.881931][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 518.890023][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 518.897982][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 518.906100][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 518.914086][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 518.922216][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 518.930161][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 518.938353][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 518.946325][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 518.954450][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 518.962431][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 518.970466][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 518.978438][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 518.986576][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 518.994559][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 519.002691][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 519.010627][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 519.018731][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 519.026713][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 519.034830][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 519.042813][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 519.050901][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 519.058877][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 519.066937][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 519.074895][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 519.083020][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 519.090971][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 519.099120][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 519.107112][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 519.115222][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 519.123204][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 519.131375][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 519.139310][ C1] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 519.208417][T21629] (unnamed net_device) (uninitialized): down delay (37750) is not a multiple of miimon (7), value rounded to 37744 ms [ 519.247045][T21633] netlink: 'syz.3.5649': attribute type 29 has an invalid length. [ 519.256276][T21634] netlink: 'syz.3.5649': attribute type 29 has an invalid length. [ 519.264956][T21635] netlink: 'syz.3.5649': attribute type 29 has an invalid length. [ 519.275443][T21636] netlink: 'syz.3.5649': attribute type 29 has an invalid length. [ 520.610958][T21719] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 521.245588][T21758] __nla_validate_parse: 17 callbacks suppressed [ 521.245612][T21758] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5689'. [ 521.998760][T21796] netlink: 176 bytes leftover after parsing attributes in process `syz.1.5703'. [ 522.162491][T21804] netlink: 'syz.2.5706': attribute type 8 has an invalid length. [ 522.240954][ T29] audit: type=1107 audit(1721222109.558:4): pid=21810 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=':Y$nJ5 9Icc}֨ V}L(ΤO*?S\HSsdLY۞D|UsH;=' [ 522.322203][T21818] bridge0: entered promiscuous mode [ 522.342556][T21818] bridge0: entered allmulticast mode [ 522.361960][T21818] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5710'. [ 522.384804][T21818] netlink: 'syz.4.5710': attribute type 18 has an invalid length. [ 522.888315][T21851] netlink: 'syz.3.5717': attribute type 3 has an invalid length. [ 522.920068][T21851] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5717'. [ 523.405364][T21874] netlink: 'syz.1.5729': attribute type 10 has an invalid length. [ 523.450390][T21874] team0: Device hsr_slave_0 failed to register rx_handler [ 523.516110][T21875] tun0: tun_chr_ioctl cmd 1074025675 [ 523.521736][T21875] tun0: persist enabled [ 523.531288][T21869] tun0: tun_chr_ioctl cmd 1074025675 [ 523.544069][T21869] tun0: persist disabled [ 523.756451][T21882] xt_TPROXY: Can be used only with -p tcp or -p udp [ 523.952685][T21900] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5739'. [ 524.016099][T21901] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 524.042715][T21901] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains [ 524.183388][T21909] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5745'. [ 524.550783][T21929] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5751'. [ 525.184208][T21954] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5760'. [ 525.264194][T21958] FAULT_INJECTION: forcing a failure. [ 525.264194][T21958] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 525.303047][T21958] CPU: 0 PID: 21958 Comm: syz.2.5763 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 525.312933][T21958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 525.323031][T21958] Call Trace: [ 525.326343][T21958] [ 525.329304][T21958] dump_stack_lvl+0x241/0x360 [ 525.334116][T21958] ? __pfx_dump_stack_lvl+0x10/0x10 [ 525.339356][T21958] ? __pfx__printk+0x10/0x10 [ 525.343997][T21958] ? __pfx_lock_release+0x10/0x10 [ 525.349079][T21958] should_fail_ex+0x3b0/0x4e0 [ 525.353813][T21958] _copy_from_user+0x2f/0xe0 [ 525.358469][T21958] ethtool_get_sset_info+0x9d/0x620 [ 525.363721][T21958] ? dev_ethtool+0x21e/0x1bc0 [ 525.368455][T21958] ? __pfx_ethtool_get_sset_info+0x10/0x10 [ 525.374321][T21958] ? full_name_hash+0x93/0xe0 [ 525.379063][T21958] dev_ethtool+0xfbb/0x1bc0 [ 525.383633][T21958] ? __pfx_dev_ethtool+0x10/0x10 [ 525.388630][T21958] ? inet6_ioctl+0x203/0x280 [ 525.390071][T21962] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 525.393271][T21958] ? dev_load+0x21/0x1f0 [ 525.393315][T21958] dev_ioctl+0x785/0x1340 [ 525.393353][T21958] sock_do_ioctl+0x240/0x460 [ 525.393387][T21958] ? __pfx_sock_do_ioctl+0x10/0x10 [ 525.422257][T21958] sock_ioctl+0x629/0x8e0 [ 525.426635][T21958] ? __pfx_sock_ioctl+0x10/0x10 [ 525.431494][T21958] ? __fget_files+0x29/0x470 [ 525.436094][T21958] ? __fget_files+0x3f6/0x470 [ 525.440779][T21958] ? __fget_files+0x29/0x470 [ 525.445396][T21958] ? bpf_lsm_file_ioctl+0x9/0x10 [ 525.450348][T21958] ? security_file_ioctl+0x87/0xb0 [ 525.455666][T21958] ? __pfx_sock_ioctl+0x10/0x10 [ 525.460580][T21958] __se_sys_ioctl+0xfc/0x170 [ 525.465210][T21958] do_syscall_64+0xf3/0x230 [ 525.469735][T21958] ? clear_bhb_loop+0x35/0x90 [ 525.474433][T21958] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.480339][T21958] RIP: 0033:0x7fc8edd75a19 [ 525.484766][T21958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 525.504387][T21958] RSP: 002b:00007fc8eeac4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 525.512818][T21958] RAX: ffffffffffffffda RBX: 00007fc8edf03f60 RCX: 00007fc8edd75a19 [ 525.520799][T21958] RDX: 0000000020000040 RSI: 0000000000008946 RDI: 0000000000000003 [ 525.528778][T21958] RBP: 00007fc8eeac40a0 R08: 0000000000000000 R09: 0000000000000000 [ 525.536762][T21958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 525.544748][T21958] R13: 000000000000000b R14: 00007fc8edf03f60 R15: 00007ffeb43d6218 [ 525.552754][T21958] [ 525.617509][T21964] netlink: 'syz.4.5764': attribute type 3 has an invalid length. [ 525.704499][T21964] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5764'. [ 526.476343][T22013] Cannot find del_set index 2048 as target [ 526.733613][T22029] unsupported nla_type 40 [ 526.778181][T22029] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5787'. [ 526.843550][T22035] netlink: 'syz.3.5788': attribute type 4 has an invalid length. [ 526.981779][T22037] netlink: 'syz.3.5788': attribute type 4 has an invalid length. [ 527.189604][T22047] netlink: 'syz.0.5792': attribute type 11 has an invalid length. [ 527.403801][T22044] Bluetooth: MGMT ver 1.23 [ 527.407524][T22059] FAULT_INJECTION: forcing a failure. [ 527.407524][T22059] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 527.470955][T22059] CPU: 1 PID: 22059 Comm: syz.4.5795 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 527.480845][T22059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 527.490944][T22059] Call Trace: [ 527.494267][T22059] [ 527.497235][T22059] dump_stack_lvl+0x241/0x360 [ 527.501963][T22059] ? __pfx_dump_stack_lvl+0x10/0x10 [ 527.507216][T22059] ? __pfx__printk+0x10/0x10 [ 527.511858][T22059] ? __pfx_lock_release+0x10/0x10 [ 527.516937][T22059] should_fail_ex+0x3b0/0x4e0 [ 527.521675][T22059] _copy_from_iter+0x1f6/0x1960 [ 527.526590][T22059] ? __virt_addr_valid+0x183/0x530 [ 527.531829][T22059] ? __pfx_lock_release+0x10/0x10 [ 527.536910][T22059] ? __alloc_skb+0x28f/0x440 [ 527.541627][T22059] ? __pfx__copy_from_iter+0x10/0x10 [ 527.546975][T22059] ? __virt_addr_valid+0x183/0x530 [ 527.552140][T22059] ? __virt_addr_valid+0x183/0x530 [ 527.557299][T22059] ? __virt_addr_valid+0x45f/0x530 [ 527.562463][T22059] ? __check_object_size+0x49c/0x900 [ 527.567799][T22059] netlink_sendmsg+0x73d/0xcb0 [ 527.572628][T22059] ? __pfx_netlink_sendmsg+0x10/0x10 [ 527.577971][T22059] ? __import_iovec+0x536/0x820 [ 527.582871][T22059] ? aa_sock_msg_perm+0x91/0x160 [ 527.587860][T22059] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 527.593191][T22059] ? security_socket_sendmsg+0x87/0xb0 [ 527.598720][T22059] ? __pfx_netlink_sendmsg+0x10/0x10 [ 527.604061][T22059] __sock_sendmsg+0x221/0x270 [ 527.608792][T22059] ____sys_sendmsg+0x525/0x7d0 [ 527.613624][T22059] ? __pfx_____sys_sendmsg+0x10/0x10 [ 527.618989][T22059] __sys_sendmsg+0x2b0/0x3a0 [ 527.623648][T22059] ? __pfx___sys_sendmsg+0x10/0x10 [ 527.628814][T22059] ? vfs_write+0x7c4/0xc90 [ 527.633333][T22059] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 527.639711][T22059] ? do_syscall_64+0x100/0x230 [ 527.644529][T22059] ? do_syscall_64+0xb6/0x230 [ 527.649262][T22059] do_syscall_64+0xf3/0x230 [ 527.653817][T22059] ? clear_bhb_loop+0x35/0x90 [ 527.658556][T22059] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 527.660707][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 527.664472][T22059] RIP: 0033:0x7feb7f575a19 [ 527.664500][T22059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 527.664518][T22059] RSP: 002b:00007feb803a6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 527.664544][T22059] RAX: ffffffffffffffda RBX: 00007feb7f704038 RCX: 00007feb7f575a19 [ 527.711034][T22059] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 527.719018][T22059] RBP: 00007feb803a60a0 R08: 0000000000000000 R09: 0000000000000000 [ 527.727002][T22059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 527.735000][T22059] R13: 000000000000006e R14: 00007feb7f704038 R15: 00007ffce7ce3218 [ 527.742996][T22059] [ 527.874431][ T7720] bridge_slave_1: left allmulticast mode [ 527.900557][ T7720] bridge_slave_1: left promiscuous mode [ 527.921922][ T7720] bridge0: port 2(bridge_slave_1) entered disabled state [ 527.955107][ T7720] bridge_slave_0: left allmulticast mode [ 527.968502][ T7720] bridge_slave_0: left promiscuous mode [ 527.974732][ T7720] bridge0: port 1(bridge_slave_0) entered disabled state [ 528.323543][T22092] netlink: 9412 bytes leftover after parsing attributes in process `syz.3.5807'. [ 528.387348][T22095] Cannot find add_set index 0 as target [ 529.026725][ T7720] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 529.049517][ T7720] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 529.062515][ T7720] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 529.078646][ T7720] bond0 (unregistering): Released all slaves [ 529.129552][T22086] netlink: 'syz.4.5803': attribute type 4 has an invalid length. [ 529.140800][T22090] netlink: 'syz.4.5803': attribute type 4 has an invalid length. [ 529.222914][ T7720] IPVS: stopping master sync thread 7484 ... [ 529.290140][T22091] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 529.434209][ T5112] Bluetooth: hci0: command 0x0405 tx timeout [ 530.627445][T22145] netlink: 'syz.4.5820': attribute type 1 has an invalid length. [ 530.635936][T22145] netlink: 9348 bytes leftover after parsing attributes in process `syz.4.5820'. [ 532.018128][T22145] netlink: 1024 bytes leftover after parsing attributes in process `syz.4.5820'. [ 532.038156][T22145] sch_tbf: burst 0 is lower than device lo mtu (11337746) ! [ 532.229026][T22152] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5823'. [ 532.243580][T22156] netlink: 'syz.0.5825': attribute type 2 has an invalid length. [ 532.295914][T22162] netlink: 2272 bytes leftover after parsing attributes in process `syz.1.5822'. [ 532.329451][T22162] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5822'. [ 532.375054][T22159] can: request_module (can-proto-0) failed. [ 533.032383][ T7720] hsr_slave_0: left promiscuous mode [ 533.071437][ T7720] hsr_slave_1: left promiscuous mode [ 533.079166][T22201] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 533.118466][ T7720] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 533.126929][ T7720] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 533.146221][ T7720] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 533.160073][ T7720] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 533.228989][ T7720] veth1_macvtap: left promiscuous mode [ 533.240212][ T7720] veth0_macvtap: left promiscuous mode [ 533.259998][ T7720] veth1_vlan: left promiscuous mode [ 533.279213][ T7720] veth0_vlan: left promiscuous mode [ 533.575473][T22224] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5845'. [ 533.596177][T22224] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5845'. [ 534.199476][ T7720] smc: removing net device batadv_slave_1 with user defined pnetid SYZ0 [ 534.299457][ T7720] team0 (unregistering): Port device team_slave_1 removed [ 534.361345][ T7720] team0 (unregistering): Port device team_slave_0 removed [ 535.013889][T22238] FAULT_INJECTION: forcing a failure. [ 535.013889][T22238] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 535.063813][T22238] CPU: 0 PID: 22238 Comm: syz.3.5851 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 535.073709][T22238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 535.083787][T22238] Call Trace: [ 535.087073][T22238] [ 535.090027][T22238] dump_stack_lvl+0x241/0x360 [ 535.094733][T22238] ? __pfx_dump_stack_lvl+0x10/0x10 [ 535.099942][T22238] ? __pfx__printk+0x10/0x10 [ 535.104565][T22238] ? snprintf+0xda/0x120 [ 535.108840][T22238] should_fail_ex+0x3b0/0x4e0 [ 535.113534][T22238] _copy_to_user+0x2f/0xb0 [ 535.117995][T22238] simple_read_from_buffer+0xca/0x150 [ 535.123406][T22238] proc_fail_nth_read+0x1e9/0x250 [ 535.128448][T22238] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 535.134011][T22238] ? rw_verify_area+0x520/0x6b0 [ 535.138958][T22238] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 535.144516][T22238] vfs_read+0x204/0xbc0 [ 535.148683][T22238] ? __pfx_lock_release+0x10/0x10 [ 535.153802][T22238] ? __pfx_hci_sock_getsockopt+0x10/0x10 [ 535.159448][T22238] ? __pfx_vfs_read+0x10/0x10 [ 535.164143][T22238] ? __fget_files+0x29/0x470 [ 535.168744][T22238] ? __fget_files+0x3f6/0x470 [ 535.173536][T22238] ksys_read+0x1a0/0x2c0 [ 535.177803][T22238] ? __pfx_ksys_read+0x10/0x10 [ 535.182582][T22238] ? do_syscall_64+0x100/0x230 [ 535.187361][T22238] ? do_syscall_64+0xb6/0x230 [ 535.192067][T22238] do_syscall_64+0xf3/0x230 [ 535.196578][T22238] ? clear_bhb_loop+0x35/0x90 [ 535.201268][T22238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 535.207170][T22238] RIP: 0033:0x7f9c4c1744fc [ 535.211593][T22238] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 535.231221][T22238] RSP: 002b:00007f9c4ce79040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 535.239658][T22238] RAX: ffffffffffffffda RBX: 00007f9c4c303f60 RCX: 00007f9c4c1744fc [ 535.247640][T22238] RDX: 000000000000000f RSI: 00007f9c4ce790b0 RDI: 0000000000000003 [ 535.255620][T22238] RBP: 00007f9c4ce790a0 R08: 0000000000000000 R09: 0000000000000000 [ 535.263597][T22238] R10: 0000000020002880 R11: 0000000000000246 R12: 0000000000000001 [ 535.271672][T22238] R13: 000000000000000b R14: 00007f9c4c303f60 R15: 00007ffe4abb78a8 [ 535.279692][T22238] [ 535.600381][T22257] FAULT_INJECTION: forcing a failure. [ 535.600381][T22257] name failslab, interval 1, probability 0, space 0, times 0 [ 535.649275][T22257] CPU: 1 PID: 22257 Comm: syz.3.5859 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 535.659155][T22257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 535.669248][T22257] Call Trace: [ 535.672562][T22257] [ 535.675525][T22257] dump_stack_lvl+0x241/0x360 [ 535.680248][T22257] ? __pfx_dump_stack_lvl+0x10/0x10 [ 535.685486][T22257] ? __pfx__printk+0x10/0x10 [ 535.690120][T22257] ? __pfx___might_resched+0x10/0x10 [ 535.695451][T22257] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 535.701403][T22257] should_fail_ex+0x3b0/0x4e0 [ 535.706254][T22257] should_failslab+0x9/0x20 [ 535.710797][T22257] kmalloc_node_track_caller_noprof+0xda/0x440 [ 535.716990][T22257] ? kobject_set_name_vargs+0x61/0x120 [ 535.722513][T22257] kstrdup+0x3a/0x80 [ 535.726445][T22257] kobject_set_name_vargs+0x61/0x120 [ 535.731751][T22257] dev_set_name+0xd5/0x120 [ 535.736181][T22257] ? __pfx_dev_set_name+0x10/0x10 [ 535.741225][T22257] ? device_initialize+0x266/0x460 [ 535.746451][T22257] netdev_register_kobject+0xb7/0x320 [ 535.751840][T22257] register_netdevice+0x12c5/0x1b00 [ 535.757070][T22257] ? __pfx_register_netdevice+0x10/0x10 [ 535.762664][T22257] ? geneve_configure+0x5ed/0xa60 [ 535.767709][T22257] geneve_configure+0x6dd/0xa60 [ 535.772614][T22257] geneve_newlink+0x109/0x1b0 [ 535.777331][T22257] ? __pfx_geneve_newlink+0x10/0x10 [ 535.782560][T22257] ? rtnl_create_link+0x91c/0xc20 [ 535.787606][T22257] ? __pfx_geneve_newlink+0x10/0x10 [ 535.792838][T22257] rtnl_newlink+0x1591/0x20a0 [ 535.797561][T22257] ? __pfx_rtnl_newlink+0x10/0x10 [ 535.802603][T22257] ? __pfx___mutex_trylock_common+0x10/0x10 [ 535.808521][T22257] ? rcu_is_watching+0x15/0xb0 [ 535.813305][T22257] ? trace_contention_end+0x3c/0x120 [ 535.818606][T22257] ? __mutex_lock+0x2ef/0xd70 [ 535.823310][T22257] ? __pfx_lock_release+0x10/0x10 [ 535.828365][T22257] ? __pfx_rtnl_newlink+0x10/0x10 [ 535.833410][T22257] rtnetlink_rcv_msg+0x73f/0xcf0 [ 535.838359][T22257] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 535.843491][T22257] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 535.848972][T22257] ? ref_tracker_free+0x643/0x7e0 [ 535.854022][T22257] netlink_rcv_skb+0x1e3/0x430 [ 535.858799][T22257] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 535.864289][T22257] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 535.869606][T22257] ? netlink_deliver_tap+0x2e/0x1b0 [ 535.874907][T22257] netlink_unicast+0x7f0/0x990 [ 535.879688][T22257] ? __pfx_netlink_unicast+0x10/0x10 [ 535.884982][T22257] ? __virt_addr_valid+0x183/0x530 [ 535.890117][T22257] ? __check_object_size+0x49c/0x900 [ 535.895411][T22257] ? bpf_lsm_netlink_send+0x9/0x10 [ 535.900530][T22257] netlink_sendmsg+0x8e4/0xcb0 [ 535.905325][T22257] ? __pfx_netlink_sendmsg+0x10/0x10 [ 535.910623][T22257] ? __import_iovec+0x536/0x820 [ 535.915490][T22257] ? aa_sock_msg_perm+0x91/0x160 [ 535.920443][T22257] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 535.925743][T22257] ? security_socket_sendmsg+0x87/0xb0 [ 535.931257][T22257] ? __pfx_netlink_sendmsg+0x10/0x10 [ 535.936553][T22257] __sock_sendmsg+0x221/0x270 [ 535.941250][T22257] ____sys_sendmsg+0x525/0x7d0 [ 535.946137][T22257] ? __pfx_____sys_sendmsg+0x10/0x10 [ 535.951453][T22257] __sys_sendmsg+0x2b0/0x3a0 [ 535.956063][T22257] ? __pfx___sys_sendmsg+0x10/0x10 [ 535.961191][T22257] ? vfs_write+0x7c4/0xc90 [ 535.965668][T22257] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 535.972008][T22257] ? do_syscall_64+0x100/0x230 [ 535.976784][T22257] ? do_syscall_64+0xb6/0x230 [ 535.981473][T22257] do_syscall_64+0xf3/0x230 [ 535.985988][T22257] ? clear_bhb_loop+0x35/0x90 [ 535.990679][T22257] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 535.996600][T22257] RIP: 0033:0x7f9c4c175a19 [ 536.001028][T22257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 536.020642][T22257] RSP: 002b:00007f9c4ce79048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 536.029066][T22257] RAX: ffffffffffffffda RBX: 00007f9c4c303f60 RCX: 00007f9c4c175a19 [ 536.037062][T22257] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 536.045038][T22257] RBP: 00007f9c4ce790a0 R08: 0000000000000000 R09: 0000000000000000 [ 536.053015][T22257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 536.060990][T22257] R13: 000000000000000b R14: 00007f9c4c303f60 R15: 00007ffe4abb78a8 [ 536.068984][T22257] [ 536.128481][T22259] netdevsim netdevsim4: Direct firmware load for  failed with error -2 [ 536.161720][T22259] netdevsim netdevsim4: Falling back to sysfs fallback for:  [ 536.172139][T22267] veth1_macvtap: left promiscuous mode [ 536.287128][T22272] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5863'. [ 536.305881][T22272] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5863'. [ 536.673213][T22290] netlink: 64 bytes leftover after parsing attributes in process `syz.2.5869'. [ 536.711779][T22290] netlink: 830 bytes leftover after parsing attributes in process `syz.2.5869'. [ 536.712243][T22295] FAULT_INJECTION: forcing a failure. [ 536.712243][T22295] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 536.759772][T22295] CPU: 0 PID: 22295 Comm: syz.4.5872 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 536.769658][T22295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 536.779755][T22295] Call Trace: [ 536.783061][T22295] [ 536.786033][T22295] dump_stack_lvl+0x241/0x360 [ 536.790760][T22295] ? __pfx_dump_stack_lvl+0x10/0x10 [ 536.796094][T22295] ? __pfx__printk+0x10/0x10 [ 536.800736][T22295] ? snprintf+0xda/0x120 [ 536.805026][T22295] should_fail_ex+0x3b0/0x4e0 [ 536.809752][T22295] _copy_to_user+0x2f/0xb0 [ 536.814216][T22295] simple_read_from_buffer+0xca/0x150 [ 536.819674][T22295] proc_fail_nth_read+0x1e9/0x250 [ 536.824765][T22295] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 536.830364][T22295] ? rw_verify_area+0x520/0x6b0 [ 536.835346][T22295] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 536.840935][T22295] vfs_read+0x204/0xbc0 [ 536.845148][T22295] ? __pfx_vfs_read+0x10/0x10 [ 536.849876][T22295] ? __pfx_set_user_sigmask+0x10/0x10 [ 536.855301][T22295] ksys_read+0x1a0/0x2c0 [ 536.859598][T22295] ? __pfx_ksys_read+0x10/0x10 [ 536.864397][T22295] ? do_syscall_64+0x100/0x230 [ 536.869192][T22295] ? do_syscall_64+0xb6/0x230 [ 536.873882][T22295] do_syscall_64+0xf3/0x230 [ 536.878399][T22295] ? clear_bhb_loop+0x35/0x90 [ 536.883096][T22295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.889008][T22295] RIP: 0033:0x7feb7f5744fc [ 536.893434][T22295] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 536.913056][T22295] RSP: 002b:00007feb803c7040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 536.921488][T22295] RAX: ffffffffffffffda RBX: 00007feb7f703f60 RCX: 00007feb7f5744fc [ 536.929479][T22295] RDX: 000000000000000f RSI: 00007feb803c70b0 RDI: 0000000000000004 [ 536.937460][T22295] RBP: 00007feb803c70a0 R08: 0000000000000000 R09: 0000000000000000 [ 536.945436][T22295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 536.953413][T22295] R13: 000000000000004d R14: 00007feb7f703f60 R15: 00007ffce7ce3218 [ 536.961420][T22295] [ 537.068421][T22306] netlink: 'syz.0.5874': attribute type 12 has an invalid length. [ 537.105471][T22306] __nla_validate_parse: 1 callbacks suppressed [ 537.105516][T22306] netlink: 197276 bytes leftover after parsing attributes in process `syz.0.5874'. [ 537.230226][T22315] netlink: 'syz.0.5874': attribute type 1 has an invalid length. [ 537.239250][T22315] netlink: 244 bytes leftover after parsing attributes in process `syz.0.5874'. [ 537.248561][T22315] NCSI netlink: No device for ifindex 0 [ 537.287823][T22320] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5880'. [ 537.312180][T22320] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5880'. [ 537.805641][T22352] IPv6: Can't replace route, no match found [ 538.150538][T22368] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5898'. [ 538.174217][T22369] lo speed is unknown, defaulting to 1000 [ 538.456237][T22378] unknown channel width for channel at 909000KHz? [ 539.880836][T22423] FAULT_INJECTION: forcing a failure. [ 539.880836][T22423] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 539.904242][T22423] CPU: 1 PID: 22423 Comm: syz.3.5918 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 539.914216][T22423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 539.924316][T22423] Call Trace: [ 539.927630][T22423] [ 539.930593][T22423] dump_stack_lvl+0x241/0x360 [ 539.935405][T22423] ? __pfx_dump_stack_lvl+0x10/0x10 [ 539.940652][T22423] ? __pfx__printk+0x10/0x10 [ 539.945298][T22423] ? __pfx_lock_release+0x10/0x10 [ 539.950385][T22423] should_fail_ex+0x3b0/0x4e0 [ 539.955131][T22423] _copy_from_iter+0x1f6/0x1960 [ 539.960042][T22423] ? __virt_addr_valid+0x183/0x530 [ 539.965217][T22423] ? __pfx_lock_release+0x10/0x10 [ 539.970303][T22423] ? __alloc_skb+0x28f/0x440 [ 539.974941][T22423] ? __pfx__copy_from_iter+0x10/0x10 [ 539.980280][T22423] ? __virt_addr_valid+0x183/0x530 [ 539.985439][T22423] ? __virt_addr_valid+0x183/0x530 [ 539.990582][T22423] ? __virt_addr_valid+0x45f/0x530 [ 539.995726][T22423] ? __check_object_size+0x49c/0x900 [ 540.001053][T22423] netlink_sendmsg+0x73d/0xcb0 [ 540.005854][T22423] ? __pfx_netlink_sendmsg+0x10/0x10 [ 540.011149][T22423] ? __import_iovec+0x536/0x820 [ 540.016063][T22423] ? aa_sock_msg_perm+0x91/0x160 [ 540.021011][T22423] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 540.026306][T22423] ? security_socket_sendmsg+0x87/0xb0 [ 540.031787][T22423] ? __pfx_netlink_sendmsg+0x10/0x10 [ 540.037076][T22423] __sock_sendmsg+0x221/0x270 [ 540.041761][T22423] ____sys_sendmsg+0x525/0x7d0 [ 540.046561][T22423] ? __pfx_____sys_sendmsg+0x10/0x10 [ 540.051904][T22423] ? __might_fault+0xaa/0x120 [ 540.056627][T22423] __sys_sendmmsg+0x3b2/0x740 [ 540.061372][T22423] ? __pfx___sys_sendmmsg+0x10/0x10 [ 540.066634][T22423] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 540.072550][T22423] ? ksys_write+0x23e/0x2c0 [ 540.077084][T22423] ? __pfx_lock_release+0x10/0x10 [ 540.082125][T22423] ? vfs_write+0x7c4/0xc90 [ 540.086560][T22423] ? __mutex_unlock_slowpath+0x21d/0x750 [ 540.092203][T22423] ? __pfx_vfs_write+0x10/0x10 [ 540.097022][T22423] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 540.103014][T22423] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 540.109350][T22423] ? do_syscall_64+0x100/0x230 [ 540.114126][T22423] __x64_sys_sendmmsg+0xa0/0xb0 [ 540.119014][T22423] do_syscall_64+0xf3/0x230 [ 540.123544][T22423] ? clear_bhb_loop+0x35/0x90 [ 540.128231][T22423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 540.134130][T22423] RIP: 0033:0x7f9c4c175a19 [ 540.138549][T22423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 540.158168][T22423] RSP: 002b:00007f9c4ce79048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 540.166595][T22423] RAX: ffffffffffffffda RBX: 00007f9c4c303f60 RCX: 00007f9c4c175a19 [ 540.174574][T22423] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 540.182583][T22423] RBP: 00007f9c4ce790a0 R08: 0000000000000000 R09: 0000000000000000 [ 540.190575][T22423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 540.198674][T22423] R13: 000000000000000b R14: 00007f9c4c303f60 R15: 00007ffe4abb78a8 [ 540.206667][T22423] [ 540.214147][T22427] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5919'. [ 540.238994][T22428] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5919'. [ 540.262089][T22428] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5919'. [ 540.668363][T22450] RDS: rds_bind could not find a transport for ::8000:20:0:0, load rds_tcp or rds_rdma? [ 540.716223][T22448] can: request_module (can-proto-0) failed. [ 540.794362][T22464] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5933'. [ 540.838653][T22464] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5933'. [ 541.775661][T22501] netlink: 'syz.4.5949': attribute type 3 has an invalid length. [ 542.052129][T22526] netlink: 'syz.4.5956': attribute type 16 has an invalid length. [ 542.069195][T22526] netlink: 'syz.4.5956': attribute type 1 has an invalid length. [ 542.078109][T22526] netlink: 'syz.4.5956': attribute type 2 has an invalid length. [ 542.256073][T22536] netlink: 'syz.1.5960': attribute type 3 has an invalid length. [ 542.265783][T22536] __nla_validate_parse: 3 callbacks suppressed [ 542.265857][T22536] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.5960'. [ 543.135609][T22578] netlink: 'syz.3.5974': attribute type 10 has an invalid length. [ 543.161310][T22578] netlink: 210880 bytes leftover after parsing attributes in process `syz.3.5974'. [ 543.798834][T22613] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5987'. [ 543.834071][T22613] tipc: Enabling of bearer rejected, failed to enable media [ 543.869332][T22618] netlink: 'syz.3.5991': attribute type 26 has an invalid length. [ 543.882420][T22618] netlink: 'syz.3.5991': attribute type 33 has an invalid length. [ 544.040638][T22625] netlink: 'syz.2.5992': attribute type 10 has an invalid length. [ 544.074461][T22625] bridge0: port 2(bridge_slave_1) entered disabled state [ 544.083724][T22625] bridge0: port 1(bridge_slave_0) entered disabled state [ 544.194212][T22625] bridge0: port 2(bridge_slave_1) entered blocking state [ 544.201531][T22625] bridge0: port 2(bridge_slave_1) entered forwarding state [ 544.209254][T22625] bridge0: port 1(bridge_slave_0) entered blocking state [ 544.216532][T22625] bridge0: port 1(bridge_slave_0) entered forwarding state [ 544.296641][T22625] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 544.349642][T22639] dvmrp2: entered allmulticast mode [ 544.395163][T22641] netlink: 'syz.0.6000': attribute type 1 has an invalid length. [ 544.409833][T22641] netlink: 'syz.0.6000': attribute type 2 has an invalid length. [ 544.509234][T22648] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 544.557647][T22649] netlink: 56 bytes leftover after parsing attributes in process `syz.1.6004'. [ 544.760156][T22665] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6009'. [ 545.795902][T22713] netlink: 'syz.3.6020': attribute type 15 has an invalid length. [ 545.815555][T22713] netlink: 666 bytes leftover after parsing attributes in process `syz.3.6020'. [ 546.112313][T22728] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6025'. [ 546.191949][T22737] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 546.199294][T22737] IPv6: NLM_F_CREATE should be set when creating new route [ 547.973107][T22830] FAULT_INJECTION: forcing a failure. [ 547.973107][T22830] name failslab, interval 1, probability 0, space 0, times 0 [ 547.988265][T22830] CPU: 0 PID: 22830 Comm: syz.1.6064 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 547.998121][T22830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 548.008187][T22830] Call Trace: [ 548.011471][T22830] [ 548.014408][T22830] dump_stack_lvl+0x241/0x360 [ 548.019106][T22830] ? __pfx_dump_stack_lvl+0x10/0x10 [ 548.024312][T22830] ? __pfx__printk+0x10/0x10 [ 548.028911][T22830] ? ref_tracker_alloc+0x332/0x490 [ 548.034042][T22830] should_fail_ex+0x3b0/0x4e0 [ 548.038732][T22830] ? skb_clone+0x20c/0x390 [ 548.043169][T22830] should_failslab+0x9/0x20 [ 548.047704][T22830] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 548.053098][T22830] skb_clone+0x20c/0x390 [ 548.057364][T22830] __netlink_deliver_tap+0x3cc/0x7c0 [ 548.062689][T22830] ? netlink_deliver_tap+0x2e/0x1b0 [ 548.067900][T22830] netlink_deliver_tap+0x19d/0x1b0 [ 548.073026][T22830] netlink_unicast+0x7be/0x990 [ 548.077811][T22830] ? __pfx_netlink_unicast+0x10/0x10 [ 548.083126][T22830] ? __virt_addr_valid+0x183/0x530 [ 548.088261][T22830] ? __check_object_size+0x49c/0x900 [ 548.093558][T22830] ? bpf_lsm_netlink_send+0x9/0x10 [ 548.098686][T22830] netlink_sendmsg+0x8e4/0xcb0 [ 548.103478][T22830] ? __pfx_netlink_sendmsg+0x10/0x10 [ 548.108777][T22830] ? __import_iovec+0x536/0x820 [ 548.113642][T22830] ? aa_sock_msg_perm+0x91/0x160 [ 548.118592][T22830] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 548.123886][T22830] ? security_socket_sendmsg+0x87/0xb0 [ 548.129364][T22830] ? __pfx_netlink_sendmsg+0x10/0x10 [ 548.134655][T22830] __sock_sendmsg+0x221/0x270 [ 548.139346][T22830] ____sys_sendmsg+0x525/0x7d0 [ 548.144138][T22830] ? __pfx_____sys_sendmsg+0x10/0x10 [ 548.149544][T22830] __sys_sendmsg+0x2b0/0x3a0 [ 548.154153][T22830] ? __pfx___sys_sendmsg+0x10/0x10 [ 548.159278][T22830] ? vfs_write+0x7c4/0xc90 [ 548.163762][T22830] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 548.170103][T22830] ? do_syscall_64+0x100/0x230 [ 548.174883][T22830] ? do_syscall_64+0xb6/0x230 [ 548.179571][T22830] do_syscall_64+0xf3/0x230 [ 548.184087][T22830] ? clear_bhb_loop+0x35/0x90 [ 548.188781][T22830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.194687][T22830] RIP: 0033:0x7fbbf1575a19 [ 548.199114][T22830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 548.218731][T22830] RSP: 002b:00007fbbf23c6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 548.227157][T22830] RAX: ffffffffffffffda RBX: 00007fbbf1703f60 RCX: 00007fbbf1575a19 [ 548.235136][T22830] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 548.243117][T22830] RBP: 00007fbbf23c60a0 R08: 0000000000000000 R09: 0000000000000000 [ 548.251094][T22830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 548.259070][T22830] R13: 000000000000004d R14: 00007fbbf1703f60 R15: 00007ffd17469848 [ 548.267085][T22830] [ 548.305036][T22830] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 549.002774][ T5112] Bluetooth: hci0: link tx timeout [ 549.008349][ T5112] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 549.019064][ T5107] Bluetooth: hci0: link tx timeout [ 549.024764][ T5107] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 549.035015][ T5107] Bluetooth: hci0: link tx timeout [ 549.040180][ T5107] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 549.207448][T22876] netlink: 72 bytes leftover after parsing attributes in process `syz.0.6077'. [ 549.239355][T22876] netlink: 80 bytes leftover after parsing attributes in process `syz.0.6077'. [ 549.259333][T22876] nbd: must specify at least one socket [ 549.322707][T22882] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6080'. [ 550.330970][T22919] netlink: 'syz.4.6093': attribute type 16 has an invalid length. [ 550.375473][T22919] netlink: 'syz.4.6093': attribute type 17 has an invalid length. [ 550.584818][T22928] netlink: 84 bytes leftover after parsing attributes in process `syz.3.6095'. [ 550.616055][T22930] netlink: 44 bytes leftover after parsing attributes in process `syz.3.6095'. [ 550.735819][T22934] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6096'. [ 551.031884][ T5107] Bluetooth: hci0: command 0x0405 tx timeout [ 551.423410][T22975] : renamed from ipvlan1 [ 551.827914][T22996] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6122'. [ 551.980344][T23009] netlink: 'syz.0.6126': attribute type 24 has an invalid length. [ 552.823824][T23056] netlink: 'syz.3.6141': attribute type 10 has an invalid length. [ 552.840052][T23056] netlink: 224 bytes leftover after parsing attributes in process `syz.3.6141'. [ 552.853253][T23056] netlink: 1020 bytes leftover after parsing attributes in process `syz.3.6141'. [ 552.872721][T23056] netlink: 2640 bytes leftover after parsing attributes in process `syz.3.6141'. [ 553.142864][ T7720] bridge_slave_1: left allmulticast mode [ 553.153953][ T7720] bridge_slave_1: left promiscuous mode [ 553.166259][ T7720] bridge0: port 2(bridge_slave_1) entered disabled state [ 553.185106][ T7720] bridge_slave_0: left allmulticast mode [ 553.195441][ T7720] bridge_slave_0: left promiscuous mode [ 553.206977][ T7720] bridge0: port 1(bridge_slave_0) entered disabled state [ 554.902498][ T7720] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 554.917597][ T7720] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 554.929173][ T7720] bond0 (unregistering): Released all slaves [ 554.953676][T23075] __nla_validate_parse: 1 callbacks suppressed [ 554.953700][T23075] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6149'. [ 555.183684][ T7720] tipc: Left network mode [ 555.729565][T23140] veth1: entered promiscuous mode [ 555.761433][T23140] veth1: left promiscuous mode [ 556.281790][ T7720] hsr_slave_0: left promiscuous mode [ 556.324867][ T7720] hsr_slave_1: left promiscuous mode [ 556.360615][ T7720] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 556.374937][ T7720] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 556.399532][ T7720] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 556.429313][ T7720] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 556.540856][ T7720] veth1_macvtap: left promiscuous mode [ 556.561507][ T7720] veth0_macvtap: left promiscuous mode [ 556.571982][ T7720] veth1_vlan: left promiscuous mode [ 556.578481][ T7720] veth0_vlan: left promiscuous mode [ 556.900245][ T7720] infiniband syz0: set down [ 558.112079][ T7727] smc: removing ib device syz0 [ 558.158646][ T5156] lo speed is unknown, defaulting to 1000 [ 558.165626][T23209] netlink: 'syz.3.6199': attribute type 29 has an invalid length. [ 558.355047][T23210] netlink: 'syz.3.6199': attribute type 29 has an invalid length. [ 558.390426][T23211] netlink: 'syz.3.6199': attribute type 29 has an invalid length. [ 558.443587][T23218] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6201'. [ 559.188797][T23243] (unnamed net_device) (uninitialized): option updelay: invalid value (18446744071562067969) [ 559.241890][T23243] (unnamed net_device) (uninitialized): option updelay: allowed values 0 - 2147483647 [ 567.189679][T23303] xt_TCPMSS: Only works on TCP SYN packets [ 567.270971][T23307] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6234'. [ 568.469668][T23368] netlink: 'syz.2.6258': attribute type 4 has an invalid length. [ 568.886101][T23397] netlink: 104 bytes leftover after parsing attributes in process `syz.0.6270'. [ 569.007154][T23399] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6271'. [ 569.058949][T23403] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6271'. [ 569.116710][T23406] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6274'. [ 569.308784][T23413] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6276'. [ 569.403181][T23420] FAULT_INJECTION: forcing a failure. [ 569.403181][T23420] name failslab, interval 1, probability 0, space 0, times 0 [ 569.416492][T23420] CPU: 0 PID: 23420 Comm: syz.1.6278 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 569.423342][T23421] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6279'. [ 569.426320][T23420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 569.445354][T23420] Call Trace: [ 569.448664][T23420] [ 569.451623][T23420] dump_stack_lvl+0x241/0x360 [ 569.456348][T23420] ? __pfx_dump_stack_lvl+0x10/0x10 [ 569.461592][T23420] ? __pfx__printk+0x10/0x10 [ 569.466229][T23420] ? __pfx___might_resched+0x10/0x10 [ 569.471557][T23420] ? br_vlan_lookup+0x636/0x710 [ 569.476460][T23420] should_fail_ex+0x3b0/0x4e0 [ 569.481156][T23420] ? br_vlan_add+0x208/0x970 [ 569.485784][T23420] should_failslab+0x9/0x20 [ 569.490297][T23420] kmalloc_trace_noprof+0x6c/0x2c0 [ 569.495512][T23420] br_vlan_add+0x208/0x970 [ 569.499949][T23420] ? __lock_acquire+0x1346/0x1fd0 [ 569.504997][T23420] br_vlan_info+0x1fc/0x510 [ 569.509511][T23420] ? __pfx_br_vlan_info+0x10/0x10 [ 569.514578][T23420] br_process_vlan_info+0x7fa/0xbf0 [ 569.519974][T23420] ? mark_lock+0x9a/0x350 [ 569.524327][T23420] ? __pfx_br_process_vlan_info+0x10/0x10 [ 569.530058][T23420] ? do_raw_spin_unlock+0xc0/0x8b0 [ 569.535182][T23420] br_afspec+0x3ce/0x640 [ 569.539448][T23420] ? __pfx_br_afspec+0x10/0x10 [ 569.544229][T23420] ? nla_find+0x124/0x140 [ 569.548576][T23420] br_setlink+0x31d/0x8b0 [ 569.552921][T23420] ? __pfx_br_setlink+0x10/0x10 [ 569.557938][T23420] ? rtnetlink_rcv_msg+0x6e6/0xcf0 [ 569.563121][T23420] ? mutex_trylock+0xe0/0x130 [ 569.567837][T23420] ? nla_find+0x124/0x140 [ 569.572194][T23420] rtnl_bridge_setlink+0x598/0x730 [ 569.577330][T23420] ? __pfx_rtnl_bridge_setlink+0x10/0x10 [ 569.582989][T23420] rtnetlink_rcv_msg+0x73f/0xcf0 [ 569.587956][T23420] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 569.593099][T23420] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 569.598576][T23420] ? ref_tracker_free+0x643/0x7e0 [ 569.603619][T23420] netlink_rcv_skb+0x1e3/0x430 [ 569.608419][T23420] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 569.613892][T23420] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 569.619210][T23420] ? netlink_deliver_tap+0x2e/0x1b0 [ 569.624440][T23420] netlink_unicast+0x7f0/0x990 [ 569.629249][T23420] ? __pfx_netlink_unicast+0x10/0x10 [ 569.634554][T23420] ? __virt_addr_valid+0x183/0x530 [ 569.639697][T23420] ? __check_object_size+0x49c/0x900 [ 569.644997][T23420] ? bpf_lsm_netlink_send+0x9/0x10 [ 569.650121][T23420] netlink_sendmsg+0x8e4/0xcb0 [ 569.654908][T23420] ? __pfx_netlink_sendmsg+0x10/0x10 [ 569.660206][T23420] ? __import_iovec+0x536/0x820 [ 569.665094][T23420] ? aa_sock_msg_perm+0x91/0x160 [ 569.670051][T23420] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 569.675348][T23420] ? security_socket_sendmsg+0x87/0xb0 [ 569.680832][T23420] ? __pfx_netlink_sendmsg+0x10/0x10 [ 569.686220][T23420] __sock_sendmsg+0x221/0x270 [ 569.690916][T23420] ____sys_sendmsg+0x525/0x7d0 [ 569.695705][T23420] ? __pfx_____sys_sendmsg+0x10/0x10 [ 569.701014][T23420] ? __might_fault+0xaa/0x120 [ 569.705707][T23420] __sys_sendmmsg+0x3b2/0x740 [ 569.710409][T23420] ? __pfx___sys_sendmmsg+0x10/0x10 [ 569.715680][T23420] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 569.721592][T23420] ? ksys_write+0x23e/0x2c0 [ 569.726113][T23420] ? __pfx_lock_release+0x10/0x10 [ 569.731184][T23420] ? vfs_write+0x7c4/0xc90 [ 569.735625][T23420] ? __mutex_unlock_slowpath+0x21d/0x750 [ 569.741274][T23420] ? __pfx_vfs_write+0x10/0x10 [ 569.746099][T23420] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 569.752130][T23420] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 569.758491][T23420] ? do_syscall_64+0x100/0x230 [ 569.763282][T23420] __x64_sys_sendmmsg+0xa0/0xb0 [ 569.768155][T23420] do_syscall_64+0xf3/0x230 [ 569.772688][T23420] ? clear_bhb_loop+0x35/0x90 [ 569.777383][T23420] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.783293][T23420] RIP: 0033:0x7fbbf1575a19 [ 569.787720][T23420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.807340][T23420] RSP: 002b:00007fbbf23c6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 569.815767][T23420] RAX: ffffffffffffffda RBX: 00007fbbf1703f60 RCX: 00007fbbf1575a19 [ 569.823755][T23420] RDX: 04000000000001f2 RSI: 0000000020000000 RDI: 0000000000000004 [ 569.831735][T23420] RBP: 00007fbbf23c60a0 R08: 0000000000000000 R09: 0000000000000000 [ 569.839717][T23420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 569.847695][T23420] R13: 000000000000004d R14: 00007fbbf1703f60 R15: 00007ffd17469848 [ 569.855697][T23420] [ 570.320742][ T6476] wlan0: Trigger new scan to find an IBSS to join [ 570.864838][T23463] netlink: 256 bytes leftover after parsing attributes in process `syz.3.6291'. [ 573.086297][ T7742] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 573.141334][ T7742] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 573.352478][ T6476] wlan0: Trigger new scan to find an IBSS to join [ 573.400534][ T7742] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 573.420763][ T7742] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 573.536761][ T5107] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 573.553503][ T5107] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 573.563344][ T5107] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 573.579289][ T5107] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 573.587908][ T5107] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 573.600827][ T5107] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 573.657414][ T7742] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 573.667948][ T7742] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 573.782552][ T7742] bond0: (slave netdevsim0): Releasing backup interface [ 573.802021][ T7742] netdevsim netdevsim4 netdevsim0 (unregistering): left promiscuous mode [ 573.830460][ T7742] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 573.889717][ T7742] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 574.547687][ T7742] bridge_slave_1: left allmulticast mode [ 574.578354][ T5112] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 574.587413][ T7742] bridge_slave_1: left promiscuous mode [ 574.596532][ T5112] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 574.605634][ T5112] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 574.623658][ T5112] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 574.632081][ T5112] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 574.633275][ T7742] bridge0: port 2(bridge_slave_1) entered disabled state [ 574.655745][ T5112] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 574.717377][ T7742] : left allmulticast mode [ 574.727009][ T7742] : left promiscuous mode [ 574.737761][ T7742] bridge0: port 1() entered disabled state [ 575.410122][T23544] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6321'. [ 575.673326][ T5107] Bluetooth: hci0: command tx timeout [ 576.324177][ T7740] wlan0: Creating new IBSS network, BSSID ee:c8:53:a5:de:e2 [ 576.350637][ T7742] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 576.360186][ T7742] bond_slave_0: left promiscuous mode [ 576.369181][ T7742] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 576.378545][ T7742] bond_slave_1: left promiscuous mode [ 576.388773][ T7742] bond0 (unregistering): (slave macvlan3): Releasing backup interface [ 576.401004][ T7742] macvlan3: left promiscuous mode [ 576.406569][ T7742] team0: left promiscuous mode [ 576.416573][ T7742] team0: left allmulticast mode [ 576.421559][ T7742] team_slave_1: left allmulticast mode [ 576.427614][ T7742] team_slave_1: left promiscuous mode [ 576.436390][ T7742] bond0 (unregistering): Released all slaves [ 576.452165][ T7742] bond1 (unregistering): Released all slaves [ 576.467518][ T7742] bond2 (unregistering): Released all slaves [ 576.534872][T23549] netlink: 'syz.0.6322': attribute type 10 has an invalid length. [ 576.633463][T23499] chnl_net:caif_netlink_parms(): no params data found [ 576.722126][ T5107] Bluetooth: hci2: command tx timeout [ 577.071490][T23499] bridge0: port 1(bridge_slave_0) entered blocking state [ 577.088264][T23499] bridge0: port 1(bridge_slave_0) entered disabled state [ 577.096193][T23499] bridge_slave_0: entered allmulticast mode [ 577.115495][T23499] bridge_slave_0: entered promiscuous mode [ 577.133346][T23499] bridge0: port 2(bridge_slave_1) entered blocking state [ 577.149312][T23499] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.158022][T23499] bridge_slave_1: entered allmulticast mode [ 577.175414][T23499] bridge_slave_1: entered promiscuous mode [ 577.385859][T23499] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 577.401028][T23499] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 577.404824][T23595] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 577.545882][T23530] chnl_net:caif_netlink_parms(): no params data found [ 577.592978][T23499] team0: Port device team_slave_0 added [ 577.618550][T23499] team0: Port device team_slave_1 added [ 577.750703][T23602] openvswitch: netlink: IP tunnel attribute has 2 unknown bytes. [ 577.763485][ T5107] Bluetooth: hci0: command tx timeout [ 578.050070][ T7742] hsr_slave_0: left promiscuous mode [ 578.067210][ T7742] hsr_slave_1: left promiscuous mode [ 578.076378][ T7742] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 578.084494][ T7742] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 578.093007][ T7742] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 578.100804][ T7742] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 578.143062][ T7742] veth1_macvtap: left promiscuous mode [ 578.148605][ T7742] veth0_macvtap: left promiscuous mode [ 578.171333][ T7742] veth1_vlan: left promiscuous mode [ 578.176736][ T7742] veth0_vlan: left promiscuous mode [ 578.792363][ T5107] Bluetooth: hci2: command tx timeout [ 579.216133][ T7742] team0 (unregistering): Port device team_slave_1 removed [ 579.802725][T23499] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 579.810021][T23499] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 579.838421][ T5107] Bluetooth: hci0: command tx timeout [ 579.841084][T23499] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 579.871747][T23499] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 579.878741][T23499] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 579.905622][T23499] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 579.961304][T23629] FAULT_INJECTION: forcing a failure. [ 579.961304][T23629] name failslab, interval 1, probability 0, space 0, times 0 [ 579.981576][T23629] CPU: 1 PID: 23629 Comm: syz.3.6347 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 579.991462][T23629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 580.001559][T23629] Call Trace: [ 580.004900][T23629] [ 580.007832][T23629] dump_stack_lvl+0x241/0x360 [ 580.012522][T23629] ? __pfx_dump_stack_lvl+0x10/0x10 [ 580.017746][T23629] ? __pfx__printk+0x10/0x10 [ 580.022357][T23629] ? __pfx___might_resched+0x10/0x10 [ 580.027696][T23629] should_fail_ex+0x3b0/0x4e0 [ 580.032386][T23629] ? fib6_info_alloc+0x2e/0xf0 [ 580.037160][T23629] should_failslab+0x9/0x20 [ 580.041763][T23629] __kmalloc_noprof+0xd8/0x400 [ 580.046581][T23629] fib6_info_alloc+0x2e/0xf0 [ 580.051195][T23629] ip6_route_info_create+0x445/0x12b0 [ 580.056597][T23629] ? __sock_sendmsg+0x221/0x270 [ 580.061466][T23629] ? do_syscall_64+0xf3/0x230 [ 580.066177][T23629] addrconf_f6i_alloc+0x3c2/0x7f0 [ 580.071231][T23629] ? __pfx_addrconf_f6i_alloc+0x10/0x10 [ 580.076823][T23629] ? __kasan_kmalloc+0x98/0xb0 [ 580.081608][T23629] ? ipv6_add_addr+0x580/0x1090 [ 580.086490][T23629] ? kmalloc_trace_noprof+0x19c/0x2c0 [ 580.091878][T23629] ipv6_add_addr+0x5b6/0x1090 [ 580.096576][T23629] ? __pfx_ipv6_add_addr+0x10/0x10 [ 580.101714][T23629] ? ipv6_get_ifaddr+0x708/0x770 [ 580.106687][T23629] inet6_addr_add+0x563/0xb00 [ 580.111403][T23629] inet6_rtm_newaddr+0x8a3/0xc80 [ 580.116381][T23629] ? __pfx_inet6_rtm_newaddr+0x10/0x10 [ 580.121874][T23629] ? __pfx___mutex_lock+0x10/0x10 [ 580.126971][T23629] ? __pfx_inet6_rtm_newaddr+0x10/0x10 [ 580.132450][T23629] rtnetlink_rcv_msg+0x73f/0xcf0 [ 580.137394][T23629] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 580.142529][T23629] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 580.148023][T23629] ? ref_tracker_free+0x643/0x7e0 [ 580.153083][T23629] netlink_rcv_skb+0x1e3/0x430 [ 580.157900][T23629] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 580.163384][T23629] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 580.168718][T23629] ? netlink_deliver_tap+0x2e/0x1b0 [ 580.173934][T23629] netlink_unicast+0x7f0/0x990 [ 580.178734][T23629] ? __pfx_netlink_unicast+0x10/0x10 [ 580.184031][T23629] ? __virt_addr_valid+0x183/0x530 [ 580.189158][T23629] ? __check_object_size+0x49c/0x900 [ 580.194450][T23629] ? bpf_lsm_netlink_send+0x9/0x10 [ 580.199575][T23629] netlink_sendmsg+0x8e4/0xcb0 [ 580.204376][T23629] ? __pfx_netlink_sendmsg+0x10/0x10 [ 580.209692][T23629] ? __import_iovec+0x536/0x820 [ 580.214559][T23629] ? aa_sock_msg_perm+0x91/0x160 [ 580.219528][T23629] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 580.224832][T23629] ? security_socket_sendmsg+0x87/0xb0 [ 580.230329][T23629] ? __pfx_netlink_sendmsg+0x10/0x10 [ 580.235642][T23629] __sock_sendmsg+0x221/0x270 [ 580.240337][T23629] ____sys_sendmsg+0x525/0x7d0 [ 580.245135][T23629] ? __pfx_____sys_sendmsg+0x10/0x10 [ 580.250447][T23629] __sys_sendmsg+0x2b0/0x3a0 [ 580.255053][T23629] ? __pfx___sys_sendmsg+0x10/0x10 [ 580.260182][T23629] ? vfs_write+0x7c4/0xc90 [ 580.264649][T23629] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 580.270988][T23629] ? do_syscall_64+0x100/0x230 [ 580.275767][T23629] ? do_syscall_64+0xb6/0x230 [ 580.280456][T23629] do_syscall_64+0xf3/0x230 [ 580.284983][T23629] ? clear_bhb_loop+0x35/0x90 [ 580.289689][T23629] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.295592][T23629] RIP: 0033:0x7f9c4c175a19 [ 580.300023][T23629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 580.319644][T23629] RSP: 002b:00007f9c4bbff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 580.328079][T23629] RAX: ffffffffffffffda RBX: 00007f9c4c304038 RCX: 00007f9c4c175a19 [ 580.336080][T23629] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000006 [ 580.344075][T23629] RBP: 00007f9c4bbff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 580.352094][T23629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 580.360070][T23629] R13: 000000000000006e R14: 00007f9c4c304038 R15: 00007ffe4abb78a8 [ 580.368097][T23629] [ 580.378149][T23632] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6348'. [ 580.475078][T23530] bridge0: port 1(bridge_slave_0) entered blocking state [ 580.484259][T23530] bridge0: port 1(bridge_slave_0) entered disabled state [ 580.492244][T23530] bridge_slave_0: entered allmulticast mode [ 580.500208][T23530] bridge_slave_0: entered promiscuous mode [ 580.522314][T23530] bridge0: port 2(bridge_slave_1) entered blocking state [ 580.529872][T23530] bridge0: port 2(bridge_slave_1) entered disabled state [ 580.539545][T23530] bridge_slave_1: entered allmulticast mode [ 580.561053][T23530] bridge_slave_1: entered promiscuous mode [ 580.767459][T23499] hsr_slave_0: entered promiscuous mode [ 580.783105][T23499] hsr_slave_1: entered promiscuous mode [ 580.799213][T23530] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 580.850509][T23648] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6354'. [ 580.883508][ T5107] Bluetooth: hci2: command tx timeout [ 580.918501][T23530] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 581.089593][T23657] No such timeout policy "syz0" [ 581.114503][T23530] team0: Port device team_slave_0 added [ 581.136860][ T7742] IPVS: stop unused estimator thread 0... [ 581.170387][T23530] team0: Port device team_slave_1 added [ 581.251005][T23530] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 581.259170][T23530] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 581.289494][T23530] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 581.333133][T23530] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 581.340206][T23530] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 581.367410][T23530] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 581.449681][T23666] vlan2 (unregistering): left allmulticast mode [ 581.459897][T23666] team0: Port device vlan2 removed [ 581.505493][T23530] hsr_slave_0: entered promiscuous mode [ 581.517483][T23530] hsr_slave_1: entered promiscuous mode [ 581.528781][T23530] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 581.542651][T23530] Cannot create hsr debugfs directory [ 581.637957][ T7742] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 581.748814][ T7742] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 581.903927][ T7742] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 581.915219][ T5107] Bluetooth: hci0: command tx timeout [ 582.034798][ T7742] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 582.098684][T23683] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6367'. [ 582.114312][T23683] netlink: 60 bytes leftover after parsing attributes in process `syz.0.6367'. [ 582.357362][ T7742] bridge_slave_1: left allmulticast mode [ 582.371459][ T7742] bridge_slave_1: left promiscuous mode [ 582.384945][ T7742] bridge0: port 2(bridge_slave_1) entered disabled state [ 582.444236][ T7742] bridge_slave_0: left allmulticast mode [ 582.450327][ T7742] bridge_slave_0: left promiscuous mode [ 582.461955][ T7742] bridge0: port 1(bridge_slave_0) entered disabled state [ 582.777540][ T7742] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 582.951804][ T5107] Bluetooth: hci2: command tx timeout [ 582.958672][ T7742] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 582.972716][ T7742] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 582.984764][ T7742] bond0 (unregistering): Released all slaves [ 583.020179][T23695] bond0: (slave macvlan5): Error -98 calling set_mac_address [ 583.077567][T23700] : renamed from bond0 [ 583.110293][T23701] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 583.410187][T23499] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 584.222275][T23499] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 584.358476][T23499] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 584.389529][T23499] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 584.430204][T23727] [ 584.432604][T23727] ================================================ [ 584.439128][T23727] WARNING: lock held when returning to user space! [ 584.445645][T23727] 6.10.0-syzkaller-04472-g51835949dda3 #0 Not tainted [ 584.452455][T23727] ------------------------------------------------ [ 584.458952][T23727] syz.0.6383/23727 is leaving the kernel with locks still held! [ 584.466580][T23727] 1 lock held by syz.0.6383/23727: [ 584.471725][T23727] #0: ffffffff8e335fe0 (rcu_read_lock){....}-{1:2}, at: ns_ioctl+0x3e0/0x740 [ 584.484806][T23727] ------------[ cut here ]------------ [ 584.490317][T23727] Voluntary context switch within RCU read-side critical section! [ 584.490431][T23727] WARNING: CPU: 1 PID: 23727 at kernel/rcu/tree_plugin.h:330 rcu_note_context_switch+0xcf4/0xff0 [ 584.508842][T23727] Modules linked in: [ 584.512846][T23727] CPU: 1 PID: 23727 Comm: syz.0.6383 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 584.522655][T23727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 584.532716][T23727] RIP: 0010:rcu_note_context_switch+0xcf4/0xff0 [ 584.539068][T23727] Code: 00 ba 02 00 00 00 e8 cb 02 fe ff 4c 8b b4 24 80 00 00 00 eb 91 c6 05 98 3f 1b 0e 01 90 48 c7 c7 40 21 cc 8b e8 8d 26 db ff 90 <0f> 0b 90 90 e9 3b f4 ff ff 90 0f 0b 90 45 84 ed 0f 84 00 f4 ff ff [ 584.558684][T23727] RSP: 0000:ffffc9000b78fba0 EFLAGS: 00010046 [ 584.564763][T23727] RAX: 08e73b18bd257c00 RBX: ffff888025b8de44 RCX: 0000000000040000 [ 584.572743][T23727] RDX: ffffc90004d79000 RSI: 0000000000012675 RDI: 0000000000012676 [ 584.580804][T23727] RBP: ffffc9000b78fcf0 R08: ffffffff815878a2 R09: fffffbfff1c39d94 [ 584.588781][T23727] R10: dffffc0000000000 R11: fffffbfff1c39d94 R12: ffff888025b8da00 [ 584.596762][T23727] R13: 0000000000000000 R14: 1ffff920016f1f8c R15: dffffc0000000000 [ 584.604759][T23727] FS: 00007fa8a6b636c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 584.613708][T23727] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 584.620302][T23727] CR2: 00007f9c4bbffd58 CR3: 000000002c038000 CR4: 00000000003506f0 [ 584.628308][T23727] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 584.636290][T23727] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 584.644271][T23727] Call Trace: [ 584.647553][T23727] [ 584.650513][T23727] ? __warn+0x163/0x4e0 [ 584.654705][T23727] ? rcu_note_context_switch+0xcf4/0xff0 [ 584.660389][T23727] ? report_bug+0x2b3/0x500 [ 584.664905][T23727] ? rcu_note_context_switch+0xcf4/0xff0 [ 584.670583][T23727] ? handle_bug+0x3e/0x70 [ 584.674921][T23727] ? exc_invalid_op+0x1a/0x50 [ 584.679621][T23727] ? asm_exc_invalid_op+0x1a/0x20 [ 584.684657][T23727] ? __warn_printk+0x292/0x360 [ 584.689441][T23727] ? rcu_note_context_switch+0xcf4/0xff0 [ 584.695091][T23727] ? __schedule+0x1808/0x4a60 [ 584.699787][T23727] ? __pfx_rcu_note_context_switch+0x10/0x10 [ 584.705786][T23727] ? rcu_is_watching+0x15/0xb0 [ 584.710560][T23727] __schedule+0x348/0x4a60 [ 584.714996][T23727] ? trace_irq_disable+0x3b/0x120 [ 584.720036][T23727] ? preempt_schedule_irq+0x144/0x1c0 [ 584.725535][T23727] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 584.731294][T23727] ? __pfx___schedule+0x10/0x10 [ 584.736348][T23727] ? trace_irq_disable+0x2c/0x120 [ 584.741395][T23727] ? rcu_is_watching+0x15/0xb0 [ 584.746186][T23727] schedule+0x14b/0x320 [ 584.750358][T23727] irqentry_exit_to_user_mode+0xe7/0x280 [ 584.756002][T23727] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 584.761563][T23727] RIP: 0033:0x7fa8a5d75a19 [ 584.765983][T23727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 584.785712][T23727] RSP: 002b:00007fa8a6b63048 EFLAGS: 00000246 [ 584.791796][T23727] RAX: fffffffffffffffd RBX: 00007fa8a5f03f60 RCX: 00007fa8a5d75a19 [ 584.799787][T23727] RDX: 0000000000000000 RSI: 000000008004b708 RDI: 0000000000000003 [ 584.807789][T23727] RBP: 00007fa8a5de4e49 R08: 0000000000000000 R09: 0000000000000000 [ 584.815770][T23727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 584.823747][T23727] R13: 000000000000004d R14: 00007fa8a5f03f60 R15: 00007ffd3ba941f8 [ 584.831738][T23727] [ 584.834762][T23727] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 584.842046][T23727] CPU: 1 PID: 23727 Comm: syz.0.6383 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 584.851854][T23727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 584.861914][T23727] Call Trace: [ 584.865207][T23727] [ 584.868144][T23727] dump_stack_lvl+0x241/0x360 [ 584.872843][T23727] ? __pfx_dump_stack_lvl+0x10/0x10 [ 584.878057][T23727] ? __pfx__printk+0x10/0x10 [ 584.882659][T23727] ? vscnprintf+0x5d/0x90 [ 584.886994][T23727] panic+0x349/0x860 [ 584.890992][T23727] ? __warn+0x172/0x4e0 [ 584.895172][T23727] ? __pfx_panic+0x10/0x10 [ 584.899615][T23727] __warn+0x346/0x4e0 [ 584.903623][T23727] ? rcu_note_context_switch+0xcf4/0xff0 [ 584.909282][T23727] report_bug+0x2b3/0x500 [ 584.913631][T23727] ? rcu_note_context_switch+0xcf4/0xff0 [ 584.919310][T23727] handle_bug+0x3e/0x70 [ 584.923495][T23727] exc_invalid_op+0x1a/0x50 [ 584.928053][T23727] asm_exc_invalid_op+0x1a/0x20 [ 584.932928][T23727] RIP: 0010:rcu_note_context_switch+0xcf4/0xff0 [ 584.939199][T23727] Code: 00 ba 02 00 00 00 e8 cb 02 fe ff 4c 8b b4 24 80 00 00 00 eb 91 c6 05 98 3f 1b 0e 01 90 48 c7 c7 40 21 cc 8b e8 8d 26 db ff 90 <0f> 0b 90 90 e9 3b f4 ff ff 90 0f 0b 90 45 84 ed 0f 84 00 f4 ff ff [ 584.958911][T23727] RSP: 0000:ffffc9000b78fba0 EFLAGS: 00010046 [ 584.965000][T23727] RAX: 08e73b18bd257c00 RBX: ffff888025b8de44 RCX: 0000000000040000 [ 584.972981][T23727] RDX: ffffc90004d79000 RSI: 0000000000012675 RDI: 0000000000012676 [ 584.980960][T23727] RBP: ffffc9000b78fcf0 R08: ffffffff815878a2 R09: fffffbfff1c39d94 [ 584.988955][T23727] R10: dffffc0000000000 R11: fffffbfff1c39d94 R12: ffff888025b8da00 [ 584.996950][T23727] R13: 0000000000000000 R14: 1ffff920016f1f8c R15: dffffc0000000000 [ 585.004954][T23727] ? __warn_printk+0x292/0x360 [ 585.009751][T23727] ? __schedule+0x1808/0x4a60 [ 585.014483][T23727] ? __pfx_rcu_note_context_switch+0x10/0x10 [ 585.020572][T23727] ? rcu_is_watching+0x15/0xb0 [ 585.025349][T23727] __schedule+0x348/0x4a60 [ 585.029788][T23727] ? trace_irq_disable+0x3b/0x120 [ 585.034826][T23727] ? preempt_schedule_irq+0x144/0x1c0 [ 585.040212][T23727] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 585.045946][T23727] ? __pfx___schedule+0x10/0x10 [ 585.050803][T23727] ? trace_irq_disable+0x2c/0x120 [ 585.055862][T23727] ? rcu_is_watching+0x15/0xb0 [ 585.060647][T23727] schedule+0x14b/0x320 [ 585.064836][T23727] irqentry_exit_to_user_mode+0xe7/0x280 [ 585.070476][T23727] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 585.075952][T23727] RIP: 0033:0x7fa8a5d75a19 [ 585.080464][T23727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 585.100087][T23727] RSP: 002b:00007fa8a6b63048 EFLAGS: 00000246 [ 585.106168][T23727] RAX: fffffffffffffffd RBX: 00007fa8a5f03f60 RCX: 00007fa8a5d75a19 [ 585.114149][T23727] RDX: 0000000000000000 RSI: 000000008004b708 RDI: 0000000000000003 [ 585.122133][T23727] RBP: 00007fa8a5de4e49 R08: 0000000000000000 R09: 0000000000000000 [ 585.130114][T23727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 585.138092][T23727] R13: 000000000000004d R14: 00007fa8a5f03f60 R15: 00007ffd3ba941f8 [ 585.146083][T23727] [ 585.149402][T23727] Kernel Offset: disabled [ 585.153733][T23727] Rebooting in 86400 seconds..