last executing test programs: 5.25183838s ago: executing program 4 (id=3525): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe3}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='hybla\x00', 0x6) sendmmsg$inet(r0, &(0x7f0000000f80)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)="8b913f2c0f5bc12e941d00000000da0000004f742e410000b2ffe433c349e53e02f23ec97586f6cd7d0707dcb61abcdb30d7d9d8337f63f40a5f4339337b705d9fb1536ea194681cda33900839fa4602bfb28c76ebdfc1868b63bd93b9cb3dd285f6bb3efaf35130dcd2ec39a63162", 0x6f}, {&(0x7f0000000180)="55c0cc0ba6f3b908ecb5c6e93e4dc70ed9c875dd444569fab05e32a08e71d1c480fa1ada9e6f952dea418e2eb2dd8dcdd18f82c2be42e92405d2eccae94e713594f13ebfe37be3cb7ce0eb237d63f25744e42baf027055a65359c121788ba610f7df23b902755c5771d93efedd8252aca1dda5efe1493ec0a5a9e965666d1afe33b384953a9102b3f1e446aea391ccff253fccc951d4091f1d6b69faee7e7d4b669c48b70ef01c3879af3f35e0", 0xad}, {&(0x7f0000000580)="4b17746f0c2c20350492d7a09e5dc9648fbc150713a937013b9aad5bcc52d50571282c1891507b899bbdff0360237f4f24fce4ed425f64ce8355d10afb19676ebadb526346cd848c57e24681332c828b57f63e7c907f3540271b7782ec99a0b363b35b8ce5bf09940527c7233805504cad9142d6b0c1f475a84448cbd20f5efd735d28fae39c9708e8476d90d13ab67a0e8503b12da191b7cb", 0x99}], 0x3}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000007c0)="900d3798e4653207eae6da23bf6c69f8e965679b910b52e0a4de8e3c4ef97ab320820bd9275a6e2a4609c4feb730084e64cc106664be66878f403244c97c0411b65371955f45c915599f9f726afe95665c6ab2fd57162d1962a221a86918d50891c8f0d72ece85404ade557fec2ddb38bfdf21f7a255f2e2cf5839d1c3aa3dbfcd94ca44e18c7863d497ff4f85628494915bc016f7c5d62747bb5368ef052201a0ee3cc9dca7156e893cf07b494f98a177460a7ec073fd8af879ae71c8cac715a241052bae3a3f09f4f4dda617e5ca05290be71acaabf4544ca838", 0xdb}], 0x1}}], 0x2, 0x20008d0) 4.850750058s ago: executing program 4 (id=3529): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=ANY=[@ANYBLOB="2000000017140197"], 0x20}}, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x7002}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={0x98, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @rand_addr=' \x01\x00'}}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_REPLY={0x1c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x133}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0xcd}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x5}]}]}, 0x98}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8000c088}, 0xc, &(0x7f0000000380)={&(0x7f0000000b00)={0x1d8, r5, 0x200, 0x70bd29, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x80}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xdb03}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xc}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}]}, @TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NET={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8000}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x101}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xd737}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x829a}]}, @TIPC_NLA_SOCK={0x64, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x8000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x200}]}, @TIPC_NLA_SOCK_CON={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xfffffffd}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4b}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x80000000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8c3b}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xa6e6}]}]}, @TIPC_NLA_LINK={0x98, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}]}]}, @TIPC_NLA_NET={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xc}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xfffffffffffff725}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffff7fffffff}]}]}, 0x1d8}, 0x1, 0x0, 0x0, 0x4008044}, 0x20000001) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) pread64(r1, &(0x7f0000002200)=""/89, 0x59, 0x10000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, r1, 0x0) sendmsg$IPSET_CMD_HEADER(r3, &(0x7f00000002c0)={&(0x7f0000000000), 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="780000000c0601030000000000000000000900020073797a300000000005000100070000000900020073797a31000000000900020073797a32000000000900020073797a32000000000900020073797a30000000000900020073797a31000000000500010007000000"], 0x78}, 0x1, 0x0, 0x0, 0x4004000}, 0x14) r6 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r7 = socket(0x10, 0x3, 0x0) write(r7, &(0x7f00000000c0)="1c0000001e005f0214fffffffffffff8070000001700000000000000", 0x1c) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r8, 0x0, 0x0) sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x840}, 0x20000000) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.net/syz1\x00', 0x200002, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=r6, @ANYBLOB="0600"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0500000005000000020000000000000000000000000000cef2043d53"], 0x50) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) unshare(0x6a040000) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="1cf90103", @ANYRES16=0x0, @ANYBLOB="c89045b2a6c0b186f6eb1f00000008003617"], 0x1c}}, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYBLOB="1a00000000", @ANYRES32, @ANYRES32], 0x20) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8b28, &(0x7f0000000000)={'wlan1\x00'}) r10 = socket$netlink(0x10, 0x3, 0x0) writev(r10, &(0x7f0000000300), 0x0) 4.09283242s ago: executing program 1 (id=3534): bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50) pipe(&(0x7f0000000080)) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x50) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_sock_diag(0x10, 0x3, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) epoll_create1(0x0) socket(0x1, 0x80802, 0x0) socket(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$xdp(0x2c, 0x3, 0x0) epoll_create1(0x0) socket$netlink(0x10, 0x3, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="6400000010000304000000000000000000000042", @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x48010) 3.792481061s ago: executing program 3 (id=3536): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c00fdff1900010025bd7000fbcbdf250a801400ff0100040036"], 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x24040884) 3.613682194s ago: executing program 1 (id=3537): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="340000003c000701000000000001a000010000000400fc800c00018008000600ffff0000080002800400728008000900", @ANYRES32=r0], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x0) 3.586047611s ago: executing program 3 (id=3538): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={r0, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x6, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="1818000004000000000020000000000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x1f00, 0x0, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) 3.424770756s ago: executing program 4 (id=3540): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'netdevsim0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ENCRYPT={0x5, 0xf, 0x2}]}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x44}, 0x1, 0x4000}, 0x0) 3.372260469s ago: executing program 1 (id=3541): r0 = socket(0x10, 0x803, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r2, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) r3 = socket(0x10, 0x3, 0x0) (async, rerun: 32) r4 = socket(0x10, 0x803, 0x2) (rerun: 32) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4) (async, rerun: 64) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) (rerun: 64) socket$nl_route(0x10, 0x3, 0x0) (async) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) (async) socket$netlink(0x10, 0x3, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xff}, 0x1c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r6}, 0x10) sendmsg$nl_route_sched(r3, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newqdisc={0x40, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x14, 0x2, [@TCA_PIE_TUPDATE={0x8, 0x3, 0xfffffffc}, @TCA_PIE_ALPHA={0x8, 0x4, 0x1d}]}}]}, 0x40}}, 0x0) (async) r7 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r8 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r8, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x31) (async, rerun: 32) connect$inet(r8, 0x0, 0x0) (rerun: 32) setsockopt$inet_IP_XFRM_POLICY(r8, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@empty, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr=0x64010101, 0x4d5, 0x32}, 0x0, @in6=@loopback, 0x1, 0x4, 0x0, 0xb7, 0x1fb, 0xffffffff, 0xfffffff9}}, 0xe8) (async) socket$nl_xfrm(0x10, 0x3, 0x6) (async) bind$inet6(r7, &(0x7f0000000000)={0xa, 0x4e24, 0x63, @loopback, 0x3}, 0x1c) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x300000d, 0x6052, r7, 0x1000) 2.776336339s ago: executing program 3 (id=3545): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x200000010, &(0x7f0000000000)=0xb, 0x4) recvfrom$unix(r0, 0x0, 0x0, 0x10102, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@bridge_delneigh={0x28, 0x1c, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2, 0x80, 0xb2}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1f}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x40800) r4 = socket$inet(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x14}}, @in={0x2, 0x4e22, @local}], 0x20) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x15}, @IFLA_BR_VLAN_DEFAULT_PVID={0x6}]}}}]}, 0x44}}, 0x0) 2.434719751s ago: executing program 4 (id=3546): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1) syz_emit_ethernet(0x6a, &(0x7f0000000040)={@broadcast, @random, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @loopback, {[@lsrr={0x83, 0x3}, @rr={0x7, 0x7, 0x0, [@initdev={0xac, 0x1e, 0x0, 0x0}]}, @cipso={0x86, 0x1f, 0x0, [{0x7, 0x6, "954d2dd4"}, {0x2, 0x11, "ad4cfc6d0c114a69c613f8d51edcd6"}, {0x2, 0x2}]}]}}}}}}}, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r3, 0x6, 0x4, &(0x7f0000000000)=0x4065, 0x4) connect$inet6(r3, &(0x7f0000000280)={0xa, 0x4e22, 0xfffffffd, @mcast2, 0x2000010}, 0x1c) close(r2) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) recvfrom$inet6(r0, &(0x7f0000000100)=""/105, 0x69, 0x0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @private2, 0x7}, 0x1c) r5 = socket$inet_tcp(0x2, 0x1, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xe, 0x4, 0x4, 0x8}, 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x5, 0x3100, 0x3100, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x50) getsockopt$inet_tcp_int(r5, 0x6, 0x8, 0x0, &(0x7f0000001b80)) r8 = socket(0x40000000015, 0x5, 0x0) sendto$inet(r8, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x2, 0x4e23, @broadcast}, 0x10) r9 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000740)="02905fd28ba6154743f40fc61c2588ae7dff3d615097b25adaaaff6ce8900e373dd3533853dd07706764477b22358a08ddcaab853fa1dcda2d130fbb8693c4c13ebf7c242c6a52d7d743be3238b3900b465d672f0db29b26ede34735d7ee985625dba43962bfd7cfacf5bc58500dab6ee32f29af71f0464940e87dff6bcf8c1b3e8b5213079c5e046f", 0x89}, {&(0x7f0000000800)="ce2a205726ad6102ec97d89adf18054669ab423cea357d85563e325f5f8ad3809fa9fd09e985979bda80c0077eb46c6402051c2e4373255279dbe39aed0639ee5408ad4c6b3169b249df643e3dbcd0a3b99c03b8e8a9d725e2c2", 0x5a}, {&(0x7f0000000a40)="36bfb0f6198a0cb86c9ecad276e228289e3415875f06961120a7d575ac38ccab4a1e271f3f608ca642e46735fa1c96ed949690bd83beafac26b91551bc9a5b7dbf9cfecbeffe0c1417e1ca59e959dfce8a3a6d9f5112b4a36b4a14f13045e32e46e71e35a472eb76f1399eb778abf0f9b1e92c3b25a5c5e462cf506beb6340cdff83dcad10446d95cd15877d67ccfd1457883d50a8f7e67a29813b3c656a1386fcd9fb4eb9cd73b24e81cdbbdf863184c374dd6f8567", 0xb6}, {&(0x7f0000000b00)="d5f8949f29fe26a88d13cda97c8dab886c5683109788fbd24f9f53c34847b167d25f82c9f50c620ae149b6079ced9b99d90cfcd6a25c159f8032127aa1bb03e67ba11b6f5a171eadf7a13167fce9eacc06b27628c5a7017fb89fd806994294c1a976f76499ccdc6608c59f1d14f672a6d84ca60e2856ae8df33717bd8e3ca94647fba9f6782153f8d1336997110237fe8065192756ceb61a502b5e45385f70370830c3b3a024dbf81ffe0100000017e3ad7cba7816fa1579be6605dbd564722efadfc20384ce", 0xc6}, {&(0x7f0000000400)="22d66a04ff5a432c186c7ad34f667c", 0xf}, {&(0x7f0000000480)="d26820ddbc09d49d34ff8236e774096295777db713dbed98071ad35bd3d3a6f1ab166e4387e592", 0x27}], 0x6, 0x0, 0x0, 0x2000000}, 0x884) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="480000001000370436a5b080d100000000000000", @ANYRES32=r4, @ANYBLOB="83040500000000002800128008000100677265001c00028006000e000200000006000f000e00000008000600ac141426"], 0x48}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) sendmmsg$inet(r0, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(r10, &(0x7f0000000340)='blkio.bfq.io_serviced\x00', 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000008c0)={r10, 0x20, &(0x7f0000000180)={&(0x7f0000000940)=""/116, 0x74, 0x0, &(0x7f0000000cc0)=""/147, 0x93}}, 0x2e) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000d80)={0x0, @in6={{0xa, 0x4e21, 0x5b0c6a29, @mcast1, 0x7}}}, 0x84) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000003c0)=r11, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x2, 0x6, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000004000000000000000100000018352000040000000000000000000000751b0c00fcfffffe9500000000000000"], &(0x7f0000000300)='syzkaller\x00', 0x7, 0xde, &(0x7f00000004c0)=""/222, 0x40f00, 0x1, '\x00', r4, @fallback=0x23, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x3, 0x2}, 0x8, 0x10, &(0x7f00000003c0)={0x0, 0x6, 0x44e7, 0x1}, 0x10, r11, 0xffffffffffffffff, 0x9, &(0x7f0000000400), &(0x7f00000005c0)=[{0x1, 0x3, 0xd, 0x5}, {0x1, 0x3, 0x6, 0x2}, {0x0, 0x2, 0x9, 0x2}, {0x3, 0x4, 0x7, 0xb}, {0x1, 0x3, 0x7, 0x2}, {0x4, 0x4, 0x10}, {0x5, 0x1, 0x7, 0x9}, {0x0, 0x5, 0x9, 0x2}, {0x2, 0x1, 0x6, 0x6}], 0x10, 0x1dec}, 0x94) 2.434003852s ago: executing program 1 (id=3548): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0) (async) close(r0) 2.23610579s ago: executing program 0 (id=3549): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000004000000000000000000008500000050000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) accept4(0xffffffffffffffff, &(0x7f0000000180)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private0}}}, &(0x7f0000000040)=0x80, 0x800) setsockopt$inet6_group_source_req(r1, 0x29, 0x2b, &(0x7f00000004c0)={0x8000, {{0xa, 0x4e24, 0xf8, @mcast1, 0x10}}, {{0xa, 0x4e21, 0x1ec0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) r2 = socket(0x25, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x89f0, &(0x7f0000000680)={'bridge0\x00', &(0x7f0000000000)=@ethtool_ringparam={0xa, 0x0, 0x300, 0x5, 0x400, 0x0, 0x2, 0xfffffffd}}) syz_emit_ethernet(0x56, &(0x7f00000003c0)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x20, 0x6, 0x0, @local, @local, {[], {{0xfffe, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x2, 0xfffd, 0x0, 0x0, {[@fastopen={0x22, 0xa, "206f2f8162beb4b5"}, @sack={0x5, 0x2}]}}}}}}}}, 0x0) 2.103921448s ago: executing program 1 (id=3550): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_devices(r0, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB='b ', @ANYRESOCT=0x0], 0xa) r2 = socket(0xa, 0x0, 0x0) sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r5 = accept4(r4, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000500)=""/229, 0xe5}], 0x1}}], 0x2, 0x60, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x11, &(0x7f00000002c0)=0x100000001, 0x4) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@newlink={0x4c, 0x10, 0x407, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, 0x20c89}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r3}, @IFLA_GRE_ERSPAN_DIR={0x5, 0x17, 0x1}, @IFLA_GRE_LINK={0x8, 0x1, r3}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r7, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) socket$isdn_base(0x22, 0x3, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='rpc_clnt_new_err\x00', r8}, 0x18) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) socket(0x10, 0x803, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) unshare(0x62040200) 2.10361054s ago: executing program 2 (id=3551): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001800010025bd7000fbcbdf250a801400ff0100040036"], 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x24040884) 1.924306735s ago: executing program 0 (id=3552): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="340000003c00070100000000000000000f0000000400fc800c00018008000600ffff0000080002800400728008000900", @ANYRES32=r0], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x0) 1.826282319s ago: executing program 2 (id=3553): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x2, 0x8, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xa4}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.718135453s ago: executing program 0 (id=3554): socket(0x2, 0x80805, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) socket(0x11, 0x800000003, 0x0) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000240)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x3, 0xb, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r1}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001280)={0x0, 0xa, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x61980, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5400000010000104000000006c0000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000062102000100000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00]'], 0x54}, 0x1, 0x0, 0x0, 0x280608c0}, 0x0) 1.532411006s ago: executing program 3 (id=3555): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=ANY=[], 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000440)={r1, 0xfffffffffffffd62, &(0x7f0000000300)={0x0, 0x0}}, 0x2c) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000003c0)={r2, 0x0, 0x10}, 0xc) r3 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r3, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x40000) sendmsg$NFT_BATCH(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a3200000000140000001100", @ANYRES8], 0x54}, 0x1, 0x0, 0x0, 0x24068045}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000080a01010000000000000000020000000900010073797a300000000038000000060a17d50000000000000000020000000900020073797a32000000000900010073797a30000000000c0003400000000000000002"], 0xcdc}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0), 0x4) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000003c0)='page_pool_state_hold\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18) r6 = socket(0x10, 0x803, 0x200000) splice(r3, &(0x7f0000000240)=0xfffffffffffffe00, r1, &(0x7f0000000280)=0x8, 0x6, 0x1) sendmsg$nl_route(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x3, 0x12, r1, 0x308b000) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0xffffffffffffff6e, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r7, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r5], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r8, 0x8923, &(0x7f00000000c0)={'batadv_slave_1\x00', @random="01320136b1ff"}) r9 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r9, 0x0, 0x0, 0x44010, &(0x7f0000000180)={0x11, 0x3, r7, 0x1, 0x12, 0x6, @local}, 0x14) setsockopt$MRT_DEL_VIF(r6, 0x0, 0xcb, &(0x7f0000000040)={0x1, 0x1, 0xf9, 0x5b, @vifc_lcl_ifindex=r7, @multicast2}, 0x10) setsockopt$inet6_group_source_req(r6, 0x29, 0x2b, &(0x7f0000000480)={0x1, {{0xa, 0x4e20, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}, 0xb}}, {{0xa, 0x4e21, 0x8c49, @private1={0xfc, 0x1, '\x00', 0x1}, 0x9}}}, 0x108) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={r2, 0x0, 0x8}, 0xc) r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000001480)={0x40, r10, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0xd3}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa1}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0x2}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000010}, 0x4000) 1.520351599s ago: executing program 2 (id=3556): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x15}, @IFLA_BR_VLAN_DEFAULT_PVID={0x6}]}}}]}, 0x44}}, 0x0) 1.349707469s ago: executing program 4 (id=3557): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_STP_STATE={0x8, 0x15}, @IFLA_BR_VLAN_DEFAULT_PVID={0x6}]}}}]}, 0x44}}, 0x0) 1.112693323s ago: executing program 1 (id=3558): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000020000000000000003000000180000000300000000000000040000009500000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc5c79a324b7d4b3d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5021900000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000"], 0x7c}}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x10, &(0x7f0000000d80)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xe6}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@jmp={0x5, 0x1, 0x7, 0x3, 0x6, 0x0, 0x32}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) unshare(0x68040200) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_inet_SIOCSIFDSTADDR(r4, 0x8918, &(0x7f00000043c0)={'tunl0\x00', {0x2, 0x4e23, @empty}}) bind$bt_l2cap(r4, &(0x7f0000000500)={0x1f, 0xf98, @any, 0xfff7, 0x2}, 0xe) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfffff000) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000240)="5c00000014006b03c84e21008bf32c19021800f80200000044000200ac14140e05251e6182949a36c23d3b48dfd8cdbf9367b498fa51f60a64c9f4d4938037e786a6d0bdd77f6f60c1504bb9189d9193e9bd1c1b7800000000000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) ioctl$sock_inet_SIOCADDRT(r4, 0x890b, &(0x7f0000000b40)={0x0, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x27}}, {0x2, 0x4e23, @loopback}, {0x2, 0x4e23, @private=0xa010103}, 0x100, 0x0, 0x0, 0x0, 0x9, &(0x7f0000000480)='pim6reg0\x00', 0x9, 0x6, 0x1}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000e00)=@ipv4_delrule={0x44, 0x21, 0x100, 0x0, 0x25dfdbfe, {0x2, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4, 0x18}, [@FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0x8}, @FRA_GENERIC_POLICY=@FRA_DPORT_RANGE={0x8, 0x18, {0x4e24, 0x4e24}}, @FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0xd2a}, @FRA_SRC={0x8, 0x2, @multicast1}]}, 0x44}}, 0x44044) socket$nl_netfilter(0x10, 0x3, 0xc) listen(r3, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001ac0), 0xffffffffffffffff) r8 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r3, 0x29, 0x6, &(0x7f0000000040)=r0, 0x4) sendmsg$kcm(r8, &(0x7f00000000c0)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x3, @remote, 0x5, 0x4}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000080)='n', 0x1}], 0x1}, 0x2600c055) sendmsg$NL80211_CMD_STOP_NAN(r6, &(0x7f0000001b80)={&(0x7f0000001a80)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001b40)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="200055ec5a0013b1681b9d3ed559a89ddd00", @ANYRES16=r7, @ANYBLOB="000227bd7000ffdbdf25740000000c0099000700000006000000"], 0x20}, 0x1, 0x0, 0x0, 0x4044801}, 0x0) sendto(r3, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a09040000000000000000020000000900020073797a32000000000900010073797a30000000fc43552a3f575381800b00010065787468647200002c681f39e53f95831692c1ab3cd422702c000280080007400000000c05000200000000000800034000000a4a"], 0x94}}, 0x0) r9 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000d00)=ANY=[@ANYBLOB="3c0000222d000100000000000000000004000080250011809e0ec00607c133a5619e028aa90e2cc4e319065e963ebaf05a853549fc7c0bdfccaa1724d7b1b15136b32779fa6103c38028efe35308cc27c1bfcdba13bb4ca8f479f9a280a701f5"], 0x3c}], 0x1, 0x0, 0x0, 0x4000040}, 0x300) sendmmsg$inet6(r1, &(0x7f0000002980)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x9, @empty, 0x7ff}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000100)="cd56a29e88ae991996c7820b022834a681dbabd667f730f5b9a88f0bf47645e343e59847432e05ef6809961e5cfe05c3682ea556eb95b06a40f640621a2d91dcc7e68374222c109411", 0x49}, {&(0x7f0000000200)="63ffcd86b3a7d7413b30ce26682c7853a118e7c8e89ee67802de6026c7485a83fa8319ae8daf9205b93eb53b1abfaf76f3acf78c69d7b4caede667f2a5810f9ad3638f62684fb8ba93686af56264e50bcd9260d7e744584dfe39dd3976204276a9ceced763cd5bb1b0a36cedaf642c995a50f04317fbd9459aa9285a753707317e64b186c8e716037eaeb2c03aa4c2ccbd81c0e16a28d6b34d69b5c66f16129917c064b601d40239dcf4f1bbbc7a605c596042997f59e13b7975b2d18ae1", 0xbe}, {&(0x7f00000002c0)="f57d043b14eb3d20b97744498eeb0c3c6c9617976631f514c0492e88c5eb5777d5e4b7097345f360077d8b5676d8db2e00dfdc4d49e425d6a86a988a1942", 0x3e}, {&(0x7f0000000300)="b056002d307cfbe3eeaaca77627f10431d29a9702df81cb9e1bda49ccf9d4eb7ecbd221731c1b27c43138fb9878204963ecf7b63402bdf99e7e2a2929de933c1269426e7c7f3b52ec9a2210c7bee98412942b59c570f60249800d9307d4a248209b914d85b9c943c0fc2bd42c5b35ee9ad8254c60601ff178c1a0f1344a80ac130442e4c1a2b66c4c39530176f78b98d0096a7dc092cf15076c3b638976963171248551b6bc06b5a1e7504418a473ec7a2b6a0f0ccd27d7870ef171b5dca22777fe20afc79f24e6412ede82a7f86e20aeb4c72cc3362589138cac16a0026ec6a5fb6", 0xe2}, {&(0x7f0000000400)="423ba58f2d6b461d2c98b612e40b3b6bd246498e0c633ba90e6efa31f22a3df5aaf62edd594fed81c85ac72b7daca3ccb82b94fd85724d8364a744e99e05554695f04cae9a6534a7c313939b2fa3bb5e74f0b76cab1c", 0x56}], 0x5, &(0x7f00000006c0)=[@hoplimit={{0x14, 0x29, 0x34, 0x7}}, @hopopts={{0x40, 0x29, 0x36, {0x3b, 0x4, '\x00', [@hao={0xc9, 0x10, @private0}, @hao={0xc9, 0x10, @empty}]}}}], 0x58}}, {{&(0x7f0000000740)={0xa, 0x4e21, 0x2, @remote, 0x1}, 0x1c, &(0x7f00000008c0)=[{&(0x7f0000000780)="1cd6cb9ac71b9f1bab2658cc0f718d532a4cdb220b90714d1785fa4c20ecef9cfbeed2d64fca6d088abd04dbbe08f18f939bca567547139e7212ab592697f539", 0x40}, {&(0x7f00000007c0)="f97a967481e4d6cc36da70d876912f4a84048ba5063e6ef7c02d5c2008a6e768e7057e03d2e949fda6090b51d75cf9161dc38ff3cc89fda0940304743298ecbf794b57e9e4f80fa8d85f0cef9f9468158beb2a38903cb5c20288cf08ab06ed99d5baf4a1e5499296ffca657040cec61efd8fb30d0484e1f3bf37261c66e58eba7bee939eadc5fec7d33297e992bac99ecaa8243d33c5fa3a7daa6d9ab01483452a30f357f75b798500e567e77d7e7d24d4abdb57e00ebbf4080a7aa7", 0xbc}, {&(0x7f0000000880)}], 0x3}}, {{&(0x7f0000000900)={0xa, 0x4e24, 0x81, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c, &(0x7f0000001a40), 0x0, &(0x7f0000002b40)=ANY=[@ANYBLOB="88000000000000002900000039000000010e020900000000fe8000000000000000000000000000aafc020000000000000000000000000001fe80000000000000000000000000002cfc020000000000000000000000000001ff020000000000000000000000000001fe8000000000000000000000000000bbfe800000000000000000000000000014580000000000000029000000360000002108000000000000c204000000fe0401c6040103000100072800000000080e0700010000000000000002000000000000000e070000000000004c0300000000000001050000000000380000000000000029000000390000006704020700000000fc020000000000000000000000000000fe880000000000000000000000000001090670c76712be5f688ec9710b1b9e1249e9193b"], 0x118}}, {{&(0x7f0000001bc0)={0xa, 0x4e23, 0x6, @private0, 0xe0d}, 0x1c, &(0x7f0000001cc0)=[{&(0x7f0000001c00)="5fc935659040d11ece2070b33dae41a8271ae1b8b9207bc9d13ea80841a8f4e1ace56b8f4c1fb47e10c376f4ed8eead3bdc17c73964c6e65b9f8934e4b6b7cb6a2d8e3076c1cd9a6c7b4825dfa7b7c0d3135331b21b7b75d7a5988dae3d138fccdd85ca90d5ebdb0b8", 0x69}, {&(0x7f0000001c80)="2ae2cace52f1e8482e8f57569f02991dd6fcaf8c0f53219b72a58b8c7307c2e304dd5ca0d3b937", 0x27}], 0x2, &(0x7f0000001d00)}}, {{&(0x7f0000001ec0)={0xa, 0x4e23, 0xb, @private0, 0x9}, 0x1c, &(0x7f0000002080)=[{&(0x7f0000001f00)="a42f93767b3b9970f25322dc94e54b4116de78f703f81717a1d0d93fb2cd9217bd43fe9af80e22e77d70885ff8f54c8c1d319030f6ead00aa58484c5ac59ee63df1baf07b3f4c68b8be734228c9d2de270fcd318eb3f0cee1e92c8caec0c26918b19f31dee79a588", 0x68}, {&(0x7f0000000c00)="9ac68b18e013daa65dae0de5dda36e0e7e3b1479c7e0f69dc3dc6b6ac449a4b375c46209782c81ce86b88040f36817fcf3bb7bde3ebc3ebb5f3617e3cbac19e439070832ebbd2bade28684ae3ab6dfacf8e1378f7ee58073c49633ee2cb15c53f2750947310d61b70b68ec69368eb217a24a6d811887921b1faaaf124b3b5a080cce31bae1e36e78b6a1f54647682ca2820a86b09fb06a64ccf590df6fea9a29f1c8663df609f3fd77e6b1c27d5a30ac086130fa4d1591faf2ddccfe49257dd064ff0c738ceceea601601224f4098d55036e2411edc5394aacd1229b4a4ca277615b305c481e4002458ee15d5d5f4386fcaffe95c6", 0xf5}], 0x2, &(0x7f0000000940)=[@hoplimit={{0x14, 0x29, 0x34, 0x2}}, @rthdr={{0x58, 0x29, 0x39, {0x0, 0x8, 0x0, 0x0, 0x0, [@mcast2, @empty, @mcast2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}]}}}, @rthdrdstopts={{0x158, 0x29, 0x37, {0x68, 0x27, '\x00', [@pad1, @generic={0x3, 0xeb, "3c3a832455661b508e7b8f62c6d4f7cd79687fa61045da95e3b2ec78c57c8d2eb83cb649028d0ac3c27f109ed05b5bdb2744203808fe1c1872b480fec469573cae86184140ef4f35dd54b043f0a6286c218903404f8302a5ff575394f33fbeb15b8d0b5d626a9fa8fba632d51597e22608d7751c8a4a8598e5b15f93f3164cacc35884177fbf6ff9b57ec17b6f2146c1b6bb7711f09a0eee55b3c042166e22d776fb5a0497e550e015a8f3e31d186b7da79e303ebc9ac36190861d92e75488f50dd1f69f83726c78dcf5ac242660c17b3d6a6ec5a97ff1eaa4fb48df883aa4c3ea0043367c3d1e9e67b208"}, @padn={0x1, 0x1, [0x0]}, @calipso={0x7, 0x8, {0x0, 0x0, 0x80, 0xa1}}, @generic={0x20, 0x3b, "d62e7525a0b10b8fd477889a4d1b08743e73fc3b972403114656ea9cf7582845586f6223f2bdbc37fa4534c019384ddf79ae02da7d0bc83e3b56b2"}]}}}], 0x1c8}}, {{&(0x7f0000002180)={0xa, 0x4e21, 0x12e, @loopback, 0x10001}, 0x1c, &(0x7f0000002380)=[{&(0x7f00000021c0)="5b22f3358dc681d9fc6e91c9b4f747e1c0ed760f87b2b77c5249baeca7f373de9af3729857c760cdfb2e930cf0b2745137323e091682a67cdfde9b2787e66093a5969bd5c00cb629877762790ae20ddfc4f7ab6e66d6e77972ec4e34b0594d2a78e400a8dd55500e5abea31e619a6757f0a51365609dca914f57ac3209be184ab232acc897916f5ed9dde5090290ea825483bff2ccbf546e5f1603283fe5974cba2f", 0xa2}, {&(0x7f0000002280)="d68ec46e1ff9c2fbbc6a288d666618655f990077b2b77e80275150b0821f1ae1fb3faba568b109f3251e3755995087871875e0e05ce9d7373e1baee65f4a59c9c79fd71c6a3859acd799beefc869af6575cacf60c745cb247613fdc6f41fffd2060122d3c9f05974d5b5723424ede041b3570cf2ef8b7f425a80b8f5b6883c9aa092ca56f9a668f98cd0174da871aeadd18f40c498f16f785a77bef6eaa7036b20fbd3fead6553a8c8dac8aaa18a57509f4b736742d69991eeaebaf9a830b27698c1a4a420cfd5b85e93040924dde1e06dd3368fcd8339514fc619b34497886fa8ced7f30662151f72f5a6fdcad5f63518a9f7f0f4fc90b914dc", 0xfa}], 0x2, &(0x7f0000002500)=[@rthdrdstopts={{0xa0, 0x29, 0x37, {0x21, 0x10, '\x00', [@enc_lim={0x4, 0x1, 0x6}, @generic={0x8, 0x75, "3e2ed3ebef52da2b55c2b7572f7ea255a2f475299d2f43a5ab805c8b814bdc49553c9f5b8fd5f26e44b525fd5093fba561ce875e49e95c32243c3b62b97edab565106617097b4722e661672ac4dfc1bee910630cd3ac81d473404cf0cffd67cdf1dcd9c4ff600a5b748309df733d6451b65bd118a7"}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0xe7}}, @pktinfo={{0x24, 0x29, 0x32, {@remote}}}], 0xe0}}, {{&(0x7f0000002600)={0xa, 0x4e21, 0x5, @empty, 0x10}, 0x1c, &(0x7f0000002740)=[{&(0x7f0000002640)="2181ed494d3a418e25afa433f300c4dc916ebac9c35be6fc2c17489d800b439b50d3e660925e8c619b2127ab5cb5c7a551ef8a21b3235a3bbcb12b162eb36272fce5511f57013a50b01f47dc4576cc245b81214a0638d307054bcdf770f97cedf23b3268a4f7fe32791bb5abc56411d0a0aa52e181e1b1ae14924f12b61eb8a993c3f7d50b242462311413b9718e91ac19f25ff21aa72e2e81543b0eef148db0a777334f08e9dedb2cc97cda7b97546eec7d274b1caa665a54161ba47e9b25625f45f3a9394bbc7c1c2b3a3c4f142ac2b568341caf34fba6e464cb24c842bf19fbaefeda8b6140071ce000da2ff7893c079b4000", 0xf4}], 0x1, &(0x7f0000000940)}}], 0x7, 0x40020) 882.458097ms ago: executing program 2 (id=3559): syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) socket$inet6(0xa, 0x2, 0x0) r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000100000000000000000000000000000a00"], 0xb8}}, 0x0) 768.688128ms ago: executing program 3 (id=3560): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x5, [@enum={0x3, 0x2, 0x0, 0xf, 0x4000000, [{0x7}, {0x0, 0x3}]}, @ptr={0x2, 0x0, 0x0, 0x2, 0x2}]}, {0x0, [0x30, 0x0, 0x2e]}}, 0x0, 0x45, 0x0, 0x0, 0x1002}, 0x28) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000001900010025bd7000fbcbdf250a801400ff0100040036"], 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x24040884) 698.243554ms ago: executing program 0 (id=3561): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000080)=ANY=[], 0x10448) (async) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x10) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) (async) bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r0}, 0x8) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0x16c, 0x10, 0x713, 0x0, 0x25dfdbfc, {{@in6=@rand_addr=' \x01\x00', @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x0, 0x4e22, 0x2, 0x0, 0x0, 0x0, 0x6c, 0x0, 0xee00}, {@in6=@private1, 0xfe, 0x32}, @in=@multicast2, {0x0, 0x0, 0x0, 0x8, 0xffffffff00000001, 0x0, 0x80000001, 0x543}, {0x4, 0x7fffffffffffffff, 0x0, 0x1}, {}, 0x74bd2c, 0x3500, 0x2, 0x0, 0x0, 0x50}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "210466d38547aa140db9a200000000c538c7cb7a"}}, @encap={0x1c, 0x4, {0x2, 0x4e22, 0x4e24, @in6=@dev={0xfe, 0x80, '\x00', 0x2e}}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x880}, 0x2000) 689.9134ms ago: executing program 4 (id=3562): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) openat$cgroup_devices(r3, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000002c0)='kmem_cache_free\x00', r5, 0x0, 0xfffffffffffffffa}, 0x18) ppoll(&(0x7f0000000500)=[{r4}], 0x1, 0x0, 0x0, 0x0) bind$ax25(0xffffffffffffffff, &(0x7f0000000040)={{0x3, @bcast, 0x1}, [@null={0x40, 0x10}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0xc}, 0x8) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000300)={0xfffffffffffffffc, 0x1217000, 0x800, 0x13, 0x7}, 0x20) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffb}]}, &(0x7f0000000140)=0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000040)={0x2, 0x206, 0x8ce, 0xf44, r7}, 0x10) ppoll(&(0x7f0000000100)=[{r4}], 0x1, 0x0, 0x0, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006930c72f28000001000004005c07000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r8}, 0x10) connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r2, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) bind$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10) connect$llc(0xffffffffffffffff, &(0x7f0000000240)={0x1a, 0x20, 0x0, 0x9, 0x2, 0x0, @random='\x00\x00\x00\x00\x00\a'}, 0x10) r9 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r1, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x6, 0x81, 0x5}, 0x10) connect$llc(r9, &(0x7f0000000340)={0x1a, 0x322, 0x0, 0x0, 0x4, 0x90, @random}, 0x10) syz_init_net_socket$llc(0x1a, 0x801, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x1c, 0x2d, 0x9, 0x70bd27, 0x0, {0x4}, [@typed={0x8, 0x18, 0x0, 0x0, @binary="08ac0f00"}]}, 0x1c}, 0x1, 0x0, 0x0, 0x42804}, 0x84) 436.422333ms ago: executing program 2 (id=3563): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) r2 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r2, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x1}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f00000001c0)={0x8000042, 0x4}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r3, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=@framed={{0x18, 0x8, 0x0, 0x0, 0x3ffffffe}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @func={0x85, 0x0, 0x1, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x72}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1000}, @exit, @exit, @call={0x85, 0x0, 0x0, 0x94}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94) 372.434075ms ago: executing program 3 (id=3564): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$rds(0xffffffffffffffff, 0x0, 0x0) socket$caif_seqpacket(0x25, 0x5, 0x4) socket$inet_smc(0x2b, 0x1, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) close(0x4) write$cgroup_int(r0, &(0x7f0000000200), 0xffffffc1) r3 = socket(0x40000000015, 0x5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x1, 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="611089000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=@base={0x8, 0x4, 0x4, 0x9, 0x810}, 0x50) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r6, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000100)={0x3c, r7, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r5}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r8}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}]}, 0x3c}}, 0x20000000) sendmsg$NBD_CMD_RECONFIGURE(r4, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x38, r7, 0x10, 0x9, 0x25dfdbfb, {}, [@NBD_ATTR_TIMEOUT={0xc}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x1ff}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xb657}]}, 0x38}, 0x1, 0x0, 0x0, 0x448c4}, 0x8801) bind$inet(r3, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000003c0)="0589a9ff77ae9c49d2716365989679978df704d35caae52c829f90c668b4461cb9ee19cbbd31", 0x26}], 0x1}, 0x0) setsockopt$RDS_CONG_MONITOR(r3, 0x114, 0x6, &(0x7f0000000000), 0x4) mmap(&(0x7f00007a6000/0x3000)=nil, 0x3000, 0x100000c, 0x22051, r0, 0x0) 362.127657ms ago: executing program 0 (id=3565): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x2, 0x8, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8000000}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xffb4}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 92.832993ms ago: executing program 2 (id=3566): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0xf0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=r2, @ANYBLOB="ae1e020000000000"], 0x20}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) ioctl$SIOCSIFHWADDR(r4, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}, 0x1, 0x0, 0x0, 0x6000000}, 0x0) 0s ago: executing program 0 (id=3567): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1) syz_emit_ethernet(0x6a, &(0x7f0000000040)={@broadcast, @random, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @loopback, {[@lsrr={0x83, 0x3}, @rr={0x7, 0x7, 0x0, [@initdev={0xac, 0x1e, 0x0, 0x0}]}, @cipso={0x86, 0x1f, 0x0, [{0x7, 0x6, "954d2dd4"}, {0x2, 0x11, "ad4cfc6d0c114a69c613f8d51edcd6"}, {0x2, 0x2}]}]}}}}}}}, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_int(r3, 0x6, 0x4, &(0x7f0000000000)=0x4065, 0x4) connect$inet6(r3, &(0x7f0000000280)={0xa, 0x4e22, 0xfffffffd, @mcast2, 0x2000010}, 0x1c) close(r2) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) recvfrom$inet6(r0, &(0x7f0000000100)=""/105, 0x69, 0x0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @private2, 0x7}, 0x1c) r5 = socket$inet_tcp(0x2, 0x1, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xe, 0x4, 0x4, 0x8}, 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x5, 0x3100, 0x3100, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x50) getsockopt$inet_tcp_int(r5, 0x6, 0x8, 0x0, &(0x7f0000001b80)) r8 = socket(0x40000000015, 0x5, 0x0) sendto$inet(r8, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x2, 0x4e23, @broadcast}, 0x10) r9 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000740)="02905fd28ba6154743f40fc61c2588ae7dff3d615097b25adaaaff6ce8900e373dd3533853dd07706764477b22358a08ddcaab853fa1dcda2d130fbb8693c4c13ebf7c242c6a52d7d743be3238b3900b465d672f0db29b26ede34735d7ee985625dba43962bfd7cfacf5bc58500dab6ee32f29af71f0464940e87dff6bcf8c1b3e8b5213079c5e046f", 0x89}, {&(0x7f0000000800)="ce2a205726ad6102ec97d89adf18054669ab423cea357d85563e325f5f8ad3809fa9fd09e985979bda80c0077eb46c6402051c2e4373255279dbe39aed0639ee5408ad4c6b3169b249df643e3dbcd0a3b99c03b8e8a9d725e2c2", 0x5a}, {&(0x7f0000000a40)="36bfb0f6198a0cb86c9ecad276e228289e3415875f06961120a7d575ac38ccab4a1e271f3f608ca642e46735fa1c96ed949690bd83beafac26b91551bc9a5b7dbf9cfecbeffe0c1417e1ca59e959dfce8a3a6d9f5112b4a36b4a14f13045e32e46e71e35a472eb76f1399eb778abf0f9b1e92c3b25a5c5e462cf506beb6340cdff83dcad10446d95cd15877d67ccfd1457883d50a8f7e67a29813b3c656a1386fcd9fb4eb9cd73b24e81cdbbdf863184c374dd6f8567", 0xb6}, {&(0x7f0000000b00)="d5f8949f29fe26a88d13cda97c8dab886c5683109788fbd24f9f53c34847b167d25f82c9f50c620ae149b6079ced9b99d90cfcd6a25c159f8032127aa1bb03e67ba11b6f5a171eadf7a13167fce9eacc06b27628c5a7017fb89fd806994294c1a976f76499ccdc6608c59f1d14f672a6d84ca60e2856ae8df33717bd8e3ca94647fba9f6782153f8d1336997110237fe8065192756ceb61a502b5e45385f70370830c3b3a024dbf81ffe0100000017e3ad7cba7816fa1579be6605dbd564722efadfc20384ce", 0xc6}, {&(0x7f0000000400)="22d66a04ff5a432c186c7ad34f667c", 0xf}, {&(0x7f0000000480)="d26820ddbc09d49d34ff8236e774096295777db713dbed98071ad35bd3d3a6f1ab166e4387e592", 0x27}], 0x6, 0x0, 0x0, 0x2000000}, 0x884) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="480000001000370436a5b080d100000000000000", @ANYRES32=r4, @ANYBLOB="83040500000000002800128008000100677265001c00028006000e000200000006000f000e00000008000600ac141426"], 0x48}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) sendmmsg$inet(r0, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(r10, &(0x7f0000000340)='blkio.bfq.io_serviced\x00', 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000008c0)={r10, 0x20, &(0x7f0000000180)={&(0x7f0000000940)=""/116, 0x74, 0x0, &(0x7f0000000cc0)=""/147, 0x93}}, 0x2e) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000d80)={0x0, @in6={{0xa, 0x4e21, 0x5b0c6a29, @mcast1, 0x7}}}, 0x84) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000003c0)=r11, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x2, 0x6, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000004000000000000000100000018352000040000000000000000000000751b0c00fcfffffe9500000000000000"], &(0x7f0000000300)='syzkaller\x00', 0x7, 0xde, &(0x7f00000004c0)=""/222, 0x40f00, 0x1, '\x00', r4, @fallback=0x23, 0xffffffffffffffff, 0x8, &(0x7f0000000380)={0x3, 0x2}, 0x8, 0x10, &(0x7f00000003c0)={0x0, 0x6, 0x44e7, 0x1}, 0x10, r11, 0xffffffffffffffff, 0x9, &(0x7f0000000400), &(0x7f00000005c0)=[{0x1, 0x3, 0xd, 0x5}, {0x1, 0x3, 0x6, 0x2}, {0x0, 0x2, 0x9, 0x2}, {0x3, 0x4, 0x7, 0xb}, {0x1, 0x3, 0x7, 0x2}, {0x4, 0x4, 0x10}, {0x5, 0x1, 0x7, 0x9}, {0x0, 0x5, 0x9, 0x2}, {0x2, 0x1, 0x6, 0x6}], 0x10, 0x1dec}, 0x94) kernel console output (not intermixed with test programs): entered allmulticast mode [ 287.463713][T13144] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2311'. [ 287.976936][T13133] vxcan1 speed is unknown, defaulting to 1000 [ 288.043244][T13155] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2315'. [ 288.238215][T13159] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2317'. [ 288.563308][T13174] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2320'. [ 288.566516][T13173] netlink: 'syz.1.2321': attribute type 9 has an invalid length. [ 288.593244][T13173] netlink: 147436 bytes leftover after parsing attributes in process `syz.1.2321'. [ 288.664351][T13174] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.2320'. [ 288.701690][T13133] wg1 speed is unknown, defaulting to 1000 [ 288.746741][T13130] wg1 speed is unknown, defaulting to 1000 [ 288.827407][T13180] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2324'. [ 288.960227][T13180] vlan1: entered promiscuous mode [ 291.087414][T13244] __nla_validate_parse: 5 callbacks suppressed [ 291.087434][T13244] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2345'. [ 291.239844][T13251] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 291.283484][T13251] netlink: 'syz.0.2347': attribute type 10 has an invalid length. [ 291.333419][T13254] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2350'. [ 291.387064][T13254] vlan2: entered promiscuous mode [ 291.483553][T13256] vxcan1 speed is unknown, defaulting to 1000 [ 291.724001][T13273] netlink: 84 bytes leftover after parsing attributes in process `syz.4.2354'. [ 291.907126][T13283] netlink: 84 bytes leftover after parsing attributes in process `syz.2.2355'. [ 292.136526][T13273] team0: Mode "" not found [ 292.341427][T13256] wg1 speed is unknown, defaulting to 1000 [ 292.344951][T13279] vxcan1 speed is unknown, defaulting to 1000 [ 292.707398][T13296] vlan1: entered promiscuous mode [ 293.039881][T13279] wg1 speed is unknown, defaulting to 1000 [ 293.201750][T13305] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2362'. [ 293.358630][T13305] veth0: entered promiscuous mode [ 293.433970][T13305] veth0: left promiscuous mode [ 293.572273][T13313] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2365'. [ 293.896009][T13325] netlink: 'syz.3.2368': attribute type 9 has an invalid length. [ 293.910663][T13325] netlink: 147436 bytes leftover after parsing attributes in process `syz.3.2368'. [ 294.168861][T13336] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2373'. [ 294.204927][T13336] vlan2: entered promiscuous mode [ 294.244885][T13338] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2375'. [ 294.257990][T13338] netlink: 19 bytes leftover after parsing attributes in process `syz.2.2375'. [ 294.320831][T13335] vxcan1 speed is unknown, defaulting to 1000 [ 294.823805][T13355] ipvlan0: entered promiscuous mode [ 294.834472][T13355] 8021q: adding VLAN 0 to HW filter on device ipvlan0 [ 295.209899][T13335] wg1 speed is unknown, defaulting to 1000 [ 295.638001][T13391] netlink: 'syz.2.2387': attribute type 4 has an invalid length. [ 295.652342][T13378] pim6reg1: entered promiscuous mode [ 295.660854][T13378] pim6reg1: entered allmulticast mode [ 295.669937][T13389] tipc: Enabling of bearer rejected, failed to enable media [ 295.723169][T13387] vxcan1 speed is unknown, defaulting to 1000 [ 295.844303][T13398] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 295.880638][T13398] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 296.018893][T13387] wg1 speed is unknown, defaulting to 1000 [ 296.091639][T13402] FAULT_INJECTION: forcing a failure. [ 296.091639][T13402] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 296.128469][T13402] CPU: 1 UID: 0 PID: 13402 Comm: syz.0.2395 Not tainted syzkaller #0 PREEMPT(full) [ 296.128501][T13402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 296.128513][T13402] Call Trace: [ 296.128521][T13402] [ 296.128530][T13402] dump_stack_lvl+0x189/0x250 [ 296.128560][T13402] ? __pfx____ratelimit+0x10/0x10 [ 296.128580][T13402] ? __pfx_dump_stack_lvl+0x10/0x10 [ 296.128604][T13402] ? __pfx__printk+0x10/0x10 [ 296.128630][T13402] ? __might_fault+0xb0/0x130 [ 296.128670][T13402] should_fail_ex+0x414/0x560 [ 296.128704][T13402] _copy_from_iter+0x1de/0x1790 [ 296.128737][T13402] ? rcu_is_watching+0x15/0xb0 [ 296.128765][T13402] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 296.128794][T13402] ? __pfx__copy_from_iter+0x10/0x10 [ 296.128819][T13402] ? __build_skb_around+0x257/0x3e0 [ 296.128847][T13402] ? netlink_sendmsg+0x642/0xb30 [ 296.128870][T13402] ? skb_put+0x11b/0x210 [ 296.128898][T13402] netlink_sendmsg+0x6b2/0xb30 [ 296.128933][T13402] ? __pfx_netlink_sendmsg+0x10/0x10 [ 296.128960][T13402] ? aa_sock_msg_perm+0xf1/0x1d0 [ 296.128983][T13402] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 296.129004][T13402] ? __pfx_netlink_sendmsg+0x10/0x10 [ 296.129029][T13402] __sock_sendmsg+0x219/0x270 [ 296.129053][T13402] ____sys_sendmsg+0x505/0x830 [ 296.129086][T13402] ? __pfx_____sys_sendmsg+0x10/0x10 [ 296.129124][T13402] ? import_iovec+0x74/0xa0 [ 296.129154][T13402] ___sys_sendmsg+0x21f/0x2a0 [ 296.129183][T13402] ? __pfx____sys_sendmsg+0x10/0x10 [ 296.129252][T13402] ? __fget_files+0x2a/0x420 [ 296.129268][T13402] ? __fget_files+0x3a0/0x420 [ 296.129298][T13402] __x64_sys_sendmsg+0x19b/0x260 [ 296.129327][T13402] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 296.129365][T13402] ? __pfx_ksys_write+0x10/0x10 [ 296.129397][T13402] ? rcu_is_watching+0x15/0xb0 [ 296.129423][T13402] ? do_syscall_64+0xbe/0x3b0 [ 296.129448][T13402] do_syscall_64+0xfa/0x3b0 [ 296.129468][T13402] ? lockdep_hardirqs_on+0x9c/0x150 [ 296.129486][T13402] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.129506][T13402] ? clear_bhb_loop+0x60/0xb0 [ 296.129530][T13402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.129549][T13402] RIP: 0033:0x7f238ef8eba9 [ 296.129566][T13402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 296.129583][T13402] RSP: 002b:00007f238fdb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 296.129605][T13402] RAX: ffffffffffffffda RBX: 00007f238f1d5fa0 RCX: 00007f238ef8eba9 [ 296.129619][T13402] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 296.129631][T13402] RBP: 00007f238fdb4090 R08: 0000000000000000 R09: 0000000000000000 [ 296.129642][T13402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 296.129654][T13402] R13: 00007f238f1d6038 R14: 00007f238f1d5fa0 R15: 00007ffd78587688 [ 296.129688][T13402] [ 296.449264][T13403] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 296.689281][T13421] __nla_validate_parse: 4 callbacks suppressed [ 296.689302][T13421] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2399'. [ 296.810551][T13428] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2402'. [ 297.256600][T13441] vxcan1 speed is unknown, defaulting to 1000 [ 297.325554][T13447] vlan2: entered promiscuous mode [ 297.601514][T13460] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2412'. [ 297.789483][T13466] netlink: 6032 bytes leftover after parsing attributes in process `syz.4.2414'. [ 297.964559][T13472] FAULT_INJECTION: forcing a failure. [ 297.964559][T13472] name failslab, interval 1, probability 0, space 0, times 0 [ 297.978719][T13472] CPU: 0 UID: 0 PID: 13472 Comm: syz.0.2417 Not tainted syzkaller #0 PREEMPT(full) [ 297.978749][T13472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 297.978762][T13472] Call Trace: [ 297.978770][T13472] [ 297.978779][T13472] dump_stack_lvl+0x189/0x250 [ 297.978809][T13472] ? __pfx____ratelimit+0x10/0x10 [ 297.978832][T13472] ? __pfx_dump_stack_lvl+0x10/0x10 [ 297.978857][T13472] ? __pfx__printk+0x10/0x10 [ 297.978889][T13472] ? __pfx___might_resched+0x10/0x10 [ 297.978910][T13472] ? fs_reclaim_acquire+0x7d/0x100 [ 297.978936][T13472] should_fail_ex+0x414/0x560 [ 297.978973][T13472] should_failslab+0xa8/0x100 [ 297.979005][T13472] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 297.979032][T13472] ? __alloc_skb+0x112/0x2d0 [ 297.979063][T13472] __alloc_skb+0x112/0x2d0 [ 297.979092][T13472] alloc_skb_with_frags+0xca/0x890 [ 297.979119][T13472] ? find_get_pid+0x1d/0x280 [ 297.979143][T13472] ? make_kgid+0x1bb/0x650 [ 297.979174][T13472] ? __pfx_make_kgid+0x10/0x10 [ 297.979206][T13472] sock_alloc_send_pskb+0x857/0x990 [ 297.979233][T13472] ? pid_vnr+0x148/0x1e0 [ 297.979278][T13472] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 297.979311][T13472] ? __pfx___scm_send+0x10/0x10 [ 297.979336][T13472] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 297.979372][T13472] unix_stream_sendmsg+0x4bd/0xdf0 [ 297.979417][T13472] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 297.979446][T13472] ? aa_sock_msg_perm+0xda/0x1d0 [ 297.979470][T13472] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 297.979491][T13472] ? __pfx_unix_stream_sendmsg+0x10/0x10 [ 297.979513][T13472] __sock_sendmsg+0x219/0x270 [ 297.979538][T13472] ____sys_sendmsg+0x52d/0x830 [ 297.979573][T13472] ? __pfx_____sys_sendmsg+0x10/0x10 [ 297.979606][T13472] ? import_iovec+0x74/0xa0 [ 297.979633][T13472] ___sys_sendmsg+0x21f/0x2a0 [ 297.979665][T13472] ? __pfx____sys_sendmsg+0x10/0x10 [ 297.979735][T13472] ? __fget_files+0x2a/0x420 [ 297.979752][T13472] ? __fget_files+0x3a0/0x420 [ 297.979784][T13472] __sys_sendmmsg+0x227/0x430 [ 297.979818][T13472] ? __pfx___sys_sendmmsg+0x10/0x10 [ 297.979842][T13472] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 297.979898][T13472] ? ksys_write+0x22a/0x250 [ 297.979928][T13472] ? __pfx_ksys_write+0x10/0x10 [ 297.979952][T13472] ? rcu_is_watching+0x15/0xb0 [ 297.979980][T13472] __x64_sys_sendmmsg+0xa0/0xc0 [ 297.980009][T13472] do_syscall_64+0xfa/0x3b0 [ 297.980028][T13472] ? lockdep_hardirqs_on+0x9c/0x150 [ 297.980048][T13472] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.980068][T13472] ? clear_bhb_loop+0x60/0xb0 [ 297.980094][T13472] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.980114][T13472] RIP: 0033:0x7f238ef8eba9 [ 297.980133][T13472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 297.980150][T13472] RSP: 002b:00007f238fdb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 297.980168][T13472] RAX: ffffffffffffffda RBX: 00007f238f1d5fa0 RCX: 00007f238ef8eba9 [ 297.980180][T13472] RDX: 0000000000000001 RSI: 0000200000000480 RDI: 0000000000000004 [ 297.980190][T13472] RBP: 00007f238fdb4090 R08: 0000000000000000 R09: 0000000000000000 [ 297.980199][T13472] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 297.980208][T13472] R13: 00007f238f1d6038 R14: 00007f238f1d5fa0 R15: 00007ffd78587688 [ 297.980235][T13472] [ 298.359692][T13441] wg1 speed is unknown, defaulting to 1000 [ 298.753266][T13489] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2421'. [ 298.835476][T13494] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2422'. [ 298.990568][T13499] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2425'. [ 299.029741][T13499] FAULT_INJECTION: forcing a failure. [ 299.029741][T13499] name failslab, interval 1, probability 0, space 0, times 0 [ 299.072241][T13499] CPU: 1 UID: 0 PID: 13499 Comm: syz.2.2425 Not tainted syzkaller #0 PREEMPT(full) [ 299.072274][T13499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 299.072287][T13499] Call Trace: [ 299.072295][T13499] [ 299.072305][T13499] dump_stack_lvl+0x189/0x250 [ 299.072337][T13499] ? __pfx____ratelimit+0x10/0x10 [ 299.072359][T13499] ? __pfx_dump_stack_lvl+0x10/0x10 [ 299.072393][T13499] ? __pfx__printk+0x10/0x10 [ 299.072428][T13499] ? __pfx___might_resched+0x10/0x10 [ 299.072446][T13499] ? fs_reclaim_acquire+0x7d/0x100 [ 299.072469][T13499] should_fail_ex+0x414/0x560 [ 299.072506][T13499] should_failslab+0xa8/0x100 [ 299.072538][T13499] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 299.072566][T13499] ? __alloc_skb+0x112/0x2d0 [ 299.072594][T13499] __alloc_skb+0x112/0x2d0 [ 299.072622][T13499] ovs_dp_cmd_del+0x68/0x370 [ 299.072646][T13499] genl_family_rcv_msg_doit+0x212/0x300 [ 299.072686][T13499] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 299.072734][T13499] ? bpf_lsm_capable+0x9/0x20 [ 299.072760][T13499] ? security_capable+0x7e/0x2e0 [ 299.072799][T13499] genl_rcv_msg+0x60e/0x790 [ 299.072837][T13499] ? __pfx_genl_rcv_msg+0x10/0x10 [ 299.072866][T13499] ? __pfx_ovs_dp_cmd_del+0x10/0x10 [ 299.072903][T13499] netlink_rcv_skb+0x208/0x470 [ 299.072925][T13499] ? __lock_acquire+0xab9/0xd20 [ 299.072955][T13499] ? __pfx_genl_rcv_msg+0x10/0x10 [ 299.072987][T13499] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 299.073038][T13499] ? down_read+0x1ad/0x2e0 [ 299.073066][T13499] genl_rcv+0x28/0x40 [ 299.073093][T13499] netlink_unicast+0x82c/0x9e0 [ 299.073127][T13499] ? __pfx_netlink_unicast+0x10/0x10 [ 299.073152][T13499] ? netlink_sendmsg+0x642/0xb30 [ 299.073174][T13499] ? skb_put+0x11b/0x210 [ 299.073204][T13499] netlink_sendmsg+0x805/0xb30 [ 299.073241][T13499] ? __pfx_netlink_sendmsg+0x10/0x10 [ 299.073270][T13499] ? aa_sock_msg_perm+0xf1/0x1d0 [ 299.073294][T13499] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 299.073315][T13499] ? __pfx_netlink_sendmsg+0x10/0x10 [ 299.073341][T13499] __sock_sendmsg+0x219/0x270 [ 299.073377][T13499] ____sys_sendmsg+0x505/0x830 [ 299.073412][T13499] ? __pfx_____sys_sendmsg+0x10/0x10 [ 299.073451][T13499] ? import_iovec+0x74/0xa0 [ 299.073481][T13499] ___sys_sendmsg+0x21f/0x2a0 [ 299.073512][T13499] ? __pfx____sys_sendmsg+0x10/0x10 [ 299.073586][T13499] ? __fget_files+0x2a/0x420 [ 299.073604][T13499] ? __fget_files+0x3a0/0x420 [ 299.073635][T13499] __x64_sys_sendmsg+0x19b/0x260 [ 299.073667][T13499] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 299.073707][T13499] ? __pfx_ksys_write+0x10/0x10 [ 299.073732][T13499] ? rcu_is_watching+0x15/0xb0 [ 299.073759][T13499] ? do_syscall_64+0xbe/0x3b0 [ 299.073786][T13499] do_syscall_64+0xfa/0x3b0 [ 299.073806][T13499] ? lockdep_hardirqs_on+0x9c/0x150 [ 299.073826][T13499] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.073846][T13499] ? clear_bhb_loop+0x60/0xb0 [ 299.073871][T13499] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.073889][T13499] RIP: 0033:0x7ffa2478eba9 [ 299.073909][T13499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 299.073927][T13499] RSP: 002b:00007ffa25548038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 299.073949][T13499] RAX: ffffffffffffffda RBX: 00007ffa249d5fa0 RCX: 00007ffa2478eba9 [ 299.073964][T13499] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003 [ 299.073986][T13499] RBP: 00007ffa25548090 R08: 0000000000000000 R09: 0000000000000000 [ 299.073999][T13499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 299.074011][T13499] R13: 00007ffa249d6038 R14: 00007ffa249d5fa0 R15: 00007ffe9a5b0bf8 [ 299.074047][T13499] [ 299.857015][T13513] netlink: 'syz.4.2430': attribute type 1 has an invalid length. [ 299.903559][T13513] netlink: 'syz.4.2430': attribute type 2 has an invalid length. [ 300.053541][T13513] dvmrp0: entered allmulticast mode [ 300.246125][T13532] netlink: 'syz.0.2437': attribute type 1 has an invalid length. [ 300.296064][T13530] vxcan1 speed is unknown, defaulting to 1000 [ 300.762974][T13557] netlink: 'syz.4.2447': attribute type 23 has an invalid length. [ 300.863208][T13563] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2449'. [ 301.003648][T13565] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2450'. [ 301.032374][T13565] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2450'. [ 301.186020][T13575] sch_tbf: peakrate 4096 is lower than or equals to rate 185707055559232049 ! [ 301.239989][T13530] wg1 speed is unknown, defaulting to 1000 [ 301.526771][T13594] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 301.581861][T13594] netlink: 'syz.1.2461': attribute type 10 has an invalid length. [ 301.695072][T13603] __nla_validate_parse: 2 callbacks suppressed [ 301.695094][T13603] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2462'. [ 301.741321][T13603] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2462'. [ 301.953381][T13604] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 301.998583][T13611] netlink: 'syz.4.2467': attribute type 9 has an invalid length. [ 302.007840][T13611] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2467'. [ 302.025217][T13609] vlan1: entered promiscuous mode [ 302.400452][T13621] netlink: 'syz.1.2470': attribute type 12 has an invalid length. [ 302.756472][T13645] FAULT_INJECTION: forcing a failure. [ 302.756472][T13645] name failslab, interval 1, probability 0, space 0, times 0 [ 302.772006][T13645] CPU: 0 UID: 0 PID: 13645 Comm: syz.1.2480 Not tainted syzkaller #0 PREEMPT(full) [ 302.772037][T13645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 302.772049][T13645] Call Trace: [ 302.772058][T13645] [ 302.772066][T13645] dump_stack_lvl+0x189/0x250 [ 302.772094][T13645] ? __pfx____ratelimit+0x10/0x10 [ 302.772116][T13645] ? __pfx_dump_stack_lvl+0x10/0x10 [ 302.772138][T13645] ? __pfx__printk+0x10/0x10 [ 302.772173][T13645] ? __pfx___might_resched+0x10/0x10 [ 302.772192][T13645] ? fs_reclaim_acquire+0x7d/0x100 [ 302.772218][T13645] should_fail_ex+0x414/0x560 [ 302.772251][T13645] should_failslab+0xa8/0x100 [ 302.772283][T13645] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 302.772320][T13645] ? __alloc_skb+0x112/0x2d0 [ 302.772349][T13645] __alloc_skb+0x112/0x2d0 [ 302.772376][T13645] netlink_ack+0x146/0xa50 [ 302.772399][T13645] ? __pfx_genl_rcv_msg+0x10/0x10 [ 302.772446][T13645] netlink_rcv_skb+0x28c/0x470 [ 302.772466][T13645] ? __lock_acquire+0xab9/0xd20 [ 302.772496][T13645] ? __pfx_genl_rcv_msg+0x10/0x10 [ 302.772526][T13645] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 302.772572][T13645] ? down_read+0x1ad/0x2e0 [ 302.772598][T13645] genl_rcv+0x28/0x40 [ 302.772625][T13645] netlink_unicast+0x82c/0x9e0 [ 302.772655][T13645] ? __pfx_netlink_unicast+0x10/0x10 [ 302.772679][T13645] ? netlink_sendmsg+0x642/0xb30 [ 302.772700][T13645] ? skb_put+0x11b/0x210 [ 302.772727][T13645] netlink_sendmsg+0x805/0xb30 [ 302.772762][T13645] ? __pfx_netlink_sendmsg+0x10/0x10 [ 302.772790][T13645] ? aa_sock_msg_perm+0xf1/0x1d0 [ 302.772812][T13645] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 302.772834][T13645] ? __pfx_netlink_sendmsg+0x10/0x10 [ 302.772858][T13645] __sock_sendmsg+0x219/0x270 [ 302.772882][T13645] ____sys_sendmsg+0x505/0x830 [ 302.772915][T13645] ? __pfx_____sys_sendmsg+0x10/0x10 [ 302.772952][T13645] ? import_iovec+0x74/0xa0 [ 302.772982][T13645] ___sys_sendmsg+0x21f/0x2a0 [ 302.773017][T13645] ? __pfx____sys_sendmsg+0x10/0x10 [ 302.773086][T13645] ? __fget_files+0x2a/0x420 [ 302.773103][T13645] ? __fget_files+0x3a0/0x420 [ 302.773134][T13645] __x64_sys_sendmsg+0x19b/0x260 [ 302.773167][T13645] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 302.773206][T13645] ? __pfx_ksys_write+0x10/0x10 [ 302.773231][T13645] ? rcu_is_watching+0x15/0xb0 [ 302.773258][T13645] ? do_syscall_64+0xbe/0x3b0 [ 302.773285][T13645] do_syscall_64+0xfa/0x3b0 [ 302.773315][T13645] ? lockdep_hardirqs_on+0x9c/0x150 [ 302.773336][T13645] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.773356][T13645] ? clear_bhb_loop+0x60/0xb0 [ 302.773382][T13645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.773401][T13645] RIP: 0033:0x7f0e24f8eba9 [ 302.773420][T13645] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 302.773437][T13645] RSP: 002b:00007f0e25e27038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 302.773459][T13645] RAX: ffffffffffffffda RBX: 00007f0e251d5fa0 RCX: 00007f0e24f8eba9 [ 302.773474][T13645] RDX: 0000000000000000 RSI: 0000200000001980 RDI: 0000000000000003 [ 302.773486][T13645] RBP: 00007f0e25e27090 R08: 0000000000000000 R09: 0000000000000000 [ 302.773498][T13645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 302.773510][T13645] R13: 00007f0e251d6038 R14: 00007f0e251d5fa0 R15: 00007ffc59574b78 [ 302.773545][T13645] [ 302.803511][T13647] tipc: Enabled bearer , priority 0 [ 303.125609][T13653] syzkaller0: entered promiscuous mode [ 303.184459][T13653] syzkaller0: entered allmulticast mode [ 303.300851][T13646] tipc: Resetting bearer [ 303.423938][T13646] tipc: Disabling bearer [ 303.445566][T13668] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2488'. [ 303.460535][T13669] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 303.677058][T13678] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2493'. [ 303.762571][T13682] netlink: 6032 bytes leftover after parsing attributes in process `syz.1.2494'. [ 303.813550][T13684] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2495'. [ 303.852185][T13684] vlan2: entered promiscuous mode [ 303.926743][T13678] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2493'. [ 303.937924][T13678] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2493'. [ 304.654179][T13715] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_cmd_wq": -EINTR [ 304.876521][T13741] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 304.910895][T13741] netlink: 'syz.0.2511': attribute type 10 has an invalid length. [ 305.262872][T13756] netlink: 6032 bytes leftover after parsing attributes in process `syz.1.2517'. [ 305.265620][T13758] sch_tbf: peakrate 4096 is lower than or equals to rate 185707055559232049 ! [ 305.386994][T13758] netlink: 'syz.3.2518': attribute type 6 has an invalid length. [ 305.524146][T13768] vxcan1 speed is unknown, defaulting to 1000 [ 305.544406][T13773] netlink: 'syz.0.2522': attribute type 5 has an invalid length. [ 305.562537][ T8355] IPVS: starting estimator thread 0... [ 305.673415][T13775] IPVS: using max 27 ests per chain, 64800 per kthread [ 305.749612][T13783] bond0: (slave wlan1): Releasing backup interface [ 305.759914][T13783] bond2: (slave ip6gretap1): Releasing backup interface [ 305.811485][T13783] netlink: 'syz.3.2526': attribute type 10 has an invalid length. [ 305.836089][T13783] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 305.873757][T13768] wg1 speed is unknown, defaulting to 1000 [ 307.104351][T13823] __nla_validate_parse: 4 callbacks suppressed [ 307.104374][T13823] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2539'. [ 307.156335][T13823] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2539'. [ 307.254559][T13830] netlink: 6032 bytes leftover after parsing attributes in process `syz.3.2541'. [ 307.492085][T13845] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2549'. [ 307.636153][T13853] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2550'. [ 307.707709][T13855] netlink: 'syz.4.2551': attribute type 11 has an invalid length. [ 307.989854][T13876] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2559'. [ 308.830933][T13875] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 308.865833][T13884] bond0: (slave wlan1): Releasing backup interface [ 309.525049][T13916] vxcan1 speed is unknown, defaulting to 1000 [ 309.586297][T13926] netlink: 'syz.0.2571': attribute type 4 has an invalid length. [ 309.725160][T13918] pim6reg1: entered promiscuous mode [ 309.746501][T13918] pim6reg1: entered allmulticast mode [ 309.809864][T13931] netlink: 244 bytes leftover after parsing attributes in process `syz.4.2572'. [ 310.096201][T13938] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2574'. [ 310.330410][T13916] wg1 speed is unknown, defaulting to 1000 [ 311.717043][T13966] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2583'. [ 311.787530][T13975] syz_tun: entered allmulticast mode [ 311.830777][T13975] dvmrp1: entered allmulticast mode [ 311.894463][T13973] syz_tun: left allmulticast mode [ 311.942887][T13977] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2588'. [ 311.992106][T13979] sch_tbf: peakrate 4096 is lower than or equals to rate 185707055559232049 ! [ 312.590294][T14006] veth0: renamed from veth1_vlan [ 312.606998][T14005] pim6reg1: entered promiscuous mode [ 312.613134][T14005] pim6reg1: entered allmulticast mode [ 312.708821][T14005] vxcan1 speed is unknown, defaulting to 1000 [ 312.738540][T14008] netlink: 'syz.3.2599': attribute type 4 has an invalid length. [ 313.044489][T14005] wg1 speed is unknown, defaulting to 1000 [ 313.044518][T14012] vxcan1 speed is unknown, defaulting to 1000 [ 313.345752][T14019] __nla_validate_parse: 1 callbacks suppressed [ 313.345777][T14019] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2601'. [ 313.424084][T14012] wg1 speed is unknown, defaulting to 1000 [ 313.425191][T14013] vxcan1 speed is unknown, defaulting to 1000 [ 313.495379][T14027] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2604'. [ 313.969307][T14040] vlan2: entered promiscuous mode [ 314.112554][T14041] netlink: 576 bytes leftover after parsing attributes in process `syz.2.2611'. [ 314.180205][T14045] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2611'. [ 314.267597][T14013] wg1 speed is unknown, defaulting to 1000 [ 314.748530][T14067] batadv_slave_1: entered promiscuous mode [ 314.790724][T14067] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 314.912481][T14069] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2614'. [ 315.118075][T14069] veth0: entered promiscuous mode [ 315.161358][T14069] veth0: left promiscuous mode [ 315.211548][T14065] batadv_slave_1: left promiscuous mode [ 315.434405][T14075] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2615'. [ 315.529223][T14077] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2617'. [ 315.822910][T14081] pim6reg1: entered promiscuous mode [ 315.863416][T14081] pim6reg1: entered allmulticast mode [ 315.927212][T14080] netlink: 'syz.4.2618': attribute type 4 has an invalid length. [ 316.016977][T14090] vxcan1 speed is unknown, defaulting to 1000 [ 316.036758][T14094] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2622'. [ 316.409699][T14106] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2627'. [ 316.418480][T14105] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2626'. [ 316.818451][T14090] wg1 speed is unknown, defaulting to 1000 [ 317.904279][T14143] vlan0: entered promiscuous mode [ 318.439683][T14163] vxcan1 speed is unknown, defaulting to 1000 [ 318.468905][T14167] netlink: 'syz.1.2644': attribute type 4 has an invalid length. [ 318.754487][T14163] wg1 speed is unknown, defaulting to 1000 [ 319.505624][T14196] __nla_validate_parse: 8 callbacks suppressed [ 319.505647][T14196] netlink: 244 bytes leftover after parsing attributes in process `syz.1.2652'. [ 319.614744][T14198] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2654'. [ 319.626962][T14199] lo: entered allmulticast mode [ 319.637999][T14199] lo: left allmulticast mode [ 319.817126][T14202] sch_tbf: peakrate 4096 is lower than or equals to rate 185707055559232049 ! [ 320.424173][T14216] vxcan1 speed is unknown, defaulting to 1000 [ 320.668171][T14230] netlink: 'syz.2.2662': attribute type 4 has an invalid length. [ 320.899185][T14226] vxcan1 speed is unknown, defaulting to 1000 [ 320.944610][T14216] wg1 speed is unknown, defaulting to 1000 [ 321.125436][T14239] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2666'. [ 321.145656][T14239] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2666'. [ 321.238312][T14227] vxcan1 speed is unknown, defaulting to 1000 [ 321.245860][T14226] wg1 speed is unknown, defaulting to 1000 [ 321.585495][T14250] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2669'. [ 321.791416][T14254] netlink: 'syz.3.2670': attribute type 11 has an invalid length. [ 321.846296][T14227] wg1 speed is unknown, defaulting to 1000 [ 322.243650][T14266] netlink: 6032 bytes leftover after parsing attributes in process `syz.3.2674'. [ 322.301774][T14269] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2675'. [ 322.528562][T14272] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2676'. [ 322.557740][T14272] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2676'. [ 322.851026][T14278] vxcan1 speed is unknown, defaulting to 1000 [ 323.040497][T14289] netlink: 'syz.4.2682': attribute type 1 has an invalid length. [ 323.205484][T14289] bond1 (unregistering): Released all slaves [ 323.445320][T14301] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2686'. [ 323.714835][T14278] wg1 speed is unknown, defaulting to 1000 [ 324.198579][T14326] tipc: Cannot configure node identity twice [ 324.213506][T14326] tipc: Cannot configure node identity twice [ 324.428836][T14330] netlink: 'syz.0.2694': attribute type 4 has an invalid length. [ 324.486472][T14334] vxcan1 speed is unknown, defaulting to 1000 [ 324.521469][T14340] FAULT_INJECTION: forcing a failure. [ 324.521469][T14340] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 324.564697][T14340] CPU: 0 UID: 0 PID: 14340 Comm: syz.2.2700 Not tainted syzkaller #0 PREEMPT(full) [ 324.564728][T14340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 324.564740][T14340] Call Trace: [ 324.564748][T14340] [ 324.564757][T14340] dump_stack_lvl+0x189/0x250 [ 324.564789][T14340] ? __pfx____ratelimit+0x10/0x10 [ 324.564812][T14340] ? __pfx_dump_stack_lvl+0x10/0x10 [ 324.564838][T14340] ? __pfx__printk+0x10/0x10 [ 324.564883][T14340] should_fail_ex+0x414/0x560 [ 324.564921][T14340] _copy_to_user+0x31/0xb0 [ 324.564952][T14340] simple_read_from_buffer+0xe1/0x170 [ 324.565001][T14340] proc_fail_nth_read+0x1b3/0x220 [ 324.565028][T14340] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 324.565056][T14340] ? rw_verify_area+0x2a6/0x4d0 [ 324.565081][T14340] ? __lock_acquire+0xab9/0xd20 [ 324.565108][T14340] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 324.565134][T14340] vfs_read+0x200/0xa30 [ 324.565158][T14340] ? fdget_pos+0x247/0x320 [ 324.565183][T14340] ? __pfx___mutex_lock+0x10/0x10 [ 324.565206][T14340] ? __pfx_vfs_read+0x10/0x10 [ 324.565235][T14340] ? __fget_files+0x2a/0x420 [ 324.565258][T14340] ? __fget_files+0x3a0/0x420 [ 324.565276][T14340] ? __fget_files+0x2a/0x420 [ 324.565305][T14340] ksys_read+0x145/0x250 [ 324.565336][T14340] ? __pfx_ksys_read+0x10/0x10 [ 324.565359][T14340] ? rcu_is_watching+0x15/0xb0 [ 324.565387][T14340] ? do_syscall_64+0xbe/0x3b0 [ 324.565413][T14340] do_syscall_64+0xfa/0x3b0 [ 324.565434][T14340] ? lockdep_hardirqs_on+0x9c/0x150 [ 324.565454][T14340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.565474][T14340] ? clear_bhb_loop+0x60/0xb0 [ 324.565501][T14340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.565519][T14340] RIP: 0033:0x7ffa2478d5bc [ 324.565539][T14340] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 324.565556][T14340] RSP: 002b:00007ffa25548030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 324.565578][T14340] RAX: ffffffffffffffda RBX: 00007ffa249d5fa0 RCX: 00007ffa2478d5bc [ 324.565592][T14340] RDX: 000000000000000f RSI: 00007ffa255480a0 RDI: 0000000000000005 [ 324.565605][T14340] RBP: 00007ffa25548090 R08: 0000000000000000 R09: 0000000000000000 [ 324.565618][T14340] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 324.565630][T14340] R13: 00007ffa249d6038 R14: 00007ffa249d5fa0 R15: 00007ffe9a5b0bf8 [ 324.565671][T14340] [ 324.721568][T14334] wg1 speed is unknown, defaulting to 1000 [ 325.192218][T14358] vlan2: entered promiscuous mode [ 325.321966][T14348] vxcan1 speed is unknown, defaulting to 1000 [ 325.602661][T14348] wg1 speed is unknown, defaulting to 1000 [ 325.985310][T14371] vxcan1 speed is unknown, defaulting to 1000 [ 326.038802][T14378] netlink: 'syz.4.2711': attribute type 1 has an invalid length. [ 326.082856][T14378] netlink: 'syz.4.2711': attribute type 1 has an invalid length. [ 326.132547][T14381] __nla_validate_parse: 8 callbacks suppressed [ 326.132572][T14381] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2712'. [ 326.187758][T14381] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2712'. [ 326.359711][T14390] netlink: 'syz.4.2711': attribute type 1 has an invalid length. [ 326.480290][T14390] 8021q: adding VLAN 0 to HW filter on device bond1 [ 326.605131][T14390] bond1: (slave wlan0): Enslaving as an active interface with a down link [ 326.690522][T14378] vlan0: entered allmulticast mode [ 326.743424][T14378] veth1: entered allmulticast mode [ 326.764691][T14378] bond1: (slave vlan0): Opening slave failed [ 326.956891][T14371] wg1 speed is unknown, defaulting to 1000 [ 327.095107][T14402] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2716'. [ 327.277255][T14402] vlan2: entered promiscuous mode [ 327.450178][T14406] sch_tbf: peakrate 4096 is lower than or equals to rate 185707055559232049 ! [ 327.873443][T14416] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2722'. [ 327.964213][T14423] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 327.982422][T14421] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2724'. [ 327.994375][T14421] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2724'. [ 328.220402][T14431] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check. [ 328.299888][T14433] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2729'. [ 328.652208][T14439] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2732'. [ 328.716064][T14448] netlink: 'syz.1.2735': attribute type 21 has an invalid length. [ 328.865572][T14458] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2738'. [ 328.904259][T14458] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2738'. [ 329.083872][T14464] vlan1: entered promiscuous mode [ 329.245255][T14465] vxcan1 speed is unknown, defaulting to 1000 [ 329.546681][T14490] ipvlan0: entered promiscuous mode [ 330.027120][T14502] tipc: Cannot configure node identity twice [ 330.076782][T14465] wg1 speed is unknown, defaulting to 1000 [ 330.462328][T14508] dvmrp0: entered allmulticast mode [ 330.701940][T14522] sch_tbf: peakrate 4096 is lower than or equals to rate 185707055559232049 ! [ 331.024618][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 331.032593][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 331.179004][T14535] delete_channel: no stack [ 331.192345][T14540] __nla_validate_parse: 5 callbacks suppressed [ 331.192368][T14540] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2767'. [ 331.446803][T14548] netlink: 'syz.0.2770': attribute type 4 has an invalid length. [ 331.471993][T14548] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2770'. [ 331.494160][T14548] : renamed from ! [ 331.524432][T14549] vxcan1 speed is unknown, defaulting to 1000 [ 331.749695][T14557] netlink: 'syz.1.2774': attribute type 1 has an invalid length. [ 331.772343][T14558] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2773'. [ 331.800643][T14559] netlink: 'syz.1.2774': attribute type 1 has an invalid length. [ 331.814082][T14557] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 331.959066][T14565] netlink: 'syz.2.2776': attribute type 11 has an invalid length. [ 332.008399][T14566] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2775'. [ 332.171020][T14570] (unnamed net_device) (uninitialized): option arp_interval: invalid value (18446744073709551615) [ 332.236536][T14570] (unnamed net_device) (uninitialized): option arp_interval: allowed values 0 - 2147483647 [ 332.296896][T14569] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2778'. [ 332.320974][T14549] wg1 speed is unknown, defaulting to 1000 [ 332.433929][T14575] openvswitch: netlink: Unexpected mask (mask=40040, allowed=10048) [ 332.745102][T14583] netlink: 100 bytes leftover after parsing attributes in process `syz.2.2781'. [ 332.842606][T14587] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2782'. [ 333.244253][T14590] netlink: 'syz.2.2783': attribute type 1 has an invalid length. [ 333.252145][T14590] netlink: 'syz.2.2783': attribute type 11 has an invalid length. [ 333.292617][T14590] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2783'. [ 333.326210][T14593] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 333.364042][T14593] netlink: 'syz.4.2784': attribute type 10 has an invalid length. [ 334.149256][T14614] FAULT_INJECTION: forcing a failure. [ 334.149256][T14614] name failslab, interval 1, probability 0, space 0, times 0 [ 334.184087][T14611] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 334.243290][T14614] CPU: 0 UID: 0 PID: 14614 Comm: syz.1.2790 Not tainted syzkaller #0 PREEMPT(full) [ 334.243321][T14614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 334.243333][T14614] Call Trace: [ 334.243341][T14614] [ 334.243350][T14614] dump_stack_lvl+0x189/0x250 [ 334.243394][T14614] ? __pfx____ratelimit+0x10/0x10 [ 334.243415][T14614] ? __pfx_dump_stack_lvl+0x10/0x10 [ 334.243438][T14614] ? __pfx__printk+0x10/0x10 [ 334.243473][T14614] ? rcu_is_watching+0x15/0xb0 [ 334.243499][T14614] should_fail_ex+0x414/0x560 [ 334.243532][T14614] should_failslab+0xa8/0x100 [ 334.243565][T14614] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 334.243594][T14614] ? __alloc_skb+0x112/0x2d0 [ 334.243624][T14614] __alloc_skb+0x112/0x2d0 [ 334.243654][T14614] hci_mgmt_cmd+0x1ca/0xef0 [ 334.243683][T14614] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 334.243718][T14614] hci_sock_sendmsg+0x6ca/0xef0 [ 334.243755][T14614] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 334.243784][T14614] ? aa_sock_msg_perm+0xf1/0x1d0 [ 334.243809][T14614] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 334.243831][T14614] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 334.243860][T14614] __sock_sendmsg+0x219/0x270 [ 334.243886][T14614] sock_write_iter+0x258/0x330 [ 334.243920][T14614] ? __pfx_sock_write_iter+0x10/0x10 [ 334.243965][T14614] ? bpf_lsm_file_permission+0x9/0x20 [ 334.243988][T14614] ? security_file_permission+0x75/0x290 [ 334.244027][T14614] vfs_write+0x5c9/0xb30 [ 334.244061][T14614] ? __pfx_sock_write_iter+0x10/0x10 [ 334.244093][T14614] ? __pfx_vfs_write+0x10/0x10 [ 334.244133][T14614] ? __fget_files+0x2a/0x420 [ 334.244173][T14614] ksys_write+0x145/0x250 [ 334.244204][T14614] ? __pfx_ksys_write+0x10/0x10 [ 334.244227][T14614] ? rcu_is_watching+0x15/0xb0 [ 334.244254][T14614] ? do_syscall_64+0xbe/0x3b0 [ 334.244282][T14614] do_syscall_64+0xfa/0x3b0 [ 334.244307][T14614] ? lockdep_hardirqs_on+0x9c/0x150 [ 334.244326][T14614] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.244359][T14614] ? clear_bhb_loop+0x60/0xb0 [ 334.244385][T14614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.244404][T14614] RIP: 0033:0x7f0e24f8eba9 [ 334.244424][T14614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 334.244441][T14614] RSP: 002b:00007f0e25e27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 334.244465][T14614] RAX: ffffffffffffffda RBX: 00007f0e251d5fa0 RCX: 00007f0e24f8eba9 [ 334.244479][T14614] RDX: 0000000000000007 RSI: 0000200000000080 RDI: 0000000000000004 [ 334.244492][T14614] RBP: 00007f0e25e27090 R08: 0000000000000000 R09: 0000000000000000 [ 334.244504][T14614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 334.244515][T14614] R13: 00007f0e251d6038 R14: 00007f0e251d5fa0 R15: 00007ffc59574b78 [ 334.244552][T14614] [ 334.264543][T14615] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2791'. [ 334.621866][T14622] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2793'. [ 334.726102][T14619] vxcan1 speed is unknown, defaulting to 1000 [ 335.267697][T14619] wg1 speed is unknown, defaulting to 1000 [ 335.306465][T14626] vxcan1 speed is unknown, defaulting to 1000 [ 335.923104][T14626] wg1 speed is unknown, defaulting to 1000 [ 336.390993][T14643] vxcan1 speed is unknown, defaulting to 1000 [ 336.544930][T14645] netlink: 'syz.4.2798': attribute type 5 has an invalid length. [ 336.561097][T14645] __nla_validate_parse: 1 callbacks suppressed [ 336.561130][T14645] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2798'. [ 337.199118][T14643] wg1 speed is unknown, defaulting to 1000 [ 337.228003][ T979] IPVS: starting estimator thread 0... [ 337.243772][T14664] sctp: [Deprecated]: syz.2.2803 (pid 14664) Use of int in max_burst socket option. [ 337.243772][T14664] Use struct sctp_assoc_value instead [ 337.343766][T14665] IPVS: using max 25 ests per chain, 60000 per kthread [ 337.521220][T14672] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2806'. [ 337.548954][T14672] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2806'. [ 337.761106][T14679] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2810'. [ 337.778259][T14679] vlan0: entered promiscuous mode [ 338.037254][T14691] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2814'. [ 338.091270][T14693] vxcan1 speed is unknown, defaulting to 1000 [ 338.360571][T14710] netlink: 'syz.2.2821': attribute type 11 has an invalid length. [ 338.402653][T14711] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2822'. [ 338.689546][T14695] vxcan1 speed is unknown, defaulting to 1000 [ 338.710958][T14693] wg1 speed is unknown, defaulting to 1000 [ 338.814663][T14719] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 338.923971][T14719] netlink: 'syz.2.2826': attribute type 10 has an invalid length. [ 339.189021][T14702] vxcan1 speed is unknown, defaulting to 1000 [ 339.192306][T14695] wg1 speed is unknown, defaulting to 1000 [ 340.179377][T14754] netlink: 244 bytes leftover after parsing attributes in process `syz.2.2836'. [ 340.341255][T14702] wg1 speed is unknown, defaulting to 1000 [ 340.484029][T14769] sch_tbf: peakrate 4096 is lower than or equals to rate 185707055559232049 ! [ 340.557223][T14772] netlink: 'syz.4.2844': attribute type 1 has an invalid length. [ 340.566840][T14766] vxcan1 speed is unknown, defaulting to 1000 [ 340.572027][T14772] netlink: 'syz.4.2844': attribute type 1 has an invalid length. [ 340.583305][T14772] netlink: 'syz.4.2844': attribute type 1 has an invalid length. [ 340.922898][T14782] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2848'. [ 340.932634][T14782] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2848'. [ 340.956936][T14782] tipc: Cannot configure node identity twice [ 340.985533][T14766] wg1 speed is unknown, defaulting to 1000 [ 341.174655][T14778] vxcan1 speed is unknown, defaulting to 1000 [ 341.360453][T14795] vlan0: entered promiscuous mode [ 341.812424][T14778] wg1 speed is unknown, defaulting to 1000 [ 343.076321][T14813] tipc: Enabled bearer , priority 0 [ 343.091702][T14814] bridge_slave_1: entered promiscuous mode [ 343.098265][T14814] bridge_slave_1: entered allmulticast mode [ 343.175016][T14814] tipc: Disabling bearer [ 343.529559][T14826] netlink: 244 bytes leftover after parsing attributes in process `syz.4.2859'. [ 344.338816][T14846] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2868'. [ 344.359201][T14846] vlan0: entered promiscuous mode [ 345.285768][T14849] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2869'. [ 345.841085][T14864] netlink: 6032 bytes leftover after parsing attributes in process `syz.2.2875'. [ 345.868145][T14866] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 345.918256][T14866] netlink: 'syz.1.2877': attribute type 10 has an invalid length. [ 346.828391][T14880] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2882'. [ 347.483413][T14890] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2885'. [ 347.792220][T14897] vxcan1 speed is unknown, defaulting to 1000 [ 348.780958][T14897] wg1 speed is unknown, defaulting to 1000 [ 348.825184][T14906] netlink: 'syz.2.2889': attribute type 13 has an invalid length. [ 348.833568][T14906] netlink: 'syz.2.2889': attribute type 17 has an invalid length. [ 349.021952][T14907] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2889'. [ 349.127248][T14906] 8021q: adding VLAN 0 to HW filter on device bond0 [ 349.236831][T14906] 8021q: adding VLAN 0 to HW filter on device team0 [ 349.320630][T14906] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 349.675555][T14917] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2892'. [ 349.741424][T14909] vxcan1 speed is unknown, defaulting to 1000 [ 349.971239][T14924] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2895'. [ 350.097950][T14924] netlink: 'syz.4.2895': attribute type 2 has an invalid length. [ 350.279189][T14929] netlink: 'syz.4.2899': attribute type 1 has an invalid length. [ 350.297713][T14929] netlink: 'syz.4.2899': attribute type 1 has an invalid length. [ 350.320394][T14931] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2898'. [ 350.642453][T14936] netlink: 6032 bytes leftover after parsing attributes in process `syz.3.2897'. [ 350.660875][T14909] wg1 speed is unknown, defaulting to 1000 [ 350.667290][T14937] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2900'. [ 351.084713][T14945] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2903'. [ 351.871216][T14957] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2908'. [ 352.229093][T14965] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2912'. [ 352.526770][T14968] netlink: 'syz.1.2914': attribute type 11 has an invalid length. [ 353.182353][T14979] netlink: 244 bytes leftover after parsing attributes in process `syz.3.2918'. [ 353.201508][ T5873] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 353.216787][ T5873] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 353.225480][ T5873] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 353.245918][ T5873] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 353.255098][ T5873] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 353.334955][T14981] vxcan1 speed is unknown, defaulting to 1000 [ 353.647715][T14981] wg1 speed is unknown, defaulting to 1000 [ 354.073571][T14995] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2920'. [ 354.178000][T14995] vlan1: entered promiscuous mode [ 354.353845][T15006] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2924'. [ 354.486907][T14981] chnl_net:caif_netlink_parms(): no params data found [ 354.662743][T15017] netlink: 6032 bytes leftover after parsing attributes in process `syz.2.2927'. [ 354.712365][T14981] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.722705][T14981] bridge0: port 1(bridge_slave_0) entered disabled state [ 354.731703][T14981] bridge_slave_0: entered allmulticast mode [ 354.744248][T14981] bridge_slave_0: entered promiscuous mode [ 354.754237][T14981] bridge0: port 2(bridge_slave_1) entered blocking state [ 354.770437][T14981] bridge0: port 2(bridge_slave_1) entered disabled state [ 354.778040][T14981] bridge_slave_1: entered allmulticast mode [ 354.788123][T14981] bridge_slave_1: entered promiscuous mode [ 354.836956][T14981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 354.852324][T14981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 354.865253][T15023] netlink: 244 bytes leftover after parsing attributes in process `syz.3.2929'. [ 354.921155][T14981] team0: Port device team_slave_0 added [ 354.932123][T14981] team0: Port device team_slave_1 added [ 354.984983][T14981] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 354.992141][T14981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 355.019821][T14981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 355.033712][T14981] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 355.040971][T14981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 355.067872][T14981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 355.186518][T14981] hsr_slave_0: entered promiscuous mode [ 355.196008][T14981] hsr_slave_1: entered promiscuous mode [ 355.202685][T14981] debugfs: 'hsr0' already exists in 'hsr' [ 355.208720][T14981] Cannot create hsr debugfs directory [ 355.227203][T15032] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2932'. [ 355.343308][ T51] Bluetooth: hci2: command tx timeout [ 355.516128][T15046] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2935'. [ 355.603468][T15048] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2937'. [ 355.615464][T14981] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 355.710505][T15058] netlink: 'syz.0.2940': attribute type 11 has an invalid length. [ 355.820100][T14981] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 355.892392][T15068] tipc: Enabling of bearer rejected, failed to enable media [ 356.035583][T14981] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 356.249293][T15083] netlink: 'syz.0.2947': attribute type 1 has an invalid length. [ 356.263878][T15083] netlink: 'syz.0.2947': attribute type 2 has an invalid length. [ 356.265651][T14981] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 356.337090][T15087] vxcan1 speed is unknown, defaulting to 1000 [ 356.370647][T15090] netlink: 244 bytes leftover after parsing attributes in process `syz.3.2949'. [ 356.714300][T14981] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 356.859102][T14981] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 356.863073][T15087] wg1 speed is unknown, defaulting to 1000 [ 356.891078][T14981] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 356.906177][T15104] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2952'. [ 356.928466][T15104] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2952'. [ 356.929322][T14981] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 357.239915][T14981] 8021q: adding VLAN 0 to HW filter on device bond0 [ 357.264264][T14981] 8021q: adding VLAN 0 to HW filter on device team0 [ 357.428509][ T51] Bluetooth: hci2: command tx timeout [ 357.510985][ T6726] bridge0: port 1(bridge_slave_0) entered blocking state [ 357.518282][ T6726] bridge0: port 1(bridge_slave_0) entered forwarding state [ 357.575864][ T1163] bridge0: port 2(bridge_slave_1) entered blocking state [ 357.584096][ T1163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 358.018250][T15124] macvlan4: entered promiscuous mode [ 358.064055][T15124] vlan0: entered promiscuous mode [ 358.300569][T15149] tipc: Enabled bearer , priority 0 [ 358.326325][T15130] vxcan1 speed is unknown, defaulting to 1000 [ 358.360698][T15153] syzkaller0: entered promiscuous mode [ 358.393198][T15153] syzkaller0: entered allmulticast mode [ 358.499714][T15142] tipc: Resetting bearer [ 358.554149][T15158] vlan2: entered promiscuous mode [ 358.597953][T15141] tipc: Resetting bearer [ 358.636441][T15141] tipc: Disabling bearer [ 358.668689][T15150] syzkaller1: entered promiscuous mode [ 358.675522][T15150] syzkaller1: entered allmulticast mode [ 358.848470][T14981] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 358.897772][T15130] wg1 speed is unknown, defaulting to 1000 [ 359.176829][T15178] __nla_validate_parse: 5 callbacks suppressed [ 359.176855][T15178] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2967'. [ 359.503566][ T51] Bluetooth: hci2: command tx timeout [ 359.797682][T14981] veth0_vlan: entered promiscuous mode [ 359.842807][T14981] veth1_vlan: entered promiscuous mode [ 359.912138][T15203] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2975'. [ 359.968766][T14981] veth0_macvtap: entered promiscuous mode [ 359.998207][T14981] veth1_macvtap: entered promiscuous mode [ 360.057514][T14981] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 360.168202][T14981] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 360.202104][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.230100][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.265487][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.320170][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.366522][T15224] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2984'. [ 360.425485][T15229] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 360.486943][T15226] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2982'. [ 360.501473][ T6724] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 360.512682][T15223] netlink: 244 bytes leftover after parsing attributes in process `syz.1.2983'. [ 360.521149][ T6724] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 360.544919][T15233] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2986'. [ 360.652188][ T6726] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 360.662927][ T6726] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 360.774417][T15246] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2913'. [ 360.789822][T15250] FAULT_INJECTION: forcing a failure. [ 360.789822][T15250] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 360.804917][T15250] CPU: 0 UID: 0 PID: 15250 Comm: syz.0.2990 Not tainted syzkaller #0 PREEMPT(full) [ 360.804945][T15250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 360.804956][T15250] Call Trace: [ 360.804964][T15250] [ 360.804972][T15250] dump_stack_lvl+0x189/0x250 [ 360.805001][T15250] ? __pfx____ratelimit+0x10/0x10 [ 360.805024][T15250] ? __pfx_dump_stack_lvl+0x10/0x10 [ 360.805047][T15250] ? __pfx__printk+0x10/0x10 [ 360.805089][T15250] should_fail_ex+0x414/0x560 [ 360.805125][T15250] _copy_to_user+0x31/0xb0 [ 360.805153][T15250] simple_read_from_buffer+0xe1/0x170 [ 360.805186][T15250] proc_fail_nth_read+0x1b3/0x220 [ 360.805212][T15250] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 360.805237][T15250] ? rw_verify_area+0x2a6/0x4d0 [ 360.805259][T15250] ? __lock_acquire+0xab9/0xd20 [ 360.805286][T15250] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 360.805309][T15250] vfs_read+0x200/0xa30 [ 360.805332][T15250] ? fdget_pos+0x247/0x320 [ 360.805354][T15250] ? __pfx___mutex_lock+0x10/0x10 [ 360.805377][T15250] ? __pfx_vfs_read+0x10/0x10 [ 360.805403][T15250] ? __fget_files+0x2a/0x420 [ 360.805425][T15250] ? __fget_files+0x3a0/0x420 [ 360.805441][T15250] ? __fget_files+0x2a/0x420 [ 360.805468][T15250] ksys_read+0x145/0x250 [ 360.805496][T15250] ? __pfx_ksys_read+0x10/0x10 [ 360.805518][T15250] ? rcu_is_watching+0x15/0xb0 [ 360.805544][T15250] ? do_syscall_64+0xbe/0x3b0 [ 360.805570][T15250] do_syscall_64+0xfa/0x3b0 [ 360.805589][T15250] ? lockdep_hardirqs_on+0x9c/0x150 [ 360.805607][T15250] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 360.805625][T15250] ? clear_bhb_loop+0x60/0xb0 [ 360.805649][T15250] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 360.805667][T15250] RIP: 0033:0x7f238ef8d5bc [ 360.805685][T15250] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 360.805701][T15250] RSP: 002b:00007f238fdb4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 360.805722][T15250] RAX: ffffffffffffffda RBX: 00007f238f1d5fa0 RCX: 00007f238ef8d5bc [ 360.805736][T15250] RDX: 000000000000000f RSI: 00007f238fdb40a0 RDI: 0000000000000005 [ 360.805748][T15250] RBP: 00007f238fdb4090 R08: 0000000000000000 R09: 0000000000000000 [ 360.805759][T15250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 360.805770][T15250] R13: 00007f238f1d6038 R14: 00007f238f1d5fa0 R15: 00007ffd78587688 [ 360.805804][T15250] [ 360.873172][T15252] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2991'. [ 361.583756][ T51] Bluetooth: hci2: command tx timeout [ 361.653311][T15269] netlink: 'syz.1.2998': attribute type 11 has an invalid length. [ 361.699018][T15272] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3000'. [ 361.707932][T15273] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2999'. [ 361.730764][T15273] IPv6: sit3: Disabled Multicast RS [ 361.750924][T15273] sit3: entered allmulticast mode [ 361.909590][T15273] netdevsim netdevsim2 netdevsim0: refused to change device tx_queue_len [ 361.971857][ T5873] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 361.982125][ T5873] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 361.992442][ T5873] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 362.005403][ T5873] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 362.016148][ T5873] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 362.199247][T15296] netlink: 'syz.2.3007': attribute type 1 has an invalid length. [ 362.365437][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.530506][T15298] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 362.545111][T15298] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 362.584361][T15312] netlink: 'syz.3.3012': attribute type 1 has an invalid length. [ 362.692398][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.734512][T15285] vxcan1 speed is unknown, defaulting to 1000 [ 363.161814][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.192047][T15285] wg1 speed is unknown, defaulting to 1000 [ 363.301806][T15305] delete_channel: no stack [ 363.364831][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.426579][T15331] netlink: 'syz.3.3020': attribute type 10 has an invalid length. [ 363.468455][T15331] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 363.719425][T15348] netlink: 'syz.3.3025': attribute type 11 has an invalid length. [ 364.063320][ T5873] Bluetooth: hci4: command tx timeout [ 364.206175][T15374] nbd2: detected capacity change from 0 to 63 [ 364.217317][T15378] block nbd2: NBD_DISCONNECT [ 364.229633][T15378] block nbd2: Disconnected due to user request. [ 364.238564][T15378] block nbd2: shutting down sockets [ 364.627793][ T12]  (unregistering): (slave wlan1): Releasing backup interface [ 364.638444][ T12]  (unregistering): Released all slaves [ 364.717512][T15350] __nla_validate_parse: 6 callbacks suppressed [ 364.717534][T15350] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3028'. [ 364.807109][ T12] tipc: Left network mode [ 364.937844][T15285] chnl_net:caif_netlink_parms(): no params data found [ 365.417297][T15389] vxcan1 speed is unknown, defaulting to 1000 [ 366.143299][ T5873] Bluetooth: hci4: command tx timeout [ 368.224094][ T5873] Bluetooth: hci4: command tx timeout [ 369.485538][T15389] wg1 speed is unknown, defaulting to 1000 [ 370.313239][ T5873] Bluetooth: hci4: command tx timeout [ 370.628373][ T12] hsr_slave_0: left promiscuous mode [ 370.674880][ T12] hsr_slave_1: left promiscuous mode [ 370.733143][ T12] veth1_macvtap: left promiscuous mode [ 370.739064][ T12] veth0_macvtap: left promiscuous mode [ 370.813415][ T12] veth1_vlan: left promiscuous mode [ 370.818957][ T12] veth0_vlan: left promiscuous mode [ 371.514609][T15399] netlink: 'syz.1.3037': attribute type 9 has an invalid length. [ 371.522803][T15399] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3037'. [ 371.592741][T15404] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3040'. [ 371.626919][T15407] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 372.204596][ T1163] smc: removing ib device syz2 [ 373.341805][T15426] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3047'. [ 373.399768][T15285] bridge0: port 1(bridge_slave_0) entered blocking state [ 373.417897][T15285] bridge0: port 1(bridge_slave_0) entered disabled state [ 373.428096][T15285] bridge_slave_0: entered allmulticast mode [ 373.441175][T15285] bridge_slave_0: entered promiscuous mode [ 373.467311][T15285] bridge0: port 2(bridge_slave_1) entered blocking state [ 373.474765][T15285] bridge0: port 2(bridge_slave_1) entered disabled state [ 373.482134][T15285] bridge_slave_1: entered allmulticast mode [ 373.491181][T15285] bridge_slave_1: entered promiscuous mode [ 373.498742][T15426] FAULT_INJECTION: forcing a failure. [ 373.498742][T15426] name failslab, interval 1, probability 0, space 0, times 0 [ 373.535474][T15426] CPU: 1 UID: 0 PID: 15426 Comm: syz.4.3047 Not tainted syzkaller #0 PREEMPT(full) [ 373.535505][T15426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 373.535516][T15426] Call Trace: [ 373.535525][T15426] [ 373.535533][T15426] dump_stack_lvl+0x189/0x250 [ 373.535564][T15426] ? __pfx____ratelimit+0x10/0x10 [ 373.535587][T15426] ? __pfx_dump_stack_lvl+0x10/0x10 [ 373.535611][T15426] ? __pfx__printk+0x10/0x10 [ 373.535636][T15426] ? genl_rcv+0x28/0x40 [ 373.535665][T15426] ? ____sys_sendmsg+0x505/0x830 [ 373.535690][T15426] ? __x64_sys_sendmsg+0x19b/0x260 [ 373.535731][T15426] should_fail_ex+0x414/0x560 [ 373.535769][T15426] should_failslab+0xa8/0x100 [ 373.535801][T15426] kmem_cache_alloc_noprof+0x73/0x3c0 [ 373.535828][T15426] ? skb_clone+0x212/0x3a0 [ 373.535860][T15426] skb_clone+0x212/0x3a0 [ 373.535894][T15426] __netlink_deliver_tap+0x404/0x850 [ 373.535932][T15426] ? netlink_deliver_tap+0x2e/0x1b0 [ 373.535959][T15426] netlink_deliver_tap+0x19c/0x1b0 [ 373.535984][T15426] netlink_sendskb+0x68/0x140 [ 373.536010][T15426] netlink_unicast+0x397/0x9e0 [ 373.536028][T15426] ? __asan_memcpy+0x40/0x70 [ 373.536063][T15426] ? __pfx_netlink_unicast+0x10/0x10 [ 373.536098][T15426] netlink_rcv_skb+0x28c/0x470 [ 373.536119][T15426] ? __lock_acquire+0xab9/0xd20 [ 373.536149][T15426] ? __pfx_genl_rcv_msg+0x10/0x10 [ 373.536180][T15426] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 373.536235][T15426] ? down_read+0x1ad/0x2e0 [ 373.536264][T15426] genl_rcv+0x28/0x40 [ 373.536291][T15426] netlink_unicast+0x82c/0x9e0 [ 373.536325][T15426] ? __pfx_netlink_unicast+0x10/0x10 [ 373.536350][T15426] ? netlink_sendmsg+0x642/0xb30 [ 373.536372][T15426] ? skb_put+0x11b/0x210 [ 373.536402][T15426] netlink_sendmsg+0x805/0xb30 [ 373.536446][T15426] ? __pfx_netlink_sendmsg+0x10/0x10 [ 373.536476][T15426] ? aa_sock_msg_perm+0xf1/0x1d0 [ 373.536499][T15426] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 373.536521][T15426] ? __pfx_netlink_sendmsg+0x10/0x10 [ 373.536547][T15426] __sock_sendmsg+0x219/0x270 [ 373.536572][T15426] ____sys_sendmsg+0x505/0x830 [ 373.536607][T15426] ? __pfx_____sys_sendmsg+0x10/0x10 [ 373.536647][T15426] ? import_iovec+0x74/0xa0 [ 373.536679][T15426] ___sys_sendmsg+0x21f/0x2a0 [ 373.536710][T15426] ? __pfx____sys_sendmsg+0x10/0x10 [ 373.536786][T15426] ? __fget_files+0x2a/0x420 [ 373.536803][T15426] ? __fget_files+0x3a0/0x420 [ 373.536836][T15426] __x64_sys_sendmsg+0x19b/0x260 [ 373.536867][T15426] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 373.536909][T15426] ? __pfx_ksys_write+0x10/0x10 [ 373.536933][T15426] ? rcu_is_watching+0x15/0xb0 [ 373.536960][T15426] ? do_syscall_64+0xbe/0x3b0 [ 373.536988][T15426] do_syscall_64+0xfa/0x3b0 [ 373.537008][T15426] ? lockdep_hardirqs_on+0x9c/0x150 [ 373.537029][T15426] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.537049][T15426] ? clear_bhb_loop+0x60/0xb0 [ 373.537074][T15426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.537095][T15426] RIP: 0033:0x7fa83058eba9 [ 373.537114][T15426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 373.537131][T15426] RSP: 002b:00007fa831415038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 373.537154][T15426] RAX: ffffffffffffffda RBX: 00007fa8307d5fa0 RCX: 00007fa83058eba9 [ 373.537169][T15426] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003 [ 373.537181][T15426] RBP: 00007fa831415090 R08: 0000000000000000 R09: 0000000000000000 [ 373.537194][T15426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 373.537205][T15426] R13: 00007fa8307d6038 R14: 00007fa8307d5fa0 R15: 00007ffcd0332b68 [ 373.537242][T15426] [ 374.284626][T15285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 374.349533][T15285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 374.481543][T15439] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3051'. [ 374.600201][T15285] team0: Port device team_slave_0 added [ 374.659702][T15285] team0: Port device team_slave_1 added [ 374.682494][T15436] wg1 speed is unknown, defaulting to 1000 [ 374.811434][T15451] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 374.830500][T15285] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 374.840679][T15285] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 374.867219][T15285] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 374.880311][T15285] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 374.902245][T15285] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 374.929538][T15285] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 375.021370][ T12] IPVS: stop unused estimator thread 0... [ 375.139741][T15285] hsr_slave_0: entered promiscuous mode [ 375.178982][T15285] hsr_slave_1: entered promiscuous mode [ 375.206779][T15285] debugfs: 'hsr0' already exists in 'hsr' [ 375.212586][T15285] Cannot create hsr debugfs directory [ 375.283530][T15461] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3056'. [ 375.614318][T15467] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3060'. [ 375.682106][T15469] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 375.827439][T15467] bond4: entered promiscuous mode [ 375.833728][T15467] 8021q: adding VLAN 0 to HW filter on device bond4 [ 376.201095][T15488] wg1 speed is unknown, defaulting to 1000 [ 376.518153][T15495] netlink: 'syz.1.3068': attribute type 12 has an invalid length. [ 376.618034][T15285] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 376.637333][T15285] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 376.650609][T15285] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 376.666237][T15285] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 376.750799][T15511] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 376.774247][T15502] wg1 speed is unknown, defaulting to 1000 [ 376.847559][T15513] IPVS: set_ctl: invalid protocol: 229 0.0.0.0:20001 [ 376.864633][T15513] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3072'. [ 377.008209][T15285] 8021q: adding VLAN 0 to HW filter on device bond0 [ 377.049977][T15285] 8021q: adding VLAN 0 to HW filter on device team0 [ 377.109729][T15285] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 377.120581][T15285] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 377.415061][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 377.422369][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 377.422798][T15527] sctp: [Deprecated]: syz.4.3075 (pid 15527) Use of int in max_burst socket option. [ 377.422798][T15527] Use struct sctp_assoc_value instead [ 377.441130][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 377.453336][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 378.075862][T15541] wg1 speed is unknown, defaulting to 1000 [ 378.230288][T15285] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 378.377209][T15562] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3084'. [ 378.685338][T15285] veth0_vlan: entered promiscuous mode [ 378.759510][T15285] veth1_vlan: entered promiscuous mode [ 378.816538][T15564] wg1 speed is unknown, defaulting to 1000 [ 378.897533][T15285] veth0_macvtap: entered promiscuous mode [ 378.953065][T15285] veth1_macvtap: entered promiscuous mode [ 379.027142][T15285] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 379.057584][T15285] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 379.122951][T15574] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3088'. [ 379.132198][T15574] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3088'. [ 379.179821][ T6724] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.329761][ T6724] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.424170][ T6724] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.489758][ T6724] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 379.628537][ T1163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 379.646292][ T1163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 379.671936][T15585] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3092'. [ 379.736889][T15585] veth0: entered promiscuous mode [ 379.750889][T15585] veth0: left promiscuous mode [ 379.872375][T15593] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3096'. [ 379.882516][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 379.890651][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 380.111722][T15592] syzkaller0: entered promiscuous mode [ 380.117758][T15592] syzkaller0: entered allmulticast mode [ 380.862207][T15621] can: request_module (can-proto-0) failed. [ 380.918016][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 380.948559][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 380.957351][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 380.971929][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 380.992822][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 382.545189][T15635] sch_tbf: peakrate 4096 is lower than or equals to rate 185707055559232049 ! [ 382.756874][T15643] netlink: 'syz.0.3108': attribute type 10 has an invalid length. [ 383.023250][ T5873] Bluetooth: hci0: command tx timeout [ 383.411323][T15641] bridge_slave_0: left allmulticast mode [ 383.425350][T15641] bridge_slave_0: left promiscuous mode [ 383.431515][T15641] bridge0: port 1(bridge_slave_0) entered disabled state [ 383.455628][T15641] bridge_slave_1: left allmulticast mode [ 383.457323][T15647] netlink: 'syz.2.3109': attribute type 4 has an invalid length. [ 383.472186][T15641] bridge_slave_1: left promiscuous mode [ 383.478279][T15647] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3109'. [ 383.484030][T15641] bridge0: port 2(bridge_slave_1) entered disabled state [ 383.505080][T15641] bond0: (slave bond_slave_0): Releasing backup interface [ 383.517362][T15641] bond0: (slave bond_slave_1): Releasing backup interface [ 383.534145][T15641] team0: Port device team_slave_0 removed [ 383.546661][T15641] team0: Port device team_slave_1 removed [ 383.553568][T15641] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 383.561000][T15641] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 383.570003][T15641] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 383.577960][T15641] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 383.587119][T15641] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 383.622882][T15643] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 383.633137][T15626] wg1 speed is unknown, defaulting to 1000 [ 383.641286][T15644] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 383.654456][T15644] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 383.667093][T15644] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 383.682909][T15647] : renamed from bond0 (while UP) [ 383.861869][T15654] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3111'. [ 383.871053][T15654] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3111'. [ 383.877715][T15651] wg1 speed is unknown, defaulting to 1000 [ 384.021647][ T6720] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 384.032143][ T6720] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 384.114895][ T6720] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 384.153287][ T6720] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 384.479168][T15686] netlink: 'syz.4.3120': attribute type 4 has an invalid length. [ 384.503793][T15683] wg1 speed is unknown, defaulting to 1000 [ 384.512039][T15684] bond0: (slave wlan1): Releasing backup interface [ 384.759475][T15626] chnl_net:caif_netlink_parms(): no params data found [ 384.905622][T15694] netlink: 'syz.3.3125': attribute type 10 has an invalid length. [ 384.982034][T15694] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 385.103929][ T51] Bluetooth: hci0: command tx timeout [ 385.305572][T15702] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3127'. [ 385.309696][T15626] bridge0: port 1(bridge_slave_0) entered blocking state [ 385.340964][T15626] bridge0: port 1(bridge_slave_0) entered disabled state [ 385.393717][T15626] bridge_slave_0: entered allmulticast mode [ 385.438165][T15626] bridge_slave_0: entered promiscuous mode [ 385.459286][T15702] veth0: entered promiscuous mode [ 385.494205][T15702] veth0: left promiscuous mode [ 385.558524][T15626] bridge0: port 2(bridge_slave_1) entered blocking state [ 385.580520][T15626] bridge0: port 2(bridge_slave_1) entered disabled state [ 385.599573][T15626] bridge_slave_1: entered allmulticast mode [ 385.616123][T15626] bridge_slave_1: entered promiscuous mode [ 385.819662][T15626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 385.859271][T15626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 386.096493][T15626] team0: Port device team_slave_0 added [ 386.129957][T15626] team0: Port device team_slave_1 added [ 386.329396][T15626] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 386.336911][T15626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 386.403075][T15626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 386.438848][T15626] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 386.459081][T15626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 386.538698][T15626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 386.619249][T15735] sch_tbf: peakrate 4096 is lower than or equals to rate 185707055559232049 ! [ 386.770424][T15626] hsr_slave_0: entered promiscuous mode [ 386.788988][T15626] hsr_slave_1: entered promiscuous mode [ 386.809821][T15626] debugfs: 'hsr0' already exists in 'hsr' [ 386.828990][T15626] Cannot create hsr debugfs directory [ 387.183236][ T51] Bluetooth: hci0: command 0x040f tx timeout [ 387.280569][T15755] netlink: 6032 bytes leftover after parsing attributes in process `syz.4.3143'. [ 387.318436][T15626] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.336845][T15626] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 3 - 0 [ 387.414591][T15626] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.457746][T15626] netdevsim netdevsim1 eth2 (unregistering): unset [1, 1] type 2 family 0 port 3 - 0 [ 387.550259][T15626] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.563068][T15626] netdevsim netdevsim1 eth1 (unregistering): unset [1, 1] type 2 family 0 port 3 - 0 [ 387.600948][T15764] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3145'. [ 387.643495][T15626] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.653832][T15626] netdevsim netdevsim1 eth0 (unregistering): unset [1, 1] type 2 family 0 port 3 - 0 [ 387.996435][T15626] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 388.040089][T15626] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 388.092353][T15626] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 388.149593][T15626] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 388.697462][T15778] wg1 speed is unknown, defaulting to 1000 [ 388.881396][T15626] 8021q: adding VLAN 0 to HW filter on device bond0 [ 389.251242][T15780] wg1 speed is unknown, defaulting to 1000 [ 389.263275][ T5873] Bluetooth: hci0: command 0x040f tx timeout [ 389.757332][T15626] 8021q: adding VLAN 0 to HW filter on device team0 [ 389.879741][ T1163] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.886994][ T1163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 389.955286][ T1163] bridge0: port 2(bridge_slave_1) entered blocking state [ 389.962676][ T1163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 390.795969][T15626] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 391.343524][ T5873] Bluetooth: hci0: command 0x040f tx timeout [ 391.666817][T15626] veth0_vlan: entered promiscuous mode [ 391.975066][T15814] bond0: (slave wlan1): Releasing backup interface [ 392.127838][T15814] netlink: 'syz.3.3156': attribute type 10 has an invalid length. [ 392.180199][T15814] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 392.255375][T15626] veth1_vlan: entered promiscuous mode [ 392.396817][T15822] bridge_slave_0: left allmulticast mode [ 392.434709][T15822] bridge_slave_0: left promiscuous mode [ 392.465587][T15822] bridge0: port 1(bridge_slave_0) entered disabled state [ 392.510142][T15822] bridge_slave_1: left allmulticast mode [ 392.532695][T15822] bridge_slave_1: left promiscuous mode [ 392.556974][T15822] bridge0: port 2(bridge_slave_1) entered disabled state [ 392.621729][T15822] bond0: (slave bond_slave_0): Releasing backup interface [ 392.676064][T15822] bond0: (slave bond_slave_1): Releasing backup interface [ 392.894015][T15822] team0: Port device team_slave_0 removed [ 392.960901][T15822] team0: Port device team_slave_1 removed [ 392.997308][T15822] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 393.031979][T15822] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 393.106850][T15822] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 393.136465][T15822] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 393.182849][T15822] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 393.534665][T15626] veth0_macvtap: entered promiscuous mode [ 393.599584][T15626] veth1_macvtap: entered promiscuous mode [ 393.698062][T15831] IPVS: length: 105 != 24 [ 393.771263][T15626] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 393.999016][T15626] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 394.129300][ T1163] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.165654][ T1163] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.296114][ T1163] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.405585][ T1163] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.443451][T15838] wg1 speed is unknown, defaulting to 1000 [ 394.663014][ C0] sched: DL replenish lagged too much [ 395.702675][ T1163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 395.748082][ T1163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 395.908518][ T1163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 395.973318][ T1163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 396.033282][T15866] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3172'. [ 396.918719][T15878] netlink: 88 bytes leftover after parsing attributes in process `syz.1.3174'. [ 397.653305][T15885] netlink: 'syz.0.3176': attribute type 1 has an invalid length. [ 398.984805][T15885] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 398.998885][T15865] wg1 speed is unknown, defaulting to 1000 [ 399.054354][ T6724] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.065701][ T6724] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.078902][ T6724] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.104144][ T6724] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.145691][T15881] wg1 speed is unknown, defaulting to 1000 [ 399.194411][T15866] wg1 speed is unknown, defaulting to 1000 [ 399.941263][T15898] sctp: [Deprecated]: syz.0.3178 (pid 15898) Use of struct sctp_assoc_value in delayed_ack socket option. [ 399.941263][T15898] Use struct sctp_sack_info instead [ 400.811015][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 400.825964][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 400.838042][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 400.846780][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 400.857383][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 401.179640][ T1152] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 401.194598][ T1152] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.237866][T15899] wg1 speed is unknown, defaulting to 1000 [ 401.515264][ T1152] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 401.555389][ T1152] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.898317][ T1152] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 401.969260][ T1152] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.010024][T15910] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3181'. [ 402.128037][T15910] veth0: entered promiscuous mode [ 402.218686][T15910] veth0: left promiscuous mode [ 402.827771][ T1152] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 402.903282][ T1152] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.943290][ T51] Bluetooth: hci1: command tx timeout [ 402.996711][T15923] netlink: 244 bytes leftover after parsing attributes in process `syz.4.3186'. [ 403.308003][T15932] wg1 speed is unknown, defaulting to 1000 [ 403.574233][T15942] netlink: 'syz.4.3190': attribute type 1 has an invalid length. [ 403.599035][T15942] netlink: 'syz.4.3190': attribute type 1 has an invalid length. [ 403.628489][T15942] netlink: 'syz.4.3190': attribute type 1 has an invalid length. [ 403.818232][T15899] chnl_net:caif_netlink_parms(): no params data found [ 403.891334][T15948] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3192'. [ 404.060029][T15951] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3193'. [ 404.348990][ T1152] batman_adv: batadv0: Interface deactivated: vxlan0 [ 404.668140][T15971] netlink: 'syz.1.3196': attribute type 4 has an invalid length. [ 405.024361][ T51] Bluetooth: hci1: command tx timeout [ 405.207490][ T1152] dvmrp0 (unregistering): left allmulticast mode [ 405.301845][ T1152] batman_adv: batadv0: Removing interface: vxlan0 [ 405.658324][ T1152]  (unregistering): (slave wlan1): Releasing backup interface [ 405.678913][ T1152]  (unregistering): Released all slaves [ 405.915407][ T1152] bond1 (unregistering): Released all slaves [ 405.937466][ T1152] bond2 (unregistering): Released all slaves [ 405.960020][ T1152] bond3 (unregistering): Released all slaves [ 406.217887][ T1152] bond4 (unregistering): Released all slaves [ 406.476694][ T1152] tipc: Left network mode [ 406.782552][T15968] wg1 speed is unknown, defaulting to 1000 [ 406.889561][T15899] bridge0: port 1(bridge_slave_0) entered blocking state [ 406.933726][T15899] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.989599][T15899] bridge_slave_0: entered allmulticast mode [ 407.010773][T15899] bridge_slave_0: entered promiscuous mode [ 407.104157][ T51] Bluetooth: hci1: command tx timeout [ 407.145731][T15997] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3204'. [ 407.277009][T15899] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.310353][T15899] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.346318][T15899] bridge_slave_1: entered allmulticast mode [ 407.383648][T15899] bridge_slave_1: entered promiscuous mode [ 407.827767][T16007] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3207'. [ 407.885046][T15899] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 408.027531][ T1152] hsr_slave_0: left promiscuous mode [ 408.143846][ T1152] veth1_macvtap: left promiscuous mode [ 408.150644][ T1152] veth0_macvtap: left promiscuous mode [ 409.196124][ T51] Bluetooth: hci1: command tx timeout [ 409.798521][T15899] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 409.815420][T16019] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3212'. [ 409.833667][T16022] sch_tbf: peakrate 4096 is lower than or equals to rate 185707055559232049 ! [ 410.118058][T16029] netlink: 6032 bytes leftover after parsing attributes in process `syz.3.3216'. [ 410.209102][T15899] team0: Port device team_slave_0 added [ 410.241906][T15899] team0: Port device team_slave_1 added [ 410.388302][ T6720] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 410.396916][ T6720] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 410.560650][T15899] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 410.568489][T15899] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 410.596725][T15899] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 410.638683][T15899] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 410.654283][T15899] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 410.715754][T15899] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 410.743325][ T1152] IPVS: stop unused estimator thread 0... [ 411.098191][T15899] hsr_slave_0: entered promiscuous mode [ 411.121349][T15899] hsr_slave_1: entered promiscuous mode [ 411.151506][T15899] debugfs: 'hsr0' already exists in 'hsr' [ 411.172481][T15899] Cannot create hsr debugfs directory [ 411.186792][T16042] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3220'. [ 411.475321][T16052] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3221'. [ 411.671780][T16053] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 411.855804][T16057] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3224'. [ 412.213627][T16069] IPVS: length: 110 != 8 [ 413.552368][T16085] netlink: 'syz.3.3229': attribute type 4 has an invalid length. [ 415.399048][T16072] kthread_run failed with err -4 [ 415.589255][ T6724] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.624002][ T6724] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.809606][ T6724] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.824454][T16067] wg1 speed is unknown, defaulting to 1000 [ 416.054859][ T6724] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.088108][T16083] wg1 speed is unknown, defaulting to 1000 [ 416.246193][T16111] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3237'. [ 416.281491][T16105] wg1 speed is unknown, defaulting to 1000 [ 417.238280][T15899] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 417.364538][T15899] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 417.597759][T15899] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 417.635518][T15899] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 418.229928][T15899] 8021q: adding VLAN 0 to HW filter on device bond0 [ 418.366152][T15899] 8021q: adding VLAN 0 to HW filter on device team0 [ 418.415632][T16143] wg1 speed is unknown, defaulting to 1000 [ 418.448620][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state [ 418.455975][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state [ 418.533821][ T1152] bridge0: port 2(bridge_slave_1) entered blocking state [ 418.541243][ T1152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 418.855303][T16156] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3247'. [ 419.515721][T16168] netlink: 'syz.3.3249': attribute type 1 has an invalid length. [ 419.572239][T16168] netlink: 'syz.3.3249': attribute type 1 has an invalid length. [ 419.937582][T16177] bond0: (slave wlan1): Releasing backup interface [ 419.971143][T16178] netlink: 'syz.3.3252': attribute type 10 has an invalid length. [ 420.229336][T16178] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 420.338623][T16176] wg1 speed is unknown, defaulting to 1000 [ 421.828057][T15899] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 421.974971][T15899] veth0_vlan: entered promiscuous mode [ 422.001401][T16214] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3259'. [ 422.057414][T15899] veth1_vlan: entered promiscuous mode [ 422.219044][T16219] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3261'. [ 422.305669][T15899] veth0_macvtap: entered promiscuous mode [ 422.356778][T15899] veth1_macvtap: entered promiscuous mode [ 422.451689][T16221] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3262'. [ 422.507292][T15899] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 422.564132][T16221] veth0: entered promiscuous mode [ 422.578020][T16221] veth0: left promiscuous mode [ 422.826477][T15899] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 422.906486][ T6720] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.937110][ T6720] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 423.198508][T16230] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3265'. [ 423.474248][T16235] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3264'. [ 423.573778][ T6720] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 423.607539][ T6720] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 423.677327][T16244] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3266'. [ 423.822919][T16246] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3267'. [ 424.488573][T16246] bridge_slave_1: left allmulticast mode [ 424.503498][T16246] bridge_slave_1: left promiscuous mode [ 424.517773][T16246] bridge0: port 2(bridge_slave_1) entered disabled state [ 424.553502][T16246] bridge_slave_0: left allmulticast mode [ 424.559546][T16246] bridge_slave_0: left promiscuous mode [ 424.574575][T16246] bridge0: port 1(bridge_slave_0) entered disabled state [ 424.916456][T16254] sch_tbf: peakrate 4096 is lower than or equals to rate 185707055559232049 ! [ 425.004518][T16262] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3273'. [ 425.189303][ T6722] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 425.222480][ T6722] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 425.321450][T16273] batadv0: entered promiscuous mode [ 425.352896][T16273] vlan2: entered promiscuous mode [ 425.568666][ T6724] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 425.613376][ T6724] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 425.727604][T16276] wg1 speed is unknown, defaulting to 1000 [ 426.135798][T16289] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3281'. [ 426.611061][T16294] wg1 speed is unknown, defaulting to 1000 [ 427.506744][T16304] netlink: 228 bytes leftover after parsing attributes in process `syz.1.3285'. [ 427.566323][T16305] netlink: 228 bytes leftover after parsing attributes in process `syz.1.3285'. [ 428.075982][ T5873] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 428.145255][ T5873] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 428.154726][ T5873] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 428.164036][ T5873] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 428.173355][ T5873] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 428.558566][T16312] bond0: (slave bond_slave_0): Releasing backup interface [ 428.618986][T16312] bond0: (slave bond_slave_1): Releasing backup interface [ 428.693834][T16312] team0: Port device team_slave_0 removed [ 428.743654][T16312] team0: Port device team_slave_1 removed [ 428.765059][T16312] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 428.792103][T16312] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 428.845306][T16312] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 428.855032][T16312] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 428.906065][T16312] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 430.341155][ T5873] Bluetooth: hci5: command tx timeout [ 430.618726][T16341] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3297'. [ 432.383138][ T5873] Bluetooth: hci5: command tx timeout [ 434.463136][ T5873] Bluetooth: hci5: command tx timeout [ 436.544296][ T5873] Bluetooth: hci5: command tx timeout [ 438.867629][T16341] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3297'. [ 438.887381][T16310] wg1 speed is unknown, defaulting to 1000 [ 439.372776][T16328] wg1 speed is unknown, defaulting to 1000 [ 439.448809][T16366] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3303'. [ 440.146171][T16423] netlink: 'syz.2.3307': attribute type 4 has an invalid length. [ 440.164880][T16421] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 440.181962][T16423] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3307'. [ 440.211313][T16423] : renamed from bond0 (while UP) [ 440.531704][T16434] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -107 0 [ 441.182131][T16310] chnl_net:caif_netlink_parms(): no params data found [ 441.446151][T16440] wg1 speed is unknown, defaulting to 1000 [ 442.382487][T16464] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3314'. [ 442.493478][ T5949] IPVS: starting estimator thread 0... [ 442.514750][T16451] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 442.602591][T16460] bridge0: entered allmulticast mode [ 442.614291][T16468] IPVS: using max 22 ests per chain, 52800 per kthread [ 442.659221][T16461] pim6reg: entered allmulticast mode [ 442.689437][T16465] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3315'. [ 442.767725][T16464] bridge0 (unregistering): left allmulticast mode [ 442.846832][T16310] bridge0: port 1(bridge_slave_0) entered blocking state [ 442.865389][T16310] bridge0: port 1(bridge_slave_0) entered disabled state [ 442.877189][T16310] bridge_slave_0: entered allmulticast mode [ 442.905128][T16310] bridge_slave_0: entered promiscuous mode [ 442.978220][T16310] bridge0: port 2(bridge_slave_1) entered blocking state [ 442.988407][T16310] bridge0: port 2(bridge_slave_1) entered disabled state [ 443.007736][T16310] bridge_slave_1: entered allmulticast mode [ 443.027280][T16310] bridge_slave_1: entered promiscuous mode [ 443.042122][T16459] wg1 speed is unknown, defaulting to 1000 [ 443.171014][T16462] wg1 speed is unknown, defaulting to 1000 [ 443.373837][T16310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 443.418067][T16310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 443.908901][T16310] team0: Port device team_slave_0 added [ 443.928721][T16310] team0: Port device team_slave_1 added [ 444.337456][T16485] netlink: 'syz.1.3318': attribute type 10 has an invalid length. [ 444.459687][T16482] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 444.510722][T16310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 444.525717][T16310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 444.570535][T16310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 444.650208][T16485] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 444.771198][T16310] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 444.778743][T16310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 444.858516][T16310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 445.235946][T16496] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3322'. [ 445.255989][T16310] hsr_slave_0: entered promiscuous mode [ 445.269883][T16310] hsr_slave_1: entered promiscuous mode [ 445.277924][T16310] debugfs: 'hsr0' already exists in 'hsr' [ 445.284360][T16310] Cannot create hsr debugfs directory [ 445.311396][T16496] veth0: entered promiscuous mode [ 445.347184][T16496] veth0: left promiscuous mode [ 445.942144][T16505] netlink: 'syz.2.3324': attribute type 10 has an invalid length. [ 446.165193][T16505] : (slave wlan1): Enslaving as an active interface with an up link [ 446.226124][T16512] netlink: 'syz.4.3325': attribute type 10 has an invalid length. [ 446.263665][T16514] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 446.402732][T16512] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 446.635053][T16519] pim6reg1: entered promiscuous mode [ 446.665606][T16519] pim6reg1: entered allmulticast mode [ 446.759324][T16528] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3329'. [ 446.852058][T16531] netlink: 'syz.2.3328': attribute type 4 has an invalid length. [ 447.199607][T16310] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 447.274334][T16526] pim6reg1: entered promiscuous mode [ 447.279725][T16526] pim6reg1: entered allmulticast mode [ 447.353619][T16525] wg1 speed is unknown, defaulting to 1000 [ 447.468891][T16534] wg1 speed is unknown, defaulting to 1000 [ 447.499549][T16540] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3333'. [ 447.558354][T16310] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 447.609065][T16542] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3334'. [ 447.842722][T16544] vlan2: entered promiscuous mode [ 447.919839][T16310] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 448.249843][T16310] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 448.555220][T16556] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3339'. [ 449.068643][T16310] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 449.157159][T16310] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 449.213804][T16310] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 449.242800][T16310] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 449.777624][T16572] wg1 speed is unknown, defaulting to 1000 [ 449.834718][T16310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 449.881708][T16574] netlink: 88 bytes leftover after parsing attributes in process `syz.2.3344'. [ 449.907150][T16310] 8021q: adding VLAN 0 to HW filter on device team0 [ 450.005405][T16412] bridge0: port 1(bridge_slave_0) entered blocking state [ 450.012621][T16412] bridge0: port 1(bridge_slave_0) entered forwarding state [ 450.225230][T16410] bridge0: port 2(bridge_slave_1) entered blocking state [ 450.232988][T16410] bridge0: port 2(bridge_slave_1) entered forwarding state [ 450.371655][T16587] netlink: 'syz.0.3346': attribute type 11 has an invalid length. [ 450.752533][T16591] Bluetooth: hci0: Opcode 0x0401 failed: -22 [ 451.614589][T16601] netlink: 'syz.1.3351': attribute type 1 has an invalid length. [ 451.780498][T16601] bond1: entered promiscuous mode [ 451.823353][T16601] bond1: entered allmulticast mode [ 451.855681][T16601] 8021q: adding VLAN 0 to HW filter on device bond1 [ 452.382886][T16611] netlink: 'syz.2.3352': attribute type 10 has an invalid length. [ 452.411974][T16601] bridge2: entered promiscuous mode [ 452.452374][T16601] bridge2: entered allmulticast mode [ 452.466511][T16410] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 452.494432][T16601] bond1: (slave bridge2): Enslaving as an active interface with an up link [ 452.573967][ T6724] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 452.616461][T16609] bridge_slave_0: left allmulticast mode [ 452.642580][T16609] bridge_slave_0: left promiscuous mode [ 452.661375][T16609] bridge0: port 1(bridge_slave_0) entered disabled state [ 452.691773][T16609] bridge_slave_1: left allmulticast mode [ 452.709282][T16609] bridge_slave_1: left promiscuous mode [ 452.716490][T16609] bridge0: port 2(bridge_slave_1) entered disabled state [ 452.772180][T16609] : (slave bond_slave_0): Releasing backup interface [ 452.783307][ T5873] Bluetooth: hci0: command tx timeout [ 452.827439][T16609] : (slave bond_slave_1): Releasing backup interface [ 452.874734][T16609] team0: Port device team_slave_0 removed [ 452.946689][T16609] team0: Port device team_slave_1 removed [ 452.975824][T16609] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 453.003740][T16609] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 453.054237][T16609] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 453.098788][T16609] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 453.330209][T16609] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 454.330741][T16310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 454.761579][T16635] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.108749][T16635] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.490187][T16635] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.598057][T16310] veth0_vlan: entered promiscuous mode [ 455.789783][T16635] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.956627][T16310] veth1_vlan: entered promiscuous mode [ 456.191639][T16645] wg1 speed is unknown, defaulting to 1000 [ 456.393744][T16646] pim6reg1: entered promiscuous mode [ 456.401482][T16646] pim6reg1: entered allmulticast mode [ 456.502174][T16310] veth0_macvtap: entered promiscuous mode [ 456.596411][T16410] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 456.676939][T16310] veth1_macvtap: entered promiscuous mode [ 457.956052][T16410] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 458.002885][T16657] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 458.110248][T16408] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 458.261191][T16660] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 459.283744][T16310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 459.302167][T16408] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.340691][T16310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 459.383612][T16410] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.429853][T16410] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.544682][T16676] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3371'. [ 459.708484][T16410] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.728505][T16673] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3370'. [ 459.743487][T16676] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3371'. [ 459.753644][T16676] tipc: Started in network mode [ 459.773200][T16676] tipc: Node identity fffffe01, cluster identity 64 [ 459.780407][T16676] tipc: Node number set to 4294966785 [ 459.794192][T16676] tipc: Cannot configure node identity twice [ 459.809205][T16410] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.911186][T16680] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3373'. [ 460.581875][T16410] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 460.617718][T16410] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 460.815327][T16410] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 460.870977][T16410] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 461.226204][T16703] pim6reg1: entered promiscuous mode [ 461.257807][T16703] pim6reg1: entered allmulticast mode [ 461.660405][T16719] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3387'. [ 461.686084][T16712] wg1 speed is unknown, defaulting to 1000 [ 461.737532][T16719] FAULT_INJECTION: forcing a failure. [ 461.737532][T16719] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 461.803567][T16719] CPU: 1 UID: 0 PID: 16719 Comm: syz.4.3387 Not tainted syzkaller #0 PREEMPT(full) [ 461.803599][T16719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 461.803611][T16719] Call Trace: [ 461.803619][T16719] [ 461.803628][T16719] dump_stack_lvl+0x189/0x250 [ 461.803660][T16719] ? __pfx____ratelimit+0x10/0x10 [ 461.803683][T16719] ? __pfx_dump_stack_lvl+0x10/0x10 [ 461.803708][T16719] ? __pfx__printk+0x10/0x10 [ 461.803752][T16719] should_fail_ex+0x414/0x560 [ 461.803789][T16719] _copy_to_user+0x31/0xb0 [ 461.803819][T16719] simple_read_from_buffer+0xe1/0x170 [ 461.803856][T16719] proc_fail_nth_read+0x1b3/0x220 [ 461.803885][T16719] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 461.803912][T16719] ? rw_verify_area+0x2a6/0x4d0 [ 461.803937][T16719] ? __lock_acquire+0xab9/0xd20 [ 461.803964][T16719] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 461.803989][T16719] vfs_read+0x200/0xa30 [ 461.804014][T16719] ? fdget_pos+0x247/0x320 [ 461.804038][T16719] ? __pfx___mutex_lock+0x10/0x10 [ 461.804101][T16719] ? __pfx_vfs_read+0x10/0x10 [ 461.804130][T16719] ? __fget_files+0x2a/0x420 [ 461.804154][T16719] ? __fget_files+0x3a0/0x420 [ 461.804171][T16719] ? __fget_files+0x2a/0x420 [ 461.804200][T16719] ksys_read+0x145/0x250 [ 461.804231][T16719] ? __pfx_ksys_read+0x10/0x10 [ 461.804254][T16719] ? rcu_is_watching+0x15/0xb0 [ 461.804282][T16719] ? do_syscall_64+0xbe/0x3b0 [ 461.804309][T16719] do_syscall_64+0xfa/0x3b0 [ 461.804329][T16719] ? lockdep_hardirqs_on+0x9c/0x150 [ 461.804350][T16719] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.804379][T16719] ? clear_bhb_loop+0x60/0xb0 [ 461.804405][T16719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.804425][T16719] RIP: 0033:0x7fa83058d5bc [ 461.804443][T16719] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 461.804461][T16719] RSP: 002b:00007fa831415030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 461.804484][T16719] RAX: ffffffffffffffda RBX: 00007fa8307d5fa0 RCX: 00007fa83058d5bc [ 461.804499][T16719] RDX: 000000000000000f RSI: 00007fa8314150a0 RDI: 0000000000000004 [ 461.804511][T16719] RBP: 00007fa831415090 R08: 0000000000000000 R09: 0000000000000000 [ 461.804523][T16719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 461.804535][T16719] R13: 00007fa8307d6038 R14: 00007fa8307d5fa0 R15: 00007ffcd0332b68 [ 461.804571][T16719] [ 462.128641][T16725] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 462.144703][T16725] Bluetooth: MGMT ver 1.23 [ 462.151240][T16725] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3388'. [ 462.422277][T16724] veth0: entered promiscuous mode [ 462.434723][T16732] netlink: 244 bytes leftover after parsing attributes in process `syz.4.3391'. [ 462.838662][T16733] veth0: left promiscuous mode [ 463.023967][ T51] Bluetooth: hci5: command 0x0405 tx timeout [ 463.137086][T16745] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3393'. [ 465.764063][T16745] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3393'. [ 465.773781][T16745] tipc: Started in network mode [ 465.778696][T16745] tipc: Node identity fffffe01, cluster identity 64 [ 465.795169][T16745] tipc: Node number set to 4294966785 [ 465.805338][T16745] tipc: Cannot configure node identity twice [ 466.405340][T16771] batadv0: entered promiscuous mode [ 466.420869][T16771] vlan2: entered promiscuous mode [ 466.482153][T16773] netlink: 88 bytes leftover after parsing attributes in process `syz.4.3403'. [ 466.809144][T16779] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3404'. [ 466.881592][T16786] dvmrp8: entered allmulticast mode [ 466.929920][T16784] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3406'. [ 467.271292][T16793] nbd: device at index 4 is going down [ 467.310028][T16793] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3409'. [ 467.366752][T16793] netlink: 'syz.4.3409': attribute type 14 has an invalid length. [ 467.394598][T16793] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3409'. [ 467.502843][T16800] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3412'. [ 467.916048][T16807] pim6reg1: entered promiscuous mode [ 467.939069][T16807] pim6reg1: entered allmulticast mode [ 468.008055][T16811] pim6reg1: entered promiscuous mode [ 468.043315][T16811] pim6reg1: entered allmulticast mode [ 468.209644][T16813] wg1 speed is unknown, defaulting to 1000 [ 468.403961][T16825] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3419'. [ 468.472159][T16827] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3420'. [ 468.552800][T16814] wg1 speed is unknown, defaulting to 1000 [ 469.277845][T16820] wg1 speed is unknown, defaulting to 1000 [ 469.716412][T16851] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3428'. [ 470.021712][T16855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 470.131694][T16857] gretap1: entered promiscuous mode [ 470.157697][T16857] bond0: (slave gretap1): Enslaving as an active interface with an up link [ 471.110620][T16874] wg1 speed is unknown, defaulting to 1000 [ 471.726254][ T30] audit: type=1800 audit(1758136587.322:2): pid=16893 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3440" name="blkio.bfq.time_recursive" dev="tmpfs" ino=391 res=0 errno=0 [ 471.816088][ T30] audit: type=1800 audit(1758136587.322:3): pid=16893 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3440" name="blkio.bfq.time_recursive" dev="tmpfs" ino=391 res=0 errno=0 [ 472.020428][T16904] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.3442'. [ 472.082087][T16904] netlink: zone id is out of range [ 472.176985][T16904] netlink: zone id is out of range [ 472.203597][T16904] netlink: get zone limit has 8 unknown bytes [ 472.941075][T16920] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3446'. [ 473.072249][T16913] wg1 speed is unknown, defaulting to 1000 [ 473.853462][T16936] netlink: 9 bytes leftover after parsing attributes in process `syz.0.3451'. [ 473.957459][T16936] ..0·: renamed from hsr0 [ 474.023485][T16936] ..0·: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 474.063524][T16936] ..0·: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 474.080507][T16936] ..0·: entered allmulticast mode [ 474.089759][T16936] hsr_slave_0: entered allmulticast mode [ 474.100617][T16936] hsr_slave_1: entered allmulticast mode [ 474.109479][T16936] A link change request failed with some changes committed already. Interface ..0· may have been left with an inconsistent configuration, please check. [ 474.633074][T16953] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3456'. [ 474.866715][T16959] netlink: 'syz.3.3458': attribute type 1 has an invalid length. [ 474.976323][T16959] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 474.984091][T16959] IPv6: NLM_F_CREATE should be set when creating new route [ 474.991339][T16959] IPv6: NLM_F_CREATE should be set when creating new route [ 475.066159][T16959] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 475.115001][T16965] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3460'. [ 475.701081][T16973] wg1 speed is unknown, defaulting to 1000 [ 475.872056][T16967] pim6reg1: entered promiscuous mode [ 475.905933][T16967] pim6reg1: entered allmulticast mode [ 476.128551][T16985] vlan2: entered promiscuous mode [ 476.569307][T16992] pim6reg: entered allmulticast mode [ 476.591039][T16994] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3465'. [ 476.641274][T16994] netlink: 19 bytes leftover after parsing attributes in process `syz.3.3465'. [ 476.690824][T16994] netlink: 'syz.3.3465': attribute type 6 has an invalid length. [ 476.731781][T16997] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3465'. [ 476.774334][T16994] netlink: 'syz.3.3465': attribute type 5 has an invalid length. [ 476.813735][T16997] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3465'. [ 476.836509][T16994] netlink: 19 bytes leftover after parsing attributes in process `syz.3.3465'. [ 476.886551][T16992] pim6reg: left allmulticast mode [ 477.352867][T17006] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3469'. [ 478.303226][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 478.355884][T17027] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 478.384229][T17035] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3472'. [ 479.637889][T17055] FAULT_INJECTION: forcing a failure. [ 479.637889][T17055] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 479.723684][T17055] CPU: 1 UID: 0 PID: 17055 Comm: syz.4.3482 Not tainted syzkaller #0 PREEMPT(full) [ 479.723715][T17055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 479.723726][T17055] Call Trace: [ 479.723735][T17055] [ 479.723744][T17055] dump_stack_lvl+0x189/0x250 [ 479.723774][T17055] ? __pfx____ratelimit+0x10/0x10 [ 479.723796][T17055] ? __pfx_dump_stack_lvl+0x10/0x10 [ 479.723820][T17055] ? __pfx__printk+0x10/0x10 [ 479.723848][T17055] ? __might_fault+0xb0/0x130 [ 479.723891][T17055] should_fail_ex+0x414/0x560 [ 479.723927][T17055] _copy_from_iter+0x1de/0x1790 [ 479.723961][T17055] ? rcu_is_watching+0x15/0xb0 [ 479.723985][T17055] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 479.724015][T17055] ? __pfx__copy_from_iter+0x10/0x10 [ 479.724041][T17055] ? __build_skb_around+0x257/0x3e0 [ 479.724071][T17055] ? netlink_sendmsg+0x642/0xb30 [ 479.724093][T17055] ? skb_put+0x11b/0x210 [ 479.724123][T17055] netlink_sendmsg+0x6b2/0xb30 [ 479.724159][T17055] ? __pfx_netlink_sendmsg+0x10/0x10 [ 479.724187][T17055] ? aa_sock_msg_perm+0xf1/0x1d0 [ 479.724211][T17055] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 479.724234][T17055] ? __pfx_netlink_sendmsg+0x10/0x10 [ 479.724259][T17055] __sock_sendmsg+0x219/0x270 [ 479.724285][T17055] ____sys_sendmsg+0x505/0x830 [ 479.724319][T17055] ? __pfx_____sys_sendmsg+0x10/0x10 [ 479.724358][T17055] ? import_iovec+0x74/0xa0 [ 479.724390][T17055] ___sys_sendmsg+0x21f/0x2a0 [ 479.724421][T17055] ? __pfx____sys_sendmsg+0x10/0x10 [ 479.724506][T17055] ? __fget_files+0x2a/0x420 [ 479.724524][T17055] ? __fget_files+0x3a0/0x420 [ 479.724556][T17055] __x64_sys_sendmsg+0x19b/0x260 [ 479.724587][T17055] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 479.724626][T17055] ? __pfx_ksys_write+0x10/0x10 [ 479.724651][T17055] ? rcu_is_watching+0x15/0xb0 [ 479.724677][T17055] ? do_syscall_64+0xbe/0x3b0 [ 479.724705][T17055] do_syscall_64+0xfa/0x3b0 [ 479.724724][T17055] ? lockdep_hardirqs_on+0x9c/0x150 [ 479.724744][T17055] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.724764][T17055] ? clear_bhb_loop+0x60/0xb0 [ 479.724789][T17055] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.724808][T17055] RIP: 0033:0x7fa83058eba9 [ 479.724827][T17055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 479.724844][T17055] RSP: 002b:00007fa831415038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 479.724865][T17055] RAX: ffffffffffffffda RBX: 00007fa8307d5fa0 RCX: 00007fa83058eba9 [ 479.724880][T17055] RDX: 0000000000004000 RSI: 0000200000000400 RDI: 0000000000000004 [ 479.724893][T17055] RBP: 00007fa831415090 R08: 0000000000000000 R09: 0000000000000000 [ 479.724905][T17055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 479.724917][T17055] R13: 00007fa8307d6038 R14: 00007fa8307d5fa0 R15: 00007ffcd0332b68 [ 479.724951][T17055] [ 480.429582][T17061] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3485'. [ 480.773288][T17071] netlink: 'syz.1.3488': attribute type 10 has an invalid length. [ 480.839614][T17071] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 480.886190][T17074] netlink: 244 bytes leftover after parsing attributes in process `syz.3.3487'. [ 480.984385][T17071] netlink: 'syz.1.3488': attribute type 7 has an invalid length. [ 481.036225][T17071] netlink: 'syz.1.3488': attribute type 8 has an invalid length. [ 481.560942][T17093] sch_tbf: peakrate 4096 is lower than or equals to rate 185707055559232049 ! [ 481.880811][T17102] pim6reg99999999: entered allmulticast mode [ 482.284072][T17117] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3501'. [ 482.414759][T17119] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3502'. [ 482.457467][T17119] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3502'. [ 482.706937][T17119] wg1 speed is unknown, defaulting to 1000 [ 482.833975][T17124] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3504'. [ 483.002270][T17124] veth0: entered promiscuous mode [ 483.079727][T17124] veth0: left promiscuous mode [ 483.398430][T17135] netlink: 244 bytes leftover after parsing attributes in process `syz.4.3507'. [ 483.586345][T17139] netlink: 'syz.2.3509': attribute type 12 has an invalid length. [ 483.714366][T17143] netlink: 6032 bytes leftover after parsing attributes in process `syz.1.3510'. [ 483.937464][T17150] netlink: 88 bytes leftover after parsing attributes in process `syz.2.3512'. [ 484.816926][T17165] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3517'. [ 486.055085][T17189] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3523'. [ 486.202564][T17189] veth0: entered promiscuous mode [ 486.268010][T17189] veth0: left promiscuous mode [ 486.420653][T17203] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3528'. [ 486.457074][T17204] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3529'. [ 486.627470][T17204] pim6reg1: entered promiscuous mode [ 486.653582][T17204] pim6reg1: entered allmulticast mode [ 487.200628][T17221] vlan2: entered promiscuous mode [ 488.038535][T17240] __nla_validate_parse: 2 callbacks suppressed [ 488.038558][T17240] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3541'. [ 488.448892][T17238] dvmrp1: entered allmulticast mode [ 488.550139][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 488.835051][T17261] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3548'. [ 488.849503][T17259] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3547'. [ 488.914161][T17259] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3547'. [ 489.156377][T17270] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3551'. [ 489.769530][T17279] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3554'. [ 489.902694][T17279] veth0: entered promiscuous mode [ 489.952516][T17279] veth0: left promiscuous mode [ 490.139536][T17286] ±ÿ: renamed from batadv_slave_1 (while UP) [ 490.578622][T17296] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3560'. [ 491.854944][T17321] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3558'. [ 491.992591][T17314] ------------[ cut here ]------------ [ 491.998774][T17314] wlan1: Failed check-sdata-in-driver check, flags: 0x0 [ 492.041550][T17314] WARNING: CPU: 1 PID: 17314 at net/mac80211/driver-ops.c:366 drv_unassign_vif_chanctx+0x50b/0x7e0 [ 492.052832][T17314] Modules linked in: [ 492.057202][T17314] CPU: 1 UID: 0 PID: 17314 Comm: syz.2.3566 Not tainted syzkaller #0 PREEMPT(full) [ 492.067428][T17314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 492.077587][T17314] RIP: 0010:drv_unassign_vif_chanctx+0x50b/0x7e0 [ 492.084155][T17314] Code: 8d 8d b8 09 00 00 48 85 c0 48 0f 44 f1 43 0f b6 04 3e 84 c0 0f 85 6b 02 00 00 8b 55 00 48 c7 c7 80 40 b0 8c e8 f6 51 9a f6 90 <0f> 0b 90 90 e9 ee fc ff ff e8 87 b6 d6 f6 90 0f 0b 90 42 80 7c 3d [ 492.103954][T17314] RSP: 0018:ffffc9000f3b7910 EFLAGS: 00010246 [ 492.110071][T17314] RAX: 30658d2f817b1800 RBX: 0000000000000000 RCX: 0000000000080000 [ 492.118173][T17314] RDX: ffffc900109cb000 RSI: 0000000000006963 RDI: 0000000000006964 [ 492.126403][T17314] RBP: ffff88804e83d728 R08: 0000000000000003 R09: 0000000000000004 [ 492.135325][T17314] R10: dffffc0000000000 R11: fffffbfff1bfa22c R12: ffff88804e83e9d8 [ 492.143864][T17314] R13: ffff88804e83cd80 R14: 1ffff11009d07ae5 R15: dffffc0000000000 [ 492.151879][T17314] FS: 00007faba80ea6c0(0000) GS:ffff888125d16000(0000) knlGS:0000000000000000 [ 492.160894][T17314] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 492.167595][T17314] CR2: 000000110c37d931 CR3: 000000004881c000 CR4: 00000000003526f0 [ 492.175665][T17314] Call Trace: [ 492.179120][T17314] [ 492.182096][T17314] ieee80211_assign_link_chanctx+0x1ec/0xd70 [ 492.188246][T17314] __ieee80211_link_release_channel+0x33b/0x4a0 [ 492.194621][T17314] ieee80211_if_change_type+0x14c/0x990 [ 492.200309][T17314] ieee80211_change_iface+0xd5/0x510 [ 492.205705][T17314] cfg80211_change_iface+0x795/0xef0 [ 492.211034][T17314] cfg80211_wext_siwmode+0x1db/0x2b0 [ 492.216429][T17314] ? __pfx_cfg80211_wext_siwmode+0x10/0x10 [ 492.222361][T17314] ? full_name_hash+0x92/0xe0 [ 492.228112][T17314] ? __pfx_cfg80211_wext_siwmode+0x10/0x10 [ 492.234308][T17314] ioctl_standard_call+0xcb/0x1b0 [ 492.240182][T17314] ? __pfx_cfg80211_wext_siwmode+0x10/0x10 [ 492.246689][T17314] wext_ioctl_dispatch+0xee/0x410 [ 492.251758][T17314] ? __pfx_ioctl_standard_call+0x10/0x10 [ 492.257483][T17314] wext_handle_ioctl+0x100/0x1c0 [ 492.262461][T17314] ? __pfx_wext_handle_ioctl+0x10/0x10 [ 492.268007][T17314] ? __lock_acquire+0xab9/0xd20 [ 492.272969][T17314] sock_ioctl+0x15f/0x790 [ 492.277339][T17314] ? __pfx_sock_ioctl+0x10/0x10 [ 492.282237][T17314] ? __fget_files+0x2a/0x420 [ 492.286918][T17314] ? __fget_files+0x3a0/0x420 [ 492.291966][T17314] ? __fget_files+0x2a/0x420 [ 492.296620][T17314] ? bpf_lsm_file_ioctl+0x9/0x20 [ 492.301684][T17314] ? __pfx_sock_ioctl+0x10/0x10 [ 492.307089][T17314] __se_sys_ioctl+0xfc/0x170 [ 492.311722][T17314] do_syscall_64+0xfa/0x3b0 [ 492.316342][T17314] ? lockdep_hardirqs_on+0x9c/0x150 [ 492.321599][T17314] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.327824][T17314] ? clear_bhb_loop+0x60/0xb0 [ 492.332578][T17314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.339380][T17314] RIP: 0033:0x7faba718eba9 [ 492.344394][T17314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 492.364206][T17314] RSP: 002b:00007faba80ea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 492.372664][T17314] RAX: ffffffffffffffda RBX: 00007faba73d5fa0 RCX: 00007faba718eba9 [ 492.380840][T17314] RDX: 0000200000000000 RSI: 0000000000008b06 RDI: 0000000000000007 [ 492.388980][T17314] RBP: 00007faba7211e19 R08: 0000000000000000 R09: 0000000000000000 [ 492.397439][T17314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 492.405581][T17314] R13: 00007faba73d6038 R14: 00007faba73d5fa0 R15: 00007ffecde2c5d8 [ 492.413684][T17314] [ 492.416780][T17314] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 492.424092][T17314] CPU: 1 UID: 0 PID: 17314 Comm: syz.2.3566 Not tainted syzkaller #0 PREEMPT(full) [ 492.433532][T17314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 492.443972][T17314] Call Trace: [ 492.447272][T17314] [ 492.450228][T17314] dump_stack_lvl+0x99/0x250 [ 492.454864][T17314] ? __asan_memcpy+0x40/0x70 [ 492.459576][T17314] ? __pfx_dump_stack_lvl+0x10/0x10 [ 492.464984][T17314] ? __pfx__printk+0x10/0x10 [ 492.469628][T17314] vpanic+0x281/0x750 [ 492.473738][T17314] ? __pfx__printk+0x10/0x10 [ 492.478454][T17314] ? __pfx_vpanic+0x10/0x10 [ 492.482987][T17314] ? is_bpf_text_address+0x292/0x2b0 [ 492.488331][T17314] panic+0xb9/0xc0 [ 492.492185][T17314] ? __pfx_panic+0x10/0x10 [ 492.496704][T17314] __warn+0x31b/0x4b0 [ 492.501079][T17314] ? drv_unassign_vif_chanctx+0x50b/0x7e0 [ 492.506832][T17314] ? drv_unassign_vif_chanctx+0x50b/0x7e0 [ 492.512667][T17314] report_bug+0x2be/0x4f0 [ 492.517020][T17314] ? drv_unassign_vif_chanctx+0x50b/0x7e0 [ 492.522776][T17314] ? drv_unassign_vif_chanctx+0x50b/0x7e0 [ 492.528525][T17314] ? drv_unassign_vif_chanctx+0x50d/0x7e0 [ 492.534359][T17314] handle_bug+0x84/0x160 [ 492.538638][T17314] exc_invalid_op+0x1a/0x50 [ 492.543191][T17314] asm_exc_invalid_op+0x1a/0x20 [ 492.548075][T17314] RIP: 0010:drv_unassign_vif_chanctx+0x50b/0x7e0 [ 492.554462][T17314] Code: 8d 8d b8 09 00 00 48 85 c0 48 0f 44 f1 43 0f b6 04 3e 84 c0 0f 85 6b 02 00 00 8b 55 00 48 c7 c7 80 40 b0 8c e8 f6 51 9a f6 90 <0f> 0b 90 90 e9 ee fc ff ff e8 87 b6 d6 f6 90 0f 0b 90 42 80 7c 3d [ 492.574309][T17314] RSP: 0018:ffffc9000f3b7910 EFLAGS: 00010246 [ 492.580503][T17314] RAX: 30658d2f817b1800 RBX: 0000000000000000 RCX: 0000000000080000 [ 492.588503][T17314] RDX: ffffc900109cb000 RSI: 0000000000006963 RDI: 0000000000006964 [ 492.596600][T17314] RBP: ffff88804e83d728 R08: 0000000000000003 R09: 0000000000000004 [ 492.604782][T17314] R10: dffffc0000000000 R11: fffffbfff1bfa22c R12: ffff88804e83e9d8 [ 492.612952][T17314] R13: ffff88804e83cd80 R14: 1ffff11009d07ae5 R15: dffffc0000000000 [ 492.620982][T17314] ieee80211_assign_link_chanctx+0x1ec/0xd70 [ 492.627018][T17314] __ieee80211_link_release_channel+0x33b/0x4a0 [ 492.633401][T17314] ieee80211_if_change_type+0x14c/0x990 [ 492.638989][T17314] ieee80211_change_iface+0xd5/0x510 [ 492.644326][T17314] cfg80211_change_iface+0x795/0xef0 [ 492.649648][T17314] cfg80211_wext_siwmode+0x1db/0x2b0 [ 492.654970][T17314] ? __pfx_cfg80211_wext_siwmode+0x10/0x10 [ 492.660816][T17314] ? full_name_hash+0x92/0xe0 [ 492.665525][T17314] ? __pfx_cfg80211_wext_siwmode+0x10/0x10 [ 492.671360][T17314] ioctl_standard_call+0xcb/0x1b0 [ 492.676426][T17314] ? __pfx_cfg80211_wext_siwmode+0x10/0x10 [ 492.682256][T17314] wext_ioctl_dispatch+0xee/0x410 [ 492.687312][T17314] ? __pfx_ioctl_standard_call+0x10/0x10 [ 492.692982][T17314] wext_handle_ioctl+0x100/0x1c0 [ 492.697979][T17314] ? __pfx_wext_handle_ioctl+0x10/0x10 [ 492.703644][T17314] ? __lock_acquire+0xab9/0xd20 [ 492.708552][T17314] sock_ioctl+0x15f/0x790 [ 492.712974][T17314] ? __pfx_sock_ioctl+0x10/0x10 [ 492.717862][T17314] ? __fget_files+0x2a/0x420 [ 492.722472][T17314] ? __fget_files+0x3a0/0x420 [ 492.727175][T17314] ? __fget_files+0x2a/0x420 [ 492.731790][T17314] ? bpf_lsm_file_ioctl+0x9/0x20 [ 492.736758][T17314] ? __pfx_sock_ioctl+0x10/0x10 [ 492.741732][T17314] __se_sys_ioctl+0xfc/0x170 [ 492.746363][T17314] do_syscall_64+0xfa/0x3b0 [ 492.751415][T17314] ? lockdep_hardirqs_on+0x9c/0x150 [ 492.756732][T17314] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.762825][T17314] ? clear_bhb_loop+0x60/0xb0 [ 492.767618][T17314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.773537][T17314] RIP: 0033:0x7faba718eba9 [ 492.778006][T17314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 492.797822][T17314] RSP: 002b:00007faba80ea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 492.806448][T17314] RAX: ffffffffffffffda RBX: 00007faba73d5fa0 RCX: 00007faba718eba9 [ 492.814448][T17314] RDX: 0000200000000000 RSI: 0000000000008b06 RDI: 0000000000000007 [ 492.822545][T17314] RBP: 00007faba7211e19 R08: 0000000000000000 R09: 0000000000000000 [ 492.830581][T17314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 492.838600][T17314] R13: 00007faba73d6038 R14: 00007faba73d5fa0 R15: 00007ffecde2c5d8 [ 492.846716][T17314] [ 492.850193][T17314] Kernel Offset: disabled [ 492.854518][T17314] Rebooting in 86400 seconds..