last executing test programs: 30.776082002s ago: executing program 1 (id=4154): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b70200000a000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b70600007fffffff2d6405000000000065040400010000000404000001007d68b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e6d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e0ebc622003b538dfd8e012e79578e51bc5f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf01860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b803000000661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7b148ba532e6ea09c346dfebd38608b32a0080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e14861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16b089f37b3591a15c0a9be6eb18208404c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b74cd36e748fafa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f0844307df70f532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fda0f0a04935c3c90d3add8eebc8619d73415cda2130f50714600fb6241c6e955031795b2c2f56411e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0001002d8c38a967c1bbe09315c298774009d8c6a16c7da308bcc87dc3addb08141bdee5d2780cfef663ddeedd005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe00000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd805deb28c13c1ed1c0d9cae846bcbfa8cce7b893ebc68578af7dc7d5e87d44ff80800000034c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c568cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e80339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd52364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7dcf050000000000001491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c78974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000400000000000a5accf93bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9c46136a5755c47287eb00000000000000c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f3390343c12aa51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b179509bd9f263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fca4d97a0ae75ccf11e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35e9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff17320adda5867947257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a927de6f4c09f4b742e037381c85d2ec7bb2a8152f0d6a99a0370e0cbd65744eb2efd7b65f04aa7e72588757b9612bb4253a63bb303c0c68a07f115d104f2007237a4f771416741bfd63fdfe3ae6f8bea755d8b7202c2bbae137dc1c3cf40db74a4c1c219d8ddec8f91dae2cdea1353fe062830fa1d233296ec9d8317872257e154665485e7f31cdbfbf435517faf93015b57417d84b8bc8662e097d5ba55d02d48e150695ffae3a676555b10da11751865126d19336116a1e58ab727dda6b343cc97f9479136a66f552abf8fe3d134f6d69df1cffe6740f90735f66ca54fd87800b4bda4db5e68aaccf44d24e09f8a769e3ae7bf246673f15e3d1adae4384bdb7cd30a33e30466b421feb96006c810fd3830a1c75af2580727ffc604d2b04f476acc21419fad9b1baec88974da2db29b80859bde08b85c8086e4b7f1fd568042ad5396d3179c71b1dc43291e450ce9b8d7d80fcb44966d7ad4691a378700000000000000000000000000631ffc86fe0c8124536afbfc6300ee2c00000000000000000000000000000000000000000083a5765d06da91165d24bc316607e2d69344aa1c07ff7cd7bc3d17f122478b6e81077782b9c298edc2546045feff90e7aa7da88d2489fb000a4aa838f911c1a869fa55e979e033b7707df75b93cf5b8d25242741a88f2d54a7107375b25911aa11efa3a4f87fc14f180e353615b3cb9a5cf5ea843014a277c3694a5a83266f73ef039dd739187923715548d58ff43be997e35776e37c2b7772d0873369ba559e4a9ce9a7878a9a46f2a68adae0f3f5c0715b169ff053d8f5ab73d5f738b0edc71a287418ba45a14fd1ab423d9c392d010af2cf1356c6f78d563822afd3e8fb693ef3e1f1c02289e94b15a0a2a58e9c77a6d388004396baf8af32d0bd7fef1597b20e2eec0273012e344628a8ea5bd0a9da43078b95af7186d5bf36a2e31c0ee3e1ec6accd94b7e3b47e52681128c5b6fb2afbffaa52d53080f7ef112fdffffffffffffff0c1f7b4673fc5202bcc1159ba59b9b5c996079b6c2b9cc011470ce48b53c7339135e0a1e7c90b91a84cfaf95af6edc881ca69cb3d869fcd87a294447e3eb627923970281e28528348f9d0157c80ffd70dd45fc9ae550e191e9f88a1f15c2d997c217bb6d5d24e88d07837851b391ffcf3aa2183952ef4d68757c7511179f0984960b907016a4ad6ba19f89794b545f983e94a980f83794c277dd644651d721a0d0546b3e69b8530d9391068d67cfb4fe879c23933ec59d3e728113fdf3a28800512b9cef65523490caa4f5ec30ad6ded9879843ade683b3263197964e752ca77b966ae22e73a0cbbe549306e49d0e11662cf8bcccd8198ef44911ed6b86792086cc6c758d8c4a872041e58685d4134a5ee5063b4bb7e8035442b1cba567cfee96b3b858c9086c907ddddd16414545f1b94b34f081f3e6248699060d62f236b5204993cf42c180f757938a62b5f302cae4a4a7be523be2db61b74bab36d0e63e4469969482ada533c54bdc9c2ad0b7dce02c869e6c853f92d24823036f8b5f4a6f6f89e1a9cd003c714814277f32bd6d535dcc08c992f2938b2e265ff6bfbf38694255c367867d64c50b6f7f2fd131b5b30059ea2ed6bd2b887f808dee79a76d600883085436d79381d7a4a09c4d73f8046c72b206ae3b76429c719f80ab8ff65494f35a75916d81ce89b94ed2e07540d855ebb2e78bfbb354e29d6b905f2573bec68e340472006f3738f004c24edd7c538ad9f25bda4c443bc816a8fb38081adbf5a80f5cd6fde3aadd56a9283dfdcbf7fdd1b44e717c0b405b3261f19b1c38df6331df8e84619ef307875c893a8f0a436ccfb6319000000000000000000000000001f1c8231baae9e6b907826aa7431ee8ee9deb4db6dca3e4fa3df5cd4015a3771c25bff7d305689ff0a71d821fc6ee9d2d0069a6f4cb434e8183796f89825de4d251bbf526adcf572bd39c9817a51b50859c77eebd37709f0d65667a71700006103120886e81241c7186011c6949a9ef5eadb3ca1ba74d055196c80fe796f3550eef858d924ba6a93ea687720ffe78f1e2c98686d85575fbabee88e97d4dea9b7d8416d62f962b9202528fcc38eea7d2b4efca4e14fcbcc15e8"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) epoll_create(0x8) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x0) socket$caif_stream(0x25, 0x1, 0x0) socket$isdn_base(0x22, 0x3, 0x0) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8982, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$ax25(0x3, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0xa, 0x6, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010113b15000000000000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYRES32=r3, @ANYBLOB="08000100", @ANYRES64=r2], 0x40}}, 0x0) 30.691403851s ago: executing program 1 (id=4157): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xa8}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000200), 0x8) write$cgroup_int(r2, &(0x7f00000005c0), 0x12) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r4, r3, 0x2, 0x0, 0x4000}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000040)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0xa, 0x1, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0], 0x0, 0x9d, &(0x7f0000000180)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0x1b, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x0, &(0x7f0000000040), &(0x7f00000002c0)='GPL\x00', 0x5, 0xb6, &(0x7f0000000300)=""/182, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10, r5}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x7, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r5, 0xffffffffffffffff, 0x3f, 0x0, 0x0, 0x10, 0x40}, 0x70) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r7, r6, 0x2, 0x6, 0x4000}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0xd3}]}, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 30.519586353s ago: executing program 1 (id=4160): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f00000005c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700}, [@call={0x85, 0x0, 0x0, 0x29}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 30.367898332s ago: executing program 1 (id=4164): r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000002a80)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0, 0x0, 0x0, 0x40000}}, {{&(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000001600)=ANY=[], 0x208}}], 0x2, 0x0) 21.766878095s ago: executing program 1 (id=4164): r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000002a80)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0, 0x0, 0x0, 0x40000}}, {{&(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000001600)=ANY=[], 0x208}}], 0x2, 0x0) 8.639148289s ago: executing program 3 (id=4402): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000100)=[{0x30, 0x0, 0x0, 0xfffff034}, {0x80000006}]}, 0x10) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x6, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x45}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) socket(0x11, 0x800000003, 0x0) (async) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000002d80)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x6], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0xfffffffc}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}]}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r5, &(0x7f0000001800)=[{{&(0x7f0000000100)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c, &(0x7f0000001600)=[{&(0x7f00000001c0)="16", 0x1}], 0x1}}], 0x1, 0x0) (async, rerun: 32) sendmmsg$inet6(r5, &(0x7f0000000400)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000180)="d7", 0x1}], 0x1}}], 0x1, 0x0) (async, rerun: 32) shutdown(r5, 0x1) (async) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r5, 0x84, 0x78, &(0x7f00000002c0), 0x4) (async, rerun: 64) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) (rerun: 64) 8.243576276s ago: executing program 1 (id=4164): r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000002a80)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0, 0x0, 0x0, 0x40000}}, {{&(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000001600)=ANY=[], 0x208}}], 0x2, 0x0) 7.681712496s ago: executing program 3 (id=4420): r0 = socket$kcm(0x2, 0x3, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r2], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r5, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="010806000000000000000b00000008000300", @ANYRES32=r6, @ANYBLOB="0a000600080211000001000028005080110001004abee339084eeef16f162471f400000005000200000000000800030005ac0f00"], 0x50}}, 0x0) (async) sendmsg$NL80211_CMD_SET_REG(r5, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f00000008c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="020026bd7000fbdbdf251a000000964cba3b57b0216090e15e7fa44a5e6cb150bd95ff235e7d38c46b29564e83ee2acde99e6d39e041b7411327"], 0x14}, 0x1, 0x0, 0x0, 0x4000850}, 0x4008080) (async) getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000940)={0x0, 0xfff9, 0x6, 0x1, 0x7, 0xe}, &(0x7f0000000980)=0x14) (async) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_START_AP(r7, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="100029bd7000fcdbdf250f0000000500a310000000000500d5000000000008007e000a0000001c0034005bae13b4da49e79eecc0f6e7d17b8af2957ac12c37a093a5"], 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x4000010) (async, rerun: 32) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000000000000c"], 0x0}, 0x90) (rerun: 32) r8 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r8, 0x0, 0x0) (async) getsockopt$inet6_mptcp_buf(r8, 0x11c, 0x3, &(0x7f00000001c0)=""/207, &(0x7f0000000000)=0xcf) r9 = socket$kcm(0x10, 0x3, 0x10) (async) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r10, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) (async) listen(r10, 0xfff) r11 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff) (async) r12 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r12, &(0x7f0000000480)={0x0, 0xf00, &(0x7f0000000440)={&(0x7f0000000140)={0x30, r11, 0x1, 0x0, 0x0, {{}, {0x0, 0x4101}, {0x14}}}, 0x30}}, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r5, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000600)={&(0x7f0000000a40)=ANY=[@ANYBLOB="3edd7eb77629c3b499ab18786dd22a0781d6509e1b98e388c15ae6b85477860594fbd91133ddcb1b16b11b0d65acdeca887b8aaa64a9aabc70e8584f3b6b2a313e10b674f7d8e89f6c2c313a76990e43f20f4c13399818000225730507", @ANYRES16=r4, @ANYBLOB="330128bd7000fcdbdf25700000000c009900070000007c0000000a00060008021100000100000a00060008021100000000000a000600ffffffffffff0000"], 0x44}, 0x1, 0x0, 0x0, 0x20000080}, 0x4050) (async) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000000700)=ANY=[@ANYBLOB="0000000101008024d4e3455c7216da3484447f8a081f930884b55764ca84de3d0e7bc8d6f29cd84ba9408cf2351604f1724e10a8fcc3988de886d82375980e92a1ba2f8410b0677331bf6293af17222761aa1289e6a8f1d888f4809cdccfe135695630dcb6bad9b53d1d96f2f820a715ce709fcaa40a70dc4c98ebbe761c0eec46d4f50508215e72fc781a471b1a7c769a074f2d6388253cfdd4b0e37a788fbb7296ae39bb35439c66437fa3347adfaca46f74fbc95f1b070287096cc9bdc953ea637c118a68a8ddc03aa44e8aa8ca5dac063a052d0000008bb982eb4ec7e08b552a2807c00bbfbbb5369dd1e04690a1267e29e89d27673db50050419e278e6130000000000000ccb94db73118ae0e420400f7caf98b2aae92430ae8b475784a021e18bbd97d526cb8c94111daab5f9b4e31103a1175e50db2f5440b27a3c9f17cdd126eb40a73fc90521fc8d3913f14eac8f0f1dc5c53e5eb97d8694b17612c890346cab61e5a4a7ab6c304e0887d63ab328eed44ea5391f7e3adf127a07c4dd14bdfc029822f71cfc2ca0a23258fe8fc76dcd75554c935be063718380741560b39cc4336e008d0897193ea1e"], 0x114}], 0x1}, 0x0) sendmsg$kcm(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)}, 0x40008071) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r3}, 0x10) (async) sendmsg$inet(r0, &(0x7f0000003a80)={&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, 0x0}, 0x4008804) 7.404906697s ago: executing program 3 (id=4421): bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800000010003b1500"/20, @ANYBLOB], 0x48}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001500)={0x12, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x6}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='sched_switch\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000002c0), 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$inet6_sctp(0xa, 0x0, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x0, 0x4, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000d40)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000005fdb2971dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359ca9daf3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef682cc4375f594425d408ccc58187feb0e3d43347f989007a7c63f6dae682acb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259"], &(0x7f0000000080)='GPL\x00', 0x0, 0xa8, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x10}, 0x90) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) bpf$MAP_LOOKUP_ELEM(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000150600000fff070067070000200000006a0200000ee60000bf250000000000003d350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff3d53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a157f9005bd38addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf72a4de1c2ea17f04537fc211576846ac629d1d93265ba4580047a9dc88de358ce795731891a2031de4e09740c64e5506f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfadfe6d4421c49fb6641cbf56914e76702f673b586c767562a90a3967093b000e3806f825f1d0da2a304e06543b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fddd9a97677400ef0bd697d135324ce480c2960344de346bd511dea4ff7a07400b2d12dd1a8c4c300aee5f948777085ca142b79dfc3aca5fadaa0532ab0572169f68584ff2ee063bc7e75ecd5cc8973464629ba236e3ff97f6033d0800000000000000cef54a60aff12590a50ef147e3e640193d00263003a4ef412420a070dd0327e47c8c7abb77b4b53874788d7e2e5d554de4713db957afb56d4673f1b904c5a317d3670003000000183fb7d36e173044f4ab34"], &(0x7f0000000100)='GPL\x00'}, 0x48) socket$kcm(0xa, 0x6, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x35, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x7c}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x90) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001ac0)='cpuacct.usage_percpu_user\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10d, 0xa, &(0x7f0000000000)=r2, 0x4) sendto$inet6(r1, &(0x7f00000001c0)="c2", 0x1, 0x0, 0x0, 0x0) r3 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0) recvmsg$kcm(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000027c0)=[{&(0x7f0000000500)=""/4086, 0xff6}], 0x1}, 0x0) r4 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030031000b12d25a80648c2594f90124fc601006034002200600053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0xd000000}, 0x0) 6.903917478s ago: executing program 3 (id=4422): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4) unshare(0x2040400) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) splice(r2, &(0x7f0000000040), r1, 0x0, 0x800000000ff, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x3, 0x20008, 0x8, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0x0, 0xfffffffc}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r3}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) r6 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000280)={0xfffffffc}, 0x9) sendmsg$nl_generic(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x26, 0x12, 0xa01}, 0x26}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x68, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x30, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR_DATA={0x10, 0x5, 0x0, 0x1, [{0xa, 0x4, @remote}]}, @IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x3}, @IFLA_MACVLAN_MACADDR={0xa, 0x4, @local}]}}}, @IFLA_LINK={0x8, 0x5, r5}]}, 0x68}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r7}, 0x10) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1}) socket$nl_route(0x10, 0x3, 0x0) r9 = socket$inet_dccp(0x2, 0x6, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r11 = openat$cgroup_int(r10, &(0x7f0000000080)='pids.max\x00', 0x2, 0x0) write$cgroup_subtree(r11, &(0x7f0000000100)=ANY=[@ANYBLOB='-0'], 0x9) syz_emit_ethernet(0x3a, &(0x7f0000000700)={@broadcast, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @multicast1}, {0x0, 0x88be, 0x18, 0x0, @wg=@data}}}}}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r12, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) 6.511803866s ago: executing program 3 (id=4427): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000b702000000000000632af0ff0000000026090800000000007b9af0ff00000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000001500000076ffffffc39800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000580)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='mmap_lock_acquire_returned\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000080), 0x98) r4 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x550, 0x1c0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x480, 0xffffffff, 0xffffffff, 0x480, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x298, 0x2c0, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x4, 0x0, 'syz0\x00'}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5b0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000e100000000000000000c00010000000000950079334131fbd646fa000000000000d177a2eb9a7deae0acc8033c220ca0e620892c60a466ca9e62ea924317b6e2f1b87a30d73d4aaeac11a333"], &(0x7f0000000080)='syzkaller\x00', 0x4}, 0x90) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSMAXCID(r5, 0x40047451, &(0x7f0000000200)) ioctl$PPPIOCSFLAGS1(r5, 0x40047459, &(0x7f0000000100)=0x2000004) pwritev(r5, &(0x7f0000000080)=[{&(0x7f00000002c0)='\x00!', 0x2}], 0xa, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8}]}}}]}, 0x3c}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newlink={0x50, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE6={0x14, 0x7, @private0={0xfc, 0x0, '\x00', 0x1}}, @IFLA_GENEVE_ID={0x8, 0x1, 0x1}]}}}]}, 0x50}}, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r9}, 0x10) socket$netlink(0x10, 0x3, 0x0) 5.252198584s ago: executing program 3 (id=4438): socket$packet(0x11, 0x0, 0x300) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000380)=0x6, 0x4) sendmmsg$inet6(r0, &(0x7f0000000740)=[{{&(0x7f0000000100)={0x2, 0x4e21, 0x6c, @empty}, 0x1c, 0x0}}], 0x300, 0x0) 2.065920574s ago: executing program 0 (id=4458): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x90) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000000c0)=[@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x2d}}]}, &(0x7f0000000180)=0x10) socket(0x2, 0x80805, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x14, 0x4, 0x4, 0x2}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r2, &(0x7f00000001c0), 0x20000000, 0x2}, 0x20) write(0xffffffffffffffff, &(0x7f00000000c0)="24000000200099f0000000000000000002", 0x11) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="021380ee02"], 0x10}}, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0) sendmmsg$inet6(r0, &(0x7f0000002bc0)=[{{&(0x7f0000000040)={0xa, 0x4e21, 0x0, @mcast1, 0x8}, 0x1c, 0x0}}], 0x1, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002ac0)=ANY=[@ANYBLOB="b80000000000000004010000010000008be5f176d9a07c398e7c9ec688e71baf631c9b6a2b0410e521314675ace4d88298fbdc54d37a6d8ba69814c3521305b6195c7b9b0f31fd9e1c7516b1a8a7d592dd5f8f9750ea12355106fb2a55d00325c962495bfdb74ed51cd1c2d35e1254833ccabfa57af6066a832f278715d516013423f1fb21c702fd51668999cf76bf13e67883bb84aefede5ece748b2d6dc64aaeedf4956f0671018e6194072f03d6e4b9d7fc4600000000b0000000000000001100000026c5dc45a50a92e7f52f52e7f75597aa432fec272ab48aa0df9ca7499c64fbd952b66a0634305f68b6dcbfa48469a2711730ff4a4afe5fc2a0004507d0fe2241605adeb30532ab387a993daa3bc696a6cee314b681607d2d53c9cfa81435fe01df7c282af00ee74999a665f1d0fa17434ca0b09f4a6947fc7b5fcd7a84cccea30659854d2e1f8375a24a273b126d5839bd059f7996de9b0deb9d4e8ebd8aba9363000000680000000000000004010000f9ffffff085f4bb43340a4d44b45e6a3a95f4ee31f663785ee6f83e5bd008f39a6125ea1221198addd7f23fdb4d29b6bda05dff7203823d1cc0dbdf60b4ad6de79d8125b308b0d32dc4b76c50136707141fcacaf22fee78e9f33c70038000000000000009601000006000000180ed33962ebb765e2ce47f59cc70375d4147775f91007092ecd6dfe5d69b4a597991e871aee0000d8000000000000000d01000002000000b013141c7538b8c3ab966c3f609377e4cd1e1751f6e290bb7a718e02b8006d06951c7a735fcd8fc46d9d12e7c962b91e221efb3126ebf33a5c44ce98495d706a970daf0d4553d2b8a7d17e18da6606b371377bced774c90b1f52ab8ddbff043e0be938c9322b6375b90a37ee24d3c321dd9ea4ff77b81e90476664975d3f3f7649f688ca909559cc4a0f08876a5f3a907bfcc54caa736575259d63f6dc9e98c3039909f67bf5a9c8dff864a96d4d8e5c34e913cade0e85855b1058a5adc021feeebe475ecd6f8281f0000000000000000701000006000000d15bc5fc77caba3e58cbda89ee1a0c259fec8486dba1e22e6d20828824d3f2d5436d9c3476f4181beb52fe24ab089aace9aff58560f44f4a916db0f3613b398ecc1fe8b27b3a74f7dc069d09cbc24d6a38ee382766bda17a29e3b4f7a674b921bdfc328b9ec0547deefe921886d8fbbad5ab5496ac7375cde2945cd02c370ef4151552f5f9082b5dcbdf98b1ececd0b879123a5fb2ee35c0445d5f826c5eb30872476162769986601915e1ab6a774409f048b235d493061436a8a98672c55655451461286f51698dd5987fbd061d460300000000000000036f727d33000000001010000000000000ff000000f2ffffffb58aafc7a5e52d22e76dd03a8f50fc7af80508a1981d9641edd6b90700ab95c1bb885074cd7e7c7ef36d5ea95449de3b0c9d76f4c820eb1cbf25a858a7afa025796a59669dab043073f9a96753408ee1ed896f96ed04475b0baddc13ff271765519e16a5badd6dcdb3c19c6b846e4ed5452cb5189ffcb055f0531af6aeb23d412d58880c1ee9b231c40561580bbfb2e6a3a32ab1a46015a82a0872013c2de738ac5d0ce34053832dcdd9fd8c66478cf043c466d0043ec79b0aceb5d140f0eec0b163f49ee7d212d6010bcfff898050c2d23303c966a86bf5e4830f79a32c5072a712409422d29ca818cd09f9ee6943f4db4cf1f481ec1d6151c800105a707e0274b1881d0ab86983e8af396e93315b19bad7674e6ba45de54078b4379e27ae3cb96f4ffe2a62ae2b9aba20c90f8815f5fb4c034d3a1a29efe36892fc0d4a257cd3d0a10ffdbe9be1c68805a0bc501dedb3d69f437a688a13b6f955b9bff8ed4f03ec772ddd4bd2b7dd8cbf1825db269e278cc582c296afc992b0386625c3c719b0cf1acf24c49c9dda762fbcd8dd205ec4b57c5cfe"], 0x14d0}, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) bind$unix(r5, &(0x7f0000003000)=@abs={0x1}, 0x4f) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r7) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="410000000000000000030603000014000300024d301e0e50001806e8ffffffffffff08000700263a0906140002"], 0x44}, 0x2, 0x1000000}, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00'}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r4, r9, 0x2, 0x0, 0x0, @prog_id}, 0x20) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@cgroup=r4, 0x2, 0x0, 0x0, &(0x7f0000000280)=[0x0], 0x1, 0x0, &(0x7f00000014c0), 0x0, 0x0}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000300)=ANY=[@ANYBLOB="b4060000000000007111b7000000000095000000000000008500000000000000950000000000000095000000000000001a8f3c6f7401829076d83a75"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe}, 0x90) 1.952677458s ago: executing program 2 (id=4459): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="8e"], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f00000000c0)={0x0, @local, @local}, &(0x7f0000000140)=0xc) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@ipv6_getnexthop={0x20, 0x6a, 0xf5715ac9c25cb36b, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r2}]}, 0x20}}, 0x0) socket(0x2, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet6_tcp_int(r3, 0x6, 0x22, &(0x7f0000000180)=0x1, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180200000000000000000000000000008500000041000000850000007d00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$FOU_CMD_ADD(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x24, 0x0, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x24}}, 0x0) sendmsg$FOU_CMD_DEL(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, 0x0, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x1c}}, 0x0) 1.856074206s ago: executing program 0 (id=4460): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000440)='GPL\x00'}, 0x80) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$SMC_PNETID_ADD(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0103000000000000000001"], 0x34}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000040000000000", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}}, 0x0) bind$vsock_stream(r4, &(0x7f0000000080)={0x28, 0x0, 0x2710, @host}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x19, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a}, 0x20) 1.855517625s ago: executing program 4 (id=4461): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="60000000020601030a000000000000000000000014000780060004404e210000effd05400000000005000400000000000d000300686173683a6e657400000000050005000000000005000100060000000e0003006269746d70703a6970000000"], 0x60}}, 0x0) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)={0xd4, 0x3, 0x1, 0x101, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x3}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x1}, @CTA_TUPLE_ORIG={0x5c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x95}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @broadcast}}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}]}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_MARK_MASK={0x8}, @CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @empty}}}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000000306033f000000ffffffffbfffffff000500010007"], 0x28}}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x42400) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r3}, 0x10) socket$kcm(0x11, 0x200000000000002, 0x300) r4 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)="39000000140081ae10003c000500018311001f9f660fcf066505acb612f691f3bd3508abca1be6eeb89c44ebb37358582bdbb7d553b4e92155", 0x39}], 0x1}, 0x0) recvmsg$kcm(r4, &(0x7f0000001040)={0x0, 0x0, 0x0}, 0x0) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000400), 0xffffffffffffffff) r6 = getpid() write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000180)=r6, 0x12) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x24, r5, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_PID={0x8, 0x1c, r6}]}, 0x24}}, 0x4000040) getsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f0000000040), &(0x7f00000000c0)=0x4) 1.714148511s ago: executing program 2 (id=4462): socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000200)) socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000095c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000009a00)={0x0, 0x0, &(0x7f00000099c0)={&(0x7f0000009940)={0x3c, r3, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x3}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x3c}}, 0x0) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000d40)={0x0, 0xa00, &(0x7f0000000080)={&(0x7f0000000c80)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100fdffffffffffffff0200e7ff0b0001800500020003"], 0x20}}, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r4 = socket(0x40000000015, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) bind$inet(r4, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000140)) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x0, 0x0, 0x0, 0x2, 0xc3, &(0x7f000000cf3d)=""/195}, 0x90) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) 1.375454563s ago: executing program 0 (id=4463): r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001400)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000004600)=@newtfilter={0x5c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0xc}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x4d}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1}]}]}]}}]}, 0x5c}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x1400) 1.102408326s ago: executing program 4 (id=4464): syz_emit_ethernet(0x66, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffff0180c200000086dd6012000800303a00fe80eeffffffffffffff0000000000bb"], 0x0) (async) r0 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) syz_init_net_socket$rose(0xb, 0x5, 0x0) (async) syz_emit_ethernet(0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="0a9d2e78d5fb6fd9381923d6577357a31ec21f15015b32e5f3135ca1dc196e2127edbed5c2c0767692cbc299f26a9e7ccf9906636a8b32e4f0bd4cc0583723ec09e5fb7a7a907a9a5d9f1cfbcf031b6797bb0a4771eaf1"], 0x0) 1.101539235s ago: executing program 2 (id=4465): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0xf1ffffff}, 0x0) 1.100315717s ago: executing program 2 (id=4466): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x2, &(0x7f0000000200)=@raw=[@call={0x85, 0x0, 0x0, 0x89}, @exit], &(0x7f00000008c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x100, 0x70bd27, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0xff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x801}, 0x4) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x40, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IE={0x11, 0x2a, [@random={0xdd, 0xb, 'abcdefghijk'}]}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ap_ssid}]}]}, 0x40}}, 0x0) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}, 0x36) r2 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000780)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xfff}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0xa0f15a6d21a68a81, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x7f}, 0x1c) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x9e}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_80211_inject_frame(&(0x7f0000000280)=@broadcast, &(0x7f00000002c0)=@ctrl_frame=@cf_end_cf_ack={{}, {0x7}, @device_a, @broadcast}, 0x10) 1.099593326s ago: executing program 0 (id=4467): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='nv\x00', 0x3) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0x2d}, 0x1c) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d) sendfile(r0, r1, 0x0, 0x8000002b) r2 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000023c0), 0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000380)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000008000000000003b0000202500030099d10d9d25c8a2fe7207020361f6342c87e0a19952c465d11336ece9566b068fb5043f58e0ec075a993a78b9fe298f0870268454392fd9d7dc4264aa448300882c2875f38d5f", @ANYRES32=r5, @ANYBLOB="26003300d00000000802110000010802110000005050505050500000090425030000003e01000000"], 0x44}}, 0x0) socket(0x11, 0x80a, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32, @ANYBLOB="00000000000000001400128009000100626f6e64000000000400028010001a"], 0x44}}, 0x0) syz_init_net_socket$netrom(0x6, 0x5, 0x0) 1.025024124s ago: executing program 4 (id=4468): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0x3, &(0x7f0000000000)=0x7, 0x4) syz_emit_ethernet(0x46, &(0x7f0000000300)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @private, @loopback}, '\x00\x00\x00A\x00\x00 \x00'}}}}}, 0x0) 938.903755ms ago: executing program 4 (id=4469): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000024c0)={0x14dc, r1, 0x800, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x1782, 0x53}}}}, [@NL80211_ATTR_IE={0x1a, 0x2a, [@ibss={0x6, 0x2}, @mic={0x8c, 0x10, {0xd9a, "548b9702eb37", @short="202c053890cb09c1"}}]}, @fils_params=[@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0xd}, @NL80211_ATTR_FILS_ERP_RRK={0xe2, 0xfc, "a8be57c7bd6e8d4cce3f32e345c205a5ddd4f707ce3ad4799370cd94a20dd81fa8dec27c256563f2222b145dedfec67d29c7000103598cfef376dcedde9c84984ccb102e4c72cdb25341b7909805aaf907fecf29737947b337225c1970c3b01cf44490f0264370722921a883053635035c02af74ffbf636798eedcbe1b16afbb3b66c0fbfd4e13bbc84ce94a8315535da00d144603b9dd6777c314edbced63251efa3cb41ab804b874cc171c4b1cc378734b0f63df3c998b4b8bcc14cd4c9252c7e039aabe2a4d6bb0e8546a98d8e44437824570a881e46c8a7be84208c5"}, @NL80211_ATTR_FILS_ERP_REALM={0x78, 0xfa, "50326d2331fb1dcee7ab0fb739fa5e3b5cb04020beaeb310ed5c201b01d68731e347eae91e3756dfa1aabd123b879376be14a68def8ca7c3646454b8e281e2e58c4bc20a19f4bc3818c86acdfefbc0fda59ea602f61a914b84476d7c60f3d2ded1afa188855faf5e9d26366bd19aaef935e9212d"}, @NL80211_ATTR_FILS_ERP_USERNAME={0x14, 0xf9, "5e23eeecc2196dc6cd0fde786dd6dd45"}, @NL80211_ATTR_FILS_ERP_REALM={0x5b, 0xfa, "14765f46b8aa96fa350bbb7adfe231cca472dc80a1b4943cbf4bd884c28ce1c6a93844e3efe23bed3afb595c4adb341005560dbb837fbfb44167aa69c08fd2621b38dd13dab8df96f52213d20a5aa320d81ec1c8994aea"}, @NL80211_ATTR_FILS_ERP_REALM={0xb8, 0xfa, "f69296b20d35381762253a221a4c671ceffd04003cd7c3a571d792f378158b9ffe0a629fbce74bbee7d67fcd89e76c860a77fc52c55ade49852df55f241e274e763b4f12ca0af10de661bee3678b863414725795c023bf67461a2df35a899b130eb110b2c8e50a99d711c3b0cb56042995a434c6caab3b86e69b0d1d1d82b8e7ca848148f346109d46cc3a5104de2a28616b67c336ef6caf0525134ca35b321af6bafdede7593edc721a7baefdee4aaa4fe7c0bb"}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x7f}, @NL80211_ATTR_FILS_ERP_REALM={0x5c, 0xfa, "a266535d8e9331c05897a495f1d854935b8c859b7f7a40983402572b734fad57b98e30179cef82655d5beff9b1b516d28d62ffbc5ebe16cbf87f16827e5a62843fb6afa5576601ece0e0dcb8aff3e0aa6dd6822262e63a8e"}, @NL80211_ATTR_FILS_ERP_RRK={0x4}, @NL80211_ATTR_FILS_ERP_RRK={0xdb, 0xfc, "932ec4f518960fc75318c3675730b462da33f24345fd337ceaeab396de11e5aa5e527a88b2ecff61f834669c7d7af346777f39a3279e0dcba5bdf43c014a9fa7a94ee0245a7dfae7885ee47dd5fae02768bebcd36704506364f15574e6895aee96d3f72e381f593f19aecc6c31117e677ce877f8634066bd9e1f800e50257c14726a8a670585dd15008206c0f8004dfb148be2e57bfbe90aa7f58566bdfdb31ca69adf023d13295458b2942ce127c502bc2cb9672b2931528e26c275c0d9ae65ebc777bef657f043ee8dbc7424c86ca88572cdc8d0452f"}], @fils_params=[@NL80211_ATTR_FILS_ERP_REALM={0xf04, 0xfa, "aa5259f32187725ef8b34afed560c058643a94254cc564a3689a769d19ee51c5645d4f2035e7db0535b073f90cef23371a97476f2ca081579f9ab633fc446b0b6c427028155718078d1f0ac2d257a7aa30949a7720fdaaa0f5f38fe774d2b692556bb2a254ef8fbbfdc8a9bd3114c4f0117e3c415839e61cf9f2eafea06521b8c8fde78c46bad48b5bdb61441acec4d2e01c8c331c4c606dd07b68c09677231f65c83accde83ea757b30f6b541320f8cc32f9f5ee5f1a198ebc61034cfa5039a240cd73bad3b80247fafdbbb4f12f98499b8b3b7fc85f6faf3d9dafa8873f1c40ccef77dbe45555293bef6eaf8642d88b38afe141b1a2972e6feeb7ba4cd63a4dfc20120cab61aef7e9816c4d124bc2e3041e71aa65709ed3fdd3ea3a13cb31de7f76b547ee469f99540ef0af9a574ec44de9ee755383e0779855dcab29a1f3bd30a19accd888f7b0854b088c15e4427692a583c21946d9a85e8828e0288074c029795865701d96350e9d339544a54d8f43ca540210e490a1ef07f8b26e5af9c8340423259ef49ae7011b55256d1198493fcf02bd143ed5075458ef7222bb46f31339714e5084bc16605e2053e116a6997e402def37d91b61b382533b78cd1b736110fc3b962eb88204aaa8e0aca862a02e3c8aaa3b28be48970044fa1d96de81a6dafe1f01cde3614a1a5462c9af15840f546efe1ffac13f1b23e053a1ee142fb1e146619a0f73e726905ab73a41b5eb96ba5e69cc6a02596731d7d82ced7d9d5ca21e958ba805d46f1726b84c801b6da13b1d280a716bb88bc0364cbd253d9d70c565ddeac2982f50642d2ef7b07c8c146d7e17d12b740d0111f3cba9578ee79c31e7ac494f3664ed0e658efc2e16c8696bde24cbba541fec787ed27a50fb836445ddb28fd147fba91e98b7b491cc933cbb06ed3db46e8482645b296c1dc86c604240582e94a7b708007604fc9d6e504ccaab71290a941b4f5ec56d7f4a3c0d5498656ce83388e7fc4f556477c7ce335735367fd9f7ee47b0b484af32c834f28ea6f0e65773ee7bfeab41f1e66ab4d04a7a0cb2e5089afb17c623cbd4fba57217bc12473cb742743e7687f374aaba4719a7df957ba38e304839ed450763e406a91a753211dea1fd5722f6d8f7b52719188821d6f4eb5743720ecfbde768d0e84d1906f18d5f9a9797fa6fbc9f85b0764d6207177071f1081e081e6a05220e78ac267a198980135d8e6d6f06177c3a83061ddc5d1cd8132438c748794a3e0c963f2eb3bc7b5b53a82eed180939b925497d52cb21467058d05185b9c269b85f0d34d787df662564e3df8af0710dae846b11e40469af084cf63f30e0ae95616d87c9a5201b9ebf4f92b882f41a02bcd98fc7a8aa865188d567efe4f1c3cf619ff2378a5ad57464deff6315d9f1c0cb0164b1915415152c8b32c4ee1d64ad3d5dd819cbc86d47a12f0b49481a04e28b8513c235ab5a20481905f681a1f0b0901e1b6805e365c4343592daf11a89ed7a14024333c4a05ad02748fdac2d146fd636ddf416a733a4e84c916dc661895d0cfce04cbc0726ec4e9eb5cb884e11aab3a5626783d3a126e469179868cf58bbbb0d9532fa8046738bd98a9f66358bf39509873514b3680512bc823b6f7f8509659badd14c46be2dd713df785529c53e7756960ed320b5f3de9fa9447ea4a182e634636ab2ff58faea327605c35699c89c96209d09804da8d56d2a04a4cfecdcbc29c6f397c9fbd5e2df2c1b27657e7afe404dd5956b3a67a9748e8688acb6559c04ccad3e778889d2f95153ce3f460f992771a701f982b9cce383334af31a020b8daa92c53ce167dbbc6e6a0ea5995f1e88d9bc27a2838da93005455bf629c87ec375409e85cd6db28be6476fa04d52126ca2b9441a1c14395c25e44f9e137f24b6815800c99c4c3fd3646781924675027f04ac5ef343de3eb2cd3c437bc2bc54facf1a37294f54a514a15175bdc6cc9fc1b6bfa82ca225257930bd963f3d411abe121f66fba8435c662e80fb1d66fdea5de8b6e84dc41dc87ebbd9d811c95aeeed940815fa9127e4d6bdb162e8b9c3816ee099e4dc78d91e37c0e374c96e06032f9c4e7956ad25cbf9a5f14d2e1a1ad94268e5a7443547298afe0923309f279047bd90a0c6b1aab079d614304b166ea49939a4350dedbdfec6c8ec444f3cf484044965bb6b989b06c312c423e9988b6f93574fc2d0cba0a77e74f15e18b85638ae508266be040c63112ffa471fc58b5870faffab63fa323ca1fefc1151611853872e340d693f489f7c110401b43b40dcfcc04d106e113d6b4b1cac719674c20a16314a47b9239bf734a95eee443c52ca6062d4fdacfd838a47ff926c0f9b40e0a204ea744887824c6e76dcdaaaaf1387f8a228c69a90809fedc3f4f2747a63eaca9a94ce0f2a12ac7e4a3427e9bc7d00415527dbc71185910c7f2670bb9464d12691db2a2b4ff4b2a8d72728f0bcf31f9a54a0f1d15bbfd24e351570d2278fa68713b53c55721c6b09035332f86f068e364680b156ba804a59ce44c8e1de0c931803ec938e08c7f064dc8c32ee07d98ab4a142e609147df820c7b78400b644a53686ff09bea6ae7fd3899c56cc83b6967683f5fd9115ad80e1a7a896fd655180152e396733fddd2b9e05cd3b6750fa4fd52e202d90230c2c22af5c071bb646de779f858a01d5ecf9d9a52b521ae5934ae3d268ecdb46cccbfc8a0555080cab263fb0f15acb0aa00f708f5f32b951bdbd835b5904806cb0de7252b66aee29d3ca0950b2f252e6c063f445458738f97ce2ef66f99811dd68c579aa9dbfea961177df5b8c512b1bc6aa325df4d44778343697d63a07dc40756de3567d665631d7a131a9cb9caa24b82600df3032d7c001dd8f4e0bf300733a8b16d2db750c535df4123e6c8b528eaf66f81b213d72b55f6b73a1e8b91c67270fb148414590f40af916f31aa9832ed077ae2204d59e1b9f971e2c2e334f05d0397decbcdcf5f413fe440724bcaf3bd61756f5d7f3ad5c19fac9c9534754f1ec93e47a5a0c785be50e893ad98bc62b29cf3ef6d3459f9725ea35c7526655b28d5b6edaf3340a611e31ab763926e0d7a9edebe6c1152a83652c213f6c5554fd4741fe7ca0b0a3c1b534dbb768b243d90c3cff86547aa63f06c09a5671210380421b7090c6ebfc0af3931439beb2bbadc4ad7ed888d1ec4d6081daa459394eaea60ea9d4c9f47f8858d64b725a829f5e9ce3d4c021180579b9d0535a60662d3ab4a5e9f5c1b4ad4bbadc78140c0b2d131fb8c54afac53179639f494a1a23acd81fabe61e8bdcd1d786860d5ecc04090119cfe6d86132028403955db7e4fc0543011eacb392d70d2db216bad35883b55b60d93cd12fb54bfc724a44d4c88b673f763fd5abbeb9c1a9ff320eb65cd1402ce2416060ad480441e699afdc20d29034235a86f67ae40bd44c5c6124c1011d042260e50b21cfc7c10794b59163ca4c8e689b85848dce8a7c138a4a5aa690532218d557bba81801ae118a62fbe4f8d54ff53eec5b8d7020fd1d8e602fe072f6f07a2bb0abf2e1c19f55e7658d1689f98869c127742d80ee9773a032dbff1433eebe169df91773563d35ec319486eaff403d0f369b2b1f41d933c321065cc34cfd9ea8fb3f8d0aae2a2e9a4361ac1dd895e88963530ae56b42f132fad59b453f638251f9daf2c355060e1e6c476698548e7f0d16543ec763ea35354f19549f20bd6901edece67aa71efb4154b6d668f6ffe677ac18562c1899f09488a1601b1a16a67e4af6d9217f211562d3e76f7948672ca399b1b64e3c1f4afd8cca75a40170abd17c9bdc18ff9b7b6a789f680016ed4da05d91d827c3dbcf5babea4e130612a5bf916d782b2aa476dd439d91fb923fc5fd5fb1b81063f6acaac53c87ab240f1f3425bfa11d1746d74345b2863625845be8f6b3d00d52efc0f15daea40761a36645b7f899581443b394df9f2154118b30ac934ea9bb451b6201939a56cab40b8d3c859b05c15e48a9ce19922760438f091f49b21b8905a1bd42c3f21467bbad336761ec34e732cbc4dbd7541ed9e3e5722c36b3df625bbdec4990b6d9f5f6e16253cd477c44312dba889fbf7f81c9d5535307bf9193b651eb635560b1f38c16a8bbc2a6dd87a57c3949eea2c50cf339b28c8cd6d3ab0905a712c1affb787a5227037c0ae3c8d23fb498b571c67af7029f58951f62e936b1a2263dc1231d6b77c68a818d571424462604306475b5428c428b5b502749d519d67583a07ee2188481366e0cf9cc524a904c76e61f27df4759a63aa093acf15393486806c3a33a57e530e42883a7ce5a848682c178f085ca4efbda35c713d427ce0dff863f84862a6098683b56bb6956a5d50d78933c1ab94a6988031b36ce6bc709fdfa152e60cdaac9bb3ca3ed186b8922dfea7c1de0257e5aeb9f7d238ea67c07a7d67852c8920c10255e37259f919a1dee17a1c94633e0a8eef856be1d74e0eb9efc72cc7f688e4e8284ca3fbdd4ec2ed5018e9a8964a00c1ecd8c38daa6bf241f79e80470758bbc578faa38b11714135a28484006f96f4d67bad257a3076503b21a10e73860148d357b8a09f831f306ed043a1a0d51ef7292d7a96fae14eabea5907f8fcbe8fa9d823481966aea8cba6cf319b74945282ae8244b25dbad482d06ec9a10988b28c63206c993487cce1be7c016da80780842d2cc4047738db62070d0d47f033b79e0595260e1c84b0511ab8181d1b44c27b04a205bcab205f16b018523c73b29ed60192920228da5af0ccc74304aa2bca6a17d9b39f6ccd95ce6c173e1edc1467b265384e79177323b5ba6d93a89ddf94e9f6ecf197c3101933db834e255d4c3606633f4c9a4f6c7430a8db65cc65b8877c8009e1dcfe17b17b020e9694a47ccdc01f843a4bf04af7286782e53dbe9f291c27026e1f5e69d60b4da241e3f21694d2c84d3ff13856d9ff4b3319bdabc9bc32c3cd71f306be39558679f07b620a60db219706f5edbe75ec9617aad72b98e75876455ef9a9c120d4e5a687b84197058a425dbed1d5590360d9ecd67911327e3bdd5a4fff044ea92fbed0add825256f289c029d0648da981e684e69626fb55b6d530809c360b9ec098b22a639a56358295cd33fcbe154242684110acf31e84c01810bcd6218620ee171390176aa297ed9aca01330851416fefa83a7477a80042456c1aa8bbb935402ad1e65db0b43e81b6dab58a72d2d6d6a0b65b60fd1f1f2cf8694f3b8810cdc1310492e4cd83f6523304b48b262b6aade7aaad07496fb627c7916577335570a71a6cf0711c6de612b710a75c819780bb4ecc7bfd547302123c24db821c8866492ee135fe1b333aea45b0f716dd1548127a59f639912ad0b21c7f95a94a058b0b7e33497f2de8453add070e8e90a1b0255766a"}], @fils_params=[@NL80211_ATTR_FILS_ERP_RRK={0x43, 0xfc, "904752e12650f8b84d1d9ebcab542846e0bb8fdb4cf5729a38a612bb453e1f048901adbd790691f07cd5580d1f3d305c0d85565d821c9a234773fe0857d579"}, @NL80211_ATTR_FILS_ERP_REALM={0x4}, @NL80211_ATTR_FILS_ERP_RRK={0xd6, 0xfc, "7becdac060a04e90715a562ee41fa5f58a8f82642fe6378bf0adde07146650321526f752b5274662d79fe634e754d464e79dd73faf8818e6a273a89ec8962bddb4c7d8c028b1e8056070cdcfab1403105af90fec87aa61453b5f83ec84f850b4db8b39ab0a2f0e3433b138058f4e2d4e7dcdd8ca7fa2bc4699c2ff2ee14917e3a086b586be9436a4306493c16e1ae289874823b0a182c6c19b7dd140b4038666357b754b98db80592463b7e7aa17801ec43650a8c634a76b75d05caa651f15ee180c2fd508afd7b071594511132b1aa47418"}], @NL80211_ATTR_IE={0xa9, 0x2a, [@rann={0x7e, 0x15, {{}, 0xb, 0xb, @broadcast, 0x100, 0x7, 0x401}}, @mesh_id={0x72, 0x6}, @fast_bss_trans={0x37, 0x84, {0xf7, 0x2, "8fe99715288bef0fdd3bfff7dd26b21a", "9f6fef8ed5e87cd6cf455f204f2ec288a72f98cd6666d7aa2a800d85e00c2281", "93d8cef8a1324ff5943b316484c7831eff47b672060d2d47d63c0580e5b3072e", [{0x1, 0x1f, "27da939181831da3ff6544156fc9aea34e31a15af2e30b2ea28f4b14dec4b5"}, {0x1, 0xf, "81f8a7c20d262d55573677fb4f253d"}]}}]}]}, 0x14dc}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) socket$kcm(0x10, 0x2, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000200)}, 0x20) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f00000003c0)={@multicast1, @empty, 0x0}, &(0x7f0000000400)=0xc) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000440)=0xffffffffffffffff, 0x4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f00000004c0), &(0x7f0000000500)}, 0x20) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f00000020c0)={0x0, 0x0, &(0x7f0000002080)={&(0x7f0000001f80)=ANY=[@ANYBLOB="0204000002"], 0x10}}, 0x0) getsockopt$PNPIPE_IFINDEX(r2, 0x113, 0x2, &(0x7f0000001f80)=0x0, &(0x7f0000001fc0)=0x4) r8 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000002240)=@bpf_tracing={0x1a, 0xd, &(0x7f0000002000)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3ff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @jmp={0x5, 0x0, 0xc, 0x1, 0xb, 0x18, 0xffffffffffffffff}, @map_idx={0x18, 0x5, 0x5, 0x0, 0x7}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000002080)='syzkaller\x00', 0x8, 0x63, &(0x7f00000020c0)=""/99, 0x41100, 0x20, '\x00', r4, 0x1a, 0xffffffffffffffff, 0x8, &(0x7f0000002140)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000002180)={0x1, 0x1, 0x9, 0xa}, 0x10, 0x1bb19, 0xffffffffffffffff, 0x4, &(0x7f00000021c0)=[0x1, r5, r3, r5, r5, r5, r3, r3], &(0x7f0000002200)=[{0x3, 0x2, 0xf, 0x9}, {0x2, 0x1, 0xe, 0x6}, {0x2, 0x2, 0x8, 0x5}, {0x2, 0x2, 0x7, 0x8}], 0x10, 0x3}, 0x90) r9 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000002300), 0x4) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000002480)={@ifindex=r7, 0xffffffffffffffff, 0x22, 0x28, r8, @link_fd=r9}, 0x20) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140625000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) 694.573772ms ago: executing program 4 (id=4470): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000001c0)={@val={0xa}, @void, @eth={@broadcast, @remote, @val={@void}, {@ipv4={0x830, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x29, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x0, 0x18, 0x0, @wg=@data={0x4, 0x100}}}}}}}, 0x42) 563.918312ms ago: executing program 0 (id=4471): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x4, 0x0, 0x0}, 0x90) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x12000000, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c000000020605000000000000000000000000000c00078008001240000600000500010006000000050005000a10440005000400000000000900020073797a310000000016000300686173683a6e65742c706f72742c6e6574000000"], 0x5c}}, 0x0) r3 = accept$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000001c0)=0x14) accept$packet(r3, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a09040000000000000000020000000900020073797a32000000000900010073797a300098000038000480340001800b0001007470726f787900002400028008000140000000010800014000000002080003400000000a0800024000000009050007"], 0x94}, 0x1, 0x0, 0x0, 0x80c0}, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r1, 0x6628) 428.252701ms ago: executing program 2 (id=4472): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="8e"], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f00000000c0)={0x0, @local, @local}, &(0x7f0000000140)=0xc) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@ipv6_getnexthop={0x20, 0x6a, 0xf5715ac9c25cb36b, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r2}]}, 0x20}}, 0x0) socket(0x2, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet6_tcp_int(r3, 0x6, 0x22, &(0x7f0000000180)=0x1, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180200000000000000000000000000008500000041000000850000007d00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$FOU_CMD_ADD(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x24, 0x0, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x1}, @FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x24}}, 0x0) sendmsg$FOU_CMD_DEL(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, 0x0, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x1c}}, 0x0) 246.438063ms ago: executing program 4 (id=4473): syz_extract_tcp_res$synack(&(0x7f0000000000)={0x41424344, 0x41424344}, 0x1, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010000100000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="0a043cbf", @ANYRES32=r0, @ANYBLOB="0a001b000000000000000000"], 0x2c}, {&(0x7f0000001340)=ANY=[@ANYRES32, @ANYRES64, @ANYRESHEX, @ANYRESOCT=r2, @ANYBLOB="00000000d75d17e6193fafe207b25360fb1fe2edb8f9c597102ce16b0c0000000000000e606ba7ea7d9370a898e71cb4221e5812adb4e9523a5ebc6fbc658f059046c3c0dd5113a2f11b9b31df04832500b95fba147ad27370100207d17ce4220f6088557280ce35d818943e3ce2a9e2e563798fe050ae7deb9af8bc40ae4c5c192893aaad4c455a8c2add65c8eb347a63160f499849be4bee1af1173a6d35e34b878f0eeb3c0835be8098cbd73a226c2d9c436c7f255dd2486792a0d3fe067196805bbe0afc8acae7bf9a22dd2c110e8d09b4db2c26833cc3a80f69a99fd74eda0d4a69f2b68598c567bbba674c96dd2d09dad5d1f422ae1ede", @ANYRESOCT, @ANYRES64=0x0, @ANYRES64], 0x200}, {&(0x7f0000000380)=ANY=[], 0x3b0}, {&(0x7f0000000d40)=ANY=[@ANYRES16, @ANYBLOB="0d0007002f5d3a402dd34bcfd20000003c1334834595d3f4e4e63f5d3b7ad1c6d138330cf1e89df2acc44aede49d376ac1cad9609428c0a064dbce92af3f22b5e25004591bd045208ffebf1a54355ed0712aea727f932e35d97023a78656b8db0b82484b79a61ff29dd0fe1170231abbe632a75af5f43a85e41c401df58a7a2497e3b5231f5a37eee344adfcdd5181569d0a4a195af10d6dd8dcc234469e00b19feeb94b2f72d824e0a2b99e34aaf3d39af4105c4bd413e03a647da81523dfe9333f932010da3278a64a505cd104c8d4f7c41b904804c87e2de405f8f688acfd39991d58caf457dc03e97b2edb2492b32469a2a8228baeb7006114e6379fd0476cbceb1bec9b01babafbfd7d4bee5b76e8e1f42b39f9f84f555ae3a4cbc0f982dee80af161adf4"], 0x16c}], 0x4}, 0x0) socket$inet6(0xa, 0x5, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000bc0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0008004500003c0000000000069078e0000002ac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=r0, @ANYBLOB="ac020000907825b146dbcd236ae502c4682c0000fe0ef98951088fd7"], 0x0) syz_emit_ethernet(0x1bd, &(0x7f0000001180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa0820421f01af0064000004069078ac1e1101ac1414bb44144c83ac1414aa00000000ac14140bffffff267f4585205c263801bcd4a183b029c1070b09df9cc2070000008916050a6dcef592d271e5a7071132a3158496d5045716be07822aa5940606bcdd82d90000442c92930a01010000000008ac1414aa000009590a010101000004006401010200000f37008646ffffffff020ee594fcb5ab2e3e56b7767d4f010e7fcef44148f6a2bfb2b14a470007883fe48ad5010736b148a1670203de00044cca0004e668060b5258e5f25695e25cfd830ffee000000164010101ac1e0101441ca841ac1414aa00000a60ac14141b000007ffffffffff0000000300004e224e", @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="f1800fff907800a222020402fe0bf98947808fd4fae08a010506000000032204b1b2fe06e2d4c3d9fe06e2d4c3d900008113e16a2df8b6ce0039b4e1d30ef9e175fdf4901b0053292ddb70b43fa23b0072349689e2cf68174ac74ac887887b1e1adbcc912cbb373098f053d15ce399820a0502ca272498b1c0be62da26d939c47be313edde0095c22b928f29bb87729ee4ffeab1c1d2f3"], 0x0) syz_emit_ethernet(0x5a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaa2aaaabb86dd6000fbff002406fffe800000000000d7788d879c00000000000000000000fe8000000000000000000000000000aa00002000", @ANYRES32=0x41424344, @ANYRES32=r1, @ANYBLOB="9020000090780000050a0000000000000000050600000000"], 0x0) 108.592447ms ago: executing program 2 (id=4474): syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), 0xffffffffffffffff) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x700, {0x7a, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x7}, @IFLA_BR_NF_CALL_IPTABLES={0x5}]}}}]}, 0x44}}, 0x0) 0s ago: executing program 0 (id=4475): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f00000021c0)={0x2, 0x0, @local}, 0x10) sendmsg$rds(r1, &(0x7f0000002180)={&(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000001fc0)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000000c0)=[{&(0x7f00000006c0)=""/4096, 0x1000}], 0x1}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, 0x0}}], 0x90}, 0x0) r2 = epoll_create1(0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r3}, 0x10) r4 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r4, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000940)={0x0, 0x3e1, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006067c09e8fe55a10a0015400400142603600e120800060000001001a8001600a400044003000000036004fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r6, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @loopback}], 0x1c) r7 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)}, 0x0) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r6, 0x84, 0x5, &(0x7f00000001c0)={r8, @in6={{0xa, 0x0, 0x0, @dev}}}, 0x84) r9 = accept(r4, 0x0, 0x0) epoll_pwait(r2, 0x0, 0x0, 0x0, 0x0, 0x0) close(r2) r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r9) r11 = socket(0x1e, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r11, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)={0x24, r10, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r12}]}, 0x24}}, 0x0) kernel console output (not intermixed with test programs): ON: forcing a failure. [ 296.816800][T14624] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 296.849667][T14624] CPU: 0 PID: 14624 Comm: syz.4.3255 Not tainted 6.10.0-rc6-syzkaller-00166-g83c36e7cfd74 #0 [ 296.859892][T14624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 296.869967][T14624] Call Trace: [ 296.873261][T14624] [ 296.876207][T14624] dump_stack_lvl+0x241/0x360 [ 296.880913][T14624] ? __pfx_dump_stack_lvl+0x10/0x10 [ 296.886138][T14624] ? __pfx__printk+0x10/0x10 [ 296.890757][T14624] ? snprintf+0xda/0x120 [ 296.895022][T14624] should_fail_ex+0x3b0/0x4e0 [ 296.899728][T14624] _copy_to_user+0x2f/0xb0 [ 296.904164][T14624] simple_read_from_buffer+0xca/0x150 [ 296.909557][T14624] proc_fail_nth_read+0x1e9/0x250 [ 296.914605][T14624] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 296.920181][T14624] ? rw_verify_area+0x520/0x6b0 [ 296.925046][T14624] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 296.930612][T14624] vfs_read+0x204/0xbc0 [ 296.934796][T14624] ? __pfx_lock_release+0x10/0x10 [ 296.939840][T14624] ? fput+0x193/0x210 [ 296.943845][T14624] ? __pfx_vfs_read+0x10/0x10 [ 296.948573][T14624] ? __fget_files+0x29/0x470 [ 296.953184][T14624] ? __fget_files+0x3f6/0x470 [ 296.957897][T14624] ksys_read+0x1a0/0x2c0 [ 296.962161][T14624] ? __pfx_ksys_read+0x10/0x10 [ 296.966943][T14624] ? do_syscall_64+0x100/0x230 [ 296.971731][T14624] ? do_syscall_64+0xb6/0x230 [ 296.976433][T14624] do_syscall_64+0xf3/0x230 [ 296.980954][T14624] ? clear_bhb_loop+0x35/0x90 [ 296.985658][T14624] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.991568][T14624] RIP: 0033:0x7f42baf746bc [ 296.995998][T14624] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 297.015623][T14624] RSP: 002b:00007f42bbd3b040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 297.024065][T14624] RAX: ffffffffffffffda RBX: 00007f42bb104038 RCX: 00007f42baf746bc [ 297.032055][T14624] RDX: 000000000000000f RSI: 00007f42bbd3b0b0 RDI: 0000000000000005 [ 297.040044][T14624] RBP: 00007f42bbd3b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 297.048034][T14624] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001 [ 297.056023][T14624] R13: 000000000000006e R14: 00007f42bb104038 R15: 00007ffc6f8e3378 [ 297.064025][T14624] [ 297.225735][T14636] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3259'. [ 297.259147][T14636] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3259'. [ 297.939518][T14648] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3263'. [ 298.144711][T14667] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3271'. [ 298.981384][T14719] netlink: 'syz.3.3292': attribute type 9 has an invalid length. [ 299.512050][T14735] netlink: 'syz.4.3298': attribute type 10 has an invalid length. [ 299.603233][T14740] netlink: 'syz.2.3300': attribute type 10 has an invalid length. [ 299.612654][T14740] geneve0: entered promiscuous mode [ 299.656245][T14740] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 299.948886][T14759] netlink: 'syz.1.3308': attribute type 1 has an invalid length. [ 300.036394][T14759] bond4: entered promiscuous mode [ 300.155347][T14765] SET target dimension over the limit! [ 300.801914][T14795] netlink: 'syz.3.3322': attribute type 3 has an invalid length. [ 300.811033][T14795] __nla_validate_parse: 3 callbacks suppressed [ 300.811048][T14795] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3322'. [ 300.850976][T14796] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3323'. [ 302.656076][T14862] FAULT_INJECTION: forcing a failure. [ 302.656076][T14862] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 302.702317][T14862] CPU: 0 PID: 14862 Comm: syz.1.3345 Not tainted 6.10.0-rc6-syzkaller-00166-g83c36e7cfd74 #0 [ 302.712612][T14862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 302.722686][T14862] Call Trace: [ 302.725979][T14862] [ 302.728917][T14862] dump_stack_lvl+0x241/0x360 [ 302.733618][T14862] ? __pfx_dump_stack_lvl+0x10/0x10 [ 302.738836][T14862] ? __pfx__printk+0x10/0x10 [ 302.743445][T14862] ? iovec_from_user+0x61/0x240 [ 302.748307][T14862] ? __pfx_lock_release+0x10/0x10 [ 302.753356][T14862] should_fail_ex+0x3b0/0x4e0 [ 302.758059][T14862] _copy_from_user+0x2f/0xe0 [ 302.762661][T14862] ____sys_sendmsg+0x2e4/0x7d0 [ 302.767448][T14862] ? __pfx_____sys_sendmsg+0x10/0x10 [ 302.772764][T14862] __sys_sendmmsg+0x3b2/0x740 [ 302.777475][T14862] ? __pfx___sys_sendmmsg+0x10/0x10 [ 302.782727][T14862] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 302.788645][T14862] ? ksys_write+0x23e/0x2c0 [ 302.793165][T14862] ? __pfx_lock_release+0x10/0x10 [ 302.798224][T14862] ? vfs_write+0x7c4/0xc90 [ 302.802665][T14862] ? __mutex_unlock_slowpath+0x21d/0x750 [ 302.808314][T14862] ? __pfx_vfs_write+0x10/0x10 [ 302.813125][T14862] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 302.819126][T14862] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 302.825475][T14862] ? do_syscall_64+0x100/0x230 [ 302.830264][T14862] __x64_sys_sendmmsg+0xa0/0xb0 [ 302.835134][T14862] do_syscall_64+0xf3/0x230 [ 302.839660][T14862] ? clear_bhb_loop+0x35/0x90 [ 302.844363][T14862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.850288][T14862] RIP: 0033:0x7effe2b75bd9 [ 302.854707][T14862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 302.874334][T14862] RSP: 002b:00007effe39ba048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 302.882756][T14862] RAX: ffffffffffffffda RBX: 00007effe2d03f60 RCX: 00007effe2b75bd9 [ 302.890717][T14862] RDX: 0000000000000001 RSI: 0000000020000c80 RDI: 0000000000000003 [ 302.898676][T14862] RBP: 00007effe39ba0a0 R08: 0000000000000000 R09: 0000000000000000 [ 302.906721][T14862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 302.914692][T14862] R13: 000000000000004d R14: 00007effe2d03f60 R15: 00007ffc5b348388 [ 302.922704][T14862] [ 303.107681][T14860] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3344'. [ 304.783463][T14879] netlink: 'syz.0.3350': attribute type 4 has an invalid length. [ 304.811220][T14878] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3350'. [ 305.701581][T14921] netlink: 'syz.0.3365': attribute type 20 has an invalid length. [ 306.136687][T14937] FAULT_INJECTION: forcing a failure. [ 306.136687][T14937] name failslab, interval 1, probability 0, space 0, times 0 [ 306.185534][T14937] CPU: 0 PID: 14937 Comm: syz.3.3372 Not tainted 6.10.0-rc6-syzkaller-00166-g83c36e7cfd74 #0 [ 306.195741][T14937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 306.205816][T14937] Call Trace: [ 306.209107][T14937] [ 306.212045][T14937] dump_stack_lvl+0x241/0x360 [ 306.216753][T14937] ? __pfx_dump_stack_lvl+0x10/0x10 [ 306.221974][T14937] ? __pfx__printk+0x10/0x10 [ 306.226594][T14937] ? __pfx___might_resched+0x10/0x10 [ 306.231914][T14937] should_fail_ex+0x3b0/0x4e0 [ 306.236619][T14937] ? __d_alloc+0x31/0x700 [ 306.240965][T14937] should_failslab+0x9/0x20 [ 306.245492][T14937] kmem_cache_alloc_lru_noprof+0x71/0x2b0 [ 306.251244][T14937] __d_alloc+0x31/0x700 [ 306.255420][T14937] d_alloc_parallel+0xdf/0x1600 [ 306.260293][T14937] ? __asan_memset+0x23/0x50 [ 306.264904][T14937] ? __asan_memset+0x23/0x50 [ 306.269512][T14937] ? lockdep_init_map_type+0xa1/0x910 [ 306.274908][T14937] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 306.280735][T14937] ? __pfx_d_alloc_parallel+0x10/0x10 [ 306.286228][T14937] ? __init_waitqueue_head+0xae/0x150 [ 306.291625][T14937] __lookup_slow+0x117/0x3f0 [ 306.296235][T14937] ? __pfx___lookup_slow+0x10/0x10 [ 306.301363][T14937] ? __d_lookup+0x85/0x7e0 [ 306.305819][T14937] lookup_one_len+0x18b/0x2d0 [ 306.310515][T14937] ? __pfx_lookup_one_len+0x10/0x10 [ 306.315734][T14937] ? mntput+0x65/0xc0 [ 306.319743][T14937] start_creating+0x187/0x310 [ 306.324447][T14937] __debugfs_create_file+0x73/0x4b0 [ 306.329669][T14937] ieee80211_debugfs_recreate_netdev+0x275/0x1400 [ 306.336112][T14937] ? __pfx_ieee80211_debugfs_recreate_netdev+0x10/0x10 [ 306.342993][T14937] ? ieee80211_setup_sdata+0x8e6/0xb70 [ 306.348489][T14937] ieee80211_if_change_type+0x648/0xad0 [ 306.354072][T14937] ieee80211_change_iface+0xd2/0x4f0 [ 306.359377][T14937] ? cfg80211_mlme_purge_registrations+0x1fa/0x230 [ 306.365906][T14937] cfg80211_change_iface+0x782/0xf30 [ 306.371226][T14937] nl80211_set_interface+0x5b5/0x830 [ 306.376571][T14937] ? __pfx_nl80211_set_interface+0x10/0x10 [ 306.382393][T14937] genl_rcv_msg+0xb14/0xec0 [ 306.386901][T14937] ? mark_lock+0x9a/0x350 [ 306.391233][T14937] ? __pfx_genl_rcv_msg+0x10/0x10 [ 306.396271][T14937] ? __pfx_lock_acquire+0x10/0x10 [ 306.401289][T14937] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 306.406655][T14937] ? __pfx_nl80211_set_interface+0x10/0x10 [ 306.412451][T14937] ? __pfx_nl80211_post_doit+0x10/0x10 [ 306.417935][T14937] ? __pfx___might_resched+0x10/0x10 [ 306.423235][T14937] netlink_rcv_skb+0x1e3/0x430 [ 306.428000][T14937] ? __pfx_genl_rcv_msg+0x10/0x10 [ 306.433016][T14937] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 306.438306][T14937] ? __netlink_deliver_tap+0x77e/0x7c0 [ 306.443786][T14937] genl_rcv+0x28/0x40 [ 306.447769][T14937] netlink_unicast+0x7ea/0x980 [ 306.452533][T14937] ? __pfx_netlink_unicast+0x10/0x10 [ 306.457810][T14937] ? __virt_addr_valid+0x183/0x520 [ 306.462919][T14937] ? __check_object_size+0x49c/0x900 [ 306.468200][T14937] ? bpf_lsm_netlink_send+0x9/0x10 [ 306.473347][T14937] netlink_sendmsg+0x8db/0xcb0 [ 306.478116][T14937] ? __pfx_netlink_sendmsg+0x10/0x10 [ 306.483395][T14937] ? __import_iovec+0x536/0x820 [ 306.488237][T14937] ? aa_sock_msg_perm+0x91/0x160 [ 306.493170][T14937] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 306.498444][T14937] ? security_socket_sendmsg+0x87/0xb0 [ 306.503896][T14937] ? __pfx_netlink_sendmsg+0x10/0x10 [ 306.509175][T14937] __sock_sendmsg+0x221/0x270 [ 306.513857][T14937] ____sys_sendmsg+0x525/0x7d0 [ 306.518622][T14937] ? __pfx_____sys_sendmsg+0x10/0x10 [ 306.523914][T14937] __sys_sendmsg+0x2b0/0x3a0 [ 306.528500][T14937] ? __pfx___sys_sendmsg+0x10/0x10 [ 306.533606][T14937] ? vfs_write+0x7c4/0xc90 [ 306.538065][T14937] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 306.544391][T14937] ? do_syscall_64+0x100/0x230 [ 306.549159][T14937] ? do_syscall_64+0xb6/0x230 [ 306.553833][T14937] do_syscall_64+0xf3/0x230 [ 306.558334][T14937] ? clear_bhb_loop+0x35/0x90 [ 306.563010][T14937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.568901][T14937] RIP: 0033:0x7fb159175bd9 [ 306.573335][T14937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 306.592935][T14937] RSP: 002b:00007fb159f4e048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 306.601347][T14937] RAX: ffffffffffffffda RBX: 00007fb159303f60 RCX: 00007fb159175bd9 [ 306.610442][T14937] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 306.618422][T14937] RBP: 00007fb159f4e0a0 R08: 0000000000000000 R09: 0000000000000000 [ 306.626488][T14937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 306.634482][T14937] R13: 000000000000004d R14: 00007fb159303f60 R15: 00007ffc252fe348 [ 306.642464][T14937] [ 306.693107][T14952] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3374'. [ 306.724832][ T53] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 306.736375][ T53] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 306.759485][ T53] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 306.775674][ T53] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 306.784463][ T53] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 306.799091][ T53] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 306.952854][T14965] netlink: 256 bytes leftover after parsing attributes in process `syz.1.3383'. [ 306.982458][T14965] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3383'. [ 307.001705][T14951] lo speed is unknown, defaulting to 1000 [ 307.386975][ T9857] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.435842][T14974] netlink: 'syz.1.3385': attribute type 3 has an invalid length. [ 307.645558][ T9857] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.785792][T14979] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3387'. [ 307.911504][ T9857] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.077396][ T9857] netdevsim netdevsim4 netdevsim0 (unregistering): left promiscuous mode [ 308.118642][ T9857] team0: Port device netdevsim0 removed [ 308.146185][ T9857] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.193400][T14951] chnl_net:caif_netlink_parms(): no params data found [ 308.434260][T15008] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3395'. [ 308.472505][T15008] bridge0: port 2(bridge_slave_1) entered disabled state [ 308.480002][T15008] bridge0: port 1(bridge_slave_0) entered disabled state [ 308.615433][T14951] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.630685][T14951] bridge0: port 1(bridge_slave_0) entered disabled state [ 308.645106][T14951] bridge_slave_0: entered allmulticast mode [ 308.666143][T14951] bridge_slave_0: entered promiscuous mode [ 308.684945][ T9857] bridge_slave_1: left allmulticast mode [ 308.704482][ T9857] bridge_slave_1: left promiscuous mode [ 308.710362][ T9857] bridge0: port 2(bridge_slave_1) entered disabled state [ 308.734471][ T9857] bridge_slave_0: left allmulticast mode [ 308.740158][ T9857] bridge_slave_0: left promiscuous mode [ 308.755602][ T9857] bridge0: port 1(bridge_slave_0) entered disabled state [ 308.817324][T15021] syz.2.3401: vmalloc error: size 17179873280, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 308.854674][ T53] Bluetooth: hci5: command tx timeout [ 308.872683][T15021] CPU: 1 PID: 15021 Comm: syz.2.3401 Not tainted 6.10.0-rc6-syzkaller-00166-g83c36e7cfd74 #0 [ 308.882880][T15021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 308.893046][T15021] Call Trace: [ 308.896345][T15021] [ 308.899297][T15021] dump_stack_lvl+0x241/0x360 [ 308.904008][T15021] ? __pfx_dump_stack_lvl+0x10/0x10 [ 308.909237][T15021] ? __pfx__printk+0x10/0x10 [ 308.913867][T15021] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 308.920387][T15021] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 308.926896][T15021] warn_alloc+0x278/0x410 [ 308.931230][T15021] ? stack_depot_save_flags+0x29/0x830 [ 308.936775][T15021] ? __vmalloc_node_range_noprof+0x10b/0x1460 [ 308.942835][T15021] ? __pfx_warn_alloc+0x10/0x10 [ 308.947682][T15021] ? kasan_save_track+0x3f/0x80 [ 308.952523][T15021] ? __kasan_kmalloc+0x98/0xb0 [ 308.957283][T15021] ? xsk_setsockopt+0x598/0x950 [ 308.962136][T15021] ? do_sock_setsockopt+0x3af/0x720 [ 308.967330][T15021] ? __sys_setsockopt+0x1ae/0x250 [ 308.972344][T15021] ? __x64_sys_setsockopt+0xb5/0xd0 [ 308.977541][T15021] ? do_syscall_64+0xf3/0x230 [ 308.982218][T15021] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.988288][T15021] __vmalloc_node_range_noprof+0x130/0x1460 [ 308.994460][T15021] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 309.000781][T15021] ? __kasan_kmalloc+0x98/0xb0 [ 309.005539][T15021] ? xskq_create+0x54/0x170 [ 309.010040][T15021] vmalloc_user_noprof+0x74/0x80 [ 309.014972][T15021] ? xskq_create+0xb6/0x170 [ 309.019466][T15021] xskq_create+0xb6/0x170 [ 309.023807][T15021] xsk_init_queue+0xa1/0x100 [ 309.028406][T15021] xsk_setsockopt+0x598/0x950 [ 309.033080][T15021] ? __pfx_xsk_setsockopt+0x10/0x10 [ 309.038273][T15021] ? __pfx_lock_acquire+0x10/0x10 [ 309.043284][T15021] ? aa_sock_opt_perm+0x79/0x120 [ 309.048216][T15021] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 309.053753][T15021] ? security_socket_setsockopt+0x87/0xb0 [ 309.059467][T15021] ? __pfx_xsk_setsockopt+0x10/0x10 [ 309.064743][T15021] do_sock_setsockopt+0x3af/0x720 [ 309.069765][T15021] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 309.075303][T15021] ? __fget_files+0x29/0x470 [ 309.079888][T15021] ? __fget_files+0x3f6/0x470 [ 309.084596][T15021] __sys_setsockopt+0x1ae/0x250 [ 309.089442][T15021] __x64_sys_setsockopt+0xb5/0xd0 [ 309.094461][T15021] do_syscall_64+0xf3/0x230 [ 309.098964][T15021] ? clear_bhb_loop+0x35/0x90 [ 309.103639][T15021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.109525][T15021] RIP: 0033:0x7fdbec775bd9 [ 309.113931][T15021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.133542][T15021] RSP: 002b:00007fdbed553048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 309.141963][T15021] RAX: ffffffffffffffda RBX: 00007fdbec903f60 RCX: 00007fdbec775bd9 [ 309.149929][T15021] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006 [ 309.157893][T15021] RBP: 00007fdbec7e4e60 R08: 0000000000000004 R09: 0000000000000000 [ 309.165855][T15021] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000000 [ 309.173821][T15021] R13: 000000000000004d R14: 00007fdbec903f60 R15: 00007ffee74490a8 [ 309.181807][T15021] [ 309.301975][T15021] Mem-Info: [ 309.324728][T15021] active_anon:6415 inactive_anon:0 isolated_anon:0 [ 309.324728][T15021] active_file:1586 inactive_file:38242 isolated_file:0 [ 309.324728][T15021] unevictable:768 dirty:160 writeback:0 [ 309.324728][T15021] slab_reclaimable:10094 slab_unreclaimable:119384 [ 309.324728][T15021] mapped:13734 shmem:4480 pagetables:621 [ 309.324728][T15021] sec_pagetables:0 bounce:0 [ 309.324728][T15021] kernel_misc_reclaimable:0 [ 309.324728][T15021] free:1371388 free_pcp:498 free_cma:0 [ 309.420549][T15021] Node 0 active_anon:22060kB inactive_anon:0kB active_file:6344kB inactive_file:152884kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:54936kB dirty:636kB writeback:0kB shmem:12984kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11028kB pagetables:2384kB sec_pagetables:0kB all_unreclaimable? no [ 309.484316][T15021] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:84kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 309.554091][T15021] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 309.613559][T15021] lowmem_reserve[]: 0 2571 2571 0 0 [ 309.629346][T15021] Node 0 DMA32 free:1517972kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:12720kB inactive_anon:0kB active_file:6344kB inactive_file:152564kB unevictable:1536kB writepending:636kB present:3129332kB managed:2659880kB mlocked:0kB bounce:0kB free_pcp:15928kB local_pcp:1740kB free_cma:0kB [ 309.662419][T15021] lowmem_reserve[]: 0 0 0 0 0 [ 309.667668][T15021] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:320kB unevictable:0kB writepending:0kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 309.697490][T15021] lowmem_reserve[]: 0 0 0 0 0 [ 309.698077][ T9857] bridge0 (unregistering): left allmulticast mode [ 309.702239][T15021] Node 1 Normal free:3951560kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:84kB unevictable:1536kB writepending:4kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 309.740192][T15021] lowmem_reserve[]: 0 0 0 0 0 [ 309.746029][T15021] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 309.759343][T15021] Node 0 DMA32: 408*4kB (UM) 170*8kB (UME) 54*16kB (UME) 81*32kB (UME) 134*64kB (UME) 93*128kB (UME) 52*256kB (UME) 22*512kB (UME) 20*1024kB (UME) 14*2048kB (UME) 346*4096kB (UM) = 1517872kB [ 309.781075][T15021] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 309.793202][T15021] Node 1 Normal: 2*4kB (U) 8*8kB (UM) 8*16kB (UM) 6*32kB (UM) 9*64kB (U) 2*128kB (U) 5*256kB (UM) 3*512kB (UM) 1*1024kB (U) 1*2048kB (U) 963*4096kB (M) = 3951560kB [ 309.810645][T15021] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 309.823726][T15021] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 309.837889][T15021] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 309.847957][T15021] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 309.857501][T15021] 41108 total pagecache pages [ 309.862551][T15021] 0 pages in swap cache [ 309.866892][T15021] Free swap = 124996kB [ 309.871258][T15021] Total swap = 124996kB [ 309.875765][T15021] 2097051 pages RAM [ 309.879566][T15021] 0 pages HighMem/MovableOnly [ 309.885917][T15021] 400871 pages reserved [ 309.893131][T15021] 0 pages cma reserved [ 310.058154][ T9857] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 310.070074][ T9857] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 310.083343][ T9857] bond0 (unregistering): Released all slaves [ 310.184807][ T9857] bond1 (unregistering): Released all slaves [ 310.198742][ T9857] bond2 (unregistering): Released all slaves [ 310.300638][ T9857] bond3 (unregistering): Released all slaves [ 310.311919][T14951] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.319346][T14951] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.327617][T14951] bridge_slave_1: entered allmulticast mode [ 310.335166][T14951] bridge_slave_1: entered promiscuous mode [ 310.363657][T15034] bond_slave_0: entered promiscuous mode [ 310.369767][T15034] bond_slave_1: entered promiscuous mode [ 310.501421][ T9857] tipc: Disabling bearer [ 310.523881][ T9857] tipc: Left network mode [ 310.532411][T14951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 310.583132][T14951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 310.650136][ T9857] IPVS: stopping master sync thread 9049 ... [ 310.680542][T14951] team0: Port device team_slave_0 added [ 310.729172][T14951] team0: Port device team_slave_1 added [ 310.801679][T15032] bond_slave_0: left promiscuous mode [ 310.807624][T15032] bond_slave_1: left promiscuous mode [ 310.832630][T14951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 310.850959][T14951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 310.908811][T14951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 310.940292][ T53] Bluetooth: hci5: command tx timeout [ 310.984533][T14951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 310.991514][T14951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 311.073394][T14951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 311.108574][T15065] netlink: 188 bytes leftover after parsing attributes in process `syz.2.3414'. [ 311.305908][T14951] hsr_slave_0: entered promiscuous mode [ 311.325955][T14951] hsr_slave_1: entered promiscuous mode [ 311.342388][T14951] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 311.364894][T14951] Cannot create hsr debugfs directory [ 311.635620][ T9857] hsr_slave_0: left promiscuous mode [ 311.644815][ T9857] hsr_slave_1: left promiscuous mode [ 311.705476][ T9857] team0: left promiscuous mode [ 311.710296][ T9857] team_slave_0: left promiscuous mode [ 311.728566][ T9857] team_slave_1: left promiscuous mode [ 311.742202][ T9857] veth1_macvtap: left promiscuous mode [ 311.756824][ T9857] veth1_vlan: left allmulticast mode [ 311.773167][ T9857] veth1_vlan: left promiscuous mode [ 311.782938][ T9857] veth0_vlan: left promiscuous mode [ 311.840787][T15084] netlink: 2 bytes leftover after parsing attributes in process `syz.1.3423'. [ 312.118394][ T9857] pim6reg (unregistering): left allmulticast mode [ 312.638068][ T9857] team0 (unregistering): Port device team_slave_1 removed [ 312.680351][ T9857] team0 (unregistering): Port device team_slave_0 removed [ 312.954475][T15084] netlink: 14 bytes leftover after parsing attributes in process `syz.1.3423'. [ 313.015033][ T53] Bluetooth: hci5: command tx timeout [ 313.257325][T15109] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3428'. [ 313.281119][T15109] netlink: 'syz.1.3428': attribute type 18 has an invalid length. [ 313.336264][T15109] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 313.345829][T15109] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 313.355161][T15109] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 313.364425][T15109] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 313.374447][T15109] vxlan0: entered promiscuous mode [ 313.704650][ T9857] IPVS: stop unused estimator thread 0... [ 313.948765][T14951] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 313.985593][T14951] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 314.018968][T14951] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 314.068658][T14951] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 314.342409][T15164] netlink: 'syz.2.3447': attribute type 7 has an invalid length. [ 314.363756][T15164] netlink: 244 bytes leftover after parsing attributes in process `syz.2.3447'. [ 314.382153][T14951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 314.444579][T14951] 8021q: adding VLAN 0 to HW filter on device team0 [ 314.491427][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.498631][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 314.531414][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.538604][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 314.686079][T14951] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 314.812573][T15189] netlink: 188 bytes leftover after parsing attributes in process `syz.3.3454'. [ 314.918599][T15195] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3457'. [ 314.954896][T15189] netlink: 'syz.3.3454': attribute type 1 has an invalid length. [ 314.962665][T15189] netlink: 9328 bytes leftover after parsing attributes in process `syz.3.3454'. [ 314.996001][T15189] netlink: 'syz.3.3454': attribute type 2 has an invalid length. [ 315.019182][T15189] netlink: 'syz.3.3454': attribute type 1 has an invalid length. [ 315.085633][T14951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 315.094518][ T53] Bluetooth: hci5: command tx timeout [ 315.224301][T15210] netlink: 5300 bytes leftover after parsing attributes in process `syz.3.3462'. [ 315.236550][T15210] openvswitch: netlink: IP tunnel dst address not specified [ 315.411058][T15225] x_tables: duplicate underflow at hook 2 [ 315.686484][T14951] veth0_vlan: entered promiscuous mode [ 315.720062][T14951] veth1_vlan: entered promiscuous mode [ 315.794716][T14951] veth0_macvtap: entered promiscuous mode [ 315.817068][T14951] veth1_macvtap: entered promiscuous mode [ 315.876648][T14951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.907858][T14951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.928715][T14951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.952898][T14951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.973313][T14951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 316.013784][T14951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.038310][T14951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 316.059209][T14951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 316.083661][T14951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.096571][T14951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 316.117195][T14951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.138111][T14951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 316.155858][T14951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.168723][T14951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 316.190319][T14951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.215161][T14951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 316.245536][T15255] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3479'. [ 316.325468][T14951] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.353196][T14951] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.366123][T14951] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.376514][T14951] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 316.739881][ T2452] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 316.764502][ T2452] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 316.798818][T15277] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3486'. [ 316.860879][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 316.888966][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 316.981684][T15292] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3490'. [ 317.139222][T15302] netlink: 830 bytes leftover after parsing attributes in process `syz.0.3493'. [ 317.417222][ T1243] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.585390][T15333] netlink: 'syz.2.3504': attribute type 10 has an invalid length. [ 317.680949][T15339] netlink: 'syz.3.3505': attribute type 3 has an invalid length. [ 317.689385][T15339] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3505'. [ 317.849039][T15345] x_tables: duplicate underflow at hook 2 [ 317.870866][T15345] netlink: 'syz.4.3508': attribute type 9 has an invalid length. [ 317.894369][T15345] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.3508'. [ 318.003259][T15352] FAULT_INJECTION: forcing a failure. [ 318.003259][T15352] name failslab, interval 1, probability 0, space 0, times 0 [ 318.044535][T15352] CPU: 1 PID: 15352 Comm: syz.0.3511 Not tainted 6.10.0-rc6-syzkaller-00166-g83c36e7cfd74 #0 [ 318.054742][T15352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 318.064815][T15352] Call Trace: [ 318.068108][T15352] [ 318.071051][T15352] dump_stack_lvl+0x241/0x360 [ 318.075762][T15352] ? __pfx_dump_stack_lvl+0x10/0x10 [ 318.080985][T15352] ? __pfx__printk+0x10/0x10 [ 318.085601][T15352] ? __pfx___might_resched+0x10/0x10 [ 318.090910][T15352] ? __kasan_kmalloc+0x98/0xb0 [ 318.095688][T15352] ? __genradix_ptr_alloc+0x196/0x460 [ 318.101085][T15352] should_fail_ex+0x3b0/0x4e0 [ 318.105790][T15352] ? sctp_auth_asoc_copy_shkeys+0x13b/0x580 [ 318.111709][T15352] should_failslab+0x9/0x20 [ 318.116240][T15352] kmalloc_trace_noprof+0x6c/0x2c0 [ 318.121381][T15352] sctp_auth_asoc_copy_shkeys+0x13b/0x580 [ 318.127137][T15352] sctp_association_new+0x15aa/0x23f0 [ 318.132546][T15352] sctp_connect_new_asoc+0x2d8/0x6c0 [ 318.137857][T15352] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 318.143691][T15352] ? sctp_sendmsg+0xbb9/0x3520 [ 318.148473][T15352] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 318.154038][T15352] ? security_sctp_bind_connect+0x90/0xb0 [ 318.159777][T15352] sctp_sendmsg+0x219a/0x3520 [ 318.164464][T15352] ? __pfx_sctp_sendmsg+0x10/0x10 [ 318.169481][T15352] ? __pfx_aa_sk_perm+0x10/0x10 [ 318.174333][T15352] ? inet_sendmsg+0x330/0x390 [ 318.179005][T15352] __sock_sendmsg+0x1a6/0x270 [ 318.183807][T15352] __sys_sendto+0x3a4/0x4f0 [ 318.188326][T15352] ? __pfx___sys_sendto+0x10/0x10 [ 318.193361][T15352] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 318.199334][T15352] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 318.205667][T15352] __x64_sys_sendto+0xde/0x100 [ 318.210956][T15352] do_syscall_64+0xf3/0x230 [ 318.215465][T15352] ? clear_bhb_loop+0x35/0x90 [ 318.220163][T15352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.226051][T15352] RIP: 0033:0x7f8deb575bd9 [ 318.230456][T15352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 318.250049][T15352] RSP: 002b:00007f8dec3e8048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 318.258458][T15352] RAX: ffffffffffffffda RBX: 00007f8deb703f60 RCX: 00007f8deb575bd9 [ 318.266420][T15352] RDX: 0000000000000001 RSI: 0000000020847fff RDI: 0000000000000003 [ 318.274379][T15352] RBP: 00007f8dec3e80a0 R08: 000000002005ffe4 R09: 000000000000001c [ 318.282337][T15352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 318.290295][T15352] R13: 000000000000004d R14: 00007f8deb703f60 R15: 00007ffcc48eecf8 [ 318.298270][T15352] [ 318.408361][T15361] delete_channel: no stack [ 318.500864][T15369] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3514'. [ 318.770055][T15382] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 319.020873][T15400] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3527'. [ 319.047766][T15400] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3527'. [ 319.096992][T15403] team0: Device vlan2 is already an upper device of the team interface [ 319.288495][T15412] netlink: 'syz.1.3530': attribute type 6 has an invalid length. [ 319.421894][T15421] netlink: 'syz.1.3536': attribute type 8 has an invalid length. [ 319.528399][T15425] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3532'. [ 319.592058][T15434] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3539'. [ 319.624406][T15434] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3539'. [ 319.633366][T15430] can: request_module (can-proto-0) failed. [ 319.785897][T15446] netlink: 'syz.1.3544': attribute type 13 has an invalid length. [ 319.978049][T15458] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 320.021202][T15462] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 320.120500][T15464] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 320.242458][T15473] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 320.556073][T15490] sch_tbf: burst 0 is lower than device team0 mtu (1514) ! [ 320.907550][T15508] netlink: 'syz.1.3566': attribute type 40 has an invalid length. [ 321.451292][T15543] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 321.572854][T15551] netlink: 'syz.0.3580': attribute type 2 has an invalid length. [ 321.822619][T15562] netlink: 'syz.4.3584': attribute type 9 has an invalid length. [ 321.994384][T15582] netlink: 'syz.0.3588': attribute type 1 has an invalid length. [ 322.028530][T15582] __nla_validate_parse: 8 callbacks suppressed [ 322.028548][T15582] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3588'. [ 322.119781][T15590] netlink: 9412 bytes leftover after parsing attributes in process `syz.0.3588'. [ 322.143166][T15592] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3592'. [ 322.597079][T15617] vlan2: entered allmulticast mode [ 322.602340][T15617] mac80211_hwsim hwsim32 wlan1: entered allmulticast mode [ 322.628409][T15617] mac80211_hwsim hwsim32 wlan1: left allmulticast mode [ 322.701059][T15623] netlink: 'syz.0.3605': attribute type 21 has an invalid length. [ 322.843220][T15629] netlink: 'syz.1.3608': attribute type 10 has an invalid length. [ 322.865497][T15629] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3608'. [ 322.886609][T15635] IPv6: NLM_F_REPLACE set, but no existing node found! [ 322.901302][T15629] netlink: 'syz.1.3608': attribute type 10 has an invalid length. [ 323.232986][T15664] netlink: 292 bytes leftover after parsing attributes in process `syz.3.3619'. [ 323.380388][T15669] can: request_module (can-proto-0) failed. [ 323.459040][T15669] geneve3: entered promiscuous mode [ 323.471383][T15669] geneve3: entered allmulticast mode [ 323.671920][T15690] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3628'. [ 323.698986][T15690] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3628'. [ 323.716388][T15690] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3628'. [ 323.725669][T15690] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3628'. [ 324.054568][T15712] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3638'. [ 324.280760][T15719] vlan2: entered allmulticast mode [ 324.814779][T15747] ipip0: entered promiscuous mode [ 324.855027][T15751] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 324.862278][T15751] IPv6: NLM_F_CREATE should be set when creating new route [ 325.617282][T15794] validate_nla: 8 callbacks suppressed [ 325.617303][T15794] netlink: 'syz.1.3662': attribute type 43 has an invalid length. [ 326.411940][T15822] lo speed is unknown, defaulting to 1000 [ 326.475091][T15830] netlink: 'syz.4.3678': attribute type 13 has an invalid length. [ 326.493087][T15835] netlink: 'syz.3.3676': attribute type 3 has an invalid length. [ 326.803211][T15844] xt_ipvs: protocol family 7 not supported [ 326.810324][T15849] netlink: 'syz.3.3682': attribute type 2 has an invalid length. [ 326.976579][T15858] lo speed is unknown, defaulting to 1000 [ 327.127181][T15865] netlink: 'syz.3.3688': attribute type 8 has an invalid length. [ 327.185579][T15854] __nla_validate_parse: 15 callbacks suppressed [ 327.185599][T15854] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3685'. [ 327.264699][T15868] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3689'. [ 327.293427][T15868] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3689'. [ 327.652548][T15892] netlink: 'syz.0.3698': attribute type 2 has an invalid length. [ 327.717751][T15892] netlink: 1 bytes leftover after parsing attributes in process `syz.0.3698'. [ 328.468878][T15953] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3717'. [ 328.663228][T15966] xt_CT: You must specify a L4 protocol and not use inversions on it [ 328.821406][T15977] FAULT_INJECTION: forcing a failure. [ 328.821406][T15977] name failslab, interval 1, probability 0, space 0, times 0 [ 328.834117][T15977] CPU: 0 PID: 15977 Comm: syz.1.3726 Not tainted 6.10.0-rc6-syzkaller-00166-g83c36e7cfd74 #0 [ 328.844286][T15977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 328.854350][T15977] Call Trace: [ 328.857625][T15977] [ 328.860549][T15977] dump_stack_lvl+0x241/0x360 [ 328.865248][T15977] ? __pfx_dump_stack_lvl+0x10/0x10 [ 328.870449][T15977] ? __pfx__printk+0x10/0x10 [ 328.875045][T15977] should_fail_ex+0x3b0/0x4e0 [ 328.879723][T15977] ? skb_clone+0x20c/0x390 [ 328.884151][T15977] should_failslab+0x9/0x20 [ 328.888665][T15977] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 328.894049][T15977] skb_clone+0x20c/0x390 [ 328.898291][T15977] ? dev_queue_xmit_nit+0x220/0xc10 [ 328.903491][T15977] dev_queue_xmit_nit+0x419/0xc10 [ 328.908517][T15977] ? dev_queue_xmit_nit+0x2b/0xc10 [ 328.913639][T15977] ? validate_xmit_skb+0xa04/0x1120 [ 328.918849][T15977] dev_hard_start_xmit+0x15f/0x7e0 [ 328.923964][T15977] ? __pfx_validate_xmit_skb+0x10/0x10 [ 328.929425][T15977] __dev_queue_xmit+0x1b0e/0x3d30 [ 328.934479][T15977] ? __dev_queue_xmit+0x2d2/0x3d30 [ 328.939611][T15977] ? __pfx___dev_queue_xmit+0x10/0x10 [ 328.944988][T15977] ? __copy_skb_header+0x437/0x5b0 [ 328.950114][T15977] ? __asan_memcpy+0x40/0x70 [ 328.954702][T15977] ? __copy_skb_header+0x437/0x5b0 [ 328.959814][T15977] ? __skb_clone+0x454/0x6c0 [ 328.964409][T15977] ? skb_clone+0x240/0x390 [ 328.968823][T15977] __netlink_deliver_tap+0x54d/0x7c0 [ 328.974131][T15977] ? netlink_deliver_tap+0x2e/0x1b0 [ 328.979335][T15977] netlink_deliver_tap+0x19d/0x1b0 [ 328.984442][T15977] netlink_unicast+0x7b8/0x980 [ 328.989207][T15977] ? __pfx_netlink_unicast+0x10/0x10 [ 328.994481][T15977] ? __virt_addr_valid+0x183/0x520 [ 328.999589][T15977] ? __check_object_size+0x49c/0x900 [ 329.004868][T15977] ? bpf_lsm_netlink_send+0x9/0x10 [ 329.009976][T15977] netlink_sendmsg+0x8db/0xcb0 [ 329.014747][T15977] ? __pfx_netlink_sendmsg+0x10/0x10 [ 329.020024][T15977] ? __import_iovec+0x536/0x820 [ 329.024862][T15977] ? aa_sock_msg_perm+0x91/0x160 [ 329.029793][T15977] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 329.035069][T15977] ? security_socket_sendmsg+0x87/0xb0 [ 329.040522][T15977] ? __pfx_netlink_sendmsg+0x10/0x10 [ 329.045795][T15977] __sock_sendmsg+0x221/0x270 [ 329.050473][T15977] ____sys_sendmsg+0x525/0x7d0 [ 329.055235][T15977] ? __pfx_____sys_sendmsg+0x10/0x10 [ 329.060521][T15977] __sys_sendmsg+0x2b0/0x3a0 [ 329.065102][T15977] ? __pfx___sys_sendmsg+0x10/0x10 [ 329.070203][T15977] ? vfs_write+0x7c4/0xc90 [ 329.074644][T15977] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 329.080960][T15977] ? do_syscall_64+0x100/0x230 [ 329.085718][T15977] ? do_syscall_64+0xb6/0x230 [ 329.090386][T15977] do_syscall_64+0xf3/0x230 [ 329.094885][T15977] ? clear_bhb_loop+0x35/0x90 [ 329.099556][T15977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 329.105438][T15977] RIP: 0033:0x7effe2b75bd9 [ 329.109842][T15977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 329.129438][T15977] RSP: 002b:00007effe39ba048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 329.137840][T15977] RAX: ffffffffffffffda RBX: 00007effe2d03f60 RCX: 00007effe2b75bd9 [ 329.145800][T15977] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003 [ 329.153765][T15977] RBP: 00007effe39ba0a0 R08: 0000000000000000 R09: 0000000000000000 [ 329.161732][T15977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 329.169693][T15977] R13: 000000000000004d R14: 00007effe2d03f60 R15: 00007ffc5b348388 [ 329.177671][T15977] [ 329.218592][T15972] netlink: 164688 bytes leftover after parsing attributes in process `syz.0.3724'. [ 329.235333][T15972] netlink: zone id is out of range [ 329.240556][T15972] netlink: zone id is out of range [ 329.259584][T15972] netlink: zone id is out of range [ 329.272474][T15972] netlink: zone id is out of range [ 329.279526][T15972] netlink: zone id is out of range [ 329.291292][T15972] netlink: zone id is out of range [ 329.298198][T15972] netlink: zone id is out of range [ 329.322505][T15972] netlink: zone id is out of range [ 329.336394][T15972] netlink: zone id is out of range [ 329.351836][T15972] netlink: zone id is out of range [ 329.406686][T15984] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3728'. [ 329.655343][T15998] netlink: 'syz.1.3735': attribute type 10 has an invalid length. [ 330.064256][T16024] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT [ 330.124426][T16030] netlink: 'syz.1.3746': attribute type 29 has an invalid length. [ 330.152163][T16030] netlink: 'syz.1.3746': attribute type 29 has an invalid length. [ 330.162463][T16030] netlink: 'syz.1.3746': attribute type 29 has an invalid length. [ 330.318813][T16035] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3747'. [ 330.591975][T16053] IPv6: NLM_F_REPLACE set, but no existing node found! [ 330.866852][T16069] batadv0: entered promiscuous mode [ 330.902353][T16069] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 331.024400][T16081] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3761'. [ 331.234710][T16095] FAULT_INJECTION: forcing a failure. [ 331.234710][T16095] name failslab, interval 1, probability 0, space 0, times 0 [ 331.251010][T16095] CPU: 1 PID: 16095 Comm: syz.4.3769 Not tainted 6.10.0-rc6-syzkaller-00166-g83c36e7cfd74 #0 [ 331.261205][T16095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 331.271280][T16095] Call Trace: [ 331.274579][T16095] [ 331.277526][T16095] dump_stack_lvl+0x241/0x360 [ 331.282235][T16095] ? __pfx_dump_stack_lvl+0x10/0x10 [ 331.287459][T16095] ? __pfx__printk+0x10/0x10 [ 331.292082][T16095] should_fail_ex+0x3b0/0x4e0 [ 331.296781][T16095] ? __alloc_skb+0x1c3/0x440 [ 331.301390][T16095] should_failslab+0x9/0x20 [ 331.305911][T16095] kmem_cache_alloc_node_noprof+0x71/0x320 [ 331.311747][T16095] __alloc_skb+0x1c3/0x440 [ 331.316186][T16095] ? __pfx___alloc_skb+0x10/0x10 [ 331.321140][T16095] ? netlink_getsockbyfilp+0xd0/0x190 [ 331.326526][T16095] ? netlink_alloc_large_skb+0xb2/0x100 [ 331.332095][T16095] netlink_sendmsg+0x631/0xcb0 [ 331.336894][T16095] ? __pfx_netlink_sendmsg+0x10/0x10 [ 331.342198][T16095] ? __import_iovec+0x536/0x820 [ 331.347061][T16095] ? aa_sock_msg_perm+0x91/0x160 [ 331.352019][T16095] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 331.357319][T16095] ? security_socket_sendmsg+0x87/0xb0 [ 331.362790][T16095] ? __pfx_netlink_sendmsg+0x10/0x10 [ 331.368090][T16095] __sock_sendmsg+0x221/0x270 [ 331.372794][T16095] ____sys_sendmsg+0x525/0x7d0 [ 331.377586][T16095] ? __pfx_____sys_sendmsg+0x10/0x10 [ 331.382903][T16095] __sys_sendmsg+0x2b0/0x3a0 [ 331.387511][T16095] ? __pfx___sys_sendmsg+0x10/0x10 [ 331.392636][T16095] ? vfs_write+0x7c4/0xc90 [ 331.397109][T16095] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 331.403453][T16095] ? do_syscall_64+0x100/0x230 [ 331.408239][T16095] ? do_syscall_64+0xb6/0x230 [ 331.412938][T16095] do_syscall_64+0xf3/0x230 [ 331.417459][T16095] ? clear_bhb_loop+0x35/0x90 [ 331.422162][T16095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.428072][T16095] RIP: 0033:0x7fdba4d75bd9 [ 331.432503][T16095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 331.452118][T16095] RSP: 002b:00007fdba5acc048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 331.460526][T16095] RAX: ffffffffffffffda RBX: 00007fdba4f03f60 RCX: 00007fdba4d75bd9 [ 331.468488][T16095] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000003 [ 331.476443][T16095] RBP: 00007fdba5acc0a0 R08: 0000000000000000 R09: 0000000000000000 [ 331.484396][T16095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 331.492353][T16095] R13: 000000000000000b R14: 00007fdba4f03f60 R15: 00007ffc7a0d7878 [ 331.500320][T16095] [ 331.621591][T16104] No such timeout policy "syz0" [ 331.739499][T16110] lo speed is unknown, defaulting to 1000 [ 331.954719][T16121] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3780'. [ 332.079279][T16134] netlink: 'syz.2.3782': attribute type 2 has an invalid length. [ 332.092077][T16132] netlink: 'syz.0.3783': attribute type 10 has an invalid length. [ 332.607266][T16170] netlink: 'syz.2.3796': attribute type 1 has an invalid length. [ 332.621961][T16170] NCSI netlink: No device for ifindex 0 [ 332.938541][T16195] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3805'. [ 332.947227][T16198] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3805'. [ 332.973831][T16199] netlink: 176 bytes leftover after parsing attributes in process `syz.3.3806'. [ 332.989523][T16198] netlink: 268 bytes leftover after parsing attributes in process `syz.4.3805'. [ 333.138749][T16211] netlink: 'syz.0.3810': attribute type 2 has an invalid length. [ 333.269378][T16220] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3813'. [ 333.631442][T16239] syzkaller1: entered promiscuous mode [ 333.648982][T16239] syzkaller1: entered allmulticast mode [ 333.732518][T16247] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3821'. [ 334.120521][T16275] netlink: 'syz.0.3831': attribute type 27 has an invalid length. [ 334.265170][T16285] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3836'. [ 334.424181][T16275] bridge0: port 4(team0) entered disabled state [ 334.431323][T16275] bridge0: port 3(dummy0) entered disabled state [ 334.438048][T16275] bridge0: port 2(bridge_slave_1) entered disabled state [ 334.445574][T16275] bridge0: port 1(bridge_slave_0) entered disabled state [ 335.310447][T16275] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.324267][T16275] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.332862][T16275] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.344631][T16275] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.396831][T16275] gretap1: left promiscuous mode [ 335.401784][T16275] gretap1: left allmulticast mode [ 335.419511][T16275] ipip0: left promiscuous mode [ 335.424455][T16275] ipip0: left allmulticast mode [ 335.433061][T16275] bridge1: left promiscuous mode [ 335.444700][T16275] bond2: left promiscuous mode [ 335.453583][T16275] bond2: left allmulticast mode [ 335.634196][ T5136] lo speed is unknown, defaulting to 1000 [ 335.777060][T16304] netlink: 'syz.1.3839': attribute type 1 has an invalid length. [ 335.794846][T16306] netlink: 'syz.0.3838': attribute type 21 has an invalid length. [ 335.802782][T16306] netlink: 128 bytes leftover after parsing attributes in process `syz.0.3838'. [ 335.819173][T16306] netlink: 'syz.0.3838': attribute type 5 has an invalid length. [ 335.831571][T16306] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3838'. [ 335.989425][T16317] netlink: 'syz.2.3844': attribute type 30 has an invalid length. [ 336.174816][T16324] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3846'. [ 336.247266][T16332] netlink: 'syz.2.3850': attribute type 10 has an invalid length. [ 337.172896][T16393] batadv1: entered allmulticast mode [ 337.299935][T16400] validate_nla: 4 callbacks suppressed [ 337.299951][T16400] netlink: 'syz.3.3876': attribute type 2 has an invalid length. [ 337.499551][T16410] netlink: 'syz.0.3882': attribute type 13 has an invalid length. [ 337.569885][T16412] netlink: 'syz.0.3883': attribute type 11 has an invalid length. [ 337.766685][T16423] x_tables: duplicate underflow at hook 1 [ 338.027302][T16435] net_ratelimit: 269 callbacks suppressed [ 338.027321][T16435] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 338.075195][T16431] dummy0: entered promiscuous mode [ 338.096955][T16437] __nla_validate_parse: 10 callbacks suppressed [ 338.096973][T16437] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.3894'. [ 338.121265][T16431] dummy0: left promiscuous mode [ 338.178129][T16442] bond0: entered promiscuous mode [ 338.188672][T16442] bond_slave_0: entered promiscuous mode [ 338.195004][T16442] bond_slave_1: entered promiscuous mode [ 338.201838][T16442] bond0: left promiscuous mode [ 338.212764][T16442] bond_slave_0: left promiscuous mode [ 338.218773][T16442] bond_slave_1: left promiscuous mode [ 338.345726][T16448] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 338.699030][T16473] netlink: 'syz.0.3908': attribute type 8 has an invalid length. [ 338.889599][T16487] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3912'. [ 338.919857][T16485] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3911'. [ 338.967211][T16489] batman_adv: batadv0: Adding interface: netdevsim0 [ 338.974839][T16489] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 339.005598][T16489] batman_adv: batadv0: Not using interface netdevsim0 (retrying later): interface not active [ 339.152636][T16498] netlink: 'syz.1.3916': attribute type 3 has an invalid length. [ 339.174825][T16498] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3916'. [ 339.205163][T16502] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3918'. [ 339.379208][T16513] netlink: 'syz.3.3923': attribute type 11 has an invalid length. [ 339.404458][T16514] netlink: 'syz.3.3923': attribute type 11 has an invalid length. [ 339.546737][T16524] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3926'. [ 339.585126][T16527] netlink: 'syz.0.3924': attribute type 3 has an invalid length. [ 339.691092][T16531] netlink: 'syz.1.3929': attribute type 21 has an invalid length. [ 339.706094][T16522] delete_channel: no stack [ 339.947068][T16543] netlink: 'syz.2.3932': attribute type 29 has an invalid length. [ 339.965147][T16541] FAULT_INJECTION: forcing a failure. [ 339.965147][T16541] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 339.979714][T16543] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3932'. [ 339.991273][T16543] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3932'. [ 340.003317][T16541] CPU: 0 PID: 16541 Comm: syz.1.3931 Not tainted 6.10.0-rc6-syzkaller-00166-g83c36e7cfd74 #0 [ 340.013493][T16541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 340.023559][T16541] Call Trace: [ 340.026845][T16541] [ 340.029781][T16541] dump_stack_lvl+0x241/0x360 [ 340.034481][T16541] ? __pfx_dump_stack_lvl+0x10/0x10 [ 340.039697][T16541] ? __pfx__printk+0x10/0x10 [ 340.044313][T16541] ? __pfx_lock_release+0x10/0x10 [ 340.049364][T16541] should_fail_ex+0x3b0/0x4e0 [ 340.054072][T16541] _copy_from_user+0x2f/0xe0 [ 340.058677][T16541] sctp_getsockopt_connectx3+0x2c9/0x730 [ 340.064335][T16541] ? __local_bh_enable_ip+0x168/0x200 [ 340.069714][T16541] ? __pfx_sctp_getsockopt_connectx3+0x10/0x10 [ 340.075868][T16541] ? __local_bh_enable_ip+0x168/0x200 [ 340.081228][T16541] ? sctp_getsockopt+0x13a/0xbb0 [ 340.086155][T16541] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 340.091869][T16541] sctp_getsockopt+0x8de/0xbb0 [ 340.096621][T16541] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 340.102509][T16541] do_sock_getsockopt+0x373/0x850 [ 340.107528][T16541] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 340.113063][T16541] ? __fget_files+0x3f6/0x470 [ 340.117742][T16541] __sys_getsockopt+0x271/0x330 [ 340.122585][T16541] ? __pfx___sys_getsockopt+0x10/0x10 [ 340.127947][T16541] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 340.134270][T16541] ? do_syscall_64+0x100/0x230 [ 340.139030][T16541] __x64_sys_getsockopt+0xb5/0xd0 [ 340.144046][T16541] do_syscall_64+0xf3/0x230 [ 340.148540][T16541] ? clear_bhb_loop+0x35/0x90 [ 340.153213][T16541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.159099][T16541] RIP: 0033:0x7effe2b75bd9 [ 340.163511][T16541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 340.183114][T16541] RSP: 002b:00007effe3999048 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 340.191517][T16541] RAX: ffffffffffffffda RBX: 00007effe2d04038 RCX: 00007effe2b75bd9 [ 340.199477][T16541] RDX: 000000000000006f RSI: 0000000000000084 RDI: 000000000000000f [ 340.207434][T16541] RBP: 00007effe39990a0 R08: 0000000020002100 R09: 0000000000000000 [ 340.215392][T16541] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 340.223349][T16541] R13: 000000000000006e R14: 00007effe2d04038 R15: 00007ffc5b348388 [ 340.231322][T16541] [ 340.238320][T16544] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3932'. [ 340.592915][T16564] netlink: 2 bytes leftover after parsing attributes in process `syz.4.3939'. [ 340.645051][T16561] veth0_to_hsr: entered promiscuous mode [ 340.687378][T16558] veth0_to_hsr: left promiscuous mode [ 341.012816][T16576] lo speed is unknown, defaulting to 1000 [ 341.489179][T16599] bridge0: port 2(bridge_slave_1) entered listening state [ 342.377184][T16653] FAULT_INJECTION: forcing a failure. [ 342.377184][T16653] name failslab, interval 1, probability 0, space 0, times 0 [ 342.412553][T16653] CPU: 1 PID: 16653 Comm: syz.1.3972 Not tainted 6.10.0-rc6-syzkaller-00166-g83c36e7cfd74 #0 [ 342.422747][T16653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 342.432822][T16653] Call Trace: [ 342.436112][T16653] [ 342.439054][T16653] dump_stack_lvl+0x241/0x360 [ 342.443751][T16653] ? __pfx_dump_stack_lvl+0x10/0x10 [ 342.448976][T16653] ? __pfx__printk+0x10/0x10 [ 342.453608][T16653] ? ref_tracker_alloc+0x332/0x490 [ 342.458760][T16653] should_fail_ex+0x3b0/0x4e0 [ 342.463468][T16653] ? skb_clone+0x20c/0x390 [ 342.467900][T16653] should_failslab+0x9/0x20 [ 342.472398][T16653] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 342.477770][T16653] skb_clone+0x20c/0x390 [ 342.482011][T16653] __netlink_deliver_tap+0x3cc/0x7c0 [ 342.487305][T16653] ? netlink_deliver_tap+0x2e/0x1b0 [ 342.492505][T16653] netlink_deliver_tap+0x19d/0x1b0 [ 342.497622][T16653] netlink_broadcast_filtered+0xe5b/0x1290 [ 342.503439][T16653] genlmsg_multicast_netns+0x93/0xd0 [ 342.508732][T16653] nl80211_send_ap_started+0x4de/0x670 [ 342.514206][T16653] ? __pfx_nl80211_send_ap_started+0x10/0x10 [ 342.520191][T16653] ? trace_rdev_return_int+0x52/0x220 [ 342.525560][T16653] ? rcu_is_watching+0x7e/0xb0 [ 342.530313][T16653] ? trace_rdev_return_int+0x8b/0x220 [ 342.535674][T16653] ? nl80211_start_ap+0x1df9/0x22e0 [ 342.540869][T16653] nl80211_start_ap+0x1eb3/0x22e0 [ 342.545897][T16653] genl_rcv_msg+0xb14/0xec0 [ 342.550387][T16653] ? mark_lock+0x9a/0x350 [ 342.554714][T16653] ? __pfx_genl_rcv_msg+0x10/0x10 [ 342.559748][T16653] ? __pfx_lock_acquire+0x10/0x10 [ 342.564763][T16653] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 342.570128][T16653] ? __pfx_nl80211_start_ap+0x10/0x10 [ 342.575492][T16653] ? __pfx_nl80211_post_doit+0x10/0x10 [ 342.580944][T16653] ? __pfx___might_resched+0x10/0x10 [ 342.586232][T16653] netlink_rcv_skb+0x1e3/0x430 [ 342.590992][T16653] ? __pfx_genl_rcv_msg+0x10/0x10 [ 342.596004][T16653] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 342.601288][T16653] ? __netlink_deliver_tap+0x77e/0x7c0 [ 342.606751][T16653] genl_rcv+0x28/0x40 [ 342.610718][T16653] netlink_unicast+0x7ea/0x980 [ 342.615487][T16653] ? __pfx_netlink_unicast+0x10/0x10 [ 342.620762][T16653] ? __virt_addr_valid+0x183/0x520 [ 342.625869][T16653] ? __check_object_size+0x49c/0x900 [ 342.631145][T16653] ? bpf_lsm_netlink_send+0x9/0x10 [ 342.636249][T16653] netlink_sendmsg+0x8db/0xcb0 [ 342.641015][T16653] ? __pfx_netlink_sendmsg+0x10/0x10 [ 342.646308][T16653] ? __import_iovec+0x536/0x820 [ 342.651155][T16653] ? aa_sock_msg_perm+0x91/0x160 [ 342.656109][T16653] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 342.661393][T16653] ? security_socket_sendmsg+0x87/0xb0 [ 342.666852][T16653] ? __pfx_netlink_sendmsg+0x10/0x10 [ 342.672132][T16653] __sock_sendmsg+0x221/0x270 [ 342.676814][T16653] ____sys_sendmsg+0x525/0x7d0 [ 342.681579][T16653] ? __pfx_____sys_sendmsg+0x10/0x10 [ 342.686873][T16653] __sys_sendmsg+0x2b0/0x3a0 [ 342.691458][T16653] ? __pfx___sys_sendmsg+0x10/0x10 [ 342.696565][T16653] ? vfs_write+0x7c4/0xc90 [ 342.701011][T16653] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 342.707335][T16653] ? do_syscall_64+0x100/0x230 [ 342.712099][T16653] ? do_syscall_64+0xb6/0x230 [ 342.716776][T16653] do_syscall_64+0xf3/0x230 [ 342.721274][T16653] ? clear_bhb_loop+0x35/0x90 [ 342.725946][T16653] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.731830][T16653] RIP: 0033:0x7effe2b75bd9 [ 342.736233][T16653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 342.755827][T16653] RSP: 002b:00007effe39ba048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 342.764235][T16653] RAX: ffffffffffffffda RBX: 00007effe2d03f60 RCX: 00007effe2b75bd9 [ 342.772212][T16653] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000005 [ 342.780180][T16653] RBP: 00007effe39ba0a0 R08: 0000000000000000 R09: 0000000000000000 [ 342.788141][T16653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 342.796106][T16653] R13: 000000000000004d R14: 00007effe2d03f60 R15: 00007ffc5b348388 [ 342.804086][T16653] [ 343.268498][T16680] FAULT_INJECTION: forcing a failure. [ 343.268498][T16680] name failslab, interval 1, probability 0, space 0, times 0 [ 343.285406][T16683] validate_nla: 5 callbacks suppressed [ 343.285423][T16683] netlink: 'syz.1.3983': attribute type 3 has an invalid length. [ 343.300240][T16680] CPU: 1 PID: 16680 Comm: syz.0.3985 Not tainted 6.10.0-rc6-syzkaller-00166-g83c36e7cfd74 #0 [ 343.310409][T16680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 343.320454][T16680] Call Trace: [ 343.323722][T16680] [ 343.326649][T16680] dump_stack_lvl+0x241/0x360 [ 343.331328][T16680] ? __pfx_dump_stack_lvl+0x10/0x10 [ 343.336517][T16680] ? __pfx__printk+0x10/0x10 [ 343.341109][T16680] should_fail_ex+0x3b0/0x4e0 [ 343.345789][T16680] ? sctp_add_bind_addr+0x89/0x3a0 [ 343.350893][T16680] should_failslab+0x9/0x20 [ 343.355388][T16680] kmalloc_trace_noprof+0x6c/0x2c0 [ 343.360491][T16680] ? __pfx__get_random_bytes+0x10/0x10 [ 343.365943][T16680] sctp_add_bind_addr+0x89/0x3a0 [ 343.370877][T16680] sctp_copy_local_addr_list+0x311/0x500 [ 343.376505][T16680] ? sctp_copy_local_addr_list+0xab/0x500 [ 343.382248][T16680] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 343.388396][T16680] ? sctp_v6_is_any+0x60/0x70 [ 343.393073][T16680] sctp_bind_addr_copy+0xad/0x3b0 [ 343.398092][T16680] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 343.404418][T16680] sctp_connect_new_asoc+0x2f3/0x6c0 [ 343.409699][T16680] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 343.415497][T16680] ? sctp_sendmsg+0xbb9/0x3520 [ 343.420249][T16680] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 343.425783][T16680] ? security_sctp_bind_connect+0x90/0xb0 [ 343.431505][T16680] sctp_sendmsg+0x219a/0x3520 [ 343.436181][T16680] ? __pfx_sctp_sendmsg+0x10/0x10 [ 343.441192][T16680] ? __pfx_aa_sk_perm+0x10/0x10 [ 343.446043][T16680] ? inet_sendmsg+0x330/0x390 [ 343.450712][T16680] __sock_sendmsg+0x1a6/0x270 [ 343.455391][T16680] __sys_sendto+0x3a4/0x4f0 [ 343.459887][T16680] ? __pfx___sys_sendto+0x10/0x10 [ 343.464923][T16680] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 343.470893][T16680] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 343.477211][T16680] __x64_sys_sendto+0xde/0x100 [ 343.481965][T16680] do_syscall_64+0xf3/0x230 [ 343.486465][T16680] ? clear_bhb_loop+0x35/0x90 [ 343.491135][T16680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.497022][T16680] RIP: 0033:0x7f8deb575bd9 [ 343.501437][T16680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 343.521035][T16680] RSP: 002b:00007f8dec3e8048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 343.529445][T16680] RAX: ffffffffffffffda RBX: 00007f8deb703f60 RCX: 00007f8deb575bd9 [ 343.537408][T16680] RDX: 0000000000000001 RSI: 0000000020847fff RDI: 0000000000000003 [ 343.545370][T16680] RBP: 00007f8dec3e80a0 R08: 000000002005ffe4 R09: 000000000000001c [ 343.553330][T16680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 343.561286][T16680] R13: 000000000000004d R14: 00007f8deb703f60 R15: 00007ffcc48eecf8 [ 343.569258][T16680] [ 343.616415][T16687] __nla_validate_parse: 7 callbacks suppressed [ 343.616433][T16687] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3981'. [ 343.625414][T16683] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.3983'. [ 343.993439][T16711] syz.3.3993 uses old SIOCAX25GETINFO [ 344.449113][T16699] smc: net device wg0 applied user defined pnetid SYZ0 [ 344.481096][T16699] smc: net device wg0 erased user defined pnetid SYZ0 [ 344.582130][T16733] netlink: 'syz.0.4002': attribute type 6 has an invalid length. [ 344.851870][T16744] netlink: 'syz.4.4006': attribute type 29 has an invalid length. [ 344.884202][T16744] netlink: 'syz.4.4006': attribute type 29 has an invalid length. [ 344.923778][T16744] netlink: 'syz.4.4006': attribute type 29 has an invalid length. [ 345.363272][T16763] netlink: 6 bytes leftover after parsing attributes in process `syz.0.4015'. [ 345.561350][T16780] netlink: 'syz.4.4020': attribute type 2 has an invalid length. [ 345.594040][T16780] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.4020'. [ 346.176254][T16810] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4029'. [ 346.324893][T16825] netlink: 'syz.4.4033': attribute type 1 has an invalid length. [ 346.362540][T16825] netlink: 'syz.4.4033': attribute type 1 has an invalid length. [ 346.420951][T16825] netlink: 'syz.4.4033': attribute type 1 has an invalid length. [ 346.430574][T16825] netlink: 'syz.4.4033': attribute type 1 has an invalid length. [ 346.531381][T16841] netlink: 68 bytes leftover after parsing attributes in process `syz.0.4038'. [ 346.889268][T16856] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4044'. [ 346.908496][T16858] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4045'. [ 347.063190][T16873] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4050'. [ 347.215227][T16881] IPVS: Error joining to the multicast group [ 347.405122][T16896] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4059'. [ 348.016991][T16938] xt_TCPMSS: Only works on TCP SYN packets [ 348.293402][T16951] ipip0: entered promiscuous mode [ 348.744697][T16976] __nla_validate_parse: 8 callbacks suppressed [ 348.744715][T16976] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4090'. [ 348.771893][T16978] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4090'. [ 349.008896][T16993] netlink: 56 bytes leftover after parsing attributes in process `syz.0.4092'. [ 349.376173][T17009] validate_nla: 15 callbacks suppressed [ 349.376193][T17009] netlink: 'syz.1.4100': attribute type 3 has an invalid length. [ 349.406235][T17009] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.4100'. [ 349.615090][T17019] netlink: 'syz.2.4104': attribute type 8 has an invalid length. [ 349.878513][T17028] netlink: 'syz.0.4111': attribute type 9 has an invalid length. [ 349.956332][T17039] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4106'. [ 350.101318][T17050] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4116'. [ 350.181840][T17054] netlink: 'syz.1.4119': attribute type 3 has an invalid length. [ 350.191897][ T9853] tipc: Subscription rejected, illegal request [ 350.667693][T17086] netlink: 10 bytes leftover after parsing attributes in process `syz.4.4130'. [ 350.761187][T17091] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4132'. [ 351.045478][T17106] netlink: 'syz.3.4139': attribute type 10 has an invalid length. [ 351.082848][T17106] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 351.120008][T17106] team0: Failed to send options change via netlink (err -105) [ 351.149410][T17106] team0: Port device netdevsim0 added [ 351.165634][T17103] netlink: 'syz.0.4137': attribute type 16 has an invalid length. [ 351.178328][T17103] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4137'. [ 351.381238][T17124] netlink: 80 bytes leftover after parsing attributes in process `syz.0.4144'. [ 351.430141][T17124] IPVS: Error connecting to the multicast addr [ 351.582572][T17131] netlink: 'syz.1.4146': attribute type 29 has an invalid length. [ 351.810793][T17131] netlink: 'syz.1.4146': attribute type 29 has an invalid length. [ 351.827379][T17133] netlink: 'syz.1.4146': attribute type 29 has an invalid length. [ 352.097082][T17152] vxcan1: tx address claim with different name [ 352.414308][T17171] IPVS: Error connecting to the multicast addr [ 352.427707][ T53] Bluetooth: hci5: link tx timeout [ 352.428761][T17173] netlink: 'syz.4.4162': attribute type 1 has an invalid length. [ 352.433302][ T53] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 353.022926][ T5094] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 353.035949][ T5094] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 353.050818][ T5094] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 353.060300][ T5094] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 353.074392][ T5094] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 353.084107][ T5094] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 353.175147][T17198] lo speed is unknown, defaulting to 1000 [ 353.457392][T17198] chnl_net:caif_netlink_parms(): no params data found [ 353.676665][T17198] bridge0: port 1(bridge_slave_0) entered blocking state [ 353.699811][T17198] bridge0: port 1(bridge_slave_0) entered disabled state [ 353.708213][T17198] bridge_slave_0: entered allmulticast mode [ 353.716140][T17198] bridge_slave_0: entered promiscuous mode [ 353.727512][T17198] bridge0: port 2(bridge_slave_1) entered blocking state [ 353.751609][T17198] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.769294][T17198] bridge_slave_1: entered allmulticast mode [ 353.781256][T17198] bridge_slave_1: entered promiscuous mode [ 353.909789][T17198] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 353.957618][T17198] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 354.070766][T17259] openvswitch: netlink: Missing key (keys=20040, expected=100) [ 354.164827][T17198] team0: Port device team_slave_0 added [ 354.190204][T17198] team0: Port device team_slave_1 added [ 354.404455][T17277] vlan3: entered promiscuous mode [ 354.409922][T17277] xfrm0: entered promiscuous mode [ 354.431001][T17277] team0: Port device vlan3 added [ 354.493269][T17198] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 354.528865][T17198] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 354.555975][ T5094] Bluetooth: hci5: command 0x0406 tx timeout [ 354.582454][T17198] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 354.703559][T17198] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 354.724069][T17198] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 354.782345][T17198] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 354.825278][T17296] team0: entered promiscuous mode [ 354.830366][T17296] team_slave_0: entered promiscuous mode [ 354.847773][T17296] team_slave_1: entered promiscuous mode [ 354.869074][T17296] dummy0: entered promiscuous mode [ 354.880434][T17296] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 354.889350][T17296] Cannot create hsr debugfs directory [ 355.031871][T17198] hsr_slave_0: entered promiscuous mode [ 355.053197][T17198] hsr_slave_1: entered promiscuous mode [ 355.064708][T17198] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 355.072447][T17198] Cannot create hsr debugfs directory [ 355.088895][T17309] validate_nla: 7 callbacks suppressed [ 355.088911][T17309] netlink: 'syz.4.4209': attribute type 10 has an invalid length. [ 355.094037][T17313] __nla_validate_parse: 8 callbacks suppressed [ 355.094051][T17313] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4212'. [ 355.119951][T17309] geneve0: entered promiscuous mode [ 355.148090][T17309] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 355.161645][T17312] netlink: 'syz.3.4211': attribute type 10 has an invalid length. [ 355.174744][ T53] Bluetooth: hci0: command tx timeout [ 355.334028][ T53] Bluetooth: hci2: command 0x0406 tx timeout [ 355.545547][T17198] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 355.569781][T17198] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.589535][T17323] Cannot find del_set index 0 as target [ 355.711862][T17198] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 355.730825][T17198] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.853831][T17346] netlink: 'syz.0.4223': attribute type 1 has an invalid length. [ 355.861817][T17346] netlink: 368 bytes leftover after parsing attributes in process `syz.0.4223'. [ 355.879687][T17198] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 355.890696][T17198] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.919647][T17345] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4224'. [ 355.972401][T17198] batman_adv: batadv0: Removing interface: netdevsim0 [ 355.998971][T17198] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 356.037901][T17198] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.108902][T17353] netlink: 'syz.3.4227': attribute type 3 has an invalid length. [ 356.143186][T17353] netlink: 'syz.3.4227': attribute type 4 has an invalid length. [ 356.166727][T17353] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4227'. [ 356.177915][T17357] netlink: 'syz.4.4229': attribute type 11 has an invalid length. [ 356.285102][T17198] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 356.314632][T17198] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 356.345942][T17198] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 356.365963][T17198] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 356.626687][T17198] 8021q: adding VLAN 0 to HW filter on device bond0 [ 356.682453][T17198] 8021q: adding VLAN 0 to HW filter on device team0 [ 356.709775][T16290] bridge0: port 1(bridge_slave_0) entered blocking state [ 356.716997][T16290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 356.776826][T16290] bridge0: port 2(bridge_slave_1) entered blocking state [ 356.784060][T16290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 356.828754][T17382] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4237'. [ 356.898248][T17198] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 357.091878][T17395] lo speed is unknown, defaulting to 1000 [ 357.216877][T17405] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4245'. [ 357.254744][ T5089] Bluetooth: hci0: command tx timeout [ 357.304069][T17393] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4241'. [ 357.370288][T17410] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4246'. [ 357.411669][T17198] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 357.488720][T17198] veth0_vlan: entered promiscuous mode [ 357.528107][T17198] veth1_vlan: entered promiscuous mode [ 357.601982][T17198] veth0_macvtap: entered promiscuous mode [ 357.626368][T17198] veth1_macvtap: entered promiscuous mode [ 357.659659][T17198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 357.681773][T17198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.694955][T17198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 357.707352][T17198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.718299][T17198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 357.731467][T17198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.743293][T17198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 357.755123][T17198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.767428][T17198] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 357.775850][T17395] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4243'. [ 357.799340][T17198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 357.810610][T17198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.825345][T17198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 357.839401][T17198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.850783][T17198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 357.864820][T17198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.879888][T17198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 357.901728][T17198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.913515][T17198] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 357.934868][T17198] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.961648][T17198] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 358.036508][T17198] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.064779][T17198] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.075476][T17198] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.087341][T17198] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.426616][T17443] netlink: 'syz.2.4256': attribute type 10 has an invalid length. [ 358.441999][T17443] team0: Device netdevsim0 is up. Set it down before adding it as a team port [ 358.498145][T17448] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 358.536889][T17440] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4255'. [ 358.769187][ T9857] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 358.790918][ T9857] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 358.847747][T17463] netlink: 'syz.3.4262': attribute type 10 has an invalid length. [ 358.870496][ T9857] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 358.891582][ T9857] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 359.192344][T17478] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 359.763077][T17496] netlink: 'syz.4.4274': attribute type 4 has an invalid length. [ 359.833857][T17497] netlink: 'syz.4.4274': attribute type 4 has an invalid length. [ 359.871994][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 359.883252][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 359.895409][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 359.912817][T17503] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 359.925703][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 359.944137][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 359.954228][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 360.020239][T17500] lo speed is unknown, defaulting to 1000 [ 360.289908][T17524] netlink: 'syz.2.4281': attribute type 29 has an invalid length. [ 360.326975][T17524] netlink: 'syz.2.4281': attribute type 29 has an invalid length. [ 360.341936][T17500] chnl_net:caif_netlink_parms(): no params data found [ 360.384387][T17523] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 360.471548][T17526] netlink: 'syz.2.4281': attribute type 29 has an invalid length. [ 360.544246][T17532] __nla_validate_parse: 4 callbacks suppressed [ 360.544264][T17532] netlink: 6 bytes leftover after parsing attributes in process `syz.2.4284'. [ 360.605006][T17535] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4285'. [ 360.731295][T17500] bridge0: port 1(bridge_slave_0) entered blocking state [ 360.772984][T17500] bridge0: port 1(bridge_slave_0) entered disabled state [ 360.791220][T17500] bridge_slave_0: entered allmulticast mode [ 360.815012][T17500] bridge_slave_0: entered promiscuous mode [ 360.827748][T17500] bridge0: port 2(bridge_slave_1) entered blocking state [ 360.836030][T17500] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.843279][T17500] bridge_slave_1: entered allmulticast mode [ 360.872111][T17500] bridge_slave_1: entered promiscuous mode [ 360.918273][T17552] netlink: 'syz.4.4290': attribute type 10 has an invalid length. [ 360.926844][T17552] netlink: 55 bytes leftover after parsing attributes in process `syz.4.4290'. [ 360.941310][T17552] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 360.949713][T17552] team0: Port device virt_wifi0 added [ 360.993018][T17500] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 361.034667][T17500] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 361.164657][T17500] team0: Port device team_slave_0 added [ 361.211679][ T2452] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.239693][T17567] netlink: 'syz.2.4295': attribute type 41 has an invalid length. [ 361.251366][T17500] team0: Port device team_slave_1 added [ 361.286643][T17568] netlink: 'syz.2.4295': attribute type 8 has an invalid length. [ 361.312294][T17500] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 361.322473][T17500] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 361.383081][T17500] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 361.425462][T17500] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 361.448045][T17500] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 361.488495][T17500] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 361.676693][ T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 361.687243][ T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 361.697412][ T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 361.708067][ T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 361.716816][ T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 361.724852][ T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 361.779678][T17500] hsr_slave_0: entered promiscuous mode [ 361.813265][T17500] hsr_slave_1: entered promiscuous mode [ 361.827181][T17500] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 361.855521][T17500] Cannot create hsr debugfs directory [ 362.054211][ T5089] Bluetooth: hci0: command tx timeout [ 362.126380][T17581] lo speed is unknown, defaulting to 1000 [ 362.177470][T17593] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4303'. [ 362.226212][ T2452] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.365566][ T2452] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.508001][T17500] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 256 - 0 [ 362.518765][T17500] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.567372][ T2452] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.620322][T17500] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 256 - 0 [ 362.639836][T17500] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.768889][T17500] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 256 - 0 [ 362.795550][T17500] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.881060][T17596] infiniband syz2: set active [ 362.888295][T17596] infiniband syz2: added bond_slave_0 [ 362.895711][T17596] syz2: rxe_create_cq: returned err = -12 [ 362.901832][T17596] infiniband syz2: Couldn't create ib_mad CQ [ 362.908883][T17596] infiniband syz2: Couldn't open port 1 [ 362.963899][T17500] team0: Port device netdevsim0 removed [ 362.972542][T17500] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 256 - 0 [ 362.987535][T17596] RDS/IB: syz2: added [ 362.992330][T17596] smc: adding ib device syz2 with port count 1 [ 362.999599][T17596] smc: ib device syz2 port 1 has pnetid SYZ0 (user defined) [ 363.009876][T17500] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.167926][ T2452] bridge_slave_1: left allmulticast mode [ 363.193993][ T2452] bridge_slave_1: left promiscuous mode [ 363.210105][ T2452] bridge0: port 2(bridge_slave_1) entered disabled state [ 363.245230][ T2452] bridge_slave_0: left allmulticast mode [ 363.267938][ T2452] bridge_slave_0: left promiscuous mode [ 363.283821][ T2452] bridge0: port 1(bridge_slave_0) entered disabled state [ 363.825392][ T5089] Bluetooth: hci3: command tx timeout [ 363.859708][ T2452] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 363.871182][ T2452] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 363.884512][ T2452] bond0 (unregistering): Released all slaves [ 363.922123][T17581] chnl_net:caif_netlink_parms(): no params data found [ 364.135217][ T5089] Bluetooth: hci0: command tx timeout [ 364.364445][T17641] netlink: 'syz.0.4312': attribute type 3 has an invalid length. [ 364.420854][T17581] bridge0: port 1(bridge_slave_0) entered blocking state [ 364.447429][T17581] bridge0: port 1(bridge_slave_0) entered disabled state [ 364.457682][T17581] bridge_slave_0: entered allmulticast mode [ 364.479195][T17581] bridge_slave_0: entered promiscuous mode [ 364.506907][T17581] bridge0: port 2(bridge_slave_1) entered blocking state [ 364.524863][T17581] bridge0: port 2(bridge_slave_1) entered disabled state [ 364.544890][T17581] bridge_slave_1: entered allmulticast mode [ 364.572762][T17581] bridge_slave_1: entered promiscuous mode [ 364.589071][T17500] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 364.629155][T17500] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 364.729640][T17500] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 364.753097][T17581] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 364.778715][T17500] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 364.804945][T17581] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 364.887880][T17581] team0: Port device team_slave_0 added [ 364.916228][T17581] team0: Port device team_slave_1 added [ 365.033306][T17581] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 365.063878][T17581] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.107211][T17581] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 365.132268][T17581] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 365.149871][T17581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.187307][T17581] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 365.236326][T17660] netlink: 10 bytes leftover after parsing attributes in process `syz.4.4318'. [ 365.261177][T17660] netlink: 'syz.4.4318': attribute type 1 has an invalid length. [ 365.284680][T17660] netlink: 'syz.4.4318': attribute type 4 has an invalid length. [ 365.292438][T17660] netlink: 192 bytes leftover after parsing attributes in process `syz.4.4318'. [ 365.386654][T17581] hsr_slave_0: entered promiscuous mode [ 365.424358][T17581] hsr_slave_1: entered promiscuous mode [ 365.443957][T17581] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 365.451549][T17581] Cannot create hsr debugfs directory [ 365.619447][T17671] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4321'. [ 365.635622][T17671] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4321'. [ 365.900828][ T5089] Bluetooth: hci3: command tx timeout [ 366.008489][T17500] 8021q: adding VLAN 0 to HW filter on device bond0 [ 366.213701][ T5089] Bluetooth: hci0: command tx timeout [ 366.259379][T17500] 8021q: adding VLAN 0 to HW filter on device team0 [ 366.348333][ T5138] bridge0: port 1(bridge_slave_0) entered blocking state [ 366.355521][ T5138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 366.433087][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 366.440292][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 366.587532][T17705] Bluetooth: MGMT ver 1.22 [ 366.887993][T17581] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 366.921637][T17581] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 366.971835][T17581] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 367.025591][T17581] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 367.152461][T17500] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 367.179416][T17727] netlink: 'syz.4.4339': attribute type 13 has an invalid length. [ 367.199807][T17727] veth0_macvtap: left promiscuous mode [ 367.207326][T17727] macvtap0: entered allmulticast mode [ 367.239953][T17727] macvtap0: refused to change device tx_queue_len [ 367.436504][T17500] veth0_vlan: entered promiscuous mode [ 367.492926][T17500] veth1_vlan: entered promiscuous mode [ 367.586001][T17581] 8021q: adding VLAN 0 to HW filter on device bond0 [ 367.646335][T17500] veth0_macvtap: entered promiscuous mode [ 367.692898][T17500] veth1_macvtap: entered promiscuous mode [ 367.727313][T17581] 8021q: adding VLAN 0 to HW filter on device team0 [ 367.780856][ T5136] bridge0: port 1(bridge_slave_0) entered blocking state [ 367.788061][ T5136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 367.881018][ T2452] hsr_slave_0: left promiscuous mode [ 367.895840][ T2452] hsr_slave_1: left promiscuous mode [ 367.912410][ T2452] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 367.921011][ T2452] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 367.932431][ T2452] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 367.942645][ T2452] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 367.975347][ T5089] Bluetooth: hci3: command tx timeout [ 368.000744][ T2452] veth1_macvtap: left promiscuous mode [ 368.024034][ T2452] veth0_macvtap: left promiscuous mode [ 368.034108][ T2452] veth1_vlan: left promiscuous mode [ 368.039497][ T2452] veth0_vlan: left promiscuous mode [ 368.294177][ T5089] Bluetooth: hci0: command tx timeout [ 368.723351][ T2452] team0 (unregistering): Port device team_slave_1 removed [ 368.790047][ T2452] team0 (unregistering): Port device team_slave_0 removed [ 369.238252][T17745] IPVS: Error connecting to the multicast addr [ 369.303906][ T5136] bridge0: port 2(bridge_slave_1) entered blocking state [ 369.311087][ T5136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 369.377056][T17500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 369.398470][T17500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 369.417979][T17500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 369.440253][T17500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 369.452286][T17500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 369.470162][T17500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 369.480928][T17500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 369.492134][T17500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 369.519581][T17500] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 369.643280][T17777] netlink: 'syz.4.4353': attribute type 10 has an invalid length. [ 369.656619][T17777] netlink: 55 bytes leftover after parsing attributes in process `syz.4.4353'. [ 369.687314][T17500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 369.712778][T17500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 369.728719][T17500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 369.743023][T17500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 369.753443][T17500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 369.769640][T17781] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4357'. [ 369.779081][T17500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 369.789536][T17500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 369.800056][T17500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 369.810103][T17500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 369.822458][T17500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 369.836017][T17500] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 369.843405][T17771] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4355'. [ 369.874913][T17771] netlink: 'syz.2.4355': attribute type 1 has an invalid length. [ 369.882693][T17771] netlink: 'syz.2.4355': attribute type 2 has an invalid length. [ 369.934469][T17781] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4357'. [ 369.988210][T17500] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.007215][T17500] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.034282][T17500] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.055581][ T5089] Bluetooth: hci3: command tx timeout [ 370.071939][T17500] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 370.126925][T17785] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4357'. [ 370.193176][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 370.199969][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 370.206544][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 370.212989][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.220950][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.228818][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.236799][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.244669][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.252581][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.260443][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.268380][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.276259][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.284199][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.292029][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.299990][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.307852][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.315812][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.323677][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.331591][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.339461][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.347410][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.355288][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.363203][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.371075][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.379074][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.386931][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.394894][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.402730][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.410681][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.418532][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.426481][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.434342][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.442256][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.450131][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.458067][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.465938][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.473879][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.481704][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.489666][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.497541][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.505498][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.513329][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.521303][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.529165][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.537225][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.545440][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.553355][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.561237][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.569188][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.577069][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.585009][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.592842][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.600819][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.608805][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.616768][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.624630][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.632499][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.640340][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.648287][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.656160][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.664117][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.671926][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.679877][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.687733][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.695692][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.703549][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.711456][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.719317][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.727205][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.735061][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.742916][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.750749][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.758685][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.766547][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.774475][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.782314][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.790222][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.798081][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.806032][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.813892][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.821812][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.829683][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.837642][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.845508][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.853414][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.861265][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.869155][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.877005][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.884944][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.892753][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.900668][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.908500][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.916434][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.924279][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.932140][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.939990][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.947871][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.955722][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.963657][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.971476][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.979439][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 370.987288][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 370.995233][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.003057][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.011003][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.018842][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.026766][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.034597][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.042430][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.050275][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.058182][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.066034][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.073916][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.081705][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.092224][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.100139][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.108100][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.115956][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.123934][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.131768][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.139829][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.147687][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.155633][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.163520][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.171388][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.179246][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.187183][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.195050][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.202906][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.210735][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.218626][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.226477][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.234409][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.242214][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.250470][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.258331][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.266277][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.274125][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.282027][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.289862][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.297744][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.305592][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.313539][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.321350][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.329272][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.337126][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.345078][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.352895][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.360809][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.368659][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.376606][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.384467][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.392376][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 371.400224][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 371.464011][T17793] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4358'. [ 371.586267][T17804] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4359'. [ 371.617679][T17804] netlink: 'syz.0.4359': attribute type 9 has an invalid length. [ 371.627799][T17804] netlink: 'syz.0.4359': attribute type 6 has an invalid length. [ 371.857778][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 371.881249][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 371.998063][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 372.016292][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 372.026354][T17581] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 372.063354][T17824] netlink: 52 bytes leftover after parsing attributes in process `syz.4.4365'. [ 372.155037][T17581] veth0_vlan: entered promiscuous mode [ 372.168890][T17828] netlink: 188 bytes leftover after parsing attributes in process `syz.2.4368'. [ 372.191752][T17581] veth1_vlan: entered promiscuous mode [ 372.260590][T17835] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 372.346571][T17581] veth0_macvtap: entered promiscuous mode [ 372.372325][T17581] veth1_macvtap: entered promiscuous mode [ 372.432711][T17581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.451890][T17581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.474587][T17581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.489671][T17581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.502433][T17581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.520119][T17581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.530224][T17581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.556402][T17581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.566855][T17581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 372.577623][T17581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.590520][T17581] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 372.685496][T17581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.713113][T17581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.738665][T17581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.764469][T17581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.785250][T17581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.809404][T17581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.820390][T17581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.838535][T17581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.850865][T17581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.872989][T17581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.882902][T17581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 372.903538][T17581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 372.925634][T17581] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 372.941175][T17848] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4376'. [ 372.952177][T17848] bridge0: port 2(bridge_slave_1) entered disabled state [ 372.960916][T17848] bridge0: port 1(bridge_slave_0) entered disabled state [ 373.039955][T17581] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 373.073142][T17581] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 373.099406][T17581] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 373.109763][T17581] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 373.129440][T17862] netlink: 'syz.2.4383': attribute type 10 has an invalid length. [ 373.141890][T17862] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4383'. [ 373.152263][T17862] batadv0: left promiscuous mode [ 373.161477][T17862] bridge0: port 3(batadv0) entered blocking state [ 373.169647][T17862] bridge0: port 3(batadv0) entered disabled state [ 373.178463][T17862] batadv0: entered allmulticast mode [ 373.188945][T17862] batadv0: entered promiscuous mode [ 373.217249][ T11] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 373.226858][ T11] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 373.522157][T17879] netlink: 'syz.4.4387': attribute type 20 has an invalid length. [ 373.531829][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 373.553267][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 373.575864][T17881] tipc: Failed to remove unknown binding: 66,1,1/0:3738365786/3738365788 [ 373.635770][T17881] tipc: Failed to remove unknown binding: 66,1,1/0:3738365786/3738365788 [ 373.665770][T17881] tipc: Failed to remove unknown binding: 66,1,1/0:3738365786/3738365788 [ 373.723044][ T9855] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 373.782603][ T9855] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 373.863255][T17891] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4392'. [ 373.986124][T17895] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4393'. [ 374.045119][T17905] netlink: 84 bytes leftover after parsing attributes in process `syz.0.4396'. [ 374.070908][T17906] sock: sock_timestamping_bind_phc: sock not bind to device [ 374.310817][T17918] SET target dimension over the limit! [ 374.358491][T17924] tipc: Failed to remove unknown binding: 66,1,1/0:2942129422/2942129424 [ 374.386083][T17924] tipc: Failed to remove unknown binding: 66,1,1/0:2942129422/2942129424 [ 374.405199][T17924] tipc: Failed to remove unknown binding: 66,1,1/0:2942129422/2942129424 [ 374.739353][ T9853] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.271408][ T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 375.295772][ T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 375.305361][ T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 375.316571][ T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 375.349133][ T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 375.357889][ T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 375.437548][ T9853] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.670011][ T9853] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 375.692407][T17975] netlink: 'syz.3.4421': attribute type 3 has an invalid length. [ 375.729949][T17967] lo speed is unknown, defaulting to 1000 [ 375.730984][T17975] netlink: 'syz.3.4421': attribute type 4 has an invalid length. [ 375.764443][T17975] netlink: 'syz.3.4421': attribute type 7 has an invalid length. [ 375.787805][T17975] netlink: 'syz.3.4421': attribute type 8 has an invalid length. [ 375.802431][T17975] netlink: 'syz.3.4421': attribute type 7 has an invalid length. [ 375.851354][T17975] netlink: 198200 bytes leftover after parsing attributes in process `syz.3.4421'. [ 375.902688][ T9853] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 376.074696][T17979] pim6reg1: entered promiscuous mode [ 376.094020][T17979] pim6reg1: entered allmulticast mode [ 376.343391][T17500] cgroup: fork rejected by pids controller in /syz3 [ 376.655120][ T9853] bridge_slave_1: left allmulticast mode [ 376.679130][ T9853] bridge_slave_1: left promiscuous mode [ 376.697059][ T9853] bridge0: port 2(bridge_slave_1) entered disabled state [ 376.744672][ T9853] bridge_slave_0: left allmulticast mode [ 376.773823][ T9853] bridge_slave_0: left promiscuous mode [ 376.779620][ T9853] bridge0: port 1(bridge_slave_0) entered disabled state [ 376.989942][T18018] netlink: 'syz.4.4434': attribute type 29 has an invalid length. [ 377.242663][ T9853] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 377.261366][ T9853] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 377.272531][ T9853] bond0 (unregistering): Released all slaves [ 377.371225][T18018] netlink: 'syz.4.4434': attribute type 29 has an invalid length. [ 377.414907][ T53] Bluetooth: hci3: command tx timeout [ 377.434653][T18020] netlink: 'syz.4.4434': attribute type 29 has an invalid length. [ 377.543737][T18024] __nla_validate_parse: 3 callbacks suppressed [ 377.543757][T18024] netlink: 6 bytes leftover after parsing attributes in process `syz.2.4435'. [ 377.583346][T17967] chnl_net:caif_netlink_parms(): no params data found [ 377.913894][T17967] bridge0: port 1(bridge_slave_0) entered blocking state [ 377.921139][T17967] bridge0: port 1(bridge_slave_0) entered disabled state [ 377.937711][T17967] bridge_slave_0: entered allmulticast mode [ 377.996028][T17967] bridge_slave_0: entered promiscuous mode [ 378.038288][T17967] bridge0: port 2(bridge_slave_1) entered blocking state [ 378.055108][T17967] bridge0: port 2(bridge_slave_1) entered disabled state [ 378.062406][T17967] bridge_slave_1: entered allmulticast mode [ 378.099945][T17967] bridge_slave_1: entered promiscuous mode [ 378.195144][ T9853] hsr_slave_0: left promiscuous mode [ 378.208751][ T9853] hsr_slave_1: left promiscuous mode [ 378.234079][ T9853] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 378.247555][ T9853] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 378.269808][ T9853] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 378.295590][ T9853] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 378.334983][ T5089] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 378.347063][ T5089] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 378.359125][ T9853] veth1_macvtap: left promiscuous mode [ 378.363888][ T5089] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 378.374506][ T5089] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 378.382877][ T5089] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 378.384965][ T9853] veth0_macvtap: left promiscuous mode [ 378.395807][ T5089] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 378.428706][ T9853] veth1_vlan: left promiscuous mode [ 378.436504][ T9853] veth0_vlan: left promiscuous mode [ 378.867121][ T1243] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.162929][ T9853] team0 (unregistering): Port device team_slave_1 removed [ 379.283125][ T9853] team0 (unregistering): Port device team_slave_0 removed [ 379.496021][ T5089] Bluetooth: hci3: command tx timeout [ 379.894513][T17967] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 379.942136][T17967] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 380.002495][T18049] lo speed is unknown, defaulting to 1000 [ 380.030629][T17967] team0: Port device team_slave_0 added [ 380.058882][T17967] team0: Port device team_slave_1 added [ 380.304657][T18079] IPVS: Error joining to the multicast group [ 380.319197][T17967] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 380.328413][T18085] netlink: 268 bytes leftover after parsing attributes in process `syz.2.4451'. [ 380.355069][T17967] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 380.397584][T17967] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 380.435501][T17967] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 380.442473][T17967] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 380.469639][ T5089] Bluetooth: hci0: command tx timeout [ 380.513032][T17967] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 380.513291][T18089] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.4453'. [ 380.569473][T18089] netlink: 16126 bytes leftover after parsing attributes in process `syz.0.4453'. [ 380.658072][T17967] hsr_slave_0: entered promiscuous mode [ 380.681395][T17967] hsr_slave_1: entered promiscuous mode [ 380.701138][T17967] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 380.716663][T17967] Cannot create hsr debugfs directory [ 381.031648][ T9853] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.045265][T18113] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4461'. [ 381.120951][T18109] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4460'. [ 381.519581][ T9853] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.574363][ T5089] Bluetooth: hci3: command tx timeout [ 381.719313][ T9853] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.775582][T18133] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 381.837058][T18133] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 381.847362][T18136] netlink: 'syz.0.4467': attribute type 3 has an invalid length. [ 381.847385][T18136] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4467'. [ 381.873422][T18133] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 381.969941][ T9853] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.008217][T18142] netlink: 'syz.4.4469': attribute type 10 has an invalid length. [ 382.045995][T18142] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 382.055490][T18142] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 382.085424][T18142] team0: Failed to send options change via netlink (err -105) [ 382.092908][T18142] team0: Port device netdevsim0 added [ 382.145466][T18049] chnl_net:caif_netlink_parms(): no params data found [ 382.533653][T18049] bridge0: port 1(bridge_slave_0) entered blocking state [ 382.545202][ T5089] Bluetooth: hci0: command tx timeout [ 382.565544][T18049] bridge0: port 1(bridge_slave_0) entered disabled state [ 382.572814][T18049] bridge_slave_0: entered allmulticast mode [ 382.584385][T18049] bridge_slave_0: entered promiscuous mode [ 382.601359][T18049] bridge0: port 2(bridge_slave_1) entered blocking state [ 382.609737][T18049] bridge0: port 2(bridge_slave_1) entered disabled state [ 382.618149][T18049] bridge_slave_1: entered allmulticast mode [ 382.626869][T18049] bridge_slave_1: entered promiscuous mode [ 382.637809][ T9853] bridge_slave_1: left allmulticast mode [ 382.644228][ T9853] bridge_slave_1: left promiscuous mode [ 382.650060][ T9853] bridge0: port 2(bridge_slave_1) entered disabled state [ 382.667228][ T9853] bridge_slave_0: left allmulticast mode [ 382.673078][ T9853] bridge_slave_0: left promiscuous mode [ 382.679825][ T9853] bridge0: port 1(bridge_slave_0) entered disabled state [ 382.866832][T18167] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 383.178561][ T9853] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 383.191468][ T9853] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 383.207450][ T9853] bond0 (unregistering): Released all slaves [ 383.246694][T18162] netlink: 'syz.4.4473': attribute type 27 has an invalid length. [ 383.335299][ C1] ================================================================== [ 383.343409][ C1] BUG: KASAN: use-after-free in rhashtable_lookup_fast+0x77a/0x9b0 [ 383.351331][ C1] Read of size 4 at addr ffff8880695e8008 by task ksoftirqd/1/24 [ 383.359064][ C1] [ 383.361393][ C1] CPU: 1 PID: 24 Comm: ksoftirqd/1 Not tainted 6.10.0-rc6-syzkaller-00166-g83c36e7cfd74 #0 [ 383.371390][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 383.381469][ C1] Call Trace: [ 383.384758][ C1] [ 383.387695][ C1] dump_stack_lvl+0x241/0x360 [ 383.392398][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 383.397607][ C1] ? __pfx__printk+0x10/0x10 [ 383.402179][ C1] ? _printk+0xd5/0x120 [ 383.406327][ C1] ? __virt_addr_valid+0x183/0x520 [ 383.411453][ C1] ? __virt_addr_valid+0x183/0x520 [ 383.416561][ C1] print_report+0x169/0x550 [ 383.421054][ C1] ? __virt_addr_valid+0x183/0x520 [ 383.426153][ C1] ? __virt_addr_valid+0x183/0x520 [ 383.431253][ C1] ? __virt_addr_valid+0x44e/0x520 [ 383.436353][ C1] ? __phys_addr+0xba/0x170 [ 383.440854][ C1] ? rhashtable_lookup_fast+0x77a/0x9b0 [ 383.446400][ C1] kasan_report+0x143/0x180 [ 383.450898][ C1] ? rhashtable_lookup_fast+0x77a/0x9b0 [ 383.456435][ C1] rhashtable_lookup_fast+0x77a/0x9b0 [ 383.461798][ C1] ? rhashtable_lookup_fast+0xe9/0x9b0 [ 383.467245][ C1] ? __pfx_ila_cmpfn+0x10/0x10 [ 383.472001][ C1] ? __pfx_rhashtable_lookup_fast+0x10/0x10 [ 383.477884][ C1] ? __pfx_ila_cmpfn+0x10/0x10 [ 383.482641][ C1] ila_nf_input+0x1fe/0x3c0 [ 383.487133][ C1] ? __pfx_ila_cmpfn+0x10/0x10 [ 383.491886][ C1] ? ila_nf_input+0xe4/0x3c0 [ 383.496468][ C1] ? __pfx_ila_nf_input+0x10/0x10 [ 383.501483][ C1] nf_hook_slow+0xc3/0x220 [ 383.505891][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 383.511072][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 383.516253][ C1] NF_HOOK+0x29e/0x450 [ 383.520304][ C1] ? skb_orphan+0x4b/0xd0 [ 383.524630][ C1] ? NF_HOOK+0x9a/0x450 [ 383.528776][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 383.533353][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 383.538541][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 383.543208][ C1] __netif_receive_skb+0x1ea/0x650 [ 383.548316][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 383.553328][ C1] ? __pfx___netif_receive_skb+0x10/0x10 [ 383.558956][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 383.564924][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 383.571238][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 383.576346][ C1] ? process_backlog+0x2d9/0x7d0 [ 383.581273][ C1] process_backlog+0x391/0x7d0 [ 383.586031][ C1] ? __pfx_process_backlog+0x10/0x10 [ 383.591307][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 383.597276][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 383.603594][ C1] __napi_poll+0xcb/0x490 [ 383.607916][ C1] net_rx_action+0x7bb/0x10a0 [ 383.612590][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 383.617695][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 383.623667][ C1] handle_softirqs+0x2c4/0x970 [ 383.628417][ C1] ? run_ksoftirqd+0xca/0x130 [ 383.633080][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 383.638353][ C1] run_ksoftirqd+0xca/0x130 [ 383.642845][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 383.647949][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 383.653050][ C1] smpboot_thread_fn+0x544/0xa30 [ 383.657975][ C1] ? smpboot_thread_fn+0x4e/0xa30 [ 383.662987][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 383.668438][ C1] kthread+0x2f0/0x390 [ 383.672496][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 383.677939][ C1] ? __pfx_kthread+0x10/0x10 [ 383.682516][ C1] ret_from_fork+0x4b/0x80 [ 383.686921][ C1] ? __pfx_kthread+0x10/0x10 [ 383.691498][ C1] ret_from_fork_asm+0x1a/0x30 [ 383.696263][ C1] [ 383.699266][ C1] [ 383.701572][ C1] The buggy address belongs to the physical page: [ 383.707977][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x695e8 [ 383.716721][ C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 383.723824][ C1] raw: 00fff00000000000 ffffea00019da608 ffff8880b94447b0 0000000000000000 [ 383.732395][ C1] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 383.740980][ C1] page dumped because: kasan: bad access detected [ 383.747386][ C1] page_owner tracks the page as freed [ 383.752741][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152dc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_ZERO), pid 17500, tgid 17500 (syz-executor), ts 360070740442, free_ts 383326057632 [ 383.773215][ C1] post_alloc_hook+0x1f3/0x230 [ 383.777972][ C1] get_page_from_freelist+0x2e4c/0x2f10 [ 383.783507][ C1] __alloc_pages_noprof+0x256/0x6c0 [ 383.788693][ C1] __kmalloc_large_node+0x8b/0x1d0 [ 383.793815][ C1] __kmalloc_node_noprof+0x2d2/0x440 [ 383.799119][ C1] kvmalloc_node_noprof+0x72/0x190 [ 383.804236][ C1] rhashtable_init_noprof+0x534/0xa60 [ 383.809607][ C1] ila_xlat_init_net+0xa0/0x110 [ 383.814471][ C1] ops_init+0x359/0x610 [ 383.818724][ C1] setup_net+0x515/0xca0 [ 383.822957][ C1] copy_net_ns+0x4e2/0x7b0 [ 383.827365][ C1] create_new_namespaces+0x425/0x7b0 [ 383.832655][ C1] unshare_nsproxy_namespaces+0x124/0x180 [ 383.838367][ C1] ksys_unshare+0x619/0xc10 [ 383.842865][ C1] __x64_sys_unshare+0x38/0x40 [ 383.847630][ C1] do_syscall_64+0xf3/0x230 [ 383.852128][ C1] page last free pid 9853 tgid 9853 stack trace: [ 383.858433][ C1] free_unref_page+0xd22/0xea0 [ 383.863184][ C1] __folio_put+0x3b9/0x620 [ 383.867586][ C1] free_large_kmalloc+0x105/0x1c0 [ 383.872601][ C1] kfree+0x1c4/0x360 [ 383.876486][ C1] rhashtable_free_and_destroy+0x7c6/0x920 [ 383.882283][ C1] ila_xlat_exit_net+0x55/0x110 [ 383.887119][ C1] cleanup_net+0x802/0xcc0 [ 383.891518][ C1] process_scheduled_works+0xa2c/0x1830 [ 383.897053][ C1] worker_thread+0x86d/0xd50 [ 383.901634][ C1] kthread+0x2f0/0x390 [ 383.905691][ C1] ret_from_fork+0x4b/0x80 [ 383.910095][ C1] ret_from_fork_asm+0x1a/0x30 [ 383.914847][ C1] [ 383.917154][ C1] Memory state around the buggy address: [ 383.922765][ C1] ffff8880695e7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 383.930808][ C1] ffff8880695e7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 383.938850][ C1] >ffff8880695e8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 383.946898][ C1] ^ [ 383.951210][ C1] ffff8880695e8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 383.959254][ C1] ffff8880695e8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 383.967303][ C1] ================================================================== [ 383.975484][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 383.982681][ C1] CPU: 1 PID: 24 Comm: ksoftirqd/1 Not tainted 6.10.0-rc6-syzkaller-00166-g83c36e7cfd74 #0 [ 383.992675][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 384.002734][ C1] Call Trace: [ 384.006004][ C1] [ 384.008923][ C1] dump_stack_lvl+0x241/0x360 [ 384.013598][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 384.018792][ C1] ? __pfx__printk+0x10/0x10 [ 384.023374][ C1] ? vscnprintf+0x5d/0x90 [ 384.027691][ C1] panic+0x349/0x860 [ 384.031576][ C1] ? check_panic_on_warn+0x21/0xb0 [ 384.036686][ C1] ? __pfx_panic+0x10/0x10 [ 384.041097][ C1] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 384.046978][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 384.052856][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 384.059169][ C1] ? print_report+0x502/0x550 [ 384.063840][ C1] check_panic_on_warn+0x86/0xb0 [ 384.068768][ C1] ? rhashtable_lookup_fast+0x77a/0x9b0 [ 384.074309][ C1] end_report+0x77/0x160 [ 384.078538][ C1] kasan_report+0x154/0x180 [ 384.083030][ C1] ? rhashtable_lookup_fast+0x77a/0x9b0 [ 384.088574][ C1] rhashtable_lookup_fast+0x77a/0x9b0 [ 384.093949][ C1] ? rhashtable_lookup_fast+0xe9/0x9b0 [ 384.099432][ C1] ? __pfx_ila_cmpfn+0x10/0x10 [ 384.104184][ C1] ? __pfx_rhashtable_lookup_fast+0x10/0x10 [ 384.110067][ C1] ? __pfx_ila_cmpfn+0x10/0x10 [ 384.114827][ C1] ila_nf_input+0x1fe/0x3c0 [ 384.119321][ C1] ? __pfx_ila_cmpfn+0x10/0x10 [ 384.124078][ C1] ? ila_nf_input+0xe4/0x3c0 [ 384.128659][ C1] ? __pfx_ila_nf_input+0x10/0x10 [ 384.133678][ C1] nf_hook_slow+0xc3/0x220 [ 384.138101][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 384.143286][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 384.148478][ C1] NF_HOOK+0x29e/0x450 [ 384.152532][ C1] ? skb_orphan+0x4b/0xd0 [ 384.156851][ C1] ? NF_HOOK+0x9a/0x450 [ 384.160994][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 384.165572][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 384.170763][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 384.175429][ C1] __netif_receive_skb+0x1ea/0x650 [ 384.180532][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 384.185547][ C1] ? __pfx___netif_receive_skb+0x10/0x10 [ 384.191171][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 384.197139][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 384.203455][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 384.208570][ C1] ? process_backlog+0x2d9/0x7d0 [ 384.213504][ C1] process_backlog+0x391/0x7d0 [ 384.218264][ C1] ? __pfx_process_backlog+0x10/0x10 [ 384.223539][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 384.229506][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 384.235823][ C1] __napi_poll+0xcb/0x490 [ 384.240149][ C1] net_rx_action+0x7bb/0x10a0 [ 384.244826][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 384.249931][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 384.255904][ C1] handle_softirqs+0x2c4/0x970 [ 384.260658][ C1] ? run_ksoftirqd+0xca/0x130 [ 384.265325][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 384.270606][ C1] run_ksoftirqd+0xca/0x130 [ 384.275097][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 384.280199][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 384.285298][ C1] smpboot_thread_fn+0x544/0xa30 [ 384.290224][ C1] ? smpboot_thread_fn+0x4e/0xa30 [ 384.295241][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 384.300685][ C1] kthread+0x2f0/0x390 [ 384.304745][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 384.310189][ C1] ? __pfx_kthread+0x10/0x10 [ 384.314766][ C1] ret_from_fork+0x4b/0x80 [ 384.319171][ C1] ? __pfx_kthread+0x10/0x10 [ 384.323749][ C1] ret_from_fork_asm+0x1a/0x30 [ 384.328509][ C1] [ 384.331742][ C1] Kernel Offset: disabled [ 384.336052][ C1] Rebooting in 86400 seconds..