last executing test programs: 2m16.740243354s ago: executing program 0 (id=2203): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r1) sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x14, r2, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r1) syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r1) sendmsg$NBD_CMD_RECONFIGURE(r0, 0x0, 0x0) 2m5.917526532s ago: executing program 0 (id=2203): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r1) sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x14, r2, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r1) syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r1) sendmsg$NBD_CMD_RECONFIGURE(r0, 0x0, 0x0) 1m18.278108468s ago: executing program 0 (id=2203): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r1) sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x14, r2, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r1) syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r1) sendmsg$NBD_CMD_RECONFIGURE(r0, 0x0, 0x0) 1m6.727264594s ago: executing program 0 (id=2203): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r1) sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x14, r2, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r1) syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r1) sendmsg$NBD_CMD_RECONFIGURE(r0, 0x0, 0x0) 52.203530905s ago: executing program 0 (id=2203): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r1) sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x14, r2, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r1) syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r1) sendmsg$NBD_CMD_RECONFIGURE(r0, 0x0, 0x0) 39.714140132s ago: executing program 2 (id=2860): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3576], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x3}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) close(0x3) r1 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r1, 0x10c, 0x6, &(0x7f0000000000)=0x3ff, 0x4) close(0x4) 39.711064635s ago: executing program 2 (id=2862): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x3c) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r3, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@ipv4_newaddr={0x20, 0x14, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r3}, [@IFA_LOCAL={0x8, 0x2, @local}]}, 0x20}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)={0x34, r6, 0x1, 0xffffffff, 0x0, {{0x2}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x99e}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}]]}, 0x34}}, 0x0) r7 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r7, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local}, 0xc) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket(0x10, 0x803, 0x4) sendmsg$nl_route(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c0000002200000000000000000000000a0000000000000000000000f7293cd0e2c8bb90cfaabc1560a120409bb7b92c6db30a250f031aa5474fd9d89b3004b47bbaa185f01244e7a14545198a44ce7f7149f460cfe6ade35b821b00b5db7b29222b2835e779d0b2415a1b9b6df8c93f74934a73a721f299071c5a852fa8c5b35b5998ef73f3d562fbd558af9e"], 0x1c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x53}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xfffffffe}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r11 = openat$cgroup_int(r10, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r11, &(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x31) socket$netlink(0x10, 0x3, 0xa) ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f0000000340)={0x2, 0xca, "ae26172d6d9ae0af805d33e554fe53411f66371baa7d2309045ca773b83af7884511e412fdd4cffed9e90e4a30facac8226d91a84f72fc0dada4f4670d7c06918eb43ca664d9288748310077d08cf7ae386a284fa7cff81fb0f00dbb6755226896dbceb12f02542bb687f50249696e6c0678bd07fc5674dbef46ef63374e94cd9cf91722bf6189373595ba9e40c612df2d0f5c0715cdba3724e56008dec434938da111ca4350883e431afcf8744dc341b38da5245e1eb8e48d85f3df70dcd2b8df66399aba0e9f7dd35f"}) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route_sched(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001000)=@delchain={0x1854, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {}, {0x0, 0xffe0}}, [@filter_kind_options=@f_basic={{0xa}, {0x1808, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0x6}}, @TCA_BASIC_EMATCHES={0x161c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x1208, 0x2, 0x0, 0x1, [@TCF_EM_META={0x5c, 0x2, 0x0, 0x0, {{0x6, 0x4, 0x1}, [@TCA_EM_META_RVALUE={0xc, 0x3, [@TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_INT=0xa]}, @TCA_EM_META_LVALUE={0xc, 0x2, [@TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_INT=0x3]}, @TCA_EM_META_LVALUE={0x2b, 0x2, [@TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="3ae9fbd0c87754", @TCF_META_TYPE_VAR="3146c693e51fea", @TCF_META_TYPE_VAR="91e906", @TCF_META_TYPE_INT, @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_VAR="d00d909f1f", @TCF_META_TYPE_VAR="72b400baa7"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0xf1ca, 0x1, 0x1}, {0x8001, 0x50, 0x2}}}]}}, @TCF_EM_CONTAINER={0x100c, 0x1, 0x0, 0x0, {{0x4, 0x0, 0x100}, "53d1601c7af88d82367b79ee89e82b8fa8331d2218c31c43ae3ea961cced1b37066b2d9c054b206b64d83152e82b2afaf2d0617464dc3a107e69392f179c21a953e1867a4267839950a7d471d2a001db404adf81c097ba5842dbd55d141ea811abdd49efadd89c29e379693695ca4f56cd6ec56c735c6144a8ad0683422db4121248acc4d6ddc088caf123e41623ef9adce3fd212c9892728a8de0624d9f03786408ca223309e6e767af648aba59f19bacb467b5349f24f6cd57d8ff2f7255121cd0a196a62d334119ec27eaa9d11964d2ee75ee1036fb65178f00e2a820d66e7c2c8606e6afafee72db64c15703a2ffb484b3e47c3658191e84fde6750647a96cf3495235f82bef69e221a565e34492ed5786dcd61b7e7e957b631a33ce02b5d477b38e6b0d23eb2a5c2205e3e8eed11282944fc82e8008e534a072ac04c697f3bb0fd508af50e1327002414b712151511994e1d4da57f78d2509cf462a4f9f0ee431286f0fd767abc956349ac9285f04b988593d94b6da65d758545adcf51ed54ab31b7ec8075ede8ebc187d4940a6c37b24fd28c8a815dd4d73b40ef8baef1f20be72798998ca767479d8c3623fcaccb9a248cb2bc09103b8561237ff6117415d51edd086aacb3878e417673ba1041653600d2a97480f2f198b720c8588859ebce945b6878a4ed3be1f32296fb4bc8e670ebc8c564098f4f9a0b5144925c45505151590e5f86534c05d181d4513d7498c2aa5a7aa6adff02389a79decbd7f16c989392d8de64aa48ac001d8721a5ca8714abdc0768915157cf8dcf8eb7337b314360f1711a249f06b078679bab9ffb4d83dfddbe715175e8f860cad412d7523b2360eda625d8d72071492b871baf8d22b064aeb8b5286a6542b2222b6002ecb31568da45e001ab29629417f85d7e7ee36be17f7b8d986c718bdd3b59ff394874af66665ac62f9bcb1be45550fd4fb39ffa27e0a33e1dba64bd18ef76b73eaa716a84f216855a30b6cefecdd86562e8507c9c44931cb52793efc27451b4db34cc31737ebeb1f130152fea296fb2065699cdd15dd49fa15dcb3206dd12de718c4588a41c5733da84859835a0e06e5d178bcba4ab4b5dbc6bd0cbf8c8a735730a8ea22d1d3dbeb84cc170d3279b651906d8cb8996f28f2fed9a56d6821afe196892f77316d6f64fcf1793d50e09aea27bc67f8b346702bc1cdee527d8dc06426f3fe2b73f606d77efa8035eceff1d31acdaa8f0d2958e0f309d5214760ba278f6f85b972570f777ce3c85a0f0a118713b060811ebb2566e54f5309d646451dcaa3fe0cc6c7479a0bf6c95a0945d7f044ae1b2bcb41bca3ef1fc5810570a5afe2df6b28118de29b8da5fc806c571fcb78a32f6fe6e3d743ba7b64c04ac9d2a42b793822478d518faae13557797186c1112f71c140009300fc6074070c9a50eb4085270f569f76147189568ce4d010f7b4d166a1556d860441619f6bbb5a701d272fc9aa8bd15e81143fa12427c82c776e8309f84d681bea1b9d578a19b8013bf04c57d16e21fa77c6bcf9d796d8d66b6ffd97eb0487ad0859f5912f519a055e402cd17c89983ed55f812a076fc2a098adb21ea4d31d61e6c7a28327d2d9ad70eae457e3bc9a10a2857dc9d6fab97b17d000ba4379e9e0258df8dba552fb7d483b28e77098305e6e575057d98291ff44d1a2e1fce8aedc5ff89b7dd5074a734c14f7e52a062d9f4a16f6335839772b9d820de6b5149de06841e2d11fa323584e96a9f9bd1344e3f2f551a5a53fcfa0ba93623850190066d757c29f090c19641a495b25d826ec628cbcae1fb95d1c6e4b243f28a519898052babd5be4844f44fa9eca7ab5c2bec22910ad508c4841b09fa22ef88df4bd9cb1fa523cc9694215dfc4319b41e338872eeb6d9cf92015d867a58d296dafb81c0f5479dd67a8c4c0ee30c787d9b077c55651b279ec3e577fd7d6fde71c303f7405926c41b792e21ad14198d5ef77ae09e5b3deb0b6a1882a3dde769cf152e58d0e7c2aeb32f8aa9b12a1ff78ebb0e94ddc1706352b85ece6a504a2209ab6085b1f3b46a2d46643f52638d0ce54f2ef855b5979d069c5f81e8e1abe86f2535e0d9253ec187ab9f49eba0d08c6590c23155c4b0a3ce129b4aa6cfff62b187938abc941485a7beb84ec6a5e916eff17609a72ce201da84fe30aa9c96487f01ae39052ab822f252a02cc502b90673a33fb240df8b73ec83ca41bbc9ece3a609999017ca5746e9a551be6dc18da50401a454d469330aab63aef04270e36f2db417638848f6075a994700118edcc9c800c26cd8e99aa06c137b8bb74c09668dd46367c06b7f01d3447ae74a606a0a772ed8fc088453490687fbe5a88554a902357929924820a68ca6ea3c31a8a35480b134c5c53cb7502820ace160a0f38ea7c735ef2a7d2a83686c58a4b26d2d61fa932f5debaa1664d129707dca3d85675a17253d54cfddda1a2427368087271a1438d640092101dc31334350c6ebbc74c4042ed49a25527af8edca7fde694e666c448d7a602199822dc0debc9be0d3f8d57adf4c0930d4cf624f2c2301ea1ae8e8d1db92ea648dfdb699c559f4f5e11457bd7136466efc9d6e1eb95f2b166988b4ea57d8cf7cd4a1aad6af5d5793e502b6a40811da409323ab7cf9f0a4d82330e19c8a403f532af19d2c602bb25581572b6098c79874bf48f8a117cb35a3f3a4c2a9c08608db4087c6576f74d16d5fe2d9b308a41bbda81fef9ab959d1ebaf08b735bdfc084921f0489df460a69a7b4a2f8c32f5bb1cda8ddaa46cbbd46d197119bf439b543594c9574de45612223b9f34fe9a6fa7126e21ddff4b1d81d3bae45ec507b38892bad93422a6db1467f0e63f4281a727cbdfb4fbbbdd047ad6e34b3fd2a8fca60a98a53357bc34d0289b4811dcda3f7e248bc6d88200312028fdc947f46334f190cdeb6bc1c11504bdc27a1e2eb2b4b8292615a945d3b10ad58246b529fec70b0702baa00969602f2a891b005865046cd4028c606325660330aad4f42cbdaf3ecc526da899ad949d3b20a2428fc59f6af7762d444d59253e7b6c04fa5b22e9a713f89bdcc2e2d3952297a9ae6c49e85060122a3d2815cd466f1263e48e17dd1d4ec853738e9b0bcab54accccdea946450e407c898f9e05ff7354434ae1f91bdf55bd46a156301407ddd3a7558d271406d347680dc2252ec67c2cb2ce1dfa92e40a5b74b9d9d4e3a2e68ccd19d7ee9a0bb93947701e5ee883b7cc8197641856e3df2bf7d5a8ad4da57e659b0275b1d369d09df1118c0c7e91fd9a85eb312ab5e994896ce0490fca6eb58047d06d21c804df7ad80f82f8519c2bc7e6a2e46ecbd5c9f55748ec96aaacb74a465ad3fe88fc5d720ba87a7947d96d90f55f8dc2d5360666205d3f2fc156e739805fd378b6e0138bb4bcd4bcbf7ea82419742e22bff3f8e52cc709974e2b1f9fb3c27b916948a3a156ba86121de9feab4c83f64509553501cd00dc856d513b71c907fcaff22da06263c06d8f3fd3fdf63c59572ee8a97fffeda8e9bb506b80ca8fa3e3b981809e9eb5f7c91175c80b72a64116133fef475b1dcf6d47069c166f0665c6b206509c1a3b1f7323a6df41ef4402d7d3f6d32da981d5748ef5730ef1ec0dda59d363ce6cf6ac325481aabeef8f4a560116190e99e53ef5e21e90dd8ccf847590c1d847c6675c3b6691ae2999ef0cd820ba5abfa8aefab66e1cc99d11f739349b9697b58ee11325e101718ff28a1903d0a4938502a56354af596064b5a2c229bd3109c1dd4eb25d704fea44a07184b3086a57adfef7868de9c16d4112323836d2dad92a1e9e729aca9223ad6644ddb1429c605b5e515013f631487319aba4e8faa1ed57b16220364298ae0c1075f5b5abdece701e0b0d7e021c7b049048bc2ee699e01f9d342af21ef9cbc785c4dad6dd6095792a6b78da9ca6985fa511029afe639001718845d52a9d75ae7a53848da3cf4518ef9dc9aa7eee6c2a1ebc12ac2e18f523aa2311737a8e78d7424cde06e6392921151e4cec565c5f8e66450c716a07e95066a7b76424a89acd805add8f1884dc33cc7041212f19782af6b3b6fb622c63940718cd59aee1c4861eb96b418b8f75c3ad5489c063968fd71b04ffdad73a75217614316fc34146fafaa0e3ecef96d5932ecd87b227eef57a9c80eeb67b1d39c2860e7a7edf85ed3537c526a702b8a4ce71577b193567597de3c118dc4a3ef9e26706cbd95bcfaed978792967ce30b843780ea14007998fd78c60496e7c8bf24a24cadfba2d80b49f1e1466dedeea82d54c544dc2403a195b8b48307c40160446dfd4f19af886a533ac2917479453a8a1ce8264cb428bc8e7777240247fc17fa78cb00b58ea52ec625678133194c788e511531cdcc3e60f4356f630978876c7c7d70cd76e521e57d224a76b1fb1595f447e3614fe6ab0bf09d3f6219f857910e66edbe364d7fe5b677ef98b8af2455a0d15dc9d5c5f11e0c6722c83c524ff5dd2ca4996de421e557f56656b00e0e0491f16b51a138e642ed3ca7f2684beb7ee9bfa7af8fe43d6089f5999690f60c5dce27180b4d89b99130f3c6109b24daa6e23af948d6c2ab6f74bf80cc4e980ddb3fc87ca5b7b22cc24648c3aa2e6a8c7f295823a6c119ff1ee2059011351d8d429f141ab48c98b9ad1d6d1565b39b9a804a163ceff085463d78fa069097318a07162983ff8e7dc30f9bedf411211f971ab5a13fec8a753e087d95d6d37ec033e318db28a2e0d6555577cab12a6f9cb74e716294c452bd69fbd950831cd0df82dfff2335fd77404ea6e0ce327326983515ad0ccb41b4f8bd06f296d6873c55eda9200843886525334187a238195a9a3e778f430374017dac7f92313403379fe4e1062e10725fd3aa19cbbb462e6c508ca40afc6ce194ebc2921af2ea7fe4f098aebbb0c3bac1807cc010f430094db3bc459d40b3eda53ca502f31b897b28541b36e0b883954e102aa8e0250f7d7ac24060f3a10b93a2ecc69b71f057027827d7e5b215319ec83f0856c8ab137b79e6f02a6bfffbc2a284f78d009abf7fd5df26e767608eed8346fadd1cb40b94543b20282e869640944b77b1a722808a8d042b1c52368c54ec040d3c80449a6dbb4680588665892445b9e29f4659111f175e45e5a237a670e9555effb38dd48ae0d23fc64cfd724eadffaaa2e0a25fa7ed6bd2bf31963317f5dcb54c7d6abad8cf386ce721ec08f9160b53fa67ee236c33a612cdc9a474d0413fdea0b502943e7bbf0c615f76fc875880b9273c1631f72982e680ebee5dbcc73ff7b22f5a5403783b82a715a86ffa0741653237ff8ce9b872085d17fa0989b2975ab26916e4c5ce7849f9628551f07a6ff5819e477bbf8c89c6d1515ef2adcb882eb4d819e2bf4e64a6c0a55ac5c08306a0924b6142a4728643bf51830b494b5c162780c7aa5ba4af85082161a865af2eb56f9d9c81592c62165ff1aa2b4df3c00dbdf96accaef51a84547575dd4e6dec23f0411156cf8a4889206ca01a15bcff66ff0c5bbec5bbb2de90fbdf2797f63093d6f9b91d6bbc6bd955efcffc01cc700f4690d4b381c6858688617182bd8d34e533e1543d3999031c84c34a8ee9d06c60cbc518189309eaf484305d69c78dab3ab8f1381f641dfe9e0c84947473c7a62799f66e8a57905f97938db72f11b58546ea4805e1915865e4a3af5931d5203b83edd46f19e783f7ea97a11a6f0a075f17ede39e191b65b35a502873f7b1c42489c03ce476e810192dd1cebd3f87998d1b48a6c2"}}, @TCF_EM_IPT={0x164, 0x3, 0x0, 0x0, {{0x0, 0x9, 0x2}, [@TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_DATA={0x46, 0x5, "0a43d3afc0e665c0a4f6f775d9d79694ac1afb1b6dc20a00fd3dcd3aba5c7fae506d45d6cc003669a714a68e7642eb9c558dcfb67b72f51f6863bc99b38c6799cbdb"}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x1}, @TCA_EM_IPT_MATCH_DATA={0xe0, 0x5, "9407db8610904c4421b669105f4185f1a1d8bfedc56fc29b7166777bc1f9801a5ca2ea4c6ed4a2b20ca624d63830f14ed097bcd7ce521cecaaee45c5c300365cc4eb09f7e321737249073c561677c3621ec929c0ce25ee6ad1c45403deb1c9c44d068fb85248e07336eadcf7dc4c8d96c5b33c16ebb14ae500ccef77dc95da7214b9c624fa50317e4bc5d76edca06af69a19bf2b7a07c690404aa2fac51102328f290ae0631cc8a631fdb0136523025f8ce3db088e2348e0a3c82027cf114bf9b949ea129570666a5a76de106ca684e13e1469f3aa0956686e349891"}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0xf4}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x3}]}}, @TCF_EM_IPT={0x1c, 0x1, 0x0, 0x0, {{0x800, 0x9, 0x3}, [@TCA_EM_IPT_MATCH_DATA={0x10, 0x5, "5e7ad4bd3c86b207d404515a"}]}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x8, 0x3, 0x8000}, {0x7f, 0x1000, 0xd7b, 0xb}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x18, 0x3, 0x0, 0x0, {{0x7, 0x9, 0x6}, [@TCA_EM_IPT_MATCH_NAME={0xb}]}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x9}}, @TCA_EMATCH_TREE_LIST={0x2bc, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x18, 0x2, 0x0, 0x0, {{0x1, 0x2, 0x3f8}, {0x427, 0x5, 0x0, "8a27d0ef3d"}}}, @TCF_EM_U32={0x1c, 0x2, 0x0, 0x0, {{0x3ff, 0x3, 0x8d0f}, {0x5c02d1fb, 0x800, 0x10, 0x7}}}, @TCF_EM_META={0x88, 0x1, 0x0, 0x0, {{0x2, 0x4, 0x27b}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x81, 0xf6}, {0xf, 0x6, 0x2}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0x8}, {0x5b66, 0xc, 0x3}}}, @TCA_EM_META_RVALUE={0x1e, 0x3, [@TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_VAR="8bbc93108834", @TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_VAR, @TCF_META_TYPE_VAR]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0x6, 0x2}, {0x7fff, 0x7, 0x2}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x2, 0x9, 0x2}, {0x0, 0x3, 0xb5362c7fefd6d34b}}}, @TCA_EM_META_LVALUE={0x11, 0x2, [@TCF_META_TYPE_VAR="bdff42cf1ea7d8", @TCF_META_TYPE_VAR="32f5d8e1b602"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x6, 0x4, 0x3}, {0xba, 0xff}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0x2, 0x7}, {0xfbff, 0x7}}}]}}, @TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x6, 0x1, 0x4e13}, {0x400, 0x7fffffff, 0x8, 0x6, 0x5, 0x1, 0x1}}}, @TCF_EM_CMP={0x18, 0x3, 0x0, 0x0, {{0x7, 0x1, 0x3}, {0x1, 0x6, 0xf, 0x4, 0x1, 0x1, 0x1}}}, @TCF_EM_IPT={0x40, 0x2, 0x0, 0x0, {{0x3ff}, [@TCA_EM_IPT_NFPROTO={0x5, 0x4, 0xa}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x5}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x8}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x8f}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_HOOK={0x8}]}}, @TCF_EM_CMP={0x18, 0x3, 0x0, 0x0, {{0x6}, {0x80000000, 0x100, 0xa, 0x4, 0x6, 0x2}}}, @TCF_EM_META={0x80, 0x2, 0x0, 0x0, {{0x6, 0x4, 0xb}, [@TCA_EM_META_RVALUE={0xb, 0x3, [@TCF_META_TYPE_VAR="9de3f8", @TCF_META_TYPE_INT=0xa]}, @TCA_EM_META_RVALUE={0x1f, 0x3, [@TCF_META_TYPE_VAR="d50abb6a1d8e957a", @TCF_META_TYPE_INT=0x8, @TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_VAR="8661e1"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x1000, 0x5f}, {0x309c, 0x3, 0x1}}}, @TCA_EM_META_RVALUE={0x1b, 0x3, [@TCF_META_TYPE_VAR='a1', @TCF_META_TYPE_VAR="f9bf9b", @TCF_META_TYPE_VAR='aT$', @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_VAR="44ba35", @TCF_META_TYPE_INT]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x400, 0xfe, 0x1}, {0x2, 0xb2, 0x1}}}, @TCA_EM_META_RVALUE={0x11, 0x3, [@TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="fd4eba5260b4270b81"]}]}}, @TCF_EM_CONTAINER={0xe0, 0x3, 0x0, 0x0, {{0x1, 0x0, 0x9}, "69e1a5b2e902ed19907e9d6d85363a903d1d6a960bb0965772259068ee78c44114115920f0dd80ed8f0538b49594bb78ede8b837f9515eea76a29acf796d8b4114b688bb737aeffb3dadefc8d26383945e64c8247615c1c01e496c92b0697148b7d25d84c8553d02042c55bb0b70cc722668ad0800310a2966adb637f4ce7ab9ea31bdeabb4c09d59199efe93c2b55d3a8e1c8a494517427b42cdf374ac8f00d7145124255109cc61c3c8bc3973b9e84eb87295c12282eb03614d139e5a24caf0982b4e5f92deb5271af0336e10326333b"}}, @TCF_EM_CANID={0x14, 0x3, 0x0, 0x0, {{0x6181, 0x7, 0xed0}, {{0x2, 0x1, 0x1}, {0x2, 0x0, 0x1}}}}]}, @TCA_EMATCH_TREE_LIST={0x44, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0x3, 0x8, 0x3}, {0x0, 0x5, 0x4}}}, @TCF_EM_NBYTE={0x14, 0x3, 0x0, 0x0, {{0x8, 0x2, 0x8}, {0x2b5a, 0x3, 0x0, "e9d8ce"}}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x1, 0x3, 0x1}, {0x3b8, 0x9, 0x4, 0x43}}}]}, @TCA_EMATCH_TREE_LIST={0xc4, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x48, 0x1, 0x0, 0x0, {{0x0, 0x0, 0x8}, "91792f1fdb9af1cd703a20f5f24d837025e104dbc2c18eb1465bb51153e65345816c19bbea83b2da4a94b8ff3a9996f71b2c1223725e62bd9e71d158"}}, @TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0xe049, 0x8, 0x1000}, {0x0, 0x5, 0x7}}}, @TCF_EM_U32={0x1c, 0x9, 0x0, 0x0, {{0xbccb, 0x3, 0xfffd}, {0x5, 0x0, 0x3, 0x100}}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x6, 0x1, 0x9}, {0x5, 0x3, 0x3, 0x2, 0x6, 0x1}}}, @TCF_EM_IPT={0x34, 0x3, 0x0, 0x0, {{0x9, 0x9, 0x7}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}, @TCA_EM_IPT_HOOK={0x8}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x3}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x2}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x7}]}}]}, @TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x14, 0x1, 0x0, 0x0, {{0xa12, 0x0, 0x6}, "12327dcc3509c95c"}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7fff}}]}, @TCA_BASIC_EMATCHES={0x1e0, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0xc0, 0x2, 0x0, 0x1, [@TCF_EM_META={0x7c, 0x1, 0x0, 0x0, {{0x1, 0x4, 0x1eba}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x3, 0xd3}, {0x0, 0x52}}}, @TCA_EM_META_RVALUE={0xc, 0x3, [@TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_INT=0x1]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x9, 0x6, 0x1}, {0x0, 0x3}}}, @TCA_EM_META_RVALUE={0x17, 0x3, [@TCF_META_TYPE_VAR, @TCF_META_TYPE_VAR="cdee", @TCF_META_TYPE_VAR="fc9fd1d8", @TCF_META_TYPE_VAR="ad", @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="148021d0", @TCF_META_TYPE_INT=0x5]}, @TCA_EM_META_LVALUE={0x4}, @TCA_EM_META_RVALUE={0x2d, 0x3, [@TCF_META_TYPE_VAR="0fb99a04577098933649", @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_VAR="38df10f6d60e0eb6d95d", @TCF_META_TYPE_VAR="e6ff2a4ebf7a9e858f", @TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_INT=0x8]}]}}, @TCF_EM_IPT={0x40, 0x3, 0x0, 0x0, {{0x7, 0x9, 0x75f}, [@TCA_EM_IPT_HOOK={0x8}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x3}, @TCA_EM_IPT_MATCH_REVISION={0x5, 0x3, 0x5}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x7}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x1}]}}]}, @TCA_EMATCH_TREE_LIST={0x11c, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x1c, 0x2, 0x0, 0x0, {{0xe2, 0x2, 0x1000}, {0x5, 0x9, 0x0, "a7ccf5caa909b5ca0c"}}}, @TCF_EM_META={0x2c, 0x3, 0x0, 0x0, {{0x101, 0x4, 0x9be}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x1, 0x9}, {0x4, 0x0, 0x2}}}, @TCA_EM_META_RVALUE={0x13, 0x3, [@TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="af2218e3212a13"]}]}}, @TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x4, 0x8, 0x7ff}, {0x4, 0x4, 0x1}}}, @TCF_EM_META={0x70, 0x1, 0x0, 0x0, {{0x4, 0x4, 0x4}, [@TCA_EM_META_RVALUE={0x1d, 0x3, [@TCF_META_TYPE_VAR="acecea57", @TCF_META_TYPE_VAR="e73724a348ba9b", @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_VAR="db91a6f937c90bb3ecd4"]}, @TCA_EM_META_LVALUE={0xe, 0x2, [@TCF_META_TYPE_VAR="07157df613233357063b"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x9, 0x97}, {0x7, 0xa, 0x1}}}, @TCA_EM_META_RVALUE={0x27, 0x3, [@TCF_META_TYPE_VAR="8b175325abae", @TCF_META_TYPE_VAR="4f50fc9924f83254", @TCF_META_TYPE_INT, @TCF_META_TYPE_VAR="b4", @TCF_META_TYPE_INT, @TCF_META_TYPE_INT, @TCF_META_TYPE_INT, @TCF_META_TYPE_INT=0x2]}]}}, @TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x427d, 0x8, 0x7}, {0x2, 0x2, 0x2}}}, @TCF_EM_IPT={0x14, 0x3, 0x0, 0x0, {{0x8, 0x9, 0x80}, [@TCA_EM_IPT_NFPROTO={0x5, 0x4, 0xa}]}}, @TCF_EM_CMP={0x18, 0x3, 0x0, 0x0, {{0x4, 0x1, 0x1}, {0x0, 0x456, 0x7fc, 0x1, 0x2, 0x0, 0x2}}}, @TCF_EM_NBYTE={0x14, 0x3, 0x0, 0x0, {{0x3, 0x2, 0x4b3f}, {0x9, 0x3, 0x1, "b83ad3"}}}]}]}]}}, @TCA_CHAIN={0x8, 0xb, 0x268e4f53}, @TCA_RATE={0x6, 0x5, {0x7a, 0x1}}, @filter_kind_options=@f_fw={{0x7}, {0x4}}]}, 0x1854}}, 0x0) r13 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f00000001c0)='kfree\x00'}, 0x10) r14 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x18, 0x10, &(0x7f0000000000)=@framed={{0x18, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r14}, {}, {}, {0x7, 0x0, 0xb, 0x9}}, @printk]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[@ANYRES16=r13, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000c632227e30e08208d54e5cbfdfcb000000000000000000000093cfaf1e3fd2faca1f12000000000000000000000000000eb64725e1d9dceb8ff33049f1dc29dcdec400204458b3f6ef"], 0x50) 39.188103451s ago: executing program 2 (id=2868): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000000)='6', 0x1) ioctl$TUNSETLINK(r0, 0x400454cd, 0x337) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_devices(r3, &(0x7f0000000300)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r4, &(0x7f0000000440)=ANY=[@ANYBLOB="62202a3a2a20726d1f"], 0x9) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000140)=r2) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r5, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r6 = socket$tipc(0x1e, 0x2, 0x0) r7 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r7, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r7, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) sendmsg$tipc(r6, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10, 0x0}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff}) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) tee(r8, r10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="6000000010003b0c000000000200000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800b00010065727370616e000030000280060003000080000006000200b60000000800060000000000040012"], 0x60}, 0x1, 0x0, 0x0, 0x4000014}, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r9, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0xab9bc46956f743f0}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x38, 0x140a, 0x400, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x20008001}, 0x4000) 37.671517141s ago: executing program 2 (id=2878): r0 = socket$inet6_dccp(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000400)={0xa, 0x4e21, 0x0, @empty}, 0x1c) r1 = socket$inet6(0xa, 0x4, 0x8c) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f00000002c0)='blkio.bfq.time_recursive\x00', 0x0, 0x0) preadv(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)=""/140, 0x8c}], 0x1, 0x0, 0x0) getpeername$packet(r4, &(0x7f00000005c0)={0x11, 0x0, 0x0}, &(0x7f0000000600)=0x14) r6 = openat$tun(0xffffff9c, &(0x7f0000001500), 0x34000, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r7, 0x29, 0x33, &(0x7f00000001c0)=0x9, 0x4) getsockopt$inet6_buf(r7, 0x29, 0x6, 0x0, &(0x7f0000000240)) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000008c0)={{{@in6=@dev, @in6=@ipv4={""/10, ""/2, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@mcast1}}, &(0x7f00000004c0)=0xe8) ioctl$TUNSETOWNER(r6, 0x400454cc, r8) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x10, r6, 0x38b6f000) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="800200001f0001002bbd7000fcdbdf250a010100000000000000000000000000000004d302002b00ac1e010100000000000000000000000000000000013500004601140074677231323800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d00700004000000008f287dc899c970c464c78fef1c28ddf256e57ff76c16940f15c036c8b0eb32efea282dd1d9fe586e3a6df0c130c76f782210b5a97d6a8cef91ce2503a33d525619a926fcff6e0ea36959c29a9f4becf6e45f622d1da0db7da3fee60ba6ae83edca9b2703f1af821d382e84a36e9bcd91d806558c90594d7544508f7c35ee903bec0e2c3f853d82e53c9942ccb9a54fc0425e11bab1b54700b17811371ebe37bdaae001f07ea0b746e0f6770bb42c47c7d7352da1fc39ff8c16f342127c7430ffec7fd9572a0007e4d91bec2418a14a126d45b4091f2915754e4b73454f8445a5b85a2c1618743c681635579650f72491630930e9f1dd2ea1f600000e4000600fe8000000000000000000000000000bbfe8800000000000000000000000000014e2000034e2000800a00000006000000", @ANYRES32=r5, @ANYRES32=r8, @ANYBLOB="e0000001000000dc1acc72471e22aeaa000000000000000000000004d2ff0000007f000001000000000000000000000000f8ffffffffffffffffffff7f00000000030000000000000003db00000000000034020000000000000b0000000000000006000000000000000000000000000000030000000000000001000100000000004f00000000000000ff0700000000000000ffffff07000000070000002dbd7000003500000a000006400000000000000014000d00fc010000000000"], 0x280}}, 0x0) pwritev(r2, &(0x7f00000000c0)=[{&(0x7f0000000000)="6ff15062dd8a31076e30df0da9907cc51bd35fd16064777537ac93f3b3c53013876df3fc5858e3d427dafa", 0x56}], 0x1, 0x101, 0xff) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r9) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) r12 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r12, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1428084000"], 0x14}}, 0x20000010) sendmsg$BATADV_CMD_GET_DAT_CACHE(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r10, @ANYBLOB="05a300000000000000000d00000008000300", @ANYRES32=r11], 0x1c}}, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) sendmsg$nl_route(r4, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)=@ipv4_getnetconf={0x4c, 0x52, 0x8, 0x70bd2d, 0x25dfdbfd, {}, [@NETCONFA_RP_FILTER={0x8, 0x3, 0x2}, @NETCONFA_RP_FILTER={0x8, 0x3, 0x4}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x9}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x1000}, @NETCONFA_FORWARDING={0x8, 0x2, 0xfffffffd}, @NETCONFA_IFINDEX={0x8, 0x1, r11}, @NETCONFA_FORWARDING={0x8, 0x2, 0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40005}, 0x4040005) listen(r1, 0xc) setsockopt$inet6_int(r0, 0x10d, 0xb, &(0x7f0000000080)=0xa, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @loopback}, 0x62) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x9, @loopback, 0x20}, 0x1c) 36.811998693s ago: executing program 1 (id=2882): socket$inet(0x2, 0x2, 0x1) unshare(0x42000000) r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000380)={r0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[], 0x444}, 0x1, 0x0, 0x0, 0x404c804}, 0x40) sendmmsg$alg(r1, &(0x7f0000004140)=[{0x7b, 0x0, &(0x7f0000000600), 0x0, 0x0, 0x0, 0x4004051}], 0x49249249249253c, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x10, r1, 0x761ac000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000b, 0x4031, 0xffffffffffffffff, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x9, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="0f00000000000000611148000000000006000000feffffff950000000000000009f81146f2ac9f390a1346705a045d7fdea61b584e1881572a9551a609968158d1531c48a01ba884b52d8222e380b150caf50ec6fa211f773b139b2ea1003d20f1a978decf441b363f"], &(0x7f0000000080)='GPL\x00', 0x4, 0xd3, &(0x7f00000007c0)=""/211, 0x0, 0x11, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0xffffffff}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0300000004", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000010", @ANYRES32, @ANYBLOB='\x00'/27], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x5, 0x8, &(0x7f0000000040)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}, {}, {0x85, 0x0, 0x0, 0xad}}]}, &(0x7f0000000100)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket(0x10, 0x3, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) r3 = socket$nl_rdma(0x10, 0x3, 0x14) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x90280, 0x0) ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x20001439) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000863f602dd3eff1f87c0265bc73dabf9e3f263e86b2a699cc9270f8fe17737c2b0255897b8a75052fb40f1ad898d03e32b24e4082a703863eadbc3f7fb8ed1c4e0eb606797911dc48a5930d1e9d4002cb9b92630336ed1f69a7bc676f79b5f64cf4bc9e3d1d8fab81ae763965c4cfb4658ac02c21e919833accf9b87bbde26f99b9045fd31a52cb1f38670422c5a3dfd55e9d1c1dfccfd62de7277916891bee937028f92bb2c2ad96e9e392fb03071fef619815b171"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r5}, 0x10) ioctl$PPPIOCGFLAGS1(r4, 0x8004745a, &(0x7f00000001c0)) sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="180000000414010406000000000040000800010000000000"], 0x18}}, 0x0) 36.628078417s ago: executing program 2 (id=2883): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x10, 0x4, 0x8, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x4, &(0x7f00000002c0)={{r0}, &(0x7f0000000240), &(0x7f0000000280)}, 0x20) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1) sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001280)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010027bd7000fbdbdf250100000008000100030000002c00048005000300010000000500030080ff00000500030002000000050003001200000005000300050000000800020003"], 0x50}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000000)=ANY=[@ANYBLOB="84010000100001000019000000000000ff02000000000000000000000000000100000000000000000000cae8773c9d00000000000000000000000000000a00000023000000919425edec5a2444deb253fe5d34cf9367752d61", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000006c000000ac1414bb000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c700000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000480003006465666c617465000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004c0012007063727970742861656769733132386c2900"/316], 0x184}}, 0x0) r4 = socket$pppoe(0x18, 0x1, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x80010, r4, 0x3bcf8000) 36.239317919s ago: executing program 2 (id=2885): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) unshare(0x22020400) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000000c0)=0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r2, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000080)='cpuset\x00'}, 0x30) r3 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) ioctl$FICLONE(r3, 0x40049409, r3) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'}) socket$inet6_udplite(0xa, 0x2, 0x88) socket$xdp(0x2c, 0x3, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080), 0x4) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$packet(0x11, 0x3, 0x300) unshare(0x69a04c8e98d914be) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r5 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001040)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}}, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) socket$packet(0x11, 0x3, 0x300) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x30, 0x1411, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8}, @RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x13}]}, 0x30}}, 0x0) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="070000000000000000000200000020000180040004"], 0x34}, 0x1, 0x0, 0x0, 0x8081}, 0x0) 34.777590772s ago: executing program 4 (id=2887): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="2000000072009fb3000000000000000007000000", @ANYRES32=r2, @ANYBLOB="080001"], 0x20}, 0x1, 0x0, 0x0, 0x20000004}, 0x400000000000000) 34.272259733s ago: executing program 4 (id=2889): r0 = socket$netlink(0x10, 0x3, 0xf) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000400)=@ethtool_ringparam={0x12, 0x0, 0x20040001, 0x0, 0x1}}) bind$netlink(r0, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x8982, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, 0x0, 0x0) sendmsg$NFT_BATCH(r0, 0x0, 0x40) socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000640)=ANY=[@ANYRES32=r6, @ANYRES32=r5, @ANYBLOB="02"], 0x10) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) close(r5) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={@cgroup=r7, 0xffffffffffffffff, 0x2, 0x0, 0x0, @void, @value}, 0x10) r8 = socket(0x10, 0x803, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="38010000", @ANYRES16=0x0, @ANYBLOB="0000000000000000000001000000060006000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb542f8000880f4000080060005000000000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff240002001bc715ee4868b12a49f4df11bc05475489f6a27c4d6483ad2fa5e45903b0ce851400040002000000ac1414aa00000000000000008c00098028000080060001000a00000014100200ff02000000000000000000000000000105c9900003000000000028000080060001000a00000014000200fc02000000000000000000000000000005000300000000001c000080060001000200000008000200e000000105000300000000001c000080060001000200000008000200ac1414"], 0x138}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000240)=@newtaction={0x54, 0x30, 0x0, 0x0, 0x0, {}, [{0x40, 0x1, [@m_skbedit={0x3c, 0x0, 0x0, 0x0, {{0xc}, {0xc, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PTYPE={0x6}]}, {0x8, 0x6, "3564489b"}, {0xc}, {0xc}}}]}]}, 0x54}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r9, @ANYBLOB="020000000000800080001200080001007674693674000200"], 0xa0}}, 0x0) r10 = socket(0x10, 0x3, 0x0) sendmmsg(r10, &(0x7f0000000000), 0x400000000000235, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=@newqdisc={0x24, 0x25, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x0, 0xc}}}, 0x12}}, 0x0) 33.862873998s ago: executing program 4 (id=2890): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @remote}, 0x10) getsockopt$inet_int(r1, 0x10d, 0xe4, &(0x7f0000000000), &(0x7f0000000080)=0x4) 33.478870114s ago: executing program 1 (id=2892): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000440)='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00', 0x10) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000003700)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000002c0)=""/110, 0x6e}], 0x1}, 0x4}], 0x2, 0x0, 0x0) sendmsg$alg(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000004c0)="9e685760794f93d5148a96de6f79285dad5de4da19e0a4d207b64f033a3f27c70bc955fd751f9e1f13a2c61d47163cd62da5d4028d64286690bb810329051eac173b0970dbfa8ecfff2a81d9662ee2", 0x4f}], 0x1, &(0x7f0000000340)=[@assoc={0x18, 0x117, 0x4, 0x3f}], 0x18}, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x5c, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8}, @IPSET_ATTR_SIZE={0x8}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}]}, 0x5c}}, 0x0) 33.471061788s ago: executing program 4 (id=2893): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socket$phonet_pipe(0x23, 0x5, 0x2) socket(0x2b, 0x80801, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) recvmsg$unix(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{0x0}, {0x0}, {&(0x7f0000000340)=""/229, 0x22fe0}], 0x3}, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b0000000000000000000000000004000ca9d5a2fbe4705ca34f8fab126e742c637ac377b0412e1be893661907f639df151354eea8a314ab46ed54970214f6bed2ebc5eaa419534968600e269231646161355d392fb78e620389f489d81ea1d71aa606a417bbe81e8bff9bde5aa8ec0b6e3ab6e860665da020446fcee4bdde851d56c3624d55ba7e6c9ec79ee31fb25877e08f4d522ebdaa785d321af1282ac6a0755fd1c5ac36f1825bf59ead4cbc0f2df57a4e656b99f9e6c977205707ff727acad959f44e0bfc4f5d5f4c69de0cd4ae01085f312b6c12319edf2f485b168f5517e6c88cd5fdf0bc2bb4f699305c38b00f469cf6c3a2dbf71d40c552e25dc384bc5ac32318bec97ed0eb2d1c", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) ppoll(&(0x7f0000000500)=[{r4, 0x40}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) connect$llc(r1, &(0x7f00000001c0)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @dev}, 0x10) sendfile(r1, r0, 0x0, 0xffefffff) 33.264158387s ago: executing program 3 (id=2894): r0 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xf, &(0x7f0000000a00)={0x0, @in={{0x2, 0x4e22, @local}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, &(0x7f0000000180)=0x9c) 33.062276536s ago: executing program 1 (id=2895): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x200, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffed}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000084}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) connect$pppl2tp(r2, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xe}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001f40)=@newtfilter={0x40, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x9}, {0x0, 0xc}, {0x1c, 0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xfff2, 0x4}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10000}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000b00)={0x5c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_FRAME={0x34, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1}, {}, @device_b, @device_a, @initial, {0xd}, @value=@ver_80211n={0x0, 0x0, 0x1, 0x2}}, 0x40, 0xb82, @device_b, {0x0, 0x6, @default_ap_ssid}, @val, @void}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xf78}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24000040}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0) 32.769299935s ago: executing program 3 (id=2896): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-generic\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) sendto$inet(r2, &(0x7f0000000000)='o', 0x1, 0x8041, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000023c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f00000000c0)=0x10000) connect$inet(r0, &(0x7f0000001fc0)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_opts(r0, 0x0, 0x2, 0x0, 0x0) 32.51382839s ago: executing program 3 (id=2897): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000300000000000000000000008500000087000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007b00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r2 = socket$pppoe(0x18, 0x1, 0x0) r3 = socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r3) write(r3, &(0x7f0000000240)="1400000052004f7fb3e45f2024d2f1c9fb470000", 0x14) connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x2, @broadcast, 'xfrm0\x00'}}, 0x1e) r4 = socket$pppoe(0x18, 0x1, 0x0) sendmsg$NFNL_MSG_ACCT_GET(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x80, 0x1, 0x7, 0x101, 0x0, 0x0, {0x0, 0x0, 0x7}, [@NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x3f}, @NFACCT_FILTER={0x3c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x6}, @NFACCT_FILTER_VALUE={0x8}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x1}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x1}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x800}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x3}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x8}]}, @NFACCT_FLAGS={0x8}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x5}, @NFACCT_FLAGS={0x8}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) connect$pppoe(r4, &(0x7f00000000c0)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'veth1_to_bridge\x00'}}, 0x1e) r5 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r5, &(0x7f0000000000)={0x18, 0x0, {0x2, @local, 'veth1_to_bond\x00'}}, 0x1e) close(r2) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f00000001c0)={0x0, 0x4, 0x0, [0x7, 0xfffffffffffff919, 0x3, 0x8001], [0x7d3, 0x800, 0x7ff, 0xffff, 0x7ff, 0x9, 0x4, 0xffff, 0x8000000000000000, 0x3, 0x3, 0x8000000000000001, 0x11c0, 0xff, 0xffffffffffffffff, 0x8, 0xf52, 0x1485, 0x6, 0x200, 0xffffffffc1d67abe, 0x10001, 0x4, 0x3ff80, 0x2, 0x2c, 0x100000000, 0x20000000, 0x0, 0x100000001, 0x7, 0x63, 0x1, 0x7c4a, 0x8, 0xb3, 0xfffffffffffffff8, 0x9, 0x9, 0x4, 0x9, 0x1, 0x0, 0x5, 0x5, 0x800000000000007f, 0xc36, 0xfffffffffffffffb, 0x5a2f, 0x3ffffffffffd, 0x100000000000040, 0x9, 0x5d46, 0x9, 0x9, 0x1, 0x100000001, 0x5, 0x9, 0x0, 0x7, 0x1, 0xffff, 0x6, 0x9, 0x3f, 0x100000000, 0x1, 0x6, 0x7, 0x0, 0x6, 0x6, 0xfffffffffffffff8, 0xfffffffffffffffd, 0x80, 0x5, 0xb7, 0xfffffffffffffffe, 0x0, 0x7, 0x3, 0x6, 0x2, 0x1, 0xfffffffc, 0x48b9, 0x0, 0xfff, 0x7, 0x3f, 0x1b4, 0x4ef, 0x683e, 0x8, 0xa31, 0x1ff, 0x1, 0xf29, 0x2, 0x8, 0x1, 0x3296, 0x3, 0x1ff, 0x9fb1, 0xc9cc, 0x9, 0x8, 0x7, 0x6c9, 0x9, 0x7fff, 0x1, 0x3, 0x50, 0x0, 0x3, 0x5, 0x6, 0x2f]}) shutdown(r6, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x2}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x8}, @union]}}, 0x0, 0x4e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="3400000013000100000000000000000007000000", @ANYRES32=r7, @ANYBLOB="000000000000000014001a80100004800c000480080001"], 0x34}}, 0x0) 32.410206907s ago: executing program 1 (id=2898): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000000)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000001180)={0x6, {{0x2, 0x0, @multicast2}}}, 0x88) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_XFRM_DIR={0x5, 0x3, 0x1}]}}}]}]}], {0x14}}, 0xcc}}, 0x0) getsockopt$inet_buf(r1, 0x0, 0x30, &(0x7f0000000000)=""/4091, &(0x7f0000001000)=0xffb) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r3}, 0x10) r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r4}, 0x8) r6 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="85000000070000006a0a00ff000000220c00000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="0000002100000000050000000000000095c333d4c0a3ecdd69086b8e4c36439a8808b90ea579cdf8bd475a470064827701f4169ebebecb5bba94f06f020fb64e5594a86f5f00000000000008c7533dc98a94008d7d2a7d2c23bc3f4cc1992aebd29fd21e95b3c7c49de340c24cb6ba1a33740825c424ecd87a3b02ae7840be900964b6948074a8f2ed867fd6601b0ca02215f4c2a5157135575fa1903abe92246853cb7cb868a3b2524a92bfa8aaeaf3ff3f08fb97ec0c126bfea903ef567bdf48aecb23342c8102732b7257f65b1f7d82adec836fd77d2f5c6e6c18ae428531d9e4d906b0a19827bffab9ced1e24e8f063d44fb76dd59e75486"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2d) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)={@ifindex, r6, 0x11, 0x0, 0x0, @void, @value=r5}, 0x20) 32.150299602s ago: executing program 4 (id=2899): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$nl_audit(0x10, 0x3, 0x9) (async) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x17, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018010000786c6c0a00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async, rerun: 64) syz_emit_ethernet(0x1c2, &(0x7f00000002c0)={@local, @link_local, @void, {@ipv6={0x86dd, @dccp_packet={0x0, 0x6, "922ff5", 0x18c, 0x21, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, @local, {[@fragment={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64}, @hopopts={0x11, 0x23, '\x00', [@calipso={0x7, 0x18, {0x0, 0x4, 0x0, 0x0, [0x0, 0x0]}}, @calipso={0x7, 0x18, {0x0, 0x4, 0x0, 0x0, [0x0, 0x0]}}, @generic={0x0, 0xe3, "9a406896431cf8cebb1379b1cfca3ce3334fb0cd81c12766ff8351be2d961c40ce922dd8423e2de93ba96a5c90f772216e5e60c7d2a67cbcbc1d3b195d538eb920fc058775cc06baf8a87b4736fa0cf5161d47d4416aa6a1099c3aa4a927c4d93bcf1f4a781cbde0ee829f1276818415e192376437a6d4854c3c3ad346c7df7dfea9cd0463aa441a1b9cd514fedb8172d54cbf1353cf5f63fe58465c2d0e165df05ada44174919aaffc29df43606f9d49bcc571525c7aecc77ad523da96156400a63d03f15e4254c95ecb66cda9310041006d9d10e6b8a38bbdcac75348fe624c73bd8"}]}, @hopopts={0x0, 0x0, '\x00', [@enc_lim]}], {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "114f84", 0x0, "8e269c"}, "c52104e4fbd8be11e86055d5cec119bfa161827fb675e43744d104b96e26ecb84a318c4c1d7b4f70305e74abd64694eddc8e552b811b2a1c63e32b81"}}}}}}, 0x0) (async, rerun: 64) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r3, 0x11, 0xa, &(0x7f0000000300)=0x10, 0x4) (async, rerun: 32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10) (async, rerun: 32) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000004c0)}], 0x1}}], 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={&(0x7f0000000940)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x5, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x0, [{0x1}]}]}, {0x0, [0x5f, 0x30, 0x15f68a878522e060]}}, 0x0, 0x35, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async, rerun: 64) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x2}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="260a00000000000061116c0000000000180000000000000000000025a707f11704575bf400000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) (async) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c80)={0x24, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, "16"}]}, 0x24}}, 0x0) (async, rerun: 32) sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB, @ANYRES32=r6, @ANYBLOB="05005b"], 0x24}}, 0x0) (async, rerun: 32) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000500)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010020000000fddbdf253b000000080007c4da1c9ed14fcffd26391678dad20f00", @ANYRES32=r9, @ANYBLOB="2a003300d0000000ffffffffffff080211000000505050505050000004040000000076060000000000000000"], 0x48}}, 0x0) (async) socket$inet6_udp(0xa, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x4}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x58}}, 0x0) ioctl$sock_SIOCGSKNS(r0, 0x894c, 0x0) 32.037742624s ago: executing program 3 (id=2900): socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="140800", @ANYRES32], 0x14}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000480)=@generic={&(0x7f0000000340)='./file0\x00', 0x0, 0x10}, 0x18) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000002c0)=ANY=[@ANYBLOB="98000000", @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="7a00330080000000ffffffffffff080211"], 0x98}}, 0x0) r4 = socket(0x15, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x8004}, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001c80)={&(0x7f00000000c0)={0x20, r5, 0x1, 0x0, 0xfffffffc, {0xa}, [@ETHTOOL_A_COALESCE_HEADER={0x4}, @ETHTOOL_A_COALESCE_TX_USECS_IRQ={0x8, 0x8, 0x3}]}, 0x20}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="208a0000000000005fd140df7b00bc206ae7000000000000c725163075498d5f2377d27327efe9e72af97ae16009e48cb2c213ebab6a297a1ffcfb8a34af796675c4e1c1892853ee0c4a14123aa9656d070309a7459adce24483ee2a7aa7acc2036953ba3ff72c2215aedf2b8110e116ca1bb157448ea5347c822aa35481a3bcf825605d2fc4bd95269c98920416ef29d4bcca744fd9c43b757f7bd4c71c5c78897750a6"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r6}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$tipc(0x1e, 0x2, 0x0) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) r7 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_mreqsrc(r7, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f00000000c0)=0x2c) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r8 = socket(0x848000000015, 0x805, 0x0) bind$inet6(r8, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c) sendto$inet6(r8, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, 0x1c) socket(0x40000000015, 0x805, 0x0) 31.908444373s ago: executing program 1 (id=2901): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000000)='6', 0x1) ioctl$TUNSETLINK(r1, 0x400454cd, 0x337) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r3, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_devices(r4, &(0x7f0000000300)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r5, &(0x7f0000000440)=ANY=[@ANYBLOB="62202a3a2a20726d1f"], 0x9) ioctl$TUNSETFILTEREBPF(r1, 0x800454e1, &(0x7f0000000140)=r3) r6 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r6, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r7 = socket$tipc(0x1e, 0x2, 0x0) r8 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r8, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r8, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) sendmsg$tipc(r7, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10, 0x0}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff}) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) tee(r9, r11, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="6000000010003b0c000000000200000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800b00010065727370616e000030000280060003000080000006000200b60000000800060000000000040012"], 0x60}, 0x1, 0x0, 0x0, 0x4000014}, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r10, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0xab9bc46956f743f0}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x38, 0x140a, 0x400, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x2}]}, 0x38}, 0x1, 0x0, 0x0, 0x20008001}, 0x4000) 31.681595645s ago: executing program 4 (id=2902): socket(0x2, 0x80805, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x7, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="b700000040ecffff6320000000000000850000000c0000009500000080000a6682f08a000000e2dd39d1a88073c9479e9a907c994a09566dbbf1acd717fd83e985be33d8ef246cc40000000000000002671bc6c8a3d87944f1e6cb40826879050100000000000000c6620ed86d419d9e0c9477aad30aeb621b22642efc3581f1f66fca0500000000000000aa7216e135ee8487402c6b9d338fbbb3bc3a5f2f28679933490af177ae3b5abb38fb30d861d7d23e20d362cf5e8237ffb792fc19da30c74ea15047b6ea85b4b0bf03b4fd44060000001af2f09903b2cb2686b62ff116e6ba89d355675381106b46aa36ba452f5e00e62f379e1524ef06905e98315041bcd066e2b93b48c68b2b7d633ce8bb3a45c5ab492e32f879cf233dfb22b72e941b9f2be5e6e9e4e5b1f7fd1927f8c192ca7791e6ac78505448dec494d9d9cc45a45d962b080215d05b898bf372920be6d22662428a5c4ba3acd222e0e63b6fb14bf39da65db23f26582d6d0b11119ca2f6103e3a9c0d34"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f0000000340)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$netlink(0x10, 0x3, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="18000000131401010000000000000000080001000000000079"], 0x18}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x83, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000060000000160a010100000000000900010073797a300000000008000740000000032c0003800800024000000000080001400000000018000380140001006e657464657673696d30000000000000140000001000010000000000020000000000000a"], 0xa8}}, 0x0) socket$unix(0x1, 0x1, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r3, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000800)=ANY=[@ANYBLOB="0001002fefb63eef232200", @ANYRES16=0x0, @ANYBLOB="04002bbd7000fddbdf25030000002800070073797374656d5f753a6f626a6563745f723a616e6163726f6e5f657865635f743a73300014000300200100000000000000000000000000011400060070696d7265673100000000000000000008000500ac1414aa08000400ffffffff2700070073797374656d5f753a6f626a6563745f723a6175646974645f657865635f743a733000002600070073797374656d5f753a6f626a6563745f723a7474795f6465766963655f743a73300000002a00070073797374656d5f753a6f626a6563745f723a7572616e646f6d5f6465766963655f743a7330000000050001000000000008000400ac141424"], 0x100}}, 0x800) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @multicast1}, @rand_addr=0x64010101, 0x13, 0x1e}}) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0), 0xc7) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) r4 = socket$can_bcm(0x1d, 0x2, 0x2) r5 = socket$inet(0x2, 0x6, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'team_slave_0\x00', 0x0}) connect$can_bcm(r4, &(0x7f0000000040)={0x1d, r6}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x20, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000340)='veno\x00', 0x5) sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) r7 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1500"/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=r8, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000002000000000000000000"], 0x48) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 31.201251244s ago: executing program 3 (id=2903): r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @remote}, 0x10) getsockopt$inet_int(r1, 0x10d, 0xe4, &(0x7f0000000000), &(0x7f0000000080)=0x4) 30.832492172s ago: executing program 3 (id=2904): bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0100000016051300e28545f300000100000f9a20001c116500af22c0e44eb433191724d810ac4f5f064574511a922724f51d96c4876e28fd7e9a7ca4d243e9e7d18544", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmsg$inet(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x2, 0x4e20, @private=0xa010101}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000300)="f9ce", 0x2}], 0x1}, 0x840) sendto$inet6(r0, &(0x7f00000010c0)="a7", 0x1, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private2}, 0x1c) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000680)={0x40, r2, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x401}, @NBD_ATTR_SOCKETS={0x14, 0x7, 0x0, 0x1, [{0x8}, {0x8}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x44000}, 0x50) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000ec0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_KEY(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000001800000008000300", @ANYRES32=r5, @ANYBLOB="380030803400018008000100000000002800038008000200030000000b0004"], 0x54}}, 0x0) socket$packet(0x11, 0x3, 0x300) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000010000000000000000001851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000106608000000000000180000000000000000000000000000009500000000000000360a020000001000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r8, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000140)={0x0, 0x1c, 0x40}, 0x8) 30.809242379s ago: executing program 1 (id=2905): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000000), &(0x7f0000000040)=r2}, 0x20) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x5) sendto(r0, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0) 0s ago: executing program 0 (id=2203): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r1) sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x14, r2, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r1) syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r1) sendmsg$NBD_CMD_RECONFIGURE(r0, 0x0, 0x0) kernel console output (not intermixed with test programs): T13512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 548.447511][T13512] Call Trace: [ 548.447520][T13512] [ 548.447530][T13512] dump_stack_lvl+0x241/0x360 [ 548.447568][T13512] ? __pfx_dump_stack_lvl+0x10/0x10 [ 548.447598][T13512] ? __pfx__printk+0x10/0x10 [ 548.447628][T13512] ? __pfx_lock_release+0x10/0x10 [ 548.447672][T13512] should_fail_ex+0x3b0/0x4e0 [ 548.447709][T13512] _copy_from_user+0x2f/0xe0 [ 548.447739][T13512] copy_msghdr_from_user+0xae/0x680 [ 548.447778][T13512] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 548.447827][T13512] __sys_sendmsg+0x22d/0x380 [ 548.447857][T13512] ? __pfx___sys_sendmsg+0x10/0x10 [ 548.447897][T13512] ? __pfx_vfs_write+0x10/0x10 [ 548.447947][T13512] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 548.447984][T13512] ? do_syscall_64+0x100/0x230 [ 548.448013][T13512] ? do_syscall_64+0xb6/0x230 [ 548.448048][T13512] do_syscall_64+0xf3/0x230 [ 548.448076][T13512] ? clear_bhb_loop+0x35/0x90 [ 548.448108][T13512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.448135][T13512] RIP: 0033:0x7f8d29d7dff9 [ 548.448157][T13512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 548.448177][T13512] RSP: 002b:00007f8d2ab16038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 548.448205][T13512] RAX: ffffffffffffffda RBX: 00007f8d29f35f80 RCX: 00007f8d29d7dff9 [ 548.448223][T13512] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000004 [ 548.448238][T13512] RBP: 00007f8d2ab16090 R08: 0000000000000000 R09: 0000000000000000 [ 548.448253][T13512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 548.448273][T13512] R13: 0000000000000000 R14: 00007f8d29f35f80 R15: 00007fff1c709328 [ 548.499939][ T5241] Bluetooth: hci0: command 0x041b tx timeout [ 548.505198][T13512] [ 548.757469][ T7161] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 548.765567][ T7161] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 548.774022][ T4530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 548.782051][ T4530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 548.878849][T13522] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xf [ 548.911551][T13522] netlink: 240 bytes leftover after parsing attributes in process `syz.3.2547'. [ 548.918779][T13525] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2550'. [ 548.929904][T13525] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2550'. [ 548.936749][T13527] FAULT_INJECTION: forcing a failure. [ 548.936749][T13527] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 548.997980][T13527] CPU: 0 UID: 0 PID: 13527 Comm: syz.1.2549 Not tainted 6.12.0-rc2-syzkaller-00501-gd677aebd663d #0 [ 549.008819][T13527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 549.018899][T13527] Call Trace: [ 549.022191][T13527] [ 549.025135][T13527] dump_stack_lvl+0x241/0x360 [ 549.029840][T13527] ? __pfx_dump_stack_lvl+0x10/0x10 [ 549.035059][T13527] ? __pfx__printk+0x10/0x10 [ 549.039777][T13527] ? __pfx_lock_release+0x10/0x10 [ 549.044926][T13527] ? __lock_acquire+0x1384/0x2050 [ 549.049999][T13527] should_fail_ex+0x3b0/0x4e0 [ 549.054729][T13527] _copy_from_user+0x2f/0xe0 [ 549.059344][T13527] kstrtouint_from_user+0xc6/0x190 [ 549.064492][T13527] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 549.070339][T13527] ? __pfx_lock_acquire+0x10/0x10 [ 549.075396][T13527] proc_fail_nth_write+0xaa/0x2d0 [ 549.080461][T13527] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 549.086461][T13527] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 549.092124][T13527] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 549.097803][T13527] vfs_write+0x29c/0xc90 [ 549.102280][T13527] ? __pfx_vfs_write+0x10/0x10 [ 549.107151][T13527] ? __fget_files+0x3f3/0x470 [ 549.111858][T13527] ? fdget_pos+0x24e/0x320 [ 549.116409][T13527] ksys_write+0x183/0x2b0 [ 549.120776][T13527] ? __pfx_ksys_write+0x10/0x10 [ 549.125670][T13527] ? do_syscall_64+0x100/0x230 [ 549.130477][T13527] ? do_syscall_64+0xb6/0x230 [ 549.135186][T13527] do_syscall_64+0xf3/0x230 [ 549.139714][T13527] ? clear_bhb_loop+0x35/0x90 [ 549.144498][T13527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.150421][T13527] RIP: 0033:0x7fbb8337cadf [ 549.154957][T13527] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 549.174941][T13527] RSP: 002b:00007fbb841b4030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 549.183376][T13527] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbb8337cadf [ 549.191447][T13527] RDX: 0000000000000001 RSI: 00007fbb841b40a0 RDI: 0000000000000004 [ 549.199432][T13527] RBP: 00007fbb841b4090 R08: 0000000000000000 R09: 0000000000000000 [ 549.207437][T13527] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 549.215779][T13527] R13: 0000000000000000 R14: 00007fbb83535f80 R15: 00007ffd0f6aeaa8 [ 549.223775][T13527] [ 549.360081][T13534] netlink: 'syz.3.2556': attribute type 1 has an invalid length. [ 549.479171][T13538] bond0: (slave vlan2): Opening slave failed [ 550.110043][T13558] __nla_validate_parse: 1 callbacks suppressed [ 550.110065][T13558] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2564'. [ 550.131875][T13558] netlink: 'syz.1.2564': attribute type 28 has an invalid length. [ 550.139828][T13558] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2564'. [ 550.343679][T13568] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2567'. [ 550.817564][T13585] FAULT_INJECTION: forcing a failure. [ 550.817564][T13585] name failslab, interval 1, probability 0, space 0, times 0 [ 550.835070][T13585] CPU: 1 UID: 0 PID: 13585 Comm: syz.1.2574 Not tainted 6.12.0-rc2-syzkaller-00501-gd677aebd663d #0 [ 550.845910][T13585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 550.856280][T13585] Call Trace: [ 550.859596][T13585] [ 550.862555][T13585] dump_stack_lvl+0x241/0x360 [ 550.867288][T13585] ? __pfx_dump_stack_lvl+0x10/0x10 [ 550.872538][T13585] ? __pfx__printk+0x10/0x10 [ 550.877180][T13585] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 550.883222][T13585] ? __pfx___might_resched+0x10/0x10 [ 550.888654][T13585] should_fail_ex+0x3b0/0x4e0 [ 550.893394][T13585] should_failslab+0xac/0x100 [ 550.898206][T13585] ? __alloc_skb+0x1c3/0x440 [ 550.902873][T13585] kmem_cache_alloc_node_noprof+0x71/0x320 [ 550.908735][T13585] __alloc_skb+0x1c3/0x440 [ 550.913285][T13585] ? __pfx___alloc_skb+0x10/0x10 [ 550.918274][T13585] ? netlink_ack_tlv_len+0x6e/0x200 [ 550.923511][T13585] netlink_ack+0x13f/0xa30 [ 550.927966][T13585] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 550.933514][T13585] netlink_rcv_skb+0x262/0x430 [ 550.938319][T13585] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 550.943819][T13585] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 550.949171][T13585] ? netlink_deliver_tap+0x2e/0x1b0 [ 550.954416][T13585] netlink_unicast+0x7f6/0x990 [ 550.959328][T13585] ? __pfx_netlink_unicast+0x10/0x10 [ 550.964660][T13585] ? __virt_addr_valid+0x183/0x530 [ 550.969828][T13585] ? __check_object_size+0x48e/0x900 [ 550.975197][T13585] netlink_sendmsg+0x8e4/0xcb0 [ 550.980076][T13585] ? __pfx_netlink_sendmsg+0x10/0x10 [ 550.985439][T13585] ? aa_sock_msg_perm+0x91/0x160 [ 550.990428][T13585] ? __pfx_netlink_sendmsg+0x10/0x10 [ 550.995770][T13585] __sock_sendmsg+0x221/0x270 [ 551.000511][T13585] ____sys_sendmsg+0x52a/0x7e0 [ 551.005331][T13585] ? __pfx_____sys_sendmsg+0x10/0x10 [ 551.010688][T13585] __sys_sendmmsg+0x3ab/0x730 [ 551.015440][T13585] ? __pfx___sys_sendmmsg+0x10/0x10 [ 551.020701][T13585] ? __pfx_lock_release+0x10/0x10 [ 551.025778][T13585] ? kstrtouint_from_user+0x128/0x190 [ 551.031218][T13585] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 551.037156][T13585] ? ksys_write+0x229/0x2b0 [ 551.041697][T13585] ? __pfx_lock_release+0x10/0x10 [ 551.046780][T13585] ? vfs_write+0x7bf/0xc90 [ 551.051319][T13585] ? kmem_cache_free+0x1a2/0x420 [ 551.056311][T13585] ? __mutex_unlock_slowpath+0x21d/0x750 [ 551.062000][T13585] ? __fget_files+0x3f3/0x470 [ 551.066747][T13585] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 551.072784][T13585] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 551.079173][T13585] ? do_syscall_64+0x100/0x230 [ 551.083998][T13585] __x64_sys_sendmmsg+0xa0/0xb0 [ 551.088910][T13585] do_syscall_64+0xf3/0x230 [ 551.093465][T13585] ? clear_bhb_loop+0x35/0x90 [ 551.098195][T13585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 551.104141][T13585] RIP: 0033:0x7fbb8337dff9 [ 551.108605][T13585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 551.128436][T13585] RSP: 002b:00007fbb841b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 551.136908][T13585] RAX: ffffffffffffffda RBX: 00007fbb83535f80 RCX: 00007fbb8337dff9 [ 551.144942][T13585] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 551.153049][T13585] RBP: 00007fbb841b4090 R08: 0000000000000000 R09: 0000000000000000 [ 551.161083][T13585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 551.169190][T13585] R13: 0000000000000000 R14: 00007fbb83535f80 R15: 00007ffd0f6aeaa8 [ 551.177227][T13585] [ 551.260906][ T4530] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 551.319133][ T4530] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 551.627817][ T7161] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 552.034167][ T7161] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 552.091599][ T7161] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 552.196637][ T7161] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 552.345770][T13619] FAULT_INJECTION: forcing a failure. [ 552.345770][T13619] name failslab, interval 1, probability 0, space 0, times 0 [ 552.386986][T13619] CPU: 0 UID: 0 PID: 13619 Comm: syz.1.2584 Not tainted 6.12.0-rc2-syzkaller-00501-gd677aebd663d #0 [ 552.397812][T13619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 552.407884][T13619] Call Trace: [ 552.411174][T13619] [ 552.414115][T13619] dump_stack_lvl+0x241/0x360 [ 552.418815][T13619] ? __pfx_dump_stack_lvl+0x10/0x10 [ 552.424031][T13619] ? __pfx__printk+0x10/0x10 [ 552.428643][T13619] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 552.434647][T13619] ? __pfx___might_resched+0x10/0x10 [ 552.440039][T13619] should_fail_ex+0x3b0/0x4e0 [ 552.444762][T13619] should_failslab+0xac/0x100 [ 552.449457][T13619] ? __alloc_skb+0x1c3/0x440 [ 552.454057][T13619] kmem_cache_alloc_node_noprof+0x71/0x320 [ 552.459973][T13619] __alloc_skb+0x1c3/0x440 [ 552.464451][T13619] ? __pfx___alloc_skb+0x10/0x10 [ 552.469406][T13619] ? netlink_autobind+0xd6/0x2f0 [ 552.474444][T13619] ? netlink_autobind+0x2b0/0x2f0 [ 552.479487][T13619] netlink_sendmsg+0x638/0xcb0 [ 552.484284][T13619] ? __pfx_netlink_sendmsg+0x10/0x10 [ 552.489588][T13619] ? aa_sock_msg_perm+0x91/0x160 [ 552.494559][T13619] ? __pfx_netlink_sendmsg+0x10/0x10 [ 552.499979][T13619] __sock_sendmsg+0x221/0x270 [ 552.504680][T13619] ____sys_sendmsg+0x52a/0x7e0 [ 552.509499][T13619] ? __pfx_____sys_sendmsg+0x10/0x10 [ 552.514837][T13619] __sys_sendmsg+0x292/0x380 [ 552.519463][T13619] ? __pfx___sys_sendmsg+0x10/0x10 [ 552.524597][T13619] ? __pfx_vfs_write+0x10/0x10 [ 552.529395][T13619] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 552.535742][T13619] ? do_syscall_64+0x100/0x230 [ 552.540521][T13619] ? do_syscall_64+0xb6/0x230 [ 552.545213][T13619] do_syscall_64+0xf3/0x230 [ 552.549755][T13619] ? clear_bhb_loop+0x35/0x90 [ 552.554476][T13619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 552.560420][T13619] RIP: 0033:0x7fbb8337dff9 [ 552.564866][T13619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 552.585036][T13619] RSP: 002b:00007fbb841b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 552.593486][T13619] RAX: ffffffffffffffda RBX: 00007fbb83535f80 RCX: 00007fbb8337dff9 [ 552.601474][T13619] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000004 [ 552.609465][T13619] RBP: 00007fbb841b4090 R08: 0000000000000000 R09: 0000000000000000 [ 552.617450][T13619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 552.625432][T13619] R13: 0000000000000000 R14: 00007fbb83535f80 R15: 00007ffd0f6aeaa8 [ 552.633450][T13619] [ 552.703017][T13622] netlink: 336 bytes leftover after parsing attributes in process `syz.4.2585'. [ 552.730643][T13615] syzkaller0: entered promiscuous mode [ 552.736557][T13615] syzkaller0: entered allmulticast mode [ 552.744026][ T4530] syzkaller0: tun_net_xmit 48 [ 552.758384][T13626] syzkaller0: tun_chr_ioctl cmd 2147767520 [ 552.769915][T13615] syzkaller0: tun_net_xmit 1280 [ 552.774535][ T4625] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 552.785089][T13615] syzkaller0: create flow: hash 1446423671 index 2 [ 552.789546][ T4625] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 552.801349][ T4625] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 552.810622][ T4625] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 552.820276][ T4625] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 552.827721][ T4625] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 552.896420][T13613] syzkaller0: delete flow: hash 1446423671 index 2 [ 553.120224][T13642] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 554.034977][T13659] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 554.887055][ T5241] Bluetooth: hci0: command tx timeout [ 555.010152][T13627] lo speed is unknown, defaulting to 1000 [ 555.170029][ T7161] bridge_slave_1: left allmulticast mode [ 555.179890][ T7161] bridge_slave_1: left promiscuous mode [ 555.192083][ T7161] bridge0: port 2(bridge_slave_1) entered disabled state [ 555.208664][ T7161] bridge_slave_0: left allmulticast mode [ 555.214486][ T7161] bridge_slave_0: left promiscuous mode [ 555.220269][ T7161] bridge0: port 1(bridge_slave_0) entered disabled state [ 555.776155][ T7161] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 555.787751][ T7161] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 555.798794][ T7161] bond0 (unregistering): Released all slaves [ 556.182643][T13703] RDS: rds_bind could not find a transport for ::ffff:100.1.1.2, load rds_tcp or rds_rdma? [ 556.297980][T13706] syzkaller0: entered promiscuous mode [ 556.303502][T13706] syzkaller0: entered allmulticast mode [ 556.350034][ T7161] hsr_slave_0: left promiscuous mode [ 556.356224][ T7161] hsr_slave_1: left promiscuous mode [ 556.364026][ T7161] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 556.371797][ T7161] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 556.379804][ T7161] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 556.387421][ T7161] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 556.412403][ T7161] veth1_macvtap: left promiscuous mode [ 556.418412][ T7161] veth0_macvtap: left promiscuous mode [ 556.424563][ T7161] veth1_vlan: left promiscuous mode [ 556.430257][ T7161] veth0_vlan: left promiscuous mode [ 556.954389][ T5241] Bluetooth: hci0: command tx timeout [ 557.087199][ T7161] team0 (unregistering): Port device team_slave_1 removed [ 557.138301][ T7161] team0 (unregistering): Port device team_slave_0 removed [ 557.643095][T13712] netlink: 'syz.1.2609': attribute type 1 has an invalid length. [ 557.651476][ T1005] syzkaller0: tun_net_xmit 48 [ 557.729278][T13714] IPv6: NLM_F_CREATE should be specified when creating new route [ 557.753506][T13733] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2613'. [ 557.764933][T13733] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2613'. [ 559.049428][ T5241] Bluetooth: hci0: command tx timeout [ 559.635505][T13742] tipc: New replicast peer: 255.255.255.255 [ 559.643965][T13742] tipc: Enabled bearer , priority 10 [ 559.706685][T13627] chnl_net:caif_netlink_parms(): no params data found [ 562.104297][ T5241] Bluetooth: hci0: command tx timeout [ 563.121656][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.783413][T13759] FAULT_INJECTION: forcing a failure. [ 563.783413][T13759] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 563.804079][T13627] bridge0: port 1(bridge_slave_0) entered blocking state [ 563.804646][T13759] CPU: 1 UID: 0 PID: 13759 Comm: syz.4.2621 Not tainted 6.12.0-rc2-syzkaller-00501-gd677aebd663d #0 [ 563.821928][T13759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 563.832007][T13759] Call Trace: [ 563.835299][T13759] [ 563.838239][T13759] dump_stack_lvl+0x241/0x360 [ 563.842936][T13759] ? __pfx_dump_stack_lvl+0x10/0x10 [ 563.848149][T13759] ? __pfx__printk+0x10/0x10 [ 563.852750][T13759] ? __pfx_lock_release+0x10/0x10 [ 563.857833][T13759] should_fail_ex+0x3b0/0x4e0 [ 563.862537][T13759] _copy_from_user+0x2f/0xe0 [ 563.867149][T13759] do_sock_getsockopt+0x1d1/0x7e0 [ 563.872189][T13759] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 563.877746][T13759] ? __fget_files+0x3f3/0x470 [ 563.882448][T13759] ? __fget_files+0x29/0x470 [ 563.887063][T13759] __sys_getsockopt+0x267/0x330 [ 563.891931][T13759] ? __pfx___sys_getsockopt+0x10/0x10 [ 563.897401][T13759] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 563.903746][T13759] ? do_syscall_64+0x100/0x230 [ 563.908526][T13759] __x64_sys_getsockopt+0xb5/0xd0 [ 563.913592][T13759] do_syscall_64+0xf3/0x230 [ 563.918199][T13759] ? clear_bhb_loop+0x35/0x90 [ 563.922894][T13759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 563.928800][T13759] RIP: 0033:0x7f8d29d7dff9 [ 563.933225][T13759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 563.952929][T13759] RSP: 002b:00007f8d2ab16038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 563.961532][T13759] RAX: ffffffffffffffda RBX: 00007f8d29f35f80 RCX: 00007f8d29d7dff9 [ 563.969516][T13759] RDX: 00000000000000e0 RSI: 000000000000010d RDI: 0000000000000003 [ 563.977494][T13759] RBP: 00007f8d2ab16090 R08: 0000000020000080 R09: 0000000000000000 [ 563.985561][T13759] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 563.993551][T13759] R13: 0000000000000000 R14: 00007f8d29f35f80 R15: 00007fff1c709328 [ 564.001643][T13759] [ 564.031359][ T8] IPVS: starting estimator thread 0... [ 564.045214][T13627] bridge0: port 1(bridge_slave_0) entered disabled state [ 564.052501][T13627] bridge_slave_0: entered allmulticast mode [ 564.077548][T13627] bridge_slave_0: entered promiscuous mode [ 564.100990][T13627] bridge0: port 2(bridge_slave_1) entered blocking state [ 564.110159][T13627] bridge0: port 2(bridge_slave_1) entered disabled state [ 564.124483][T13627] bridge_slave_1: entered allmulticast mode [ 564.131600][T13627] bridge_slave_1: entered promiscuous mode [ 564.145346][T13770] IPVS: using max 15 ests per chain, 36000 per kthread [ 564.154452][T13774] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2624'. [ 564.202203][T13768] pim6reg: entered allmulticast mode [ 564.221517][T13761] pim6reg: left allmulticast mode [ 564.268889][T13627] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 564.299231][T13627] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 564.368178][T13779] sctp: [Deprecated]: syz.2.2626 (pid 13779) Use of struct sctp_assoc_value in delayed_ack socket option. [ 564.368178][T13779] Use struct sctp_sack_info instead [ 564.390179][T13627] team0: Port device team_slave_0 added [ 564.410098][T13627] team0: Port device team_slave_1 added [ 564.421254][T13779] sctp: [Deprecated]: syz.2.2626 (pid 13779) Use of struct sctp_assoc_value in delayed_ack socket option. [ 564.421254][T13779] Use struct sctp_sack_info instead [ 564.462974][T13627] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 564.486727][T13627] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 564.513758][T13627] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 564.528976][T13627] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 564.536265][T13627] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 564.563167][T13627] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 564.629159][T13789] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2630'. [ 564.651203][T13783] syzkaller0: entered promiscuous mode [ 564.657563][T13783] syzkaller0: entered allmulticast mode [ 564.672783][ T7149] syzkaller0: tun_net_xmit 48 [ 564.688847][T13783] syzkaller0: tun_chr_ioctl cmd 2147767520 [ 564.701151][T13783] syzkaller0: tun_net_xmit 1280 [ 564.706345][T13783] syzkaller0: create flow: hash 1446423671 index 2 [ 564.797583][T13782] syzkaller0: delete flow: hash 1446423671 index 2 [ 564.819334][T13627] hsr_slave_0: entered promiscuous mode [ 564.826133][T13627] hsr_slave_1: entered promiscuous mode [ 567.879629][T13808] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2635'. [ 567.898210][T13809] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2635'. [ 568.021452][T13814] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2636'. [ 568.062641][T13814] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2636'. [ 568.127261][T13814] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2636'. [ 568.166740][T13818] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2638'. [ 568.773487][T13841] syzkaller0: entered promiscuous mode [ 568.795615][T13841] syzkaller0: entered allmulticast mode [ 568.816926][ T7149] syzkaller0: tun_net_xmit 48 [ 568.829012][T13841] syzkaller0: tun_chr_ioctl cmd 2147767520 [ 568.885837][T13841] syzkaller0: tun_net_xmit 1280 [ 568.890853][T13841] syzkaller0: create flow: hash 1446423671 index 2 [ 569.059835][T13627] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 569.117198][T13627] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 569.147230][T13840] syzkaller0: delete flow: hash 1446423671 index 2 [ 569.157658][T13627] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 590.865065][ T4625] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 590.903513][ T4625] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 590.913239][ T4625] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 590.932389][ T5255] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 590.950601][ T5255] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 590.951722][ T5252] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 590.961746][ T5255] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 590.968222][ T5242] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 590.973170][ T5255] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 590.983422][ T5242] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 590.995718][ T5252] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 591.018908][ T5242] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 591.025288][ T5255] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 591.031018][ T5246] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 591.037547][ T5252] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 591.043398][ T5242] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 591.061258][ T5252] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 591.061317][ T5246] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 591.078257][ T5242] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 591.092947][ T4625] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 591.099807][ T5252] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 591.106738][ T4625] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 591.117985][ T5252] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 591.127854][ T5252] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 591.803496][T13627] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 591.816485][T13859] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2652'. [ 592.291288][ T7157] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.316334][T13871] lo speed is unknown, defaulting to 1000 [ 592.370190][ T7157] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.463268][ T7157] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.483188][T13869] lo speed is unknown, defaulting to 1000 [ 592.491811][T13627] 8021q: adding VLAN 0 to HW filter on device bond0 [ 592.534878][ T7157] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.559057][T13627] 8021q: adding VLAN 0 to HW filter on device team0 [ 592.592354][ T7161] bridge0: port 1(bridge_slave_0) entered blocking state [ 592.599552][ T7161] bridge0: port 1(bridge_slave_0) entered forwarding state [ 592.636830][ T7161] bridge0: port 2(bridge_slave_1) entered blocking state [ 592.643987][ T7161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 592.760705][T13875] lo speed is unknown, defaulting to 1000 [ 593.114760][ T5252] Bluetooth: hci1: command tx timeout [ 593.127486][ T5241] Bluetooth: hci4: command tx timeout [ 593.196021][ T5241] Bluetooth: hci3: command tx timeout [ 593.196975][ T5252] Bluetooth: hci5: command tx timeout [ 593.265913][ T7157] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 593.277616][ T7157] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 593.290553][ T7157] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 593.301904][ T7157] bond0 (unregistering): Released all slaves [ 593.375404][T13872] lo speed is unknown, defaulting to 1000 [ 593.420942][ T7157] tipc: Disabling bearer [ 593.430130][ T7157] tipc: Left network mode [ 593.478747][T13627] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 593.584017][T13871] chnl_net:caif_netlink_parms(): no params data found [ 593.729189][T13627] veth0_vlan: entered promiscuous mode [ 593.749822][T13869] chnl_net:caif_netlink_parms(): no params data found [ 593.954193][ T7157] hsr_slave_0: left promiscuous mode [ 593.960434][ T7157] hsr_slave_1: left promiscuous mode [ 593.970966][ T7157] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 593.978619][ T7157] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 594.003973][ T7157] veth1_macvtap: left promiscuous mode [ 594.009777][ T7157] veth0_macvtap: left promiscuous mode [ 594.016886][ T7157] veth1_vlan: left promiscuous mode [ 594.022365][ T7157] A: left promiscuous mode [ 594.492402][ T7157] team0 (unregistering): Port device team_slave_1 removed [ 594.552486][ T7157] team0 (unregistering): Port device team_slave_0 removed [ 595.075741][T13871] bridge0: port 1(bridge_slave_0) entered blocking state [ 595.082963][T13871] bridge0: port 1(bridge_slave_0) entered disabled state [ 595.094969][T13871] bridge_slave_0: entered allmulticast mode [ 595.103647][T13871] bridge_slave_0: entered promiscuous mode [ 595.126356][T13627] veth1_vlan: entered promiscuous mode [ 595.159795][T13871] bridge0: port 2(bridge_slave_1) entered blocking state [ 595.174506][T13871] bridge0: port 2(bridge_slave_1) entered disabled state [ 595.181862][T13871] bridge_slave_1: entered allmulticast mode [ 595.194113][T13871] bridge_slave_1: entered promiscuous mode [ 595.200889][ T5252] Bluetooth: hci1: command tx timeout [ 595.200900][ T5241] Bluetooth: hci4: command tx timeout [ 595.217373][T13875] chnl_net:caif_netlink_parms(): no params data found [ 595.267859][T13869] bridge0: port 1(bridge_slave_0) entered blocking state [ 595.274733][ T5241] Bluetooth: hci5: command tx timeout [ 595.275855][ T5252] Bluetooth: hci3: command tx timeout [ 595.286221][T13869] bridge0: port 1(bridge_slave_0) entered disabled state [ 595.293604][T13869] bridge_slave_0: entered allmulticast mode [ 595.301392][T13869] bridge_slave_0: entered promiscuous mode [ 595.313279][T13869] bridge0: port 2(bridge_slave_1) entered blocking state [ 595.320741][T13869] bridge0: port 2(bridge_slave_1) entered disabled state [ 595.329115][T13869] bridge_slave_1: entered allmulticast mode [ 595.336615][T13869] bridge_slave_1: entered promiscuous mode [ 595.380198][T13871] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 595.442053][T13871] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 595.463268][T13869] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 595.477387][T13869] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 595.602029][T13871] team0: Port device team_slave_0 added [ 595.611390][T13871] team0: Port device team_slave_1 added [ 595.622788][T13869] team0: Port device team_slave_0 added [ 595.632461][T13869] team0: Port device team_slave_1 added [ 595.653563][T13875] bridge0: port 1(bridge_slave_0) entered blocking state [ 595.661031][T13875] bridge0: port 1(bridge_slave_0) entered disabled state [ 595.668540][T13875] bridge_slave_0: entered allmulticast mode [ 595.676001][T13875] bridge_slave_0: entered promiscuous mode [ 595.718273][ T7157] IPVS: stop unused estimator thread 0... [ 595.745320][T13875] bridge0: port 2(bridge_slave_1) entered blocking state [ 595.752508][T13875] bridge0: port 2(bridge_slave_1) entered disabled state [ 595.760512][T13875] bridge_slave_1: entered allmulticast mode [ 595.767847][T13875] bridge_slave_1: entered promiscuous mode [ 595.775619][T13871] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 595.782618][T13871] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 595.808841][T13871] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 595.820874][T13872] chnl_net:caif_netlink_parms(): no params data found [ 595.838171][T13869] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 595.845334][T13869] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 595.871557][T13869] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 595.899107][T13871] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 595.906761][T13871] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 595.933019][T13871] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 595.960947][T13869] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 595.968327][T13869] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 595.995747][T13869] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 596.020715][T13875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 596.102620][ T7157] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 596.122483][T13875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 596.158031][T13871] hsr_slave_0: entered promiscuous mode [ 596.169120][T13871] hsr_slave_1: entered promiscuous mode [ 596.175614][T13871] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 596.183205][T13871] Cannot create hsr debugfs directory [ 596.212348][T13875] team0: Port device team_slave_0 added [ 596.261295][ T7157] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 596.291687][T13875] team0: Port device team_slave_1 added [ 596.358102][T13872] bridge0: port 1(bridge_slave_0) entered blocking state [ 596.366014][T13872] bridge0: port 1(bridge_slave_0) entered disabled state [ 596.373229][T13872] bridge_slave_0: entered allmulticast mode [ 596.380545][T13872] bridge_slave_0: entered promiscuous mode [ 596.399286][T13627] veth0_macvtap: entered promiscuous mode [ 596.407084][T13875] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 596.414096][T13875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 596.440349][T13875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 596.466758][ T7157] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 596.492805][T13872] bridge0: port 2(bridge_slave_1) entered blocking state [ 596.501017][T13872] bridge0: port 2(bridge_slave_1) entered disabled state [ 596.513376][T13872] bridge_slave_1: entered allmulticast mode [ 596.521230][T13872] bridge_slave_1: entered promiscuous mode [ 596.543660][T13627] veth1_macvtap: entered promiscuous mode [ 596.550721][T13875] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 596.558368][T13875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 596.584801][T13875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 596.609227][T13869] hsr_slave_0: entered promiscuous mode [ 596.616701][T13869] hsr_slave_1: entered promiscuous mode [ 596.622855][T13869] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 596.630722][T13869] Cannot create hsr debugfs directory [ 596.651403][ T7157] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 596.680871][T13872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 596.732366][T13627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 596.743240][T13627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.754853][T13627] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 596.764491][T13872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 596.833672][T13627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 596.845176][T13627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.856393][T13627] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 596.882637][T13872] team0: Port device team_slave_0 added [ 596.896921][T13875] hsr_slave_0: entered promiscuous mode [ 596.903375][T13875] hsr_slave_1: entered promiscuous mode [ 596.909731][T13875] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 596.917687][T13875] Cannot create hsr debugfs directory [ 596.970862][T13872] team0: Port device team_slave_1 added [ 596.993005][T13627] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 597.002518][T13627] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 597.011503][T13627] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 597.020473][T13627] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 597.071117][ T7157] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.189937][ T7157] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.217016][T13872] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 597.224019][T13872] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 597.250873][T13872] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 597.274630][ T5252] Bluetooth: hci1: command tx timeout [ 597.274650][ T5241] Bluetooth: hci4: command tx timeout [ 597.332710][ T7157] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.350526][T13872] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 597.357987][ T5252] Bluetooth: hci5: command tx timeout [ 597.358448][ T5241] Bluetooth: hci3: command tx timeout [ 597.363468][T13872] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 597.395322][T13872] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 597.450071][ T7157] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 597.521248][T13872] hsr_slave_0: entered promiscuous mode [ 597.528847][T13872] hsr_slave_1: entered promiscuous mode [ 597.544692][T13872] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 597.552285][T13872] Cannot create hsr debugfs directory [ 597.632217][ T7159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 597.644361][ T7159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 598.237321][ T7157] team0: Port device geneve1 removed [ 598.420942][ T7157] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 598.431136][ T7157] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 598.442072][ T7157] bond0 (unregistering): Released all slaves [ 598.580651][ T7157] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 598.592037][ T7157] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 598.607904][ T7157] bond0 (unregistering): Released all slaves [ 598.664415][ T4530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 598.672302][ T4530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 598.721622][ T7157] tipc: Left network mode [ 598.772733][ T7157] tipc: Disabling bearer [ 598.778725][ T7157] tipc: Left network mode [ 599.355672][ T5241] Bluetooth: hci4: command tx timeout [ 599.355804][ T5252] Bluetooth: hci1: command tx timeout [ 599.434495][ T5252] Bluetooth: hci3: command tx timeout [ 599.444663][ T5252] Bluetooth: hci5: command tx timeout [ 599.536240][ T7157] hsr_slave_1: left promiscuous mode [ 599.544703][ T7157] hsr_slave_0: left promiscuous mode [ 599.550807][ T7157] hsr_slave_1: left promiscuous mode [ 599.557467][ T7157] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 599.564993][ T7157] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 599.572737][ T7157] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 599.581744][ T7157] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 599.617161][ T7157] veth1_macvtap: left promiscuous mode [ 599.622759][ T7157] veth0_macvtap: left promiscuous mode [ 599.632438][ T7157] veth1_vlan: left promiscuous mode [ 599.637856][ T7157] veth0_vlan: left promiscuous mode [ 599.644189][ T7157] veth1_macvtap: left promiscuous mode [ 599.650012][ T7157] veth0_macvtap: left promiscuous mode [ 599.655720][ T7157] veth1_vlan: left promiscuous mode [ 599.661003][ T7157] veth0_vlan: left promiscuous mode [ 600.202330][ T5241] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 600.212987][ T5241] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 600.223172][ T5241] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 600.245699][ T5241] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 600.253474][ T5241] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 600.271847][ T5241] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 600.341945][ T7157] team0 (unregistering): Port device team_slave_1 removed [ 600.393741][ T7157] team0 (unregistering): Port device team_slave_0 removed [ 600.841103][ T7159] smc: removing ib device syz0 [ 601.703430][ T7157] team0 (unregistering): Port device team_slave_1 removed [ 601.779474][ T7157] team0 (unregistering): Port device team_slave_0 removed [ 602.314751][ T5241] Bluetooth: hci0: command tx timeout [ 602.460827][T13872] bond0: (slave netdevsim0): Releasing backup interface [ 602.468962][T13872] netdevsim netdevsim1 netdevsim0 (unregistering): left allmulticast mode [ 602.493156][T13906] chnl_net:caif_netlink_parms(): no params data found [ 602.678250][T13906] bridge0: port 1(bridge_slave_0) entered blocking state [ 602.694199][T13906] bridge0: port 1(bridge_slave_0) entered disabled state [ 602.709995][T13906] bridge_slave_0: entered allmulticast mode [ 602.723527][T13906] bridge_slave_0: entered promiscuous mode [ 602.732195][T13906] bridge0: port 2(bridge_slave_1) entered blocking state [ 602.739608][T13906] bridge0: port 2(bridge_slave_1) entered disabled state [ 602.747420][T13906] bridge_slave_1: entered allmulticast mode [ 602.754436][T13906] bridge_slave_1: entered promiscuous mode [ 602.806794][T13906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 602.843186][T13906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 602.860881][T13871] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 602.871098][T13871] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 602.894434][T13871] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 602.917611][T13906] team0: Port device team_slave_0 added [ 602.923749][T13871] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 602.943341][ T7157] IPVS: stop unused estimator thread 0... [ 602.959165][T13906] team0: Port device team_slave_1 added [ 603.013132][T13869] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 603.030653][T13869] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 603.050141][T13906] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 603.057368][T13906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 603.084551][T13906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 603.132312][ T7157] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 603.155251][T13869] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 603.168207][T13906] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 603.175453][T13906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 603.202038][T13906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 603.226888][T13869] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 603.260113][ T7157] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 603.350689][ T7157] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 603.368449][T13875] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 603.380440][T13875] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 603.430502][T13875] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 603.445279][T13875] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 603.478701][ T7157] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 603.496296][T13906] hsr_slave_0: entered promiscuous mode [ 603.502743][T13906] hsr_slave_1: entered promiscuous mode [ 603.509388][T13906] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 603.520659][T13906] Cannot create hsr debugfs directory [ 603.616617][T13872] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 603.629820][T13872] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 603.676983][T13872] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 603.718795][T13872] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 603.799206][ T7157] bridge_slave_1: left allmulticast mode [ 603.805145][ T7157] bridge_slave_1: left promiscuous mode [ 603.810952][ T7157] bridge0: port 2(bridge_slave_1) entered disabled state [ 603.824129][ T7157] bridge_slave_0: left allmulticast mode [ 603.831579][ T7157] bridge_slave_0: left promiscuous mode [ 603.837424][ T7157] bridge0: port 1(bridge_slave_0) entered disabled state [ 604.207693][ T7157] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 604.220106][ T7157] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 604.231001][ T7157] bond0 (unregistering): Released all slaves [ 604.395673][ T5241] Bluetooth: hci0: command tx timeout [ 604.421116][T13875] 8021q: adding VLAN 0 to HW filter on device bond0 [ 604.442626][T13871] 8021q: adding VLAN 0 to HW filter on device bond0 [ 604.570196][T13869] 8021q: adding VLAN 0 to HW filter on device bond0 [ 604.579232][T13875] 8021q: adding VLAN 0 to HW filter on device team0 [ 604.631536][T13869] 8021q: adding VLAN 0 to HW filter on device team0 [ 604.644056][ T7157] hsr_slave_0: left promiscuous mode [ 604.657053][ T7157] hsr_slave_1: left promiscuous mode [ 604.662917][ T7157] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 604.671309][ T7157] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 604.679165][ T7157] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 604.686825][ T7157] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 604.707707][ T7157] veth1_macvtap: left promiscuous mode [ 604.713266][ T7157] veth0_macvtap: left promiscuous mode [ 604.719273][ T7157] veth1_vlan: left promiscuous mode [ 604.724880][ T7157] veth0_vlan: left promiscuous mode [ 605.212109][ T7157] team0 (unregistering): Port device team_slave_1 removed [ 605.263805][ T7157] team0 (unregistering): Port device team_slave_0 removed [ 605.742990][T13871] 8021q: adding VLAN 0 to HW filter on device team0 [ 605.773529][ T7155] bridge0: port 1(bridge_slave_0) entered blocking state [ 605.780818][ T7155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 605.789998][ T7155] bridge0: port 1(bridge_slave_0) entered blocking state [ 605.797191][ T7155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 605.844046][ T7149] bridge0: port 2(bridge_slave_1) entered blocking state [ 605.851313][ T7149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 605.878065][ T7149] bridge0: port 1(bridge_slave_0) entered blocking state [ 605.885280][ T7149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 605.893890][ T7149] bridge0: port 2(bridge_slave_1) entered blocking state [ 605.901122][ T7149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 605.939109][ T7149] bridge0: port 2(bridge_slave_1) entered blocking state [ 605.946274][ T7149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 605.972560][T13872] 8021q: adding VLAN 0 to HW filter on device bond0 [ 606.066833][T13872] 8021q: adding VLAN 0 to HW filter on device team0 [ 606.158014][ T7149] bridge0: port 1(bridge_slave_0) entered blocking state [ 606.165213][ T7149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 606.185304][T13906] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 606.199681][T13906] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 606.240885][T13906] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 606.285111][ T7161] bridge0: port 2(bridge_slave_1) entered blocking state [ 606.292277][ T7161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 606.302273][T13906] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 606.355948][T13869] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 606.474593][ T5241] Bluetooth: hci0: command tx timeout [ 606.500398][T13872] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 606.627705][T13875] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 606.680407][T13871] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 606.748873][T13869] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 606.818752][T13906] 8021q: adding VLAN 0 to HW filter on device bond0 [ 606.871524][T13871] veth0_vlan: entered promiscuous mode [ 606.921772][T13906] 8021q: adding VLAN 0 to HW filter on device team0 [ 606.940205][T13871] veth1_vlan: entered promiscuous mode [ 606.982652][ T7161] bridge0: port 1(bridge_slave_0) entered blocking state [ 606.990001][ T7161] bridge0: port 1(bridge_slave_0) entered forwarding state [ 607.024473][T13869] veth0_vlan: entered promiscuous mode [ 607.031712][ T7159] bridge0: port 2(bridge_slave_1) entered blocking state [ 607.038912][ T7159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 607.076736][T13872] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 607.111584][T13869] veth1_vlan: entered promiscuous mode [ 607.122794][T13871] veth0_macvtap: entered promiscuous mode [ 607.166147][T13871] veth1_macvtap: entered promiscuous mode [ 607.252623][T13869] veth0_macvtap: entered promiscuous mode [ 607.266045][T13871] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 607.282015][T13875] veth0_vlan: entered promiscuous mode [ 607.313248][T13869] veth1_macvtap: entered promiscuous mode [ 607.323444][T13871] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 607.351854][T13871] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 607.372214][T13871] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 607.381225][T13871] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 607.397261][T13871] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 607.440271][T13875] veth1_vlan: entered promiscuous mode [ 607.448058][T13872] veth0_vlan: entered promiscuous mode [ 607.470908][T13869] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 607.487477][T13869] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 607.499059][T13869] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 607.513037][T13872] veth1_vlan: entered promiscuous mode [ 607.536801][T13869] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 607.547765][T13869] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 607.559436][T13869] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 607.573694][T13906] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 607.605514][T13869] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 607.624136][T13869] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 607.633486][T13869] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 607.642320][T13869] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 607.681176][T13875] veth0_macvtap: entered promiscuous mode [ 607.691794][T13875] veth1_macvtap: entered promiscuous mode [ 607.813612][T13906] veth0_vlan: entered promiscuous mode [ 607.824744][ T4064] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 607.832648][ T4064] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 607.854664][ T4064] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 607.862631][ T4064] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 607.871849][ T7155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 607.883831][ T7155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 607.919353][T13875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 607.934654][T13875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 607.946340][T13875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 607.957086][T13875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 607.969318][T13875] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 607.982305][T13872] veth0_macvtap: entered promiscuous mode [ 607.993754][T13906] veth1_vlan: entered promiscuous mode [ 608.009880][T13875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 608.034343][T13875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 608.051363][T13875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 608.062209][T13875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 608.073407][T13875] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 608.086732][ T4530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 608.095573][ T4530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 608.112759][T13872] veth1_macvtap: entered promiscuous mode [ 608.137145][T13875] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 608.151840][T13875] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 608.161079][T13875] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 608.170793][T13875] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 608.259681][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 608.304368][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 608.329521][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 608.342515][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 608.357503][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 608.368070][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 608.379808][T13872] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 608.393288][T13945] netlink: 'syz.3.2658': attribute type 28 has an invalid length. [ 608.410562][T13945] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2658'. [ 608.427138][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 608.438368][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 608.449686][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 608.462301][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 608.472656][T13872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 608.502086][T13872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 608.515854][T13872] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 608.540911][T13872] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 608.553353][T13872] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 608.554731][T13948] FAULT_INJECTION: forcing a failure. [ 608.554731][T13948] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 608.566190][T13872] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 608.576784][ T5241] Bluetooth: hci0: command tx timeout [ 608.585784][T13872] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 608.598969][T13948] CPU: 1 UID: 0 PID: 13948 Comm: syz.3.2659 Not tainted 6.12.0-rc2-syzkaller-00501-gd677aebd663d #0 [ 608.608308][T13906] veth0_macvtap: entered promiscuous mode [ 608.609755][T13948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 608.609773][T13948] Call Trace: [ 608.609783][T13948] [ 608.609794][T13948] dump_stack_lvl+0x241/0x360 [ 608.636871][T13948] ? __pfx_dump_stack_lvl+0x10/0x10 [ 608.642132][T13948] ? __pfx__printk+0x10/0x10 [ 608.646750][T13948] ? __pfx_lock_release+0x10/0x10 [ 608.651841][T13948] should_fail_ex+0x3b0/0x4e0 [ 608.656579][T13948] _copy_from_iter+0x1ed/0x1d60 [ 608.661485][T13948] ? __virt_addr_valid+0x183/0x530 [ 608.666653][T13948] ? __pfx_lock_release+0x10/0x10 [ 608.671748][T13948] ? __alloc_skb+0x28f/0x440 [ 608.676373][T13948] ? __pfx__copy_from_iter+0x10/0x10 [ 608.681724][T13948] ? __virt_addr_valid+0x183/0x530 [ 608.686990][T13948] ? __virt_addr_valid+0x183/0x530 [ 608.692141][T13948] ? __virt_addr_valid+0x45f/0x530 [ 608.697290][T13948] ? __check_object_size+0x48e/0x900 [ 608.702616][T13948] netlink_sendmsg+0x73d/0xcb0 [ 608.707424][T13948] ? __pfx_netlink_sendmsg+0x10/0x10 [ 608.712756][T13948] ? aa_sock_msg_perm+0x91/0x160 [ 608.717734][T13948] ? __pfx_netlink_sendmsg+0x10/0x10 [ 608.723072][T13948] __sock_sendmsg+0x221/0x270 [ 608.727808][T13948] ____sys_sendmsg+0x52a/0x7e0 [ 608.732738][T13948] ? __pfx_____sys_sendmsg+0x10/0x10 [ 608.738377][T13948] __sys_sendmsg+0x292/0x380 [ 608.743069][T13948] ? __pfx___sys_sendmsg+0x10/0x10 [ 608.748245][T13948] ? __pfx_vfs_write+0x10/0x10 [ 608.753083][T13948] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 608.759519][T13948] ? do_syscall_64+0x100/0x230 [ 608.764369][T13948] ? do_syscall_64+0xb6/0x230 [ 608.769174][T13948] do_syscall_64+0xf3/0x230 [ 608.773738][T13948] ? clear_bhb_loop+0x35/0x90 [ 608.778496][T13948] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 608.784437][T13948] RIP: 0033:0x7feefb97dff9 [ 608.788895][T13948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 608.808559][T13948] RSP: 002b:00007feefc690038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 608.817237][T13948] RAX: ffffffffffffffda RBX: 00007feefbb35f80 RCX: 00007feefb97dff9 [ 608.825266][T13948] RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000003 [ 608.833272][T13948] RBP: 00007feefc690090 R08: 0000000000000000 R09: 0000000000000000 [ 608.841342][T13948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 608.849345][T13948] R13: 0000000000000000 R14: 00007feefbb35f80 R15: 00007ffcfb0e3098 [ 608.857376][T13948] [ 608.908777][T13906] veth1_macvtap: entered promiscuous mode [ 609.001440][ T7155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 609.001461][ T7155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 609.052602][T13906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.079744][T13906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.089876][T13906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.100548][T13906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.110541][T13906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.121161][T13906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.131173][T13906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.141757][T13906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.153266][T13906] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 609.163684][T13906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.174847][T13906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.185164][T13906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.195742][T13906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.206161][T13906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.216810][T13906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.226756][T13906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.237279][T13906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.248642][T13906] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 609.262022][T13906] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 609.271035][T13906] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 609.280386][T13906] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 609.289643][T13906] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 609.361373][T13952] netlink: 'syz.3.2660': attribute type 4 has an invalid length. [ 609.373421][T13951] netlink: 'syz.3.2660': attribute type 4 has an invalid length. [ 609.396183][ T7149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 609.404106][ T7149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 609.458187][ T7149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 609.475706][ T7149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 609.555634][ T7149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 609.563507][ T7149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 609.688243][ T4530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 609.697033][ T4530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 609.744135][ T7159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 609.802693][ T7159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 609.862685][T13967] FAULT_INJECTION: forcing a failure. [ 609.862685][T13967] name failslab, interval 1, probability 0, space 0, times 0 [ 609.883348][T13967] CPU: 0 UID: 0 PID: 13967 Comm: syz.2.2663 Not tainted 6.12.0-rc2-syzkaller-00501-gd677aebd663d #0 [ 609.894193][T13967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 609.904320][T13967] Call Trace: [ 609.907643][T13967] [ 609.910627][T13967] dump_stack_lvl+0x241/0x360 [ 609.915363][T13967] ? __pfx_dump_stack_lvl+0x10/0x10 [ 609.920633][T13967] ? __pfx__printk+0x10/0x10 [ 609.925444][T13967] ? ref_tracker_alloc+0x332/0x490 [ 609.930580][T13967] should_fail_ex+0x3b0/0x4e0 [ 609.935388][T13967] ? skb_clone+0x20c/0x390 [ 609.939858][T13967] should_failslab+0xac/0x100 [ 609.944576][T13967] ? skb_clone+0x20c/0x390 [ 609.949041][T13967] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 609.954459][T13967] skb_clone+0x20c/0x390 [ 609.958715][T13967] __netlink_deliver_tap+0x3cc/0x7c0 [ 609.964035][T13967] ? netlink_deliver_tap+0x2e/0x1b0 [ 609.969536][T13967] netlink_deliver_tap+0x19d/0x1b0 [ 609.974748][T13967] netlink_unicast+0x7c4/0x990 [ 609.979603][T13967] ? __pfx_netlink_unicast+0x10/0x10 [ 609.984960][T13967] ? __virt_addr_valid+0x183/0x530 [ 609.990134][T13967] ? __check_object_size+0x48e/0x900 [ 609.995483][T13967] netlink_sendmsg+0x8e4/0xcb0 [ 610.000340][T13967] ? __pfx_netlink_sendmsg+0x10/0x10 [ 610.005696][T13967] ? aa_sock_msg_perm+0x91/0x160 [ 610.010702][T13967] ? __pfx_netlink_sendmsg+0x10/0x10 [ 610.016042][T13967] __sock_sendmsg+0x221/0x270 [ 610.020788][T13967] ____sys_sendmsg+0x52a/0x7e0 [ 610.025617][T13967] ? __pfx_____sys_sendmsg+0x10/0x10 [ 610.030978][T13967] __sys_sendmsg+0x292/0x380 [ 610.035629][T13967] ? __pfx___sys_sendmsg+0x10/0x10 [ 610.040808][T13967] ? __pfx_vfs_write+0x10/0x10 [ 610.045645][T13967] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 610.052038][T13967] ? do_syscall_64+0x100/0x230 [ 610.056865][T13967] ? do_syscall_64+0xb6/0x230 [ 610.061604][T13967] do_syscall_64+0xf3/0x230 [ 610.066164][T13967] ? clear_bhb_loop+0x35/0x90 [ 610.070997][T13967] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.076950][T13967] RIP: 0033:0x7f956557dff9 [ 610.081616][T13967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 610.101383][T13967] RSP: 002b:00007f9566415038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 610.109859][T13967] RAX: ffffffffffffffda RBX: 00007f9565735f80 RCX: 00007f956557dff9 [ 610.117969][T13967] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000004 [ 610.125992][T13967] RBP: 00007f9566415090 R08: 0000000000000000 R09: 0000000000000000 [ 610.134170][T13967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 610.142177][T13967] R13: 0000000000000000 R14: 00007f9565735f80 R15: 00007ffc73e55ba8 [ 610.150220][T13967] [ 610.986905][ T7157] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 611.024362][T13990] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2670'. [ 611.247547][ T7157] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 611.337178][ T7157] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 611.547475][ T7157] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 611.633412][ T7157] bridge_slave_1: left allmulticast mode [ 611.640444][ T7157] bridge_slave_1: left promiscuous mode [ 611.646308][ T7157] bridge0: port 2(bridge_slave_1) entered disabled state [ 611.655864][ T7157] bridge_slave_0: left allmulticast mode [ 611.661567][ T7157] bridge_slave_0: left promiscuous mode [ 611.667734][ T7157] bridge0: port 1(bridge_slave_0) entered disabled state [ 611.874112][T13997] nbd: must specify at least one socket [ 611.876429][T14001] FAULT_INJECTION: forcing a failure. [ 611.876429][T14001] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 611.895155][T14000] syz.2.2672[14000] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 611.895261][T14000] syz.2.2672[14000] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 611.925141][T14001] CPU: 1 UID: 0 PID: 14001 Comm: syz.4.2674 Not tainted 6.12.0-rc2-syzkaller-00501-gd677aebd663d #0 [ 611.947352][T14001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 611.957511][T14001] Call Trace: [ 611.960824][T14001] [ 611.963785][T14001] dump_stack_lvl+0x241/0x360 [ 611.968498][T14001] ? __pfx_dump_stack_lvl+0x10/0x10 [ 611.973718][T14001] ? __pfx__printk+0x10/0x10 [ 611.978325][T14001] ? __pfx_lock_release+0x10/0x10 [ 611.983396][T14001] should_fail_ex+0x3b0/0x4e0 [ 611.988100][T14001] _copy_from_user+0x2f/0xe0 [ 611.992798][T14001] copy_msghdr_from_user+0xae/0x680 [ 611.998024][T14001] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 612.003871][T14001] __sys_sendmmsg+0x36d/0x730 [ 612.008598][T14001] ? __pfx___sys_sendmmsg+0x10/0x10 [ 612.013930][T14001] ? __pfx_lock_release+0x10/0x10 [ 612.018989][T14001] ? kstrtouint_from_user+0x128/0x190 [ 612.024405][T14001] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 612.030414][T14001] ? ksys_write+0x229/0x2b0 [ 612.034935][T14001] ? __pfx_lock_release+0x10/0x10 [ 612.039993][T14001] ? vfs_write+0x7bf/0xc90 [ 612.044439][T14001] ? kmem_cache_free+0x1a2/0x420 [ 612.049418][T14001] ? __mutex_unlock_slowpath+0x21d/0x750 [ 612.055092][T14001] ? __fget_files+0x3f3/0x470 [ 612.059795][T14001] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 612.065803][T14001] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 612.072313][T14001] ? do_syscall_64+0x100/0x230 [ 612.077112][T14001] __x64_sys_sendmmsg+0xa0/0xb0 [ 612.081987][T14001] do_syscall_64+0xf3/0x230 [ 612.086516][T14001] ? clear_bhb_loop+0x35/0x90 [ 612.091217][T14001] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.097214][T14001] RIP: 0033:0x7fb49057dff9 [ 612.101643][T14001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 612.121262][T14001] RSP: 002b:00007fb491406038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 612.129871][T14001] RAX: ffffffffffffffda RBX: 00007fb490735f80 RCX: 00007fb49057dff9 [ 612.137873][T14001] RDX: 0000000000000001 RSI: 0000000020001800 RDI: 0000000000000004 [ 612.145884][T14001] RBP: 00007fb491406090 R08: 0000000000000000 R09: 0000000000000000 [ 612.153953][T14001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 612.162033][T14001] R13: 0000000000000000 R14: 00007fb490735f80 R15: 00007ffdd97f0e28 [ 612.170036][T14001] [ 612.224453][T14000] syz.2.2672[14000] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 612.324378][ T5252] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 612.364409][ T5252] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 612.377342][ T5252] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 612.402155][ T5252] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 612.411432][ T5252] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 612.420132][ T5252] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 612.828979][ T7157] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 612.841874][ T7157] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 612.853356][ T7157] bond0 (unregistering): Released all slaves [ 612.870520][T14002] netlink: 'syz.1.2671': attribute type 12 has an invalid length. [ 612.879639][T14002] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2671'. [ 612.905206][T14024] tipc: Started in network mode [ 612.924377][T14024] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 612.973514][T14024] tipc: New replicast peer: 0000:0000:0000:0000:0000:0001:0000:0000 [ 613.004184][T14024] tipc: Enabled bearer , priority 10 [ 613.605089][ T7157] hsr_slave_0: left promiscuous mode [ 613.611395][T14057] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2687'. [ 613.621813][ T7157] hsr_slave_1: left promiscuous mode [ 613.637267][T14060] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2692'. [ 613.649040][ T7157] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 613.659762][T14060] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 613.668295][ T7157] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 613.679666][ T7157] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 613.687612][ T7157] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 613.688269][T14060] xt_TCPMSS: Only works on TCP SYN packets [ 613.727927][ T7157] veth1_macvtap: left promiscuous mode [ 613.733742][ T7157] veth0_macvtap: left promiscuous mode [ 613.742338][ T7157] veth1_vlan: left promiscuous mode [ 613.747974][ T7157] veth0_vlan: left promiscuous mode [ 614.134483][ T25] tipc: Node number set to 1 [ 614.359132][ T7157] team0 (unregistering): Port device team_slave_1 removed [ 614.416035][ T7157] team0 (unregistering): Port device team_slave_0 removed [ 614.485325][ T5252] Bluetooth: hci0: command tx timeout [ 614.917238][T14047] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2687'. [ 615.041940][T14068] FAULT_INJECTION: forcing a failure. [ 615.041940][T14068] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 615.064054][T14068] CPU: 1 UID: 0 PID: 14068 Comm: syz.2.2694 Not tainted 6.12.0-rc2-syzkaller-00501-gd677aebd663d #0 [ 615.074902][T14068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 615.085010][T14068] Call Trace: [ 615.088335][T14068] [ 615.091387][T14068] dump_stack_lvl+0x241/0x360 [ 615.096117][T14068] ? __pfx_dump_stack_lvl+0x10/0x10 [ 615.101368][T14068] ? __pfx__printk+0x10/0x10 [ 615.106073][T14068] ? __pfx_lock_release+0x10/0x10 [ 615.111189][T14068] should_fail_ex+0x3b0/0x4e0 [ 615.115945][T14068] _copy_from_iter+0x1ed/0x1d60 [ 615.120867][T14068] ? __virt_addr_valid+0x183/0x530 [ 615.126037][T14068] ? alloc_pages_mpol_noprof+0x417/0x680 [ 615.131722][T14068] ? __pfx_lock_release+0x10/0x10 [ 615.136901][T14068] ? __alloc_skb+0x28f/0x440 [ 615.141526][T14068] ? __pfx__copy_from_iter+0x10/0x10 [ 615.146924][T14068] ? __virt_addr_valid+0x183/0x530 [ 615.152052][T14068] ? __virt_addr_valid+0x183/0x530 [ 615.157175][T14068] ? __virt_addr_valid+0x45f/0x530 [ 615.162300][T14068] ? __check_object_size+0x48e/0x900 [ 615.167609][T14068] kcm_sendmsg+0xd2c/0x2a50 [ 615.172170][T14068] ? __pfx_kcm_sendmsg+0x10/0x10 [ 615.177136][T14068] ? aa_sock_msg_perm+0x91/0x160 [ 615.182124][T14068] ? __pfx_kcm_sendmsg+0x10/0x10 [ 615.187089][T14068] __sock_sendmsg+0x221/0x270 [ 615.191796][T14068] ____sys_sendmsg+0x52a/0x7e0 [ 615.196591][T14068] ? __pfx_____sys_sendmsg+0x10/0x10 [ 615.201912][T14068] __sys_sendmsg+0x292/0x380 [ 615.206529][T14068] ? __pfx___sys_sendmsg+0x10/0x10 [ 615.211697][T14068] ? __pfx_vfs_write+0x10/0x10 [ 615.216521][T14068] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 615.222896][T14068] ? do_syscall_64+0x100/0x230 [ 615.227710][T14068] ? do_syscall_64+0xb6/0x230 [ 615.232431][T14068] do_syscall_64+0xf3/0x230 [ 615.236966][T14068] ? clear_bhb_loop+0x35/0x90 [ 615.241677][T14068] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 615.247590][T14068] RIP: 0033:0x7f956557dff9 [ 615.252022][T14068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 615.273058][T14068] RSP: 002b:00007f9566415038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 615.281507][T14068] RAX: ffffffffffffffda RBX: 00007f9565735f80 RCX: 00007f956557dff9 [ 615.289513][T14068] RDX: 0000000000000000 RSI: 0000000020002080 RDI: 0000000000000003 [ 615.297507][T14068] RBP: 00007f9566415090 R08: 0000000000000000 R09: 0000000000000000 [ 615.305760][T14068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 615.313858][T14068] R13: 0000000000000000 R14: 00007f9565735f80 R15: 00007ffc73e55ba8 [ 615.321975][T14068] [ 615.565331][T14077] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2696'. [ 615.687360][T14008] chnl_net:caif_netlink_parms(): no params data found [ 615.884492][T14094] FAULT_INJECTION: forcing a failure. [ 615.884492][T14094] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 615.974921][T14094] CPU: 0 UID: 0 PID: 14094 Comm: syz.2.2700 Not tainted 6.12.0-rc2-syzkaller-00501-gd677aebd663d #0 [ 615.986623][T14094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 615.996793][T14094] Call Trace: [ 616.000120][T14094] [ 616.003080][T14094] dump_stack_lvl+0x241/0x360 [ 616.007789][T14094] ? __pfx_dump_stack_lvl+0x10/0x10 [ 616.013213][T14094] ? __pfx__printk+0x10/0x10 [ 616.017838][T14094] ? __pfx_lock_release+0x10/0x10 [ 616.022885][T14094] ? __lock_acquire+0x1384/0x2050 [ 616.027954][T14094] should_fail_ex+0x3b0/0x4e0 [ 616.032673][T14094] _copy_from_user+0x2f/0xe0 [ 616.037334][T14094] kstrtouint_from_user+0xc6/0x190 [ 616.042519][T14094] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 616.048384][T14094] ? __pfx_lock_acquire+0x10/0x10 [ 616.053464][T14094] proc_fail_nth_write+0xaa/0x2d0 [ 616.058529][T14094] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 616.064539][T14094] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 616.070216][T14094] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 616.075971][T14094] vfs_write+0x29c/0xc90 [ 616.080335][T14094] ? __pfx_vfs_write+0x10/0x10 [ 616.085156][T14094] ? __fget_files+0x3f3/0x470 [ 616.089898][T14094] ? fdget_pos+0x24e/0x320 [ 616.094362][T14094] ksys_write+0x183/0x2b0 [ 616.098726][T14094] ? __pfx_ksys_write+0x10/0x10 [ 616.103605][T14094] ? do_syscall_64+0x100/0x230 [ 616.108482][T14094] ? do_syscall_64+0xb6/0x230 [ 616.113359][T14094] do_syscall_64+0xf3/0x230 [ 616.117886][T14094] ? clear_bhb_loop+0x35/0x90 [ 616.122590][T14094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 616.128504][T14094] RIP: 0033:0x7f956557cadf [ 616.132948][T14094] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 616.152682][T14094] RSP: 002b:00007f9566415030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 616.161331][T14094] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f956557cadf [ 616.169848][T14094] RDX: 0000000000000001 RSI: 00007f95664150a0 RDI: 0000000000000005 [ 616.177931][T14094] RBP: 00007f9566415090 R08: 0000000000000000 R09: 0000000000000000 [ 616.185941][T14094] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 616.193943][T14094] R13: 0000000000000000 R14: 00007f9565735f80 R15: 00007ffc73e55ba8 [ 616.201945][T14094] [ 616.298583][T14008] bridge0: port 1(bridge_slave_0) entered blocking state [ 616.331719][T14008] bridge0: port 1(bridge_slave_0) entered disabled state [ 616.341427][T14008] bridge_slave_0: entered allmulticast mode [ 616.348922][T14008] bridge_slave_0: entered promiscuous mode [ 616.357028][T14008] bridge0: port 2(bridge_slave_1) entered blocking state [ 616.364351][T14008] bridge0: port 2(bridge_slave_1) entered disabled state [ 616.371803][T14008] bridge_slave_1: entered allmulticast mode [ 616.378995][T14008] bridge_slave_1: entered promiscuous mode [ 616.480054][T14111] FAULT_INJECTION: forcing a failure. [ 616.480054][T14111] name failslab, interval 1, probability 0, space 0, times 0 [ 616.495959][T14008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 616.524679][T14111] CPU: 1 UID: 0 PID: 14111 Comm: syz.2.2705 Not tainted 6.12.0-rc2-syzkaller-00501-gd677aebd663d #0 [ 616.535520][T14111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 616.545620][T14111] Call Trace: [ 616.548942][T14111] [ 616.551906][T14111] dump_stack_lvl+0x241/0x360 [ 616.556635][T14111] ? __pfx_dump_stack_lvl+0x10/0x10 [ 616.557915][T14008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 616.561867][T14111] ? __pfx__printk+0x10/0x10 [ 616.575602][T14111] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 616.581721][T14111] ? __pfx___might_resched+0x10/0x10 [ 616.587064][T14111] ? do_trace_netlink_extack+0x8b/0x1f0 [ 616.592674][T14111] should_fail_ex+0x3b0/0x4e0 [ 616.597413][T14111] should_failslab+0xac/0x100 [ 616.602143][T14111] ? __alloc_skb+0x1c3/0x440 [ 616.606791][T14111] kmem_cache_alloc_node_noprof+0x71/0x320 [ 616.612652][T14111] __alloc_skb+0x1c3/0x440 [ 616.617127][T14111] ? __pfx___alloc_skb+0x10/0x10 [ 616.622122][T14111] ? netlink_ack_tlv_len+0x6e/0x200 [ 616.627379][T14111] netlink_ack+0x13f/0xa30 [ 616.631839][T14111] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 616.637378][T14111] netlink_rcv_skb+0x262/0x430 [ 616.642194][T14111] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 616.647710][T14111] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 616.653062][T14111] ? netlink_deliver_tap+0x2e/0x1b0 [ 616.658484][T14111] netlink_unicast+0x7f6/0x990 [ 616.663321][T14111] ? __pfx_netlink_unicast+0x10/0x10 [ 616.668665][T14111] ? __virt_addr_valid+0x183/0x530 [ 616.673923][T14111] ? __check_object_size+0x48e/0x900 [ 616.679273][T14111] netlink_sendmsg+0x8e4/0xcb0 [ 616.684192][T14111] ? __pfx_netlink_sendmsg+0x10/0x10 [ 616.689563][T14111] ? aa_sock_msg_perm+0x91/0x160 [ 616.694554][T14111] ? __pfx_netlink_sendmsg+0x10/0x10 [ 616.700185][T14111] __sock_sendmsg+0x221/0x270 [ 616.704929][T14111] ____sys_sendmsg+0x52a/0x7e0 [ 616.709834][T14111] ? __pfx_____sys_sendmsg+0x10/0x10 [ 616.715191][T14111] __sys_sendmsg+0x292/0x380 [ 616.719842][T14111] ? __pfx___sys_sendmsg+0x10/0x10 [ 616.725021][T14111] ? __pfx_vfs_write+0x10/0x10 [ 616.729852][T14111] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 616.736239][T14111] ? do_syscall_64+0x100/0x230 [ 616.741072][T14111] ? do_syscall_64+0xb6/0x230 [ 616.745900][T14111] do_syscall_64+0xf3/0x230 [ 616.750550][T14111] ? clear_bhb_loop+0x35/0x90 [ 616.755509][T14111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 616.761466][T14111] RIP: 0033:0x7f956557dff9 [ 616.765931][T14111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 616.785706][T14111] RSP: 002b:00007f9566415038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 616.794709][T14111] RAX: ffffffffffffffda RBX: 00007f9565735f80 RCX: 00007f956557dff9 [ 616.802771][T14111] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000004 [ 616.810796][T14111] RBP: 00007f9566415090 R08: 0000000000000000 R09: 0000000000000000 [ 616.818899][T14111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 616.826915][T14111] R13: 0000000000000000 R14: 00007f9565735f80 R15: 00007ffc73e55ba8 [ 616.834962][T14111] [ 616.857046][ T5252] Bluetooth: hci0: command tx timeout [ 616.970697][T14008] team0: Port device team_slave_0 added [ 617.039632][T14132] FAULT_INJECTION: forcing a failure. [ 617.039632][T14132] name failslab, interval 1, probability 0, space 0, times 0 [ 617.060446][T14008] team0: Port device team_slave_1 added [ 617.085647][T14132] CPU: 1 UID: 0 PID: 14132 Comm: syz.4.2711 Not tainted 6.12.0-rc2-syzkaller-00501-gd677aebd663d #0 [ 617.096493][T14132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 617.106602][T14132] Call Trace: [ 617.109932][T14132] [ 617.112918][T14132] dump_stack_lvl+0x241/0x360 [ 617.117665][T14132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 617.122930][T14132] ? __pfx__printk+0x10/0x10 [ 617.127585][T14132] ? __kmalloc_noprof+0xb0/0x400 [ 617.132569][T14132] ? __pfx___might_resched+0x10/0x10 [ 617.137996][T14132] should_fail_ex+0x3b0/0x4e0 [ 617.142732][T14132] ? iovec_from_user+0x87/0x240 [ 617.147633][T14132] should_failslab+0xac/0x100 [ 617.152361][T14132] ? iovec_from_user+0x87/0x240 [ 617.157266][T14132] __kmalloc_noprof+0xd8/0x400 [ 617.162095][T14132] iovec_from_user+0x87/0x240 [ 617.166843][T14132] __import_iovec+0x132/0x820 [ 617.171665][T14132] import_iovec+0xeb/0x120 [ 617.176133][T14132] copy_msghdr_from_user+0x52f/0x680 [ 617.181668][T14132] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 617.186335][T14140] FAULT_INJECTION: forcing a failure. [ 617.186335][T14140] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 617.187615][T14132] __sys_sendmmsg+0x36d/0x730 [ 617.205373][T14132] ? __pfx___sys_sendmmsg+0x10/0x10 [ 617.210642][T14132] ? __pfx_lock_release+0x10/0x10 [ 617.215742][T14132] ? kstrtouint_from_user+0x128/0x190 [ 617.221155][T14132] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 617.227079][T14132] ? ksys_write+0x229/0x2b0 [ 617.231596][T14132] ? __pfx_lock_release+0x10/0x10 [ 617.236650][T14132] ? vfs_write+0x7bf/0xc90 [ 617.241168][T14132] ? kmem_cache_free+0x1a2/0x420 [ 617.246127][T14132] ? __mutex_unlock_slowpath+0x21d/0x750 [ 617.251783][T14132] ? __fget_files+0x3f3/0x470 [ 617.256507][T14132] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 617.262531][T14132] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 617.268897][T14132] ? do_syscall_64+0x100/0x230 [ 617.273794][T14132] __x64_sys_sendmmsg+0xa0/0xb0 [ 617.278672][T14132] do_syscall_64+0xf3/0x230 [ 617.283196][T14132] ? clear_bhb_loop+0x35/0x90 [ 617.287902][T14132] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.293818][T14132] RIP: 0033:0x7fb49057dff9 [ 617.298449][T14132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 617.318285][T14132] RSP: 002b:00007fb491406038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 617.326923][T14132] RAX: ffffffffffffffda RBX: 00007fb490735f80 RCX: 00007fb49057dff9 [ 617.335001][T14132] RDX: 0000000000000001 RSI: 0000000020001800 RDI: 0000000000000004 [ 617.343069][T14132] RBP: 00007fb491406090 R08: 0000000000000000 R09: 0000000000000000 [ 617.351140][T14132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 617.359129][T14132] R13: 0000000000000000 R14: 00007fb490735f80 R15: 00007ffdd97f0e28 [ 617.367152][T14132] [ 617.406413][T14140] CPU: 1 UID: 0 PID: 14140 Comm: syz.3.2714 Not tainted 6.12.0-rc2-syzkaller-00501-gd677aebd663d #0 [ 617.417256][T14140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 617.427358][T14140] Call Trace: [ 617.430679][T14140] [ 617.433656][T14140] dump_stack_lvl+0x241/0x360 [ 617.438400][T14140] ? __pfx_dump_stack_lvl+0x10/0x10 [ 617.443664][T14140] ? __pfx__printk+0x10/0x10 [ 617.448324][T14140] ? snprintf+0xda/0x120 [ 617.452638][T14140] should_fail_ex+0x3b0/0x4e0 [ 617.457394][T14140] _copy_to_user+0x2f/0xb0 [ 617.461926][T14140] simple_read_from_buffer+0xca/0x150 [ 617.467363][T14140] proc_fail_nth_read+0x1e9/0x250 [ 617.472467][T14140] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 617.478267][T14140] ? rw_verify_area+0x55e/0x6f0 [ 617.483265][T14140] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 617.488881][T14140] vfs_read+0x201/0xbc0 [ 617.493094][T14140] ? __pfx_lock_release+0x10/0x10 [ 617.498173][T14140] ? __pfx_vfs_read+0x10/0x10 [ 617.502919][T14140] ? __fget_files+0x3f3/0x470 [ 617.507631][T14140] ? fdget_pos+0x24e/0x320 [ 617.512069][T14140] ksys_read+0x183/0x2b0 [ 617.516441][T14140] ? __pfx_ksys_read+0x10/0x10 [ 617.521326][T14140] ? do_syscall_64+0x100/0x230 [ 617.526118][T14140] ? do_syscall_64+0xb6/0x230 [ 617.530812][T14140] do_syscall_64+0xf3/0x230 [ 617.535331][T14140] ? clear_bhb_loop+0x35/0x90 [ 617.540215][T14140] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.546125][T14140] RIP: 0033:0x7feefb97ca3c [ 617.550558][T14140] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 617.570185][T14140] RSP: 002b:00007feefc690030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 617.578660][T14140] RAX: ffffffffffffffda RBX: 00007feefbb35f80 RCX: 00007feefb97ca3c [ 617.586648][T14140] RDX: 000000000000000f RSI: 00007feefc6900a0 RDI: 0000000000000004 [ 617.594642][T14140] RBP: 00007feefc690090 R08: 0000000000000000 R09: 0000000000000000 [ 617.602636][T14140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 617.610623][T14140] R13: 0000000000000000 R14: 00007feefbb35f80 R15: 00007ffcfb0e3098 [ 617.618627][T14140] [ 617.712276][T14008] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 617.730932][T14008] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 617.835952][T14008] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 617.993949][T14008] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 618.024686][T14008] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 618.083856][T14008] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 618.132368][T14156] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2719'. [ 618.298816][T14008] hsr_slave_0: entered promiscuous mode [ 618.325359][T14008] hsr_slave_1: entered promiscuous mode [ 618.365903][T14167] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2721'. [ 618.375833][T14167] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2721'. [ 618.396423][T14167] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2721'. [ 618.684316][T14187] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2726'. [ 618.823536][T14187] netlink: 6196 bytes leftover after parsing attributes in process `syz.4.2726'. [ 618.888412][ T5252] Bluetooth: hci0: command tx timeout [ 618.950738][T14187] hsr_slave_0 (unregistering): left promiscuous mode [ 619.188030][T14217] netlink: 'syz.4.2737': attribute type 28 has an invalid length. [ 619.210163][T14217] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2737'. [ 619.307340][T14221] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2735'. [ 619.330598][T14221] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2735'. [ 619.518307][T14232] netlink: 'syz.1.2742': attribute type 28 has an invalid length. [ 619.526356][T14232] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2742'. [ 619.618577][T14234] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2743'. [ 619.731450][T14008] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 619.787504][T14008] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 619.824110][T14008] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 619.845546][T14008] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 619.956863][T14247] x_tables: eb_tables: snat.0 target: invalid size 16 (kernel) != (user) 0 [ 620.081065][T14008] 8021q: adding VLAN 0 to HW filter on device bond0 [ 620.100695][T14259] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2752'. [ 620.140289][T14261] Cannot find set identified by id 0 to match [ 620.151943][T14008] 8021q: adding VLAN 0 to HW filter on device team0 [ 620.173804][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 620.181018][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 620.217864][T14261] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2753'. [ 620.232668][T14261] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2753'. [ 620.254890][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 620.262118][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 620.281330][T14263] pimreg: entered allmulticast mode [ 620.307975][T14266] pimreg: left allmulticast mode [ 620.405078][T14008] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 620.422238][T14008] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 620.830887][T14283] syzkaller0: entered promiscuous mode [ 620.839829][T14283] syzkaller0: entered allmulticast mode [ 620.871415][ T7155] syzkaller0: tun_net_xmit 48 [ 620.887124][T14283] syzkaller0: tun_chr_ioctl cmd 2147767520 [ 620.905927][T14283] syzkaller0: tun_net_xmit 1280 [ 620.910947][T14283] syzkaller0: create flow: hash 1446423671 index 2 [ 620.918358][T14008] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 620.964557][ T5252] Bluetooth: hci0: command tx timeout [ 621.058762][T14281] syzkaller0: delete flow: hash 1446423671 index 2 [ 623.255068][T14008] veth0_vlan: entered promiscuous mode [ 623.292739][T14008] veth1_vlan: entered promiscuous mode [ 623.462567][T14008] veth0_macvtap: entered promiscuous mode [ 623.532638][T14008] veth1_macvtap: entered promiscuous mode [ 623.623157][T14008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 623.644828][T14008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.660233][T14008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 623.688166][T14008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.702946][T14008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 623.720907][T14008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.736984][T14008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 623.760905][T14008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.784816][T14008] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 623.792392][T14314] tc_dump_action: action bad kind [ 623.809618][T14315] pim6reg: entered allmulticast mode [ 623.822197][T14320] __nla_validate_parse: 5 callbacks suppressed [ 623.822213][T14320] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2775'. [ 623.853175][T14322] sctp: [Deprecated]: syz.3.2776 (pid 14322) Use of int in max_burst socket option. [ 623.853175][T14322] Use struct sctp_assoc_value instead [ 623.853993][T14008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 623.914055][T14008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.950284][T14008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 623.962074][T14008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 623.979840][T14008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 623.991551][T14008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 624.002769][T14008] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 624.013443][T14008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 624.026246][T14008] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 624.035615][T14323] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2775'. [ 624.053978][T14327] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2777'. [ 624.076729][T14327] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2777'. [ 624.105107][T14330] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 624.199665][T14336] tipc: Started in network mode [ 624.214171][T14336] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 624.223679][T14336] tipc: New replicast peer: 0000:0000:0000:0000:0000:0001:0000:0000 [ 624.233707][T14336] tipc: Enabled bearer , priority 10 [ 624.257797][T14338] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 624.331335][T14339] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2780'. [ 624.341728][T14008] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.351059][T14008] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.360163][T14008] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.369426][T14008] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 624.432469][T14339] netlink: 6196 bytes leftover after parsing attributes in process `syz.4.2780'. [ 624.533132][ T3043] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 624.555216][ T3043] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 624.557529][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.612162][T14258] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 624.645569][T14258] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 624.916549][T14359] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 624.947952][T14359] macsec1: entered promiscuous mode [ 624.953397][T14359] macsec1: entered allmulticast mode [ 624.966282][T14359] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 624.985894][T14359] netdevsim netdevsim4 netdevsim0: left allmulticast mode [ 624.994130][T14359] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 625.033965][T14362] tipc: Started in network mode [ 625.039791][T14362] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 625.052121][T14362] tipc: New replicast peer: 0000:0000:0000:0000:0000:0001:0000:0000 [ 625.061260][T14362] tipc: Enabled bearer , priority 10 [ 625.071992][T14366] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 625.089655][T14366] bridge0: port 2(bridge_slave_1) entered disabled state [ 625.097408][T14366] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.108280][T14366] bridge0: entered allmulticast mode [ 625.158373][T14366] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2788'. [ 625.169235][T14366] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2788'. [ 625.228350][ T25] tipc: Node number set to 1 [ 625.384947][ T53] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.422258][ T3043] bond0: (slave bond_slave_0): interface is now down [ 625.429634][ T3043] bond0: (slave bond_slave_1): interface is now down [ 625.444192][ T3043] bond0: now running without any active interface! [ 625.486916][ T53] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.703505][ T53] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.878828][ T53] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.989804][ T53] bridge_slave_1: left allmulticast mode [ 625.996426][ T53] bridge_slave_1: left promiscuous mode [ 626.002147][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 626.013214][ T53] bridge_slave_0: left allmulticast mode [ 626.019323][ T53] bridge_slave_0: left promiscuous mode [ 626.025258][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 626.175203][T13957] tipc: Node number set to 1 [ 626.504140][T14392] FAULT_INJECTION: forcing a failure. [ 626.504140][T14392] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 626.537313][T14392] CPU: 1 UID: 0 PID: 14392 Comm: syz.4.2796 Not tainted 6.12.0-rc2-syzkaller-00501-gd677aebd663d #0 [ 626.548156][T14392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 626.558352][T14392] Call Trace: [ 626.561685][T14392] [ 626.564651][T14392] dump_stack_lvl+0x241/0x360 [ 626.569383][T14392] ? __pfx_dump_stack_lvl+0x10/0x10 [ 626.574672][T14392] ? __pfx__printk+0x10/0x10 [ 626.579404][T14392] ? __pfx_lock_release+0x10/0x10 [ 626.584493][T14392] ? rcu_is_watching+0x15/0xb0 [ 626.589362][T14392] should_fail_ex+0x3b0/0x4e0 [ 626.594112][T14392] _copy_from_iter+0x1ed/0x1d60 [ 626.599054][T14392] ? alloc_pages_mpol_noprof+0x417/0x680 [ 626.604737][T14392] ? __pfx__copy_from_iter+0x10/0x10 [ 626.610084][T14392] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 626.616123][T14392] ? alloc_pages_noprof+0xef/0x170 [ 626.621282][T14392] ? page_copy_sane+0x46/0x260 [ 626.626103][T14392] copy_page_from_iter+0x7a/0x100 [ 626.631188][T14392] tun_get_user+0x2046/0x47e0 [ 626.635915][T14392] ? tun_get_user+0x871/0x47e0 [ 626.640731][T14392] ? __lock_acquire+0x1384/0x2050 [ 626.645829][T14392] ? __pfx_tun_get_user+0x10/0x10 [ 626.650954][T14392] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 626.656631][T14392] ? tun_get+0x1e/0x2f0 [ 626.660923][T14392] ? __pfx_lock_release+0x10/0x10 [ 626.666016][T14392] ? tun_get+0x1e/0x2f0 [ 626.670228][T14392] ? tun_get+0x27d/0x2f0 [ 626.674876][T14392] tun_chr_write_iter+0x10d/0x1f0 [ 626.679976][T14392] vfs_write+0xa6d/0xc90 [ 626.684271][T14392] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 626.689920][T14392] ? __pfx_vfs_write+0x10/0x10 [ 626.694752][T14392] ? fdget_pos+0x19a/0x320 [ 626.699231][T14392] ksys_write+0x183/0x2b0 [ 626.703620][T14392] ? __pfx_ksys_write+0x10/0x10 [ 626.704176][T14396] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2797'. [ 626.708497][T14392] ? do_syscall_64+0x100/0x230 [ 626.722291][T14392] ? do_syscall_64+0xb6/0x230 [ 626.727043][T14392] do_syscall_64+0xf3/0x230 [ 626.728709][ T5241] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 626.731584][T14392] ? clear_bhb_loop+0x35/0x90 [ 626.731625][T14392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 626.745836][ T5241] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 626.749317][T14392] RIP: 0033:0x7fb49057cadf [ 626.749347][T14392] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 626.749368][T14392] RSP: 002b:00007fb491406000 EFLAGS: 00000293 [ 626.759633][ T5241] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 626.760787][T14392] ORIG_RAX: 0000000000000001 [ 626.760803][T14392] RAX: ffffffffffffffda RBX: 00007fb490735f80 RCX: 00007fb49057cadf [ 626.760833][T14392] RDX: 0000000000000046 RSI: 0000000020000000 RDI: 00000000000000c8 [ 626.789679][ T5241] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 626.793446][T14392] RBP: 00007fb491406090 R08: 0000000000000000 R09: 0000000000000000 [ 626.793470][T14392] R10: 0000000000000046 R11: 0000000000000293 R12: 0000000000000001 [ 626.793487][T14392] R13: 0000000000000001 R14: 00007fb490735f80 R15: 00007ffdd97f0e28 [ 626.799505][ T5241] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 626.806164][T14392] [ 626.867983][ T5241] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 626.920560][T14396] sock: sock_timestamping_bind_phc: sock not bind to device [ 627.149937][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 627.173553][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 627.189680][ T53] bond0 (unregistering): Released all slaves [ 627.220603][T14378] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 627.280605][T14403] FAULT_INJECTION: forcing a failure. [ 627.280605][T14403] name failslab, interval 1, probability 0, space 0, times 0 [ 627.334334][T14403] CPU: 1 UID: 0 PID: 14403 Comm: syz.3.2800 Not tainted 6.12.0-rc2-syzkaller-00501-gd677aebd663d #0 [ 627.345177][T14403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 627.355285][T14403] Call Trace: [ 627.358598][T14403] [ 627.361650][T14403] dump_stack_lvl+0x241/0x360 [ 627.366380][T14403] ? __pfx_dump_stack_lvl+0x10/0x10 [ 627.371629][T14403] ? __pfx__printk+0x10/0x10 [ 627.376278][T14403] ? ref_tracker_alloc+0x332/0x490 [ 627.381452][T14403] should_fail_ex+0x3b0/0x4e0 [ 627.386201][T14403] ? skb_clone+0x20c/0x390 [ 627.390684][T14403] should_failslab+0xac/0x100 [ 627.395422][T14403] ? skb_clone+0x20c/0x390 [ 627.399892][T14403] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 627.405345][T14403] skb_clone+0x20c/0x390 [ 627.409645][T14403] __netlink_deliver_tap+0x3cc/0x7c0 [ 627.414993][T14403] ? netlink_deliver_tap+0x2e/0x1b0 [ 627.420238][T14403] netlink_deliver_tap+0x19d/0x1b0 [ 627.425403][T14403] netlink_sendskb+0x68/0x140 [ 627.430144][T14403] netlink_unicast+0x39d/0x990 [ 627.434966][T14403] ? __asan_memcpy+0x40/0x70 [ 627.439613][T14403] ? __pfx_netlink_unicast+0x10/0x10 [ 627.444973][T14403] netlink_rcv_skb+0x262/0x430 [ 627.449792][T14403] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 627.455316][T14403] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 627.460683][T14403] ? netlink_deliver_tap+0x2e/0x1b0 [ 627.465948][T14403] netlink_unicast+0x7f6/0x990 [ 627.470818][T14403] ? __pfx_netlink_unicast+0x10/0x10 [ 627.476255][T14403] ? __virt_addr_valid+0x183/0x530 [ 627.481423][T14403] ? __check_object_size+0x48e/0x900 [ 627.486766][T14403] netlink_sendmsg+0x8e4/0xcb0 [ 627.491770][T14403] ? __pfx_netlink_sendmsg+0x10/0x10 [ 627.497119][T14403] ? aa_sock_msg_perm+0x91/0x160 [ 627.502116][T14403] ? __pfx_netlink_sendmsg+0x10/0x10 [ 627.507453][T14403] __sock_sendmsg+0x221/0x270 [ 627.512215][T14403] ____sys_sendmsg+0x52a/0x7e0 [ 627.517041][T14403] ? __pfx_____sys_sendmsg+0x10/0x10 [ 627.522401][T14403] __sys_sendmsg+0x292/0x380 [ 627.527048][T14403] ? __pfx___sys_sendmsg+0x10/0x10 [ 627.532228][T14403] ? __pfx_vfs_write+0x10/0x10 [ 627.537078][T14403] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 627.543471][T14403] ? do_syscall_64+0x100/0x230 [ 627.548291][T14403] ? do_syscall_64+0xb6/0x230 [ 627.553020][T14403] do_syscall_64+0xf3/0x230 [ 627.557575][T14403] ? clear_bhb_loop+0x35/0x90 [ 627.562313][T14403] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 627.568256][T14403] RIP: 0033:0x7feefb97dff9 [ 627.572723][T14403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 627.592388][T14403] RSP: 002b:00007feefc690038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 627.600953][T14403] RAX: ffffffffffffffda RBX: 00007feefbb35f80 RCX: 00007feefb97dff9 [ 627.608977][T14403] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000004 [ 627.617004][T14403] RBP: 00007feefc690090 R08: 0000000000000000 R09: 0000000000000000 [ 627.625028][T14403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 627.633054][T14403] R13: 0000000000000000 R14: 00007feefbb35f80 R15: 00007ffcfb0e3098 [ 627.641263][T14403] [ 628.119977][T14443] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2813'. [ 628.133435][T14443] netlink: 'syz.4.2813': attribute type 1 has an invalid length. [ 628.167727][T14443] nbd: error processing sock list [ 628.195474][T14438] netlink: 'syz.3.2812': attribute type 28 has an invalid length. [ 628.224807][T14393] chnl_net:caif_netlink_parms(): no params data found [ 628.272439][T14443] tipc: Enabling of bearer rejected, already enabled [ 628.463284][ T53] hsr_slave_0: left promiscuous mode [ 628.473016][ T53] hsr_slave_1: left promiscuous mode [ 628.489133][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 628.497554][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 628.511483][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 628.519532][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 628.561213][ T53] veth1_macvtap: left promiscuous mode [ 628.570511][ T53] veth0_macvtap: left promiscuous mode [ 628.580792][ T53] veth1_vlan: left promiscuous mode [ 628.588642][ T53] veth0_vlan: left promiscuous mode [ 628.956307][ T5241] Bluetooth: hci0: command tx timeout [ 629.514149][ T53] team0 (unregistering): Port device team_slave_1 removed [ 629.601404][ T53] team0 (unregistering): Port device team_slave_0 removed [ 629.858402][T14476] ieee802154 phy0 wpan0: encryption failed: -22 [ 630.280038][T14468] bridge0: entered promiscuous mode [ 630.302906][T14470] __nla_validate_parse: 4 callbacks suppressed [ 630.302929][T14470] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2824'. [ 630.331137][T14470] bridge_slave_1: left allmulticast mode [ 630.338529][T14470] bridge_slave_1: left promiscuous mode [ 630.348209][T14470] bridge0: port 2(bridge_slave_1) entered disabled state [ 630.372792][T14470] bridge_slave_0: left allmulticast mode [ 630.378657][T14470] bridge_slave_0: left promiscuous mode [ 630.388799][T14470] bridge0: port 1(bridge_slave_0) entered disabled state [ 630.456727][T14472] netlink: 'syz.4.2825': attribute type 10 has an invalid length. [ 630.474016][T14472] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 630.640961][T14393] bridge0: port 1(bridge_slave_0) entered blocking state [ 630.670766][T14393] bridge0: port 1(bridge_slave_0) entered disabled state [ 630.694703][T14393] bridge_slave_0: entered allmulticast mode [ 630.715843][T14393] bridge_slave_0: entered promiscuous mode [ 630.749833][T14393] bridge0: port 2(bridge_slave_1) entered blocking state [ 630.770502][T14393] bridge0: port 2(bridge_slave_1) entered disabled state [ 630.784027][T14393] bridge_slave_1: entered allmulticast mode [ 630.802555][T14393] bridge_slave_1: entered promiscuous mode [ 630.929515][T14393] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 630.976983][T14393] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 630.991749][T14500] netlink: 'syz.1.2832': attribute type 2 has an invalid length. [ 631.008989][T14500] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2832'. [ 631.034527][ T5241] Bluetooth: hci0: command tx timeout [ 631.121252][T14393] team0: Port device team_slave_0 added [ 631.145764][T14393] team0: Port device team_slave_1 added [ 631.225083][T14393] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 631.240985][T14393] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 631.291682][T14393] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 631.331010][T14393] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 631.347171][T14393] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 631.402826][T14393] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 631.471812][T14516] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2837'. [ 631.581287][T14515] syzkaller0: entered promiscuous mode [ 631.592722][T14515] syzkaller0: entered allmulticast mode [ 631.636548][T14393] hsr_slave_0: entered promiscuous mode [ 631.649941][T14393] hsr_slave_1: entered promiscuous mode [ 631.661174][T14258] syzkaller0: tun_net_xmit 48 [ 631.667992][T14516] netlink: 6196 bytes leftover after parsing attributes in process `syz.3.2837'. [ 631.779455][T14515] syzkaller0: tun_chr_ioctl cmd 2147767520 [ 631.810459][T14515] syzkaller0: create flow: hash 1446423671 index 2 [ 631.939081][T14525] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2840'. [ 632.031958][T14513] syzkaller0: delete flow: hash 1446423671 index 2 [ 633.124419][ T5241] Bluetooth: hci0: command tx timeout [ 634.328448][T14537] netlink: 47 bytes leftover after parsing attributes in process `syz.3.2844'. [ 634.672032][T14553] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2850'. [ 635.204532][ T5241] Bluetooth: hci0: command tx timeout [ 635.773064][T14562] netlink: 'syz.2.2854': attribute type 28 has an invalid length. [ 635.799131][T14562] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2854'. [ 635.838125][T14565] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2855'. [ 635.892085][T14565] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 635.974478][T14565] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 636.036410][T14565] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 636.104487][T14565] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 636.340318][T14574] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2856'. [ 636.729708][T14393] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 636.838986][T14393] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 636.947158][T14393] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 637.073983][T14393] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 637.196382][T14585] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2862'. [ 637.396118][T14592] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 0, id = 0 [ 637.512537][T14593] netlink: 6196 bytes leftover after parsing attributes in process `syz.2.2862'. [ 637.856736][T14600] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2866'. [ 638.085435][T14600] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2866'. [ 638.495782][T14393] 8021q: adding VLAN 0 to HW filter on device bond0 [ 638.667485][T14393] 8021q: adding VLAN 0 to HW filter on device team0 [ 638.745950][ T4530] bridge0: port 1(bridge_slave_0) entered blocking state [ 638.753175][ T4530] bridge0: port 1(bridge_slave_0) entered forwarding state [ 638.883379][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 638.890608][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 639.008879][T14623] netlink: 'syz.1.2872': attribute type 10 has an invalid length. [ 639.107244][T14623] team0: Port device netdevsim0 added [ 639.690173][T14640] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2876'. [ 639.797856][T14642] tipc: Enabling of bearer rejected, already enabled [ 640.023320][ T4880] sched: DL replenish lagged too much [ 640.026284][T14648] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2878'. [ 640.991619][T14665] netlink: 148 bytes leftover after parsing attributes in process `syz.2.2883'. [ 641.219722][T14667] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2884'. [ 642.061385][T14258] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 642.116207][T14258] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 642.178133][T14258] bond0 (unregistering): Released all slaves [ 642.216056][T14658] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2880'. [ 642.391320][T14669] lo speed is unknown, defaulting to 1000 [ 642.398731][T14672] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2886'. [ 642.456154][T14258] tipc: Left network mode [ 642.465528][T14669] lo speed is unknown, defaulting to 1000 [ 642.471876][T14669] lo speed is unknown, defaulting to 1000 [ 642.660007][T14393] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 643.105216][T14669] infiniband syz0: set active [ 643.136664][T14669] infiniband syz0: added lo [ 643.167486][T14669] syz0: rxe_create_cq: returned err = -12 [ 643.193986][T14669] infiniband syz0: Couldn't create ib_mad CQ [ 643.216605][T14669] infiniband syz0: Couldn't open port 1 [ 643.287174][ T25] lo speed is unknown, defaulting to 1000 [ 643.293954][T14680] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2888'. [ 643.333058][T14669] RDS/IB: syz0: added [ 643.341662][T14669] smc: adding ib device syz0 with port count 1 [ 643.351170][T14669] smc: ib device syz0 port 1 has pnetid [ 643.365346][T14684] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2889'. [ 643.396109][ T46] lo speed is unknown, defaulting to 1000 [ 643.440345][T14669] lo speed is unknown, defaulting to 1000 [ 643.581329][T14393] veth0_vlan: entered promiscuous mode [ 643.662506][T14393] veth1_vlan: entered promiscuous mode [ 643.856922][T14393] veth0_macvtap: entered promiscuous mode [ 643.942073][T14393] veth1_macvtap: entered promiscuous mode [ 644.081287][T14393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 644.160387][T14393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.231918][T14393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 644.283872][T14393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.337151][T14393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 644.383206][T14393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.433278][T14393] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 644.476328][T14669] lo speed is unknown, defaulting to 1000 [ 644.516948][T14393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 644.568461][T14393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.623366][T14393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 644.666132][T14393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.713496][T14393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 644.760182][T14393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 644.823208][T14393] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 644.891976][T14393] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 644.967028][T14393] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.018806][T14393] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.059991][T14393] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.170834][T14669] lo speed is unknown, defaulting to 1000 [ 645.632493][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 645.677398][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 645.826257][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 645.893338][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 645.978457][T14724] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2902'. [ 646.071659][T14723] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2901'. [ 646.174343][T14669] lo speed is unknown, defaulting to 1000 [ 647.563452][T14730] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2904'. [ 647.987692][T14730] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2904'. [ 682.057111][T14669] lo speed is unknown, defaulting to 1000 [ 682.859644][ T4625] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 682.868666][ T4625] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 682.878459][ T4625] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 682.887456][ T4625] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 682.896163][ T4625] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 682.905674][ T4625] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 682.915944][ T5244] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 682.925663][ T4625] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 682.935404][ T5244] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 682.943632][ T4625] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 682.950782][ T5244] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 682.960191][ T5244] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 683.060419][ T5252] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 683.070578][ T5252] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 683.084488][ T5252] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 683.118260][ T5252] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 683.126530][ T5252] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 683.133961][ T5252] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 683.179818][T13875] bond0: (slave syz_tun): Releasing backup interface [ 683.300658][T14669] lo speed is unknown, defaulting to 1000 [ 683.347769][ T5244] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 683.363453][ T5244] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 683.378307][ T5244] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 683.389774][ T5244] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 683.398266][ T5244] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 683.409588][ T5244] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 683.515686][ T5252] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 683.525563][ T5252] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 683.544502][ T5252] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 683.554420][ T5252] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 683.562197][ T5252] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 683.569647][ T5252] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 683.888917][T14669] lo speed is unknown, defaulting to 1000 [ 684.166563][T14669] lo speed is unknown, defaulting to 1000 [ 685.036929][ T5244] Bluetooth: hci2: command tx timeout [ 685.043207][ T5244] Bluetooth: hci0: command tx timeout [ 685.194589][ T5252] Bluetooth: hci4: command tx timeout [ 685.514378][ T5252] Bluetooth: hci5: command tx timeout [ 685.674793][ T5252] Bluetooth: hci6: command tx timeout [ 685.998861][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 687.114529][ T5252] Bluetooth: hci2: command tx timeout [ 687.120006][ T5252] Bluetooth: hci0: command tx timeout [ 687.274669][ T5252] Bluetooth: hci4: command tx timeout [ 687.594371][ T5252] Bluetooth: hci5: command tx timeout [ 687.754790][ T5252] Bluetooth: hci6: command tx timeout [ 689.194974][ T5252] Bluetooth: hci0: command tx timeout [ 689.200460][ T5252] Bluetooth: hci2: command tx timeout [ 689.354466][ T5252] Bluetooth: hci4: command tx timeout [ 689.674406][ T5252] Bluetooth: hci5: command tx timeout [ 689.834766][ T5252] Bluetooth: hci6: command tx timeout [ 691.274358][ T5244] Bluetooth: hci0: command tx timeout [ 691.279951][ T5252] Bluetooth: hci2: command tx timeout [ 691.434454][ T5252] Bluetooth: hci4: command tx timeout [ 691.754399][ T5252] Bluetooth: hci5: command tx timeout [ 691.914783][ T5252] Bluetooth: hci6: command tx timeout [ 713.680853][ T5252] Bluetooth: hci1: command 0x0406 tx timeout [ 745.705355][ T5252] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 745.730534][ T5252] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 745.739572][ T5252] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 745.747972][ T5252] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 745.757849][ T5252] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 745.765362][ T5252] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 745.890854][ T5244] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 745.901387][ T5244] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 745.910207][ T5244] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 745.918485][ T5244] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 745.926390][ T5244] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 745.933803][ T5244] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 746.012418][ T5252] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 746.022402][ T5252] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 746.037181][ T5252] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 746.045478][ T5252] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 746.076825][ T5252] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 746.085647][ T5252] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 746.139768][ T5244] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 746.156301][ T5244] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 746.165103][ T5244] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 746.175079][ T5244] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 746.184049][ T5244] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 746.191561][ T5244] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 746.273518][ T5244] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 746.283955][ T5244] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 746.301574][ T5244] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 746.326123][ T5244] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 746.333964][ T5244] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 746.347815][ T5244] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 747.438089][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.834492][ T5244] Bluetooth: hci7: command tx timeout [ 747.994442][ T5244] Bluetooth: hci3: command tx timeout [ 748.154562][ T5244] Bluetooth: hci8: command tx timeout [ 748.234843][ T5244] Bluetooth: hci9: command tx timeout [ 748.394524][ T5244] Bluetooth: hci10: command tx timeout [ 749.919158][ T5244] Bluetooth: hci7: command tx timeout [ 750.075020][ T5244] Bluetooth: hci3: command tx timeout [ 750.234390][ T5244] Bluetooth: hci8: command tx timeout [ 750.315736][ T5244] Bluetooth: hci9: command tx timeout [ 750.474485][ T5244] Bluetooth: hci10: command tx timeout [ 752.000440][ T5244] Bluetooth: hci7: command tx timeout [ 752.161006][ T5244] Bluetooth: hci3: command tx timeout [ 752.314959][ T5244] Bluetooth: hci8: command tx timeout [ 752.394543][ T5244] Bluetooth: hci9: command tx timeout [ 752.556010][ T5252] Bluetooth: hci10: command tx timeout [ 754.074544][ T5244] Bluetooth: hci7: command tx timeout [ 754.234378][ T5244] Bluetooth: hci3: command tx timeout [ 754.394337][ T5244] Bluetooth: hci8: command tx timeout [ 754.474750][ T5244] Bluetooth: hci9: command tx timeout [ 754.634492][ T5244] Bluetooth: hci10: command tx timeout [ 799.914587][ T30] INFO: task kworker/u8:1:14258 blocked for more than 152 seconds. [ 799.922577][ T30] Not tainted 6.12.0-rc2-syzkaller-00501-gd677aebd663d #0 [ 799.943556][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 799.980125][ T30] task:kworker/u8:1 state:D stack:21264 pid:14258 tgid:14258 ppid:2 flags:0x00004000 [ 800.030293][ T30] Workqueue: netns cleanup_net [ 800.035235][ T30] Call Trace: [ 800.038555][ T30] [ 800.041533][ T30] __schedule+0x1895/0x4b30 [ 800.164279][ T30] ? __pfx___schedule+0x10/0x10 [ 800.214335][ T30] ? __pfx_lock_release+0x10/0x10 [ 800.219467][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 800.264251][ T30] ? kthread_data+0x52/0xd0 [ 800.268852][ T30] ? schedule+0x90/0x320 [ 800.310247][ T30] ? wq_worker_sleeping+0x66/0x240 [ 800.344431][ T30] ? schedule+0x90/0x320 [ 800.348764][ T30] schedule+0x14b/0x320 [ 800.354102][ T30] schedule_preempt_disabled+0x13/0x30 [ 800.390007][ T30] rwsem_down_write_slowpath+0xeee/0x13b0 [ 800.430185][ T30] ? rwsem_down_write_slowpath+0xa09/0x13b0 [ 800.450374][ T30] ? __pfx_rwsem_down_write_slowpath+0x10/0x10 [ 800.502974][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 800.530539][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 800.550217][ T30] ? __pfx_lock_release+0x10/0x10 [ 800.572472][ T30] ? rcu_is_watching+0x15/0xb0 [ 800.591027][ T30] ? trace_contention_end+0x3c/0x120 [ 800.610142][ T30] down_write+0x1d7/0x220 [ 800.614682][ T30] ? __pfx_down_write+0x10/0x10 [ 800.619609][ T30] ? rdma_net_to_dev_net+0x23/0x240 [ 800.644246][ T30] rdma_dev_exit_net+0x8e/0x350 [ 800.649194][ T30] ? __pfx___might_resched+0x10/0x10 [ 800.670957][ T30] ? __pfx_ppp_exit_net+0x10/0x10 [ 800.690732][ T30] ? __pfx_rdma_dev_exit_net+0x10/0x10 [ 800.710249][ T30] ? mutex_is_locked+0x12/0x50 [ 800.715162][ T30] ? rtnl_is_locked+0x15/0x20 [ 800.719895][ T30] ? cfg80211_pernet_exit+0xf0/0x140 [ 800.744259][ T30] cleanup_net+0x802/0xcc0 [ 800.748776][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 800.753787][ T30] ? process_scheduled_works+0x976/0x1850 [ 800.781263][ T30] process_scheduled_works+0xa63/0x1850 [ 800.800182][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 800.809116][ T30] ? assign_work+0x364/0x3d0 [ 800.813799][ T30] worker_thread+0x870/0xd30 [ 800.824230][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 800.830209][ T30] ? __kthread_parkme+0x169/0x1d0 [ 800.840517][ T30] ? __pfx_worker_thread+0x10/0x10 [ 800.845830][ T30] kthread+0x2f0/0x390 [ 800.850042][ T30] ? __pfx_worker_thread+0x10/0x10 [ 800.861298][ T30] ? __pfx_kthread+0x10/0x10 [ 800.867883][ T30] ret_from_fork+0x4b/0x80 [ 800.872383][ T30] ? __pfx_kthread+0x10/0x10 [ 800.892728][ T30] ret_from_fork_asm+0x1a/0x30 [ 800.897767][ T30] [ 800.900922][ T30] [ 800.900922][ T30] Showing all locks held in the system: [ 800.915361][ T30] 1 lock held by khungtaskd/30: [ 800.920375][ T30] #0: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 800.934203][ T30] 3 locks held by kworker/1:1/46: [ 800.939291][ T30] #0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 800.958000][ T30] #1: ffffc90000b67d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 800.972503][ T30] #2: ffffffff8fcd2d48 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0 [ 800.988898][ T30] 3 locks held by kworker/u8:3/53: [ 800.994078][ T30] #0: ffff88802de9b948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 801.011881][ T30] #1: ffffc90000be7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 801.032130][ T30] #2: ffffffff8fcd2d48 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 801.042051][ T30] 3 locks held by kworker/u8:8/4064: [ 801.053375][ T30] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 801.073134][ T30] #1: ffffc9000c3a7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 801.093803][ T30] #2: ffffffff8fcd2d48 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 801.103332][ T30] 2 locks held by getty/4997: [ 801.114384][ T30] #0: ffff88814c49d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 801.129696][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 [ 801.141765][ T30] 9 locks held by kworker/0:7/5318: [ 801.151851][ T30] 4 locks held by kworker/u8:1/14258: [ 801.158599][ T30] #0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 801.176381][ T30] #1: ffffc9000480fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 801.191346][ T30] #2: ffffffff8fcc61d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 801.209833][ T30] #3: ffffffff8fa42010 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_exit_net+0x8e/0x350 [ 801.219846][ T30] 7 locks held by syz.2.2885/14669: [ 801.231062][ T30] #0: ffffffff9a791398 (&rdma_nl_types[idx].sem){.+.+}-{3:3}, at: rdma_nl_rcv+0x32d/0x9e0 [ 801.241473][ T30] #1: ffffffff8fa4f230 (link_ops_rwsem){++++}-{3:3}, at: nldev_newlink+0x42a/0x640 [ 801.254176][ T30] #2: ffffffff8fa41e50 (devices_rwsem){++++}-{3:3}, at: enable_device_and_get+0x12e/0x440 [ 801.270164][ T30] #3: ffffffff8fa42010 (rdma_nets_rwsem){++++}-{3:3}, at: enable_device_and_get+0x2cd/0x440 [ 801.283840][ T30] #4: ffff88807c000f38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 801.301444][ T30] #5: ffff88807c001230 (&rxe->usdev_lock){+.+.}-{3:3}, at: rxe_query_port+0x61/0x260 [ 801.311291][ T30] #6: ffffffff8fcd2d48 (rtnl_mutex){+.+.}-{3:3}, at: ib_get_eth_speed+0x153/0x800 [ 801.327166][ T30] 2 locks held by syz.3.2904/14733: [ 801.332425][ T30] #0: ffffffff8fcd2d48 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 801.344095][ T30] #1: ffffffff8e7d1dd0 (cpu_hotplug_lock){++++}-{0:0}, at: unregister_netdevice_many_notify+0x5ea/0x1da0 [ 801.371861][ T30] 3 locks held by syz-executor/14741: [ 801.380552][ T30] #0: ffffffff8fcc61d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 801.395378][ T30] #1: ffffffff8fa41e50 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 801.409345][ T30] #2: ffffffff8fa42010 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 801.421857][ T30] 3 locks held by syz-executor/14742: [ 801.431042][ T30] #0: ffffffff8fcc61d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 801.443139][ T30] #1: ffffffff8fa41e50 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 801.456764][ T30] #2: ffffffff8fa42010 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 801.469877][ T30] 3 locks held by syz-executor/14745: [ 801.480057][ T30] #0: ffffffff8fcc61d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 801.492804][ T30] #1: ffffffff8fa41e50 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 801.505628][ T30] #2: ffffffff8fa42010 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 801.519425][ T30] 3 locks held by syz-executor/14747: [ 801.527275][ T30] #0: ffffffff8fcc61d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 801.540531][ T30] #1: ffffffff8fa41e50 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 801.552811][ T30] #2: ffffffff8fa42010 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 801.566566][ T30] 3 locks held by syz-executor/14749: [ 801.571997][ T30] #0: ffffffff8fcc61d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 801.590001][ T30] #1: ffffffff8fa41e50 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 801.607456][ T30] #2: ffffffff8fa42010 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 801.623709][ T30] 1 lock held by syz-executor/14756: [ 801.629155][ T30] #0: ffffffff8fcd2d48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 801.644660][ T30] 1 lock held by syz-executor/14757: [ 801.650012][ T30] #0: ffffffff8fcd2d48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 801.664216][ T30] 1 lock held by syz-executor/14760: [ 801.669555][ T30] #0: ffffffff8fcd2d48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 801.686469][ T30] 1 lock held by syz-executor/14762: [ 801.691842][ T30] #0: ffffffff8fcd2d48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 801.706234][ T30] 1 lock held by syz-executor/14764: [ 801.711684][ T30] #0: ffffffff8fcd2d48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 801.727581][ T30] [ 801.729978][ T30] ============================================= [ 801.729978][ T30] [ 801.741097][ T30] NMI backtrace for cpu 1 [ 801.745476][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc2-syzkaller-00501-gd677aebd663d #0 [ 801.756025][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 801.766126][ T30] Call Trace: [ 801.769527][ T30] [ 801.772493][ T30] dump_stack_lvl+0x241/0x360 [ 801.777223][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 801.782478][ T30] ? __pfx__printk+0x10/0x10 [ 801.787127][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 801.792147][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 801.797665][ T30] ? _printk+0xd5/0x120 [ 801.801866][ T30] ? __pfx__printk+0x10/0x10 [ 801.806522][ T30] ? __wake_up_klogd+0xcc/0x110 [ 801.811423][ T30] ? __pfx__printk+0x10/0x10 [ 801.816059][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 801.821135][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 801.827177][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 801.833212][ T30] watchdog+0xff4/0x1040 [ 801.837680][ T30] ? watchdog+0x1ea/0x1040 [ 801.842151][ T30] ? __pfx_watchdog+0x10/0x10 [ 801.846873][ T30] kthread+0x2f0/0x390 [ 801.850983][ T30] ? __pfx_watchdog+0x10/0x10 [ 801.855710][ T30] ? __pfx_kthread+0x10/0x10 [ 801.860351][ T30] ret_from_fork+0x4b/0x80 [ 801.864901][ T30] ? __pfx_kthread+0x10/0x10 [ 801.869533][ T30] ret_from_fork_asm+0x1a/0x30 [ 801.874363][ T30] [ 801.878252][ T30] Sending NMI from CPU 1 to CPUs 0: [ 801.883530][ C0] NMI backtrace for cpu 0 [ 801.883546][ C0] CPU: 0 UID: 0 PID: 5318 Comm: kworker/0:7 Not tainted 6.12.0-rc2-syzkaller-00501-gd677aebd663d #0 [ 801.883575][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 801.883587][ C0] Workqueue: events nsim_dev_trap_report_work [ 801.883615][ C0] RIP: 0010:lock_release+0x191/0xa30 [ 801.883646][ C0] Code: 00 00 4c 89 f3 48 c1 eb 03 42 80 3c 3b 00 74 08 4c 89 f7 e8 31 1a 8e 00 4c 89 6c 24 50 48 c7 84 24 b0 00 00 00 00 00 00 00 9c <8f> 84 24 b0 00 00 00 42 80 3c 3b 00 74 08 4c 89 f7 e8 19 19 8e 00 [ 801.883662][ C0] RSP: 0000:ffffc900000068d8 EFLAGS: 00000246 [ 801.883679][ C0] RAX: ffffffff93e3c6d0 RBX: 1ffff92000000d32 RCX: ffffffff81707dc0 [ 801.883694][ C0] RDX: 0000000000000000 RSI: ffffffff8c60fb00 RDI: ffffffff8c60fac0 [ 801.883707][ C0] RBP: ffffc90000006a18 R08: ffffffff901d082f R09: 1ffffffff203a105 [ 801.883722][ C0] R10: dffffc0000000000 R11: fffffbfff203a106 R12: 1ffff92000000d28 [ 801.883736][ C0] R13: ffffffff820b6857 R14: ffffc90000006990 R15: dffffc0000000000 [ 801.883751][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 801.883767][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 801.883780][ C0] CR2: 00007fe4d9668710 CR3: 000000000e734000 CR4: 00000000003526f0 [ 801.883797][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 801.883809][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 801.883821][ C0] Call Trace: [ 801.883828][ C0] [ 801.883836][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 801.883864][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 801.883893][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 801.883920][ C0] ? nmi_handle+0x2a/0x5a0 [ 801.883948][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 801.883974][ C0] ? nmi_handle+0x14f/0x5a0 [ 801.883993][ C0] ? nmi_handle+0x2a/0x5a0 [ 801.884013][ C0] ? lock_release+0x191/0xa30 [ 801.884040][ C0] ? default_do_nmi+0x63/0x160 [ 801.884068][ C0] ? exc_nmi+0x123/0x1f0 [ 801.884095][ C0] ? end_repeat_nmi+0xf/0x53 [ 801.884118][ C0] ? page_ext_put+0x97/0xc0 [ 801.884148][ C0] ? lock_release+0xb0/0xa30 [ 801.884178][ C0] ? lock_release+0x191/0xa30 [ 801.884207][ C0] ? lock_release+0x191/0xa30 [ 801.884238][ C0] ? lock_release+0x191/0xa30 [ 801.884268][ C0] [ 801.884275][ C0] [ 801.884286][ C0] ? page_ext_put+0x97/0xc0 [ 801.884308][ C0] ? __set_page_owner+0x671/0x800 [ 801.884330][ C0] ? __pfx_lock_release+0x10/0x10 [ 801.884365][ C0] ? page_ext_get+0x20/0x2a0 [ 801.884394][ C0] page_ext_put+0xa3/0xc0 [ 801.884418][ C0] post_alloc_hook+0x206/0x230 [ 801.884452][ C0] get_page_from_freelist+0x3045/0x3190 [ 801.884480][ C0] ? get_stack_info_noinstr+0x1a/0x130 [ 801.884512][ C0] ? deref_stack_reg+0x17c/0x210 [ 801.884534][ C0] ? __asan_memset+0x23/0x50 [ 801.884593][ C0] __alloc_pages_noprof+0x292/0x710 [ 801.884618][ C0] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 801.884653][ C0] alloc_pages_mpol_noprof+0x3e8/0x680 [ 801.884684][ C0] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 801.884711][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 801.884742][ C0] ? handle_softirqs+0x2c5/0x980 [ 801.884767][ C0] ? alloc_pages_noprof+0x43/0x170 [ 801.884792][ C0] alloc_slab_page+0x6a/0x120 [ 801.884813][ C0] allocate_slab+0x5a/0x2f0 [ 801.884833][ C0] ___slab_alloc+0xcd1/0x14b0 [ 801.884863][ C0] ? __alloc_skb+0x1f3/0x440 [ 801.884886][ C0] ? __alloc_skb+0x1f3/0x440 [ 801.884904][ C0] __slab_alloc+0x58/0xa0 [ 801.884932][ C0] __kmalloc_node_track_caller_noprof+0x281/0x440 [ 801.884959][ C0] ? __alloc_skb+0x1f3/0x440 [ 801.884979][ C0] ? __alloc_skb+0x1f3/0x440 [ 801.884997][ C0] kmalloc_reserve+0x111/0x2a0 [ 801.885019][ C0] __alloc_skb+0x1f3/0x440 [ 801.885041][ C0] ? __pfx___alloc_skb+0x10/0x10 [ 801.885066][ C0] synproxy_send_client_synack_ipv6+0x1ba/0xc30 [ 801.885099][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 801.885122][ C0] ? __pfx_synproxy_send_client_synack_ipv6+0x10/0x10 [ 801.885154][ C0] ? synproxy_pernet+0x45/0x270 [ 801.885174][ C0] nft_synproxy_do_eval+0x739/0xa60 [ 801.885195][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 801.885213][ C0] ? validate_chain+0x11e/0x5920 [ 801.885237][ C0] ? __pfx_validate_chain+0x10/0x10 [ 801.885264][ C0] nft_do_chain+0x4ad/0x1da0 [ 801.885286][ C0] ? nf_nat_inet_fn+0xa30/0xd10 [ 801.885309][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 801.885341][ C0] ? nf_nat_ipv6_fn+0x2cb/0x3e0 [ 801.885367][ C0] ? __pfx_nf_nat_ipv6_fn+0x10/0x10 [ 801.885392][ C0] nft_do_chain_inet+0x418/0x6b0 [ 801.885413][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 801.885430][ C0] ? nf_nat_ipv6_local_in+0x1cd/0x620 [ 801.885456][ C0] ? __pfx_nf_nat_ipv6_local_in+0x10/0x10 [ 801.885479][ C0] ? nf_nat_ipv6_fn+0x2cb/0x3e0 [ 801.885505][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 801.885523][ C0] nf_hook_slow+0xc3/0x220 [ 801.885556][ C0] ? __pfx_ip6_input_finish+0x10/0x10 [ 801.885577][ C0] ? __pfx_ip6_input_finish+0x10/0x10 [ 801.885597][ C0] NF_HOOK+0x29e/0x450 [ 801.885618][ C0] ? NF_HOOK+0x9a/0x450 [ 801.885636][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 801.885656][ C0] ? __pfx_ip6_input_finish+0x10/0x10 [ 801.885678][ C0] ? ip6_rcv_finish_core+0x1fb/0x410 [ 801.885701][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 801.885720][ C0] NF_HOOK+0x3a4/0x450 [ 801.885739][ C0] ? skb_orphan+0xae/0xd0 [ 801.885760][ C0] ? NF_HOOK+0x9a/0x450 [ 801.885779][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 801.885799][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 801.885824][ C0] ? __pfx_ipv6_rcv+0x10/0x10 [ 801.885844][ C0] __netif_receive_skb+0x1ea/0x650 [ 801.885871][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 801.885897][ C0] ? __pfx___netif_receive_skb+0x10/0x10 [ 801.885921][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 801.885949][ C0] ? __pfx_lock_release+0x10/0x10 [ 801.885977][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 801.886003][ C0] process_backlog+0x662/0x15b0 [ 801.886032][ C0] ? process_backlog+0x33b/0x15b0 [ 801.886062][ C0] ? __pfx_process_backlog+0x10/0x10 [ 801.886088][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 801.886117][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 801.886147][ C0] __napi_poll+0xcb/0x490 [ 801.886172][ C0] net_rx_action+0x89b/0x1240 [ 801.886209][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 801.886237][ C0] ? sched_clock+0x4a/0x70 [ 801.886269][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 801.886303][ C0] handle_softirqs+0x2c5/0x980 [ 801.886330][ C0] ? do_softirq+0x11b/0x1e0 [ 801.886355][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 801.886385][ C0] do_softirq+0x11b/0x1e0 [ 801.886408][ C0] [ 801.886415][ C0] [ 801.886422][ C0] ? __pfx_do_softirq+0x10/0x10 [ 801.886447][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 801.886498][ C0] ? rcu_is_watching+0x15/0xb0 [ 801.886520][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 801.886546][ C0] ? nsim_dev_trap_report_work+0x75d/0xaa0 [ 801.886573][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 801.886598][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 801.886623][ C0] ? nsim_dev_trap_report_work+0x6a7/0xaa0 [ 801.886648][ C0] nsim_dev_trap_report_work+0x75d/0xaa0 [ 801.886678][ C0] ? process_scheduled_works+0x976/0x1850 [ 801.886705][ C0] process_scheduled_works+0xa63/0x1850 [ 801.886745][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 801.886775][ C0] ? assign_work+0x364/0x3d0 [ 801.886803][ C0] worker_thread+0x870/0xd30 [ 801.886833][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 801.886856][ C0] ? __kthread_parkme+0x169/0x1d0 [ 801.886884][ C0] ? __pfx_worker_thread+0x10/0x10 [ 801.886910][ C0] kthread+0x2f0/0x390 [ 801.886927][ C0] ? __pfx_worker_thread+0x10/0x10 [ 801.886952][ C0] ? __pfx_kthread+0x10/0x10 [ 801.886970][ C0] ret_from_fork+0x4b/0x80 [ 801.886996][ C0] ? __pfx_kthread+0x10/0x10 [ 801.887014][ C0] ret_from_fork_asm+0x1a/0x30 [ 801.887049][ C0] [ 802.711951][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 802.718868][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc2-syzkaller-00501-gd677aebd663d #0 [ 802.729425][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 802.739526][ T30] Call Trace: [ 802.742835][ T30] [ 802.745796][ T30] dump_stack_lvl+0x241/0x360 [ 802.750522][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 802.755767][ T30] ? __pfx__printk+0x10/0x10 [ 802.760410][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 802.766796][ T30] ? vscnprintf+0x5d/0x90 [ 802.771177][ T30] panic+0x349/0x880 [ 802.775112][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 802.781318][ T30] ? __pfx_panic+0x10/0x10 [ 802.785856][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 802.791353][ T30] ? __irq_work_queue_local+0x137/0x410 [ 802.796945][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 802.802353][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 802.808554][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 802.814766][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 802.821065][ T30] watchdog+0x1033/0x1040 [ 802.825447][ T30] ? watchdog+0x1ea/0x1040 [ 802.829919][ T30] ? __pfx_watchdog+0x10/0x10 [ 802.834648][ T30] kthread+0x2f0/0x390 [ 802.838797][ T30] ? __pfx_watchdog+0x10/0x10 [ 802.843521][ T30] ? __pfx_kthread+0x10/0x10 [ 802.848235][ T30] ret_from_fork+0x4b/0x80 [ 802.852703][ T30] ? __pfx_kthread+0x10/0x10 [ 802.857327][ T30] ret_from_fork_asm+0x1a/0x30 [ 802.862153][ T30] [ 802.865531][ T30] Kernel Offset: disabled [ 802.869873][ T30] Rebooting in 86400 seconds..