last executing test programs: 3.16394983s ago: executing program 4 (id=315): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)=ANY=[@ANYBLOB="e0000000", @ANYRES16=r1, @ANYBLOB="01000000000000000000010000000800010000000000140004800500030007000000050003000100000008000200010000000800020001000000a00008801c000780080085000200000008000600000004"], 0xe0}}, 0x0) 2.942671553s ago: executing program 3 (id=318): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r0}, 0x38) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r0}, 0x38) 2.918912686s ago: executing program 4 (id=320): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff038}, {0x20, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10) sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0) 2.28190527s ago: executing program 4 (id=328): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001480)={0x44, r1, 0x1, 0x0, 0x2, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8}, @ETHTOOL_A_BITSET_MASK={0x8, 0x5, "4007032f"}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x24000010) 2.125193816s ago: executing program 3 (id=330): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700) pwritev(r0, &(0x7f00000004c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="db", 0xfffff000}], 0x3, 0x8040000, 0x0) 2.072596065s ago: executing program 4 (id=333): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) recvmmsg(r0, &(0x7f0000004400), 0x3fffffffffffff2, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0) 1.869266361s ago: executing program 1 (id=335): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x1c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x14, 0x18, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x8}}], {0x14}}, 0xa8}}, 0x0) 1.705460417s ago: executing program 1 (id=337): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000025c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x7, 0x0, 0x0) 1.658852456s ago: executing program 0 (id=338): socket(0x11, 0x3, 0x9) socket$kcm(0x2, 0xa, 0x2) close(0x3) 1.522556372s ago: executing program 1 (id=340): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000e80)=@raw={'raw\x00', 0x8, 0x3, 0xa50, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x9d8, 0xffffffff, 0xffffffff, 0x9d8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {}, {}, 0x73, 0x0, 0x0, 0x45}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x43}}, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1}}, [], [0x0, 0xffffffff, 0xff000000], 'wg1\x00', 'gre0\x00'}, 0x0, 0x888, 0x8b0, 0x0, {}, [@common=@unspec=@u32={{0x7e0}, {[{[{0x7fff, 0x1}, {0x8, 0x3}, {0xfffff7ec, 0x1}, {0xfff, 0xbd3626e1c8b1df09}, {0x5, 0x2}, {0xb34c, 0x3}, {0x2}, {0xe48b, 0x2}, {0x101, 0x2}, {0x5, 0x2}, {0x5}], [{0x400}, {0x6, 0x8001}, {0x401, 0x40}, {0x7fff}, {0xffffc1b1, 0x32de}, {0xfff, 0x8}, {0x2, 0x9}, {0x1, 0xbbca}, {0x83, 0x1}, {0x5, 0x7}, {0x3}], 0x1, 0x7}, {[{0x9, 0x3}, {0x6, 0x3}, {0x4, 0x3}, {0x1, 0x2}, {0x9, 0x1}, {0xfffffffa}, {0x0, 0x2}, {0x80000000, 0x3}, {0x80000001}, {0x8001, 0x2}, {0xff, 0x3}], [{0x7, 0x5}, {0x3, 0x6b6}, {0x4, 0x400}, {0x3}, {0x4, 0xfff}, {0x3ff, 0xe5d7}, {0x6, 0x3ff}, {0xa78, 0xffffffff}, {0xa9e1, 0x3}, {0x8, 0x1000}, {0xc7, 0xf385}], 0x6, 0x3}, {[{0x101, 0x2}, {0x9}, {0x3, 0x3}, {0x2, 0x3}, {0x48}, {0x9, 0x2}, {0x1, 0x2}, {0x7, 0x2}, {0x9}, {0x7, 0x1}, {0x0, 0x3}], [{0xfffffffb, 0x5}, {0x8, 0xa17}, {0x80, 0x4}, {0x8}, {0x3, 0x7}, {0x5e18, 0x7}, {0x4, 0x101}, {0x7, 0xfff}, {0xd, 0x7f}, {0x2, 0x2}, {0xfb3, 0xa94}], 0xb, 0x4}, {[{0x8, 0x1}, {0x4, 0x2}, {0x4e, 0xc781c4f1f9c1fa4f}, {0x8, 0x1}, {0x4e5, 0x2}, {0x3, 0x3}, {0x6, 0x1}, {0x7, 0x1}, {0x5, 0x2}, {0xfff}, {0x4}], [{0x9, 0x8001}, {0xffff, 0x4}, {0x7fff, 0xf}, {0x66d, 0x9}, {0x92, 0xb}, {0x3, 0x6}, {0x7, 0xfff}, {0x1, 0xff}, {0x1, 0x1}, {0x0, 0x8}, {0x1, 0xff}], 0xa}, {[{0x5, 0x2}, {0x7a3, 0x2}, {0x1, 0x3}, {0x100, 0x3}, {0x40}, {0x8d, 0x1}, {0x8, 0x3}, {0x9, 0x3}, {0x8, 0x2}, {0x1, 0x1}, {0x7}], [{0x854f, 0x6b}, {0x7, 0x7}, {0x6, 0x80}, {0x3, 0xffc00000}, {0x7}, {0x3, 0x6}, {0x2, 0xf17}, {0x25, 0x401}, {0x200, 0x84b}, {0x7fff, 0x80}, {0x3, 0x1}], 0x4, 0x8}, {[{0xc3d, 0x147d12363fe5c40a}, {0x64, 0x1}, {0xf, 0x3}, {0x5, 0x1}, {0x7fffffff, 0x2}, {0x5}, {0x2af0, 0x2}, {0x1bd6, 0x2}, {0x1, 0x2}, {0x7, 0x1}, {0x7, 0x2}], [{0x92b, 0x1ff}, {0x1, 0xf458}, {0x5, 0x3}, {0x84, 0x1}, {0xe923, 0x7fff}, {0x4, 0xe}, {0x3, 0x6}, {0xad3f, 0x59f}, {0x4, 0xfffffffc}, {0x6}, {0x5, 0x6f}], 0x9}, {[{0x8}, {0x2f, 0x1}, {0x7, 0x1}, {0x0, 0x2}, {0x3, 0x3}, {0x0, 0x1}, {0x1, 0x3}, {0x8, 0x3}, {0x7}, {0x2}, {0x2, 0x3}], [{0x101, 0x80000000}, {0x1, 0x9}, {0x40, 0xff}, {0x4, 0x2}, {0x5, 0x6}, {0x2, 0x5}, {0x0, 0x3}, {0xe, 0x5}, {0x6, 0x1ff}, {0xc, 0x7}, {0x1, 0x4}], 0xb, 0x7}, {[{0x8c, 0x1}, {0xd}, {0x10000, 0x2}, {0x8, 0x2}, {0x3, 0x3}, {0x0, 0x3}, {0x1ff, 0x1}, {}, {0xc, 0x1}, {0xf0f}, {0xf629}], [{0x4, 0x5}, {0x35f7, 0x1}, {0x401, 0xf6}, {0x94, 0xd16}, {0x8, 0x5}, {0x35, 0x4929}, {0x8001, 0x5}, {0x1000, 0x9}, {0x9f, 0x65}, {0x9, 0x4}, {0x9, 0xf0a9}], 0x1, 0x4}, {[{0x9, 0x1}, {0x9, 0x2}, {0x7, 0x1}, {0x4, 0x4adbb8db8b6f3087}, {0x3}, {0x3, 0x3}, {0x7ff}, {0x7, 0x1}, {0x10000, 0x3}, {0x0, 0x2}, {0x80000000, 0x1}], [{0xf767, 0x8}, {0xc, 0x5}, {0x9, 0x8}, {0x6, 0xb23}, {0x101, 0x4}, {0xfffffff7, 0xb98}, {0x10001, 0x8f}, {0x9, 0xa83}, {0xd, 0x1}, {0x4, 0xe00}, {0x7, 0x444}], 0x6, 0x4}, {[{0x2, 0x3}, {0x2}, {0x26914786, 0x3}, {0x3}, {0xd7f, 0x1}, {0x7fffffff}, {0xf}, {0x4, 0x2}, {0x8, 0x1}, {0x4, 0x3}, {0xe, 0x1}], [{0xb59, 0x6}, {0x4, 0x70c063f5}, {0x2, 0xfffffffe}, {0x5, 0x6}, {0x10000, 0x872}, {0x6, 0x8}, {0xffff, 0x7}, {0x7, 0x4}, {0x6, 0x10}, {0xfff, 0xa}, {0x81, 0x4}], 0xb, 0x4}, {[{0x200, 0x1}, {0x2, 0x3}, {0xa, 0x1}, {0x3ff, 0x1}, {0x7}, {0x1, 0x2}, {0x6, 0x3}, {0x7}, {0x92, 0x3}, {0x6, 0x1}, {0x7fffffff, 0x2}], [{0x3, 0xbbb9}, {0x4, 0x400}, {0xdec, 0x9}, {0x7, 0x1d}, {0x0, 0x9a}, {0x1, 0x7}, {0x1, 0xf580}, {0x4, 0x9f}, {0x2, 0x4}, {0x5, 0x7}, {0xfff, 0x1}], 0x5, 0x7}], 0x4, 0x1}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x8, 0xff}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0xab0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000000007000000017c00000400fc80a72601"], 0x26c0}}, 0x4010) 1.356435345s ago: executing program 0 (id=341): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) write$tun(r0, 0x0, 0x0) 1.332230713s ago: executing program 2 (id=342): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000040)=0x16, 0x4) 1.121344027s ago: executing program 2 (id=343): unshare(0x2c060000) unshare(0x24020400) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) 1.060054162s ago: executing program 3 (id=344): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x15) 969.593546ms ago: executing program 0 (id=345): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1e}, {0x85, 0x0, 0x0, 0x15}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 959.267466ms ago: executing program 1 (id=346): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@fallback=r0, 0xe, 0x1, 0x7f, 0x0, 0x0, 0x0, &(0x7f0000000180), 0x0, 0x0}, 0x40) 807.915244ms ago: executing program 2 (id=347): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001c40)={&(0x7f0000000c00)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10, 0x0, 0x0, &(0x7f0000001a40)=[@cswp={0x58, 0x114, 0x7, {{0x81, 0x37}, 0x0, 0x0, 0x497, 0x9c4, 0x9, 0x5, 0xc, 0x48}}, @rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0, 0xc}}], 0x88, 0x810}, 0x0) 769.497787ms ago: executing program 1 (id=348): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@newtaction={0x70, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_bpf={0x58, 0x1, 0x0, 0x0, {{0x8}, {0x31, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r1}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0) 682.169221ms ago: executing program 0 (id=349): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x60, r1, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x90}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010100}}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140) 630.741131ms ago: executing program 2 (id=350): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000009, 0x200000006c832, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xb}, 0x8}, 0x1c) 590.327797ms ago: executing program 3 (id=351): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x18, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x14, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x90}}, 0x0) 463.148043ms ago: executing program 0 (id=352): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000400)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000100)="3b000000010001", 0x7) 462.597675ms ago: executing program 1 (id=353): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x1d}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0xa, 0x20}, {}, {}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000200)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 347.871475ms ago: executing program 2 (id=354): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x2c, r1, 0x1, 0x0, 0x0, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x2c}}, 0x0) 322.164795ms ago: executing program 3 (id=355): sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x14}}, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$unix(r0, &(0x7f0000000100)=@abs={0x27}, 0x6e) 282.851499ms ago: executing program 4 (id=356): r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000005b80)={@loopback={0xfec0ffffffffffff}, 0x32, r1}) 193.007411ms ago: executing program 0 (id=357): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) ioctl$sock_netdev_private(r0, 0x89f0, &(0x7f0000000000)) 96.985706ms ago: executing program 2 (id=358): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={0x34, r1, 0x431, 0x70bd2c, 0xffffffff, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008010}, 0x0) 54.61233ms ago: executing program 3 (id=359): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000001440)=ANY=[], 0xc0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000040), 0x8) 0s ago: executing program 4 (id=360): socket$inet_tcp(0x2, 0x1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x8, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000000c0)={r0, &(0x7f0000000300), &(0x7f0000000000)=""/10, 0x2}, 0x20) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.35' (ED25519) to the list of known hosts. syzkaller login: [ 83.021338][ T5826] cgroup: Unknown subsys name 'net' [ 83.194387][ T5826] cgroup: Unknown subsys name 'cpuset' [ 83.203031][ T5826] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.934893][ T5826] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.970517][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.979228][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.988424][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.995815][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.004402][ T5843] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.014311][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.022357][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.030307][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.038204][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.069748][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.072626][ T5849] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.078119][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.091772][ T5849] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.101022][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.116770][ T5849] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.250492][ T5847] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.266866][ T5847] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.276021][ T5847] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.276209][ T5851] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.293690][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.303270][ T5851] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.312045][ T5851] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.320057][ T5847] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.328922][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.342151][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.626334][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 89.838774][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 89.896488][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.903925][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.911743][ T5840] bridge_slave_0: entered allmulticast mode [ 89.918835][ T5840] bridge_slave_0: entered promiscuous mode [ 89.933591][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.940824][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.948085][ T5840] bridge_slave_1: entered allmulticast mode [ 89.955802][ T5840] bridge_slave_1: entered promiscuous mode [ 90.054678][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.120073][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.160167][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.167359][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.175579][ T5844] bridge_slave_0: entered allmulticast mode [ 90.183201][ T5844] bridge_slave_0: entered promiscuous mode [ 90.241081][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.248271][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.256507][ T5844] bridge_slave_1: entered allmulticast mode [ 90.265055][ T5844] bridge_slave_1: entered promiscuous mode [ 90.304189][ T5840] team0: Port device team_slave_0 added [ 90.342354][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.354540][ T5840] team0: Port device team_slave_1 added [ 90.389996][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.426201][ T5855] chnl_net:caif_netlink_parms(): no params data found [ 90.439213][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.446328][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.473334][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.485149][ T5848] chnl_net:caif_netlink_parms(): no params data found [ 90.528700][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.535804][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.561824][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.659998][ T5844] team0: Port device team_slave_0 added [ 90.701160][ T5844] team0: Port device team_slave_1 added [ 90.754679][ T5858] chnl_net:caif_netlink_parms(): no params data found [ 90.795478][ T5840] hsr_slave_0: entered promiscuous mode [ 90.802361][ T5840] hsr_slave_1: entered promiscuous mode [ 90.820802][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.827794][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.855212][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.868898][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.876029][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.902085][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.987770][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.995029][ T5855] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.002698][ T5855] bridge_slave_0: entered allmulticast mode [ 91.010428][ T5855] bridge_slave_0: entered promiscuous mode [ 91.031704][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.038847][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.046359][ T5848] bridge_slave_0: entered allmulticast mode [ 91.054367][ T5848] bridge_slave_0: entered promiscuous mode [ 91.084433][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.092493][ T5847] Bluetooth: hci0: command tx timeout [ 91.098383][ T5855] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.105780][ T5855] bridge_slave_1: entered allmulticast mode [ 91.113338][ T5855] bridge_slave_1: entered promiscuous mode [ 91.142729][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.150091][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.157229][ T5848] bridge_slave_1: entered allmulticast mode [ 91.164607][ T5848] bridge_slave_1: entered promiscuous mode [ 91.179425][ T5847] Bluetooth: hci2: command tx timeout [ 91.185052][ T5852] Bluetooth: hci1: command tx timeout [ 91.262875][ T5855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.296365][ T5844] hsr_slave_0: entered promiscuous mode [ 91.303543][ T5844] hsr_slave_1: entered promiscuous mode [ 91.310491][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.318266][ T5844] Cannot create hsr debugfs directory [ 91.334116][ T5855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.365149][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.378776][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.420359][ T5852] Bluetooth: hci4: command tx timeout [ 91.420379][ T5847] Bluetooth: hci3: command tx timeout [ 91.422086][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.438735][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.446775][ T5858] bridge_slave_0: entered allmulticast mode [ 91.455078][ T5858] bridge_slave_0: entered promiscuous mode [ 91.521575][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.528795][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.538420][ T5858] bridge_slave_1: entered allmulticast mode [ 91.545922][ T5858] bridge_slave_1: entered promiscuous mode [ 91.556292][ T5848] team0: Port device team_slave_0 added [ 91.587738][ T5855] team0: Port device team_slave_0 added [ 91.616187][ T5848] team0: Port device team_slave_1 added [ 91.646319][ T5855] team0: Port device team_slave_1 added [ 91.730223][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.744475][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.754531][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.761997][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.788183][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.801073][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.808038][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.834356][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.915418][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.922875][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.948910][ T5855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.967894][ T5858] team0: Port device team_slave_0 added [ 91.974914][ T43] cfg80211: failed to load regulatory.db [ 91.982325][ T5858] team0: Port device team_slave_1 added [ 92.015027][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.022083][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.048987][ T5855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.157621][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.165150][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.192078][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.209181][ T5848] hsr_slave_0: entered promiscuous mode [ 92.215748][ T5848] hsr_slave_1: entered promiscuous mode [ 92.221915][ T5848] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.229521][ T5848] Cannot create hsr debugfs directory [ 92.267068][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.274168][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.300726][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.357086][ T5855] hsr_slave_0: entered promiscuous mode [ 92.363758][ T5855] hsr_slave_1: entered promiscuous mode [ 92.370207][ T5855] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.377779][ T5855] Cannot create hsr debugfs directory [ 92.467786][ T5858] hsr_slave_0: entered promiscuous mode [ 92.474182][ T5858] hsr_slave_1: entered promiscuous mode [ 92.484032][ T5858] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.491677][ T5858] Cannot create hsr debugfs directory [ 92.562216][ T5840] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.612674][ T5840] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.654247][ T5840] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.707724][ T5840] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.831186][ T5844] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.872834][ T5844] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.886241][ T5844] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 92.924607][ T5844] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 93.065873][ T5855] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.116404][ T5855] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.140609][ T5855] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.162522][ T5855] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.179728][ T5852] Bluetooth: hci0: command tx timeout [ 93.235504][ T5848] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.248748][ T5848] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.255807][ T5852] Bluetooth: hci2: command tx timeout [ 93.261753][ T5852] Bluetooth: hci1: command tx timeout [ 93.275668][ T5848] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.299920][ T5848] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.388841][ T5858] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.424166][ T5858] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.435726][ T5858] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.447727][ T5858] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.489963][ T5852] Bluetooth: hci4: command tx timeout [ 93.490440][ T5847] Bluetooth: hci3: command tx timeout [ 93.523631][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.546206][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.596092][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.623257][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.654866][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.662096][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.677736][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.694075][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.701382][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.744970][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.752142][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.764848][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.772002][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.840331][ T5855] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.867389][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.895617][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.907855][ T3511] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.915042][ T3511] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.943976][ T5844] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 93.954527][ T5844] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 93.977925][ T3552] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.985129][ T3552] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.006991][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.014176][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.064301][ T3552] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.071578][ T3552] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.203251][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.301233][ T5848] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.354094][ T5858] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.404987][ T3552] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.412239][ T3552] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.452880][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.460521][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.656761][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.797483][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.837096][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.989052][ T5855] veth0_vlan: entered promiscuous mode [ 95.063542][ T5840] veth0_vlan: entered promiscuous mode [ 95.086038][ T5855] veth1_vlan: entered promiscuous mode [ 95.134718][ T5840] veth1_vlan: entered promiscuous mode [ 95.174339][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.250140][ T5847] Bluetooth: hci0: command tx timeout [ 95.304011][ T5840] veth0_macvtap: entered promiscuous mode [ 95.324546][ T5855] veth0_macvtap: entered promiscuous mode [ 95.330769][ T5847] Bluetooth: hci1: command tx timeout [ 95.332521][ T5852] Bluetooth: hci2: command tx timeout [ 95.355110][ T5840] veth1_macvtap: entered promiscuous mode [ 95.380714][ T5855] veth1_macvtap: entered promiscuous mode [ 95.456680][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.493961][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.516879][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.529231][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.538116][ T5848] veth0_vlan: entered promiscuous mode [ 95.559179][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.569908][ T5852] Bluetooth: hci3: command tx timeout [ 95.570816][ T5847] Bluetooth: hci4: command tx timeout [ 95.587101][ T5848] veth1_vlan: entered promiscuous mode [ 95.608761][ T3552] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.618890][ T3552] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.629249][ T3566] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.655435][ T3566] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.666558][ T3566] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.696375][ T3566] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.706093][ T3566] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.742707][ T3566] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.783274][ T5844] veth0_vlan: entered promiscuous mode [ 95.811327][ T5844] veth1_vlan: entered promiscuous mode [ 95.852827][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.862716][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.942338][ T5848] veth0_macvtap: entered promiscuous mode [ 95.972250][ T5858] veth0_vlan: entered promiscuous mode [ 95.981650][ T3566] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.995586][ T3566] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.034534][ T5848] veth1_macvtap: entered promiscuous mode [ 96.046112][ T5858] veth1_vlan: entered promiscuous mode [ 96.087182][ T3552] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.096020][ T5855] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.117000][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.119742][ T3552] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.130524][ T5844] veth0_macvtap: entered promiscuous mode [ 96.154295][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.210789][ T5844] veth1_macvtap: entered promiscuous mode [ 96.244740][ T49] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.267181][ T49] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.303305][ T49] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.331688][ T49] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.384916][ T3535] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.402859][ T3535] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.406783][ T5858] veth0_macvtap: entered promiscuous mode [ 96.437772][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.458145][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.486295][ T5858] veth1_macvtap: entered promiscuous mode [ 96.575105][ T3552] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.594252][ T3552] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.614209][ T3566] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.645677][ T3566] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.704837][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.745299][ T3566] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.758958][ T3566] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.829006][ T5965] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8'. [ 96.841848][ T3566] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.851218][ T3566] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.862170][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.913448][ T3552] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.947807][ T3552] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.970987][ T3552] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.007180][ T3552] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.090185][ T3566] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.109592][ T3566] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.230300][ T3566] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.272520][ T3566] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.330792][ T5847] Bluetooth: hci0: command tx timeout [ 97.381341][ T3566] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.411409][ T5847] Bluetooth: hci2: command tx timeout [ 97.416915][ T5847] Bluetooth: hci1: command tx timeout [ 97.428804][ T3566] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.466449][ T5974] pimreg: entered allmulticast mode [ 97.505738][ T5974] pimreg: left allmulticast mode [ 97.608398][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.643325][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.652046][ T5852] Bluetooth: hci4: command tx timeout [ 97.658974][ T5852] Bluetooth: hci3: command tx timeout [ 98.041469][ T5988] rdma_op ffff88807bf5c1f0 conn xmit_rdma 0000000000000000 [ 98.538577][ T6005] netlink: 256 bytes leftover after parsing attributes in process `syz.3.23'. [ 98.571108][ T6005] netlink: 72 bytes leftover after parsing attributes in process `syz.3.23'. [ 99.236098][ T6026] netlink: 96 bytes leftover after parsing attributes in process `syz.1.34'. [ 99.337036][ T6026] vlan2: entered allmulticast mode [ 99.348215][ T6026] gretap0: entered allmulticast mode [ 99.394110][ T6028] netlink: 8 bytes leftover after parsing attributes in process `syz.0.35'. [ 100.666873][ T6076] netlink: 'syz.1.57': attribute type 2 has an invalid length. [ 100.952284][ T6088] netlink: 8 bytes leftover after parsing attributes in process `syz.4.61'. [ 101.277898][ T6095] tipc: Enabling of bearer rejected, failed to enable media [ 101.964575][ T6116] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 102.966060][ T6152] netlink: 4 bytes leftover after parsing attributes in process `syz.2.93'. [ 103.205779][ T6160] netlink: 8 bytes leftover after parsing attributes in process `syz.4.96'. [ 103.228646][ T6160] netlink: 8 bytes leftover after parsing attributes in process `syz.4.96'. [ 104.604044][ T6209] netlink: 8 bytes leftover after parsing attributes in process `syz.0.120'. [ 104.644568][ T6209] netlink: 4 bytes leftover after parsing attributes in process `syz.0.120'. [ 104.684528][ T6209] netlink: 'syz.0.120': attribute type 13 has an invalid length. [ 104.833229][ T6215] netlink: 'syz.4.123': attribute type 5 has an invalid length. [ 104.850247][ T6215] netlink: 'syz.4.123': attribute type 1 has an invalid length. [ 104.885370][ T6215] netlink: 199820 bytes leftover after parsing attributes in process `syz.4.123'. [ 106.416440][ T6272] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 106.718002][ T6285] Illegal XDP return value 32768 on prog (id 27) dev N/A, expect packet loss! [ 107.655343][ T6313] 2g,{: renamed from lo (while UP) [ 108.408691][ T6338] Bluetooth: MGMT ver 1.23 [ 110.082351][ T6383] netlink: 8 bytes leftover after parsing attributes in process `syz.4.200'. [ 110.226435][ T6386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.201'. [ 110.253837][ T6386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.201'. [ 110.487424][ T6393] tipc: Enabling of bearer rejected, failed to enable media [ 110.633998][ T6399] syz.4.207 uses obsolete (PF_INET,SOCK_PACKET) [ 111.152832][ T6419] netlink: 104 bytes leftover after parsing attributes in process `syz.0.216'. [ 111.423367][ T6428] netlink: 72 bytes leftover after parsing attributes in process `syz.2.221'. [ 111.688096][ T6441] netlink: 204 bytes leftover after parsing attributes in process `syz.0.227'. [ 111.709646][ T6441] netlink: 16 bytes leftover after parsing attributes in process `syz.0.227'. [ 114.165166][ T6527] netlink: 28 bytes leftover after parsing attributes in process `syz.3.267'. [ 114.859104][ T6550] netlink: 12 bytes leftover after parsing attributes in process `syz.1.280'. [ 114.882970][ T6550] netlink: 'syz.1.280': attribute type 2 has an invalid length. [ 114.893005][ T6550] netlink: 'syz.1.280': attribute type 1 has an invalid length. [ 114.942415][ T6550] netlink: 4 bytes leftover after parsing attributes in process `syz.1.280'. [ 116.771562][ T6621] netlink: 128 bytes leftover after parsing attributes in process `syz.4.315'. [ 116.802399][ T6621] netlink: 8 bytes leftover after parsing attributes in process `syz.4.315'. [ 116.872498][ T6627] netlink: 47 bytes leftover after parsing attributes in process `syz.1.316'. [ 117.898937][ T6659] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 118.090364][ T6664] netlink: 8 bytes leftover after parsing attributes in process `syz.2.334'. [ 118.116824][ T6664] netlink: 12 bytes leftover after parsing attributes in process `syz.2.334'. [ 118.542959][ T6675] netlink: zone id is out of range [ 118.579360][ T6675] netlink: zone id is out of range [ 118.584894][ T6675] netlink: zone id is out of range [ 118.623530][ T6675] netlink: zone id is out of range [ 118.651456][ T6675] netlink: zone id is out of range [ 118.667042][ T6675] netlink: zone id is out of range [ 118.672840][ T6675] netlink: zone id is out of range [ 118.690987][ T6675] netlink: zone id is out of range [ 118.721992][ T6675] netlink: zone id is out of range [ 119.233151][ T6694] netlink: 1 bytes leftover after parsing attributes in process `syz.1.348'. [ 119.858003][ T6716] ================================================================== [ 119.866132][ T6716] BUG: KASAN: slab-out-of-bounds in pause_parse_request+0x40/0x160 [ 119.874056][ T6716] Read of size 8 at addr ffff88805cb78c30 by task syz.2.358/6716 [ 119.881777][ T6716] [ 119.884115][ T6716] CPU: 1 UID: 0 PID: 6716 Comm: syz.2.358 Not tainted 6.16.0-rc2-syzkaller-00867-ga9b24b3583ae #0 PREEMPT(full) [ 119.884134][ T6716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 119.884143][ T6716] Call Trace: [ 119.884150][ T6716] [ 119.884156][ T6716] dump_stack_lvl+0x189/0x250 [ 119.884181][ T6716] ? __virt_addr_valid+0x1c8/0x5c0 [ 119.884196][ T6716] ? rcu_is_watching+0x15/0xb0 [ 119.884217][ T6716] ? __kasan_check_byte+0x12/0x40 [ 119.884233][ T6716] ? __pfx_dump_stack_lvl+0x10/0x10 [ 119.884254][ T6716] ? rcu_is_watching+0x15/0xb0 [ 119.884275][ T6716] ? lock_release+0x4b/0x3e0 [ 119.884295][ T6716] ? __virt_addr_valid+0x1c8/0x5c0 [ 119.884309][ T6716] ? __virt_addr_valid+0x4a5/0x5c0 [ 119.884323][ T6716] print_report+0xd2/0x2b0 [ 119.884342][ T6716] ? pause_parse_request+0x40/0x160 [ 119.884358][ T6716] kasan_report+0x118/0x150 [ 119.884373][ T6716] ? pause_parse_request+0x40/0x160 [ 119.884391][ T6716] ? __pfx_pause_parse_request+0x10/0x10 [ 119.884406][ T6716] pause_parse_request+0x40/0x160 [ 119.884423][ T6716] ? __pfx_pause_parse_request+0x10/0x10 [ 119.884438][ T6716] ethnl_default_set_doit+0x2c1/0xa40 [ 119.884460][ T6716] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 119.884478][ T6716] genl_family_rcv_msg_doit+0x215/0x300 [ 119.884495][ T6716] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 119.884513][ T6716] ? bpf_lsm_capable+0x9/0x20 [ 119.884527][ T6716] ? security_capable+0x7e/0x2e0 [ 119.884547][ T6716] genl_rcv_msg+0x60e/0x790 [ 119.884562][ T6716] ? __pfx_genl_rcv_msg+0x10/0x10 [ 119.884573][ T6716] ? ref_tracker_free+0x63a/0x7d0 [ 119.884591][ T6716] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 119.884610][ T6716] ? __pfx_ref_tracker_free+0x10/0x10 [ 119.884632][ T6716] netlink_rcv_skb+0x205/0x470 [ 119.884650][ T6716] ? __pfx_genl_rcv_msg+0x10/0x10 [ 119.884663][ T6716] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 119.884686][ T6716] ? down_read+0x1ad/0x2e0 [ 119.884712][ T6716] genl_rcv+0x28/0x40 [ 119.884733][ T6716] netlink_unicast+0x758/0x8d0 [ 119.884753][ T6716] netlink_sendmsg+0x805/0xb30 [ 119.884773][ T6716] ? __pfx_netlink_sendmsg+0x10/0x10 [ 119.884792][ T6716] ? aa_sock_msg_perm+0x94/0x160 [ 119.884811][ T6716] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 119.884828][ T6716] ? __pfx_netlink_sendmsg+0x10/0x10 [ 119.884846][ T6716] __sock_sendmsg+0x21c/0x270 [ 119.884863][ T6716] ____sys_sendmsg+0x505/0x830 [ 119.884885][ T6716] ? __pfx_____sys_sendmsg+0x10/0x10 [ 119.884908][ T6716] ? import_iovec+0x74/0xa0 [ 119.884923][ T6716] ___sys_sendmsg+0x21f/0x2a0 [ 119.884943][ T6716] ? __pfx____sys_sendmsg+0x10/0x10 [ 119.884976][ T6716] ? __fget_files+0x2a/0x420 [ 119.884990][ T6716] ? __fget_files+0x3a0/0x420 [ 119.885009][ T6716] __x64_sys_sendmsg+0x19b/0x260 [ 119.885029][ T6716] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 119.885053][ T6716] ? rcu_is_watching+0x15/0xb0 [ 119.885075][ T6716] ? do_syscall_64+0xbe/0x3b0 [ 119.885093][ T6716] do_syscall_64+0xfa/0x3b0 [ 119.885109][ T6716] ? lockdep_hardirqs_on+0x9c/0x150 [ 119.885125][ T6716] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.885138][ T6716] ? clear_bhb_loop+0x60/0xb0 [ 119.885154][ T6716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.885168][ T6716] RIP: 0033:0x7f13acd8e929 [ 119.885181][ T6716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.885193][ T6716] RSP: 002b:00007f13adc38038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 119.885210][ T6716] RAX: ffffffffffffffda RBX: 00007f13acfb5fa0 RCX: 00007f13acd8e929 [ 119.885220][ T6716] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 119.885229][ T6716] RBP: 00007f13ace10b39 R08: 0000000000000000 R09: 0000000000000000 [ 119.885238][ T6716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.885247][ T6716] R13: 0000000000000000 R14: 00007f13acfb5fa0 R15: 00007ffdf0c4a558 [ 119.885262][ T6716] [ 119.885267][ T6716] [ 120.267842][ T6716] Allocated by task 6716: [ 120.272171][ T6716] kasan_save_track+0x3e/0x80 [ 120.276856][ T6716] __kasan_kmalloc+0x93/0xb0 [ 120.281440][ T6716] __kmalloc_noprof+0x27a/0x4f0 [ 120.286335][ T6716] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 120.292399][ T6716] genl_family_rcv_msg_doit+0xb8/0x300 [ 120.297851][ T6716] genl_rcv_msg+0x60e/0x790 [ 120.302349][ T6716] netlink_rcv_skb+0x205/0x470 [ 120.307114][ T6716] genl_rcv+0x28/0x40 [ 120.311113][ T6716] netlink_unicast+0x758/0x8d0 [ 120.315894][ T6716] netlink_sendmsg+0x805/0xb30 [ 120.320673][ T6716] __sock_sendmsg+0x21c/0x270 [ 120.325355][ T6716] ____sys_sendmsg+0x505/0x830 [ 120.330215][ T6716] ___sys_sendmsg+0x21f/0x2a0 [ 120.334903][ T6716] __x64_sys_sendmsg+0x19b/0x260 [ 120.339861][ T6716] do_syscall_64+0xfa/0x3b0 [ 120.344376][ T6716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.350282][ T6716] [ 120.352610][ T6716] The buggy address belongs to the object at ffff88805cb78c00 [ 120.352610][ T6716] which belongs to the cache kmalloc-64 of size 64 [ 120.366496][ T6716] The buggy address is located 8 bytes to the right of [ 120.366496][ T6716] allocated 40-byte region [ffff88805cb78c00, ffff88805cb78c28) [ 120.380907][ T6716] [ 120.383243][ T6716] The buggy address belongs to the physical page: [ 120.389648][ T6716] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5cb78 [ 120.398408][ T6716] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 120.405962][ T6716] page_type: f5(slab) [ 120.409941][ T6716] raw: 00fff00000000000 ffff88801a4418c0 ffffea0000cfac40 dead000000000005 [ 120.418523][ T6716] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 120.427100][ T6716] page dumped because: kasan: bad access detected [ 120.433504][ T6716] page_owner tracks the page as allocated [ 120.439216][ T6716] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5844, tgid 5844 (syz-executor), ts 90752851309, free_ts 27052776419 [ 120.458498][ T6716] post_alloc_hook+0x240/0x2a0 [ 120.463262][ T6716] get_page_from_freelist+0x21e4/0x22c0 [ 120.468806][ T6716] __alloc_frozen_pages_noprof+0x181/0x370 [ 120.474617][ T6716] alloc_pages_mpol+0x232/0x4a0 [ 120.479467][ T6716] allocate_slab+0x8a/0x3b0 [ 120.483968][ T6716] ___slab_alloc+0xbfc/0x1480 [ 120.488642][ T6716] __kmalloc_node_track_caller_noprof+0x2f8/0x4e0 [ 120.495050][ T6716] kmemdup_noprof+0x2b/0x70 [ 120.499560][ T6716] mpls_dev_sysctl_register+0xbd/0x270 [ 120.505021][ T6716] mpls_dev_notify+0x357/0x7a0 [ 120.509785][ T6716] notifier_call_chain+0x1b3/0x3e0 [ 120.514900][ T6716] register_netdevice+0x1608/0x1ae0 [ 120.520121][ T6716] veth_newlink+0x5cc/0xa50 [ 120.524633][ T6716] rtnl_newlink_create+0x310/0xb00 [ 120.529744][ T6716] rtnl_newlink+0x16d6/0x1c70 [ 120.534428][ T6716] rtnetlink_rcv_msg+0x7cf/0xb70 [ 120.539372][ T6716] page last free pid 1 tgid 1 stack trace: [ 120.545169][ T6716] __free_frozen_pages+0xc71/0xe70 [ 120.550274][ T6716] free_contig_range+0x1bd/0x4a0 [ 120.555217][ T6716] destroy_args+0x7e/0x5d0 [ 120.559639][ T6716] debug_vm_pgtable+0x412/0x450 [ 120.564497][ T6716] do_one_initcall+0x233/0x820 [ 120.569260][ T6716] do_initcall_level+0x137/0x1f0 [ 120.574206][ T6716] do_initcalls+0x69/0xd0 [ 120.578616][ T6716] kernel_init_freeable+0x3d9/0x570 [ 120.583900][ T6716] kernel_init+0x1d/0x1d0 [ 120.588263][ T6716] ret_from_fork+0x3f9/0x770 [ 120.592903][ T6716] ret_from_fork_asm+0x1a/0x30 [ 120.597689][ T6716] [ 120.600014][ T6716] Memory state around the buggy address: [ 120.605658][ T6716] ffff88805cb78b00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 120.613725][ T6716] ffff88805cb78b80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 120.621793][ T6716] >ffff88805cb78c00: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 120.629851][ T6716] ^ [ 120.635482][ T6716] ffff88805cb78c80: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 120.643623][ T6716] ffff88805cb78d00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 120.651680][ T6716] ================================================================== [ 120.741468][ T6716] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 120.748738][ T6716] CPU: 1 UID: 0 PID: 6716 Comm: syz.2.358 Not tainted 6.16.0-rc2-syzkaller-00867-ga9b24b3583ae #0 PREEMPT(full) [ 120.760746][ T6716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 120.770832][ T6716] Call Trace: [ 120.774136][ T6716] [ 120.777088][ T6716] dump_stack_lvl+0x99/0x250 [ 120.781715][ T6716] ? __asan_memcpy+0x40/0x70 [ 120.786339][ T6716] ? __pfx_dump_stack_lvl+0x10/0x10 [ 120.791572][ T6716] ? __pfx__printk+0x10/0x10 [ 120.796198][ T6716] panic+0x2db/0x790 [ 120.800127][ T6716] ? __pfx_panic+0x10/0x10 [ 120.804581][ T6716] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 120.810533][ T6716] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 120.816885][ T6716] ? print_memory_metadata+0x314/0x400 [ 120.822377][ T6716] ? pause_parse_request+0x40/0x160 [ 120.827610][ T6716] check_panic_on_warn+0x89/0xb0 [ 120.832583][ T6716] ? pause_parse_request+0x40/0x160 [ 120.837816][ T6716] end_report+0x78/0x160 [ 120.842088][ T6716] kasan_report+0x129/0x150 [ 120.846625][ T6716] ? pause_parse_request+0x40/0x160 [ 120.851870][ T6716] ? __pfx_pause_parse_request+0x10/0x10 [ 120.857543][ T6716] pause_parse_request+0x40/0x160 [ 120.862611][ T6716] ? __pfx_pause_parse_request+0x10/0x10 [ 120.868275][ T6716] ethnl_default_set_doit+0x2c1/0xa40 [ 120.873682][ T6716] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 120.880020][ T6716] genl_family_rcv_msg_doit+0x215/0x300 [ 120.885574][ T6716] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 120.891649][ T6716] ? bpf_lsm_capable+0x9/0x20 [ 120.896334][ T6716] ? security_capable+0x7e/0x2e0 [ 120.901369][ T6716] genl_rcv_msg+0x60e/0x790 [ 120.905880][ T6716] ? __pfx_genl_rcv_msg+0x10/0x10 [ 120.910900][ T6716] ? ref_tracker_free+0x63a/0x7d0 [ 120.915933][ T6716] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 120.921837][ T6716] ? __pfx_ref_tracker_free+0x10/0x10 [ 120.927221][ T6716] netlink_rcv_skb+0x205/0x470 [ 120.931990][ T6716] ? __pfx_genl_rcv_msg+0x10/0x10 [ 120.937016][ T6716] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 120.942315][ T6716] ? down_read+0x1ad/0x2e0 [ 120.946738][ T6716] genl_rcv+0x28/0x40 [ 120.950732][ T6716] netlink_unicast+0x758/0x8d0 [ 120.955506][ T6716] netlink_sendmsg+0x805/0xb30 [ 120.960282][ T6716] ? __pfx_netlink_sendmsg+0x10/0x10 [ 120.965578][ T6716] ? aa_sock_msg_perm+0x94/0x160 [ 120.970534][ T6716] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 120.975852][ T6716] ? __pfx_netlink_sendmsg+0x10/0x10 [ 120.981158][ T6716] __sock_sendmsg+0x21c/0x270 [ 120.985843][ T6716] ____sys_sendmsg+0x505/0x830 [ 120.990617][ T6716] ? __pfx_____sys_sendmsg+0x10/0x10 [ 120.995917][ T6716] ? import_iovec+0x74/0xa0 [ 121.000434][ T6716] ___sys_sendmsg+0x21f/0x2a0 [ 121.005137][ T6716] ? __pfx____sys_sendmsg+0x10/0x10 [ 121.010361][ T6716] ? __fget_files+0x2a/0x420 [ 121.014950][ T6716] ? __fget_files+0x3a0/0x420 [ 121.019630][ T6716] __x64_sys_sendmsg+0x19b/0x260 [ 121.024574][ T6716] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 121.030038][ T6716] ? rcu_is_watching+0x15/0xb0 [ 121.034813][ T6716] ? do_syscall_64+0xbe/0x3b0 [ 121.039494][ T6716] do_syscall_64+0xfa/0x3b0 [ 121.043997][ T6716] ? lockdep_hardirqs_on+0x9c/0x150 [ 121.049195][ T6716] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.055260][ T6716] ? clear_bhb_loop+0x60/0xb0 [ 121.059941][ T6716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.065833][ T6716] RIP: 0033:0x7f13acd8e929 [ 121.070246][ T6716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 121.089852][ T6716] RSP: 002b:00007f13adc38038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 121.098276][ T6716] RAX: ffffffffffffffda RBX: 00007f13acfb5fa0 RCX: 00007f13acd8e929 [ 121.106254][ T6716] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 121.114239][ T6716] RBP: 00007f13ace10b39 R08: 0000000000000000 R09: 0000000000000000 [ 121.122296][ T6716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 121.130288][ T6716] R13: 0000000000000000 R14: 00007f13acfb5fa0 R15: 00007ffdf0c4a558 [ 121.138265][ T6716] [ 121.141581][ T6716] Kernel Offset: disabled [ 121.145919][ T6716] Rebooting in 86400 seconds..