last executing test programs: 27.364567032s ago: executing program 4 (id=1037): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01000000000000000000090000003c000380140002007663616e30000000000000000000000014000600ff0500000000000000000000000000010800010001000000080003"], 0x50}}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmmsg$unix(r4, &(0x7f0000003e80)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000009c0)="18acf8b1ed479de320cdbff21bc648a4423880b9fb95564f48c38e3fdaea755288c2a91a1ef344702de01af77d599320e22a0ea41b13aa09f1b359b0e2d2e8b6074bb4119ea219d2055df8bab18280f3c3ea8e45510d60a28f7af2a9c471dbe0a88f57ae4580b0b420f5f90b70efb6805d81812d5d64c87c99f9c75e9f656dfd6e0cb005b1abd4d879a097dd9d3e6e12f85505cd45c840f9503b2fff6c33e6a675512ab99729da82acc41b65a398d515700ba76224267cdabfb9576027eb82a82c337e379c488d47691d7fe2c55bbe29a7a37633648559a31b90f145d0f5a2d8d9499f100ba95da30ce9df964d2af22e6551f8a35878071d2b5477c0f1c0ab067a8bd9368c04ed9b6e1547f04d022d726bb32daf66bded05624baa409848f50d96df5d0a86c6ce2b9b0767e85c5233c1e30aaad953301d7294b375db43804290971c857070e9d2c8b6397ab8d56358476fc0359ee79b7956f0ef1ce2edefc6bd340037706a57aa98105019c21be58ce8c868c90db57bfe8304416b3e7e02837ea3ce01ce463321f2ea429ee0c42b27d28c2b6063eb5cd746e26ade0c9ae3049ebb8c5038b01281f26c9777fb1263a5ba1262fa783e07ef5ded966eb85a4a811f5aab0d9575551239e9b0f76e5217744b0a8edcb1504774e36818033e3ab03ca6164df64fdf4352b9c88bfa91add131e13bee44e7eb4e38e613f3bab3c6c8a5038e446d57c9058b975f05f36e0e49171b426b99aa82a0656d7ffc46169ee20456aab06ee429bff9408fb1961e3976e288bee69e9ec6dc72862e1cfcc6c4804457285efcb056b0d834666748129994a3fc172c4c9c622a0c4ddd84bce972d56c70f3687222e5857f9a24b0e138a8359409f5b4ba3206c1a7f35c9e90f3ad903715ab7283e700f9ec2c641f38e998122266a8b1731ce1f03d12a643f281b3ace22f1e403dfe05052fdca3da258f8f1bd7c88949d2a14510b4116c5e403b6cee434d4969113ff8eebc1052e6a1dfa710cadfa0dbd96afa3dd1ab32b10e97d4c015e357bb938d5c2420ed83fff6a17ca9c334fc1b1a3b171f3ca2f4f88a66c59477a73265a8dc10c6d0e5ab2f595e4b9bdd160f35a7917d46df4a50b7651a5991f2444fc0a235f210e8ce8afede0b725d0cabfa20e4d36a836314d180f66614db4fbbd15ef7a947247f7f6f0eb34af0b7aeaaa9210154285dcd0389de273ad3459a1d87f062d9a050c57b6325750aeb9f47d7242117d8e0d38ae1e6cef179809d422ae852bf41f8d5ec42fac487ed46e0511a1f554cd6181e6c81dfdafa7c69daa2ba822e22e305b4b8f34c20fcc8e50cf451f053df249a7f5b20cbc0bc127f55d80bc9c0ba3cf9f0a9c56286215c20f9d60cb61276c6bbf772c151be2520e22b8f6daea2aa1f9e1b30bbeed092d3c2fb92a10fb71e7fea336a0258620c918581487ec04c54ca4e9811a83a6bf39dca6a4e89092cdee6e40024bd7c1ae7b3a8cdbb38c21ccb1de68f7fc9fa4726b832cedcfdd22b71f37d66f350e78e3c19bcae0322f8f070c316bc3c2ba0cb12a43746bd8aaa1645e3f8800b93722ac1791396bb3def1678cb5ab3f42c097c4c3684ea61dc89209ae57906bd4577a93b14eceff6f18893064198d9141a927ced2af06226011187f1851d6a5c1b5ff78a4c6d8b387a781c06a286f052d2e828ed94110cd7b9e6cfcb840e12019678080a6e9e517ce8ba6276c5a919197fd0adf86547135fcec083f2c1fea0e40564f279ceec580e827e39fa77bfa823d6e08aa7bd320491381f21be8b10dc2ed7fee1524680a52bb1e14cb6248519100edd7df29bac5c4ad1c893ee99db03aa7e077ba6608b0db797f31a6cd6d5a01077a41df98fc373ac5c149b87c55bb73bb17b09dffa7847b134b866b9ce179d547750dd2fb9c280e2003d132c87e2535f31232a32d738aeedeff052f256a9c866b6c2cb880d15f1acca7396a8f6113afe45e46e96a6c7762eb09d2c568df561d5484356b4ae71f89bf0126c6670c4fbeee59a89e20206401ef85f083039aa9ceacc2912427b031c35e29c7a702e0054f4dbb01062c0daab2a5faa49a86cd5d48d64bbee12f60ee529a00ad13a579934faff4ec12778038a3e48217fc4eb97ebe3dec9ecdfc0af3e722ed7ca0f12952c2902b0db061098d4bf14664104c440c9d07af7fbaa375274f61b04c17050a3e139dcce999071f18468139182cfe78a84c90c0428d7c75a621a6eaa69e028ce47626235ca3edbbb53e15afebebb25e18c732a820edca2f60be8c0ecd7e5a30282a0add95c6eb43b0afea34d91de7b20f4fb999d17c7fc418738f61cce38d656ce86e2d0a97f31dad0296ee63fb48e859003f88d0a27c874a47301dc0f1fd4f4e9b1bcd7806f715c751b94e182307d2d01278eb0ad2e1a48c3cac80ea5ec28b9b52f5cf6ea8b5611be5a24f91545cae2f581fd58fd47e6aa3b88b380442f21739319050ef702ffe604d7b1341013d330ad4e8d7c3cec17da298b4fcf1205e156f30642d654384d4be8b9eb4add6d9603e8fe122b9d70171d6f8ea5", 0xfffffdef}], 0x1}}], 0x1, 0x0) sendmsg$AUDIT_DEL_RULE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000840) recvmsg$can_j1939(r4, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x10100) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[], 0x128}, 0x24008804) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb01c5d854f89ceea35300240000002400000003000000000000000200001302000000010000000000000000000000fdffffff0000000000000000002e0087400a53b8a70500a9c3a275725db855ab0eb5c1732c80037659b76f7015464d1460cb78a523eecefe7d9c8810325cd2d29137a26f72e5b536fa0f646c8ec7c632a8bc796aee56dac4aa3bb31e80b490"], 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) getpeername$inet(0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000280)=0x10) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r7, 0x400448cb, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="400100001000330600000000fcfffffffe8000000000000000000000000000aaffffffff00000000000000000000000000004000000080040000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac14143f0000000030f36531707bd57a3c609f5d000000000000000000000000320000000a0101020000000000000000000000002703000000000000050000000000000000000000000000000400000000000000ff0f00000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000008f000000000000800800000028bd7000000000000a0001000000000000000000080016000600000048000200656362286369706865725f6e756c6c2900"/260], 0x140}, 0x1, 0x0, 0x0, 0x8000}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r8, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) r9 = socket$inet(0x2, 0x2, 0x0) r10 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r10, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) bind$inet6(r10, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) bind$inet(r9, &(0x7f0000000200)={0x2, 0x4e20, @broadcast}, 0x10) write(r8, &(0x7f0000000040)="05000000010000", 0x7) sendfile(r5, 0xffffffffffffffff, 0x0, 0x8) 26.608939239s ago: executing program 4 (id=1042): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) recvfrom$phonet(r0, &(0x7f0000000000)=""/2, 0x2, 0x10001, &(0x7f0000000040)={0x23, 0x3d, 0x4a, 0xa}, 0x10) ioctl$FIONCLEX(r0, 0x5450) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)}, 0x20) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000240)={'wg1\x00', 0x0}) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0x20, &(0x7f0000000440)={&(0x7f0000000300)=""/86, 0x56, 0x0, &(0x7f0000000380)=""/162, 0xa2}}, 0x10) pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x13, 0x18, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffb}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @generic={0x9, 0x2, 0xe, 0x2, 0x7}, @printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xc}}, @alu={0x4, 0x1, 0x2, 0x0, 0xb, 0x80, 0xfffffffffffffff0}, @generic={0x7, 0x3, 0x5, 0x9, 0x9}]}, &(0x7f0000000200)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x2d, '\x00', r2, @fallback=0x1a, r0, 0x8, &(0x7f0000000280)={0x5, 0x3}, 0x8, 0x10, &(0x7f00000002c0)={0x3, 0x2, 0x1, 0x3}, 0x10, r3, r0, 0x4, &(0x7f0000000500)=[r5], &(0x7f0000000540)=[{0x5, 0x2, 0xe, 0xb}, {0x5, 0x3, 0x7, 0x3}, {0x5, 0x5, 0xd, 0x8}, {0x4, 0x1, 0xc, 0x5}], 0x10, 0x2, @void, @value}, 0x94) openat$tun(0xffffffffffffff9c, &(0x7f0000000640), 0x50000, 0x0) r7 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000800)=r3, 0x4) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000008c0)={r4, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xa, &(0x7f0000000680)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}}, @generic={0x7, 0x5, 0x0, 0x7, 0x5}], &(0x7f0000000700)='syzkaller\x00', 0x1067, 0xac, &(0x7f0000000740)=""/172, 0x41100, 0x44, '\x00', r2, @fallback=0x32, r7, 0x8, &(0x7f0000000840)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000880)={0x5, 0xb, 0xe0a4, 0x2}, 0x10, r3, 0xffffffffffffffff, 0x1, &(0x7f0000000900)=[r4, r5, r5, r5, r8, r5], &(0x7f0000000940)=[{0x5, 0x1, 0xf, 0x3}], 0x10, 0x3, @void, @value}, 0x94) r9 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000a80), r5) sendmsg$IPVS_CMD_DEL_DAEMON(r8, &(0x7f0000000b40)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x40, r9, 0x10, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x7}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x20004080}, 0x40031) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2, 0x12, r1, 0xb09f000) r10 = socket$pppl2tp(0x18, 0x1, 0x1) r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000bc0)={'wpan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000c00)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r11, &(0x7f0000000d00)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c40)={0x74, 0x0, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r12}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r13}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x74}, 0x1, 0x0, 0x0, 0x2000000}, 0x10000000) r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000d80), r5) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000dc0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_STOP_P2P_DEVICE(r4, &(0x7f0000000e80)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000e40)={&(0x7f0000000e00)={0x28, r14, 0x300, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r15}, @val={0xc, 0x99, {0x10001, 0x74}}}}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x20000040}, 0x80) r16 = syz_genetlink_get_family_id$smc(&(0x7f0000000f00), r5) sendmsg$SMC_PNETID_ADD(r4, &(0x7f0000001000)={&(0x7f0000000ec0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000fc0)={&(0x7f0000000f40)={0x60, r16, 0x800, 0x70bd27, 0x25dfdbfd, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'batadv_slave_1\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'ip6_vti0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r17 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &(0x7f0000001040)={0x0, r6}, 0x10) close(r17) sendmsg$NFT_BATCH(r5, &(0x7f0000001600)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000015c0)={&(0x7f00000010c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_DELTABLE={0x11c, 0x2, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_TABLE_USERDATA={0xf2, 0x6, "d86441b10a16b4a5c10012dc707ecf41d0f15e6240bd3ccd825b4f7fb6f11ceeb8736ba60cb26286a6fe5f847310b4c5ef746a706bc82b913692e42b28a6936f80211cb256088fef316653fcd008c4693149158aa312d6c8bdc623091347407d5b68560fa6f9fcfdaba4850eec43c81f677fca171825be4038d94915b8ab259d7ffb93b93ea015e3c910fde148487c54cd5cf82cd95cca146864903d08c1fc4b0597b160201a8547968355a8d4bc355d13b7d57bc492dd77e48ed59a78fab41741d872dc4b92c5b45d1a69c33f6f8523dcefdd19110942e4383545eab711df4b9c9069b3304579df8b12b44b22a9"}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFT_MSG_DELSETELEM={0x20, 0xe, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x150, 0x6, 0xa, 0x201, 0x0, 0x0, {0xd7864ae4c02d78a6, 0x0, 0x7}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3}, @NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @range={{0xa}, @void}}, {0x10, 0x1, 0x0, 0x1, @socket={{0xb}, @void}}, {0x10, 0x1, 0x0, 0x1, @match={{0xa}, @void}}]}, @NFTA_RULE_EXPRESSIONS={0x100, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @tunnel={{0xb}, @void}}, {0x14, 0x1, 0x0, 0x1, @byteorder={{0xe}, @void}}, {0x2c, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0x56}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0xea}]}}}, {0x20, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}, {0x28, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_OP={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_BYTEORDER_OP={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @quota={{0xa}, @void}}, {0x14, 0x1, 0x0, 0x1, @immediate={{0xe}, @void}}, {0x30, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_SYNPROXY_MSS={0x6, 0x1, 0x1, 0x0, 0xff}, @NFTA_SYNPROXY_MSS={0x6, 0x1, 0x1, 0x0, 0xc380}, @NFTA_SYNPROXY_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}]}}}]}]}, @NFT_MSG_DELFLOWTABLE={0x58, 0x18, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8}]}, @NFT_MSG_DELOBJ={0x2c, 0x14, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x5}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x7}]}, @NFT_MSG_NEWOBJ={0x70, 0x12, 0xa, 0x3, 0x0, 0x0, {0x1}, @NFT_OBJECT_SECMARK=@NFTA_OBJ_DATA={0x5c, 0x4, 0x0, 0x1, [@NFTA_SECMARK_CTX={0x2a, 0x1, 'system_u:object_r:tmpreaper_exec_t:s0\x00'}, @NFTA_SECMARK_CTX={0x2a, 0x1, 'system_u:object_r:tmpreaper_exec_t:s0\x00'}]}}, @NFT_MSG_DELRULE={0x1c, 0x8, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0xa}, [@NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELRULE={0xc8, 0x8, 0xa, 0x201, 0x0, 0x0, {0x3, 0x0, 0x9}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x2}, @NFTA_RULE_USERDATA={0x64, 0x7, 0x1, 0x0, "4fa7aa83c8e521cac15cfecb1b9b1f004783a721420256b35532b424e60b087c457794c924234b8cc202aa888c5b57bbe3cbd4886b4bacd01c4ddc33d42e9cb4d1ab48f32a53efdf2ea91414d562f7ac141f17b7c123c23515f34f3a80b622ac"}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x1}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_RULE_COMPAT={0x14, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x800}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x4}]}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x7}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x5}]}], {0x14}}, 0x4cc}, 0x1, 0x0, 0x0, 0x40000}, 0x8001) ioctl$sock_qrtr_TIOCINQ(r5, 0x541b, &(0x7f0000001640)) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r11, &(0x7f0000001940)={&(0x7f0000001680)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001900)={&(0x7f0000001700)={0x1e0, 0x0, 0x400, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r12}, @NL802154_ATTR_SEC_DEVKEY={0x1b8, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x1c, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x7}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x7f}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x2}, @NL802154_DEVKEY_ATTR_ID={0x124, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x44, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}]}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3f}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x54, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_MODE={0x8}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x18, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}]}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x38, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0002}}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa2}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x9}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}]}, @NL802154_DEVKEY_ATTR_ID={0x14, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x2}, @NL802154_KEY_ID_ATTR_MODE={0x8}]}, @NL802154_DEVKEY_ATTR_ID={0x44, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x400}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x1}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}]}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x25d}]}]}]}, 0x1e0}, 0x1, 0x0, 0x0, 0x4810}, 0x40000) 26.422159052s ago: executing program 4 (id=1044): socket(0x2, 0x80805, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="020e000010000000000000000000000002000500000000000200"], 0x80}}, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x5, 0x1, 0x4) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @host}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) openat$cgroup_int(r4, &(0x7f00000001c0)='hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x2, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000005c0)=ANY=[@ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="0200000002"], 0x10) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r6, @ANYRES32=r7], 0x10) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000200000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r3], 0x90}}, 0x0) 26.079821011s ago: executing program 4 (id=1047): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000180)=@security={'security\x00', 0xe, 0x4, 0x360, 0xffffffff, 0x0, 0x128, 0x0, 0xffffffff, 0xffffffff, 0x418, 0x418, 0x418, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x2, 0x1, 0x800}}}, {{@ipv6={@loopback, @mcast2, [0xffffffff, 0x0, 0xffffffff], [0xff, 0xffffffff, 0xffffffff, 0xff], 'sit0\x00', 'vlan0\x00', {0xff}, {}, 0x3a, 0x6, 0x0, 0x8}, 0x0, 0xa8, 0xd0}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x3}}}, {{@ipv6={@mcast2, @local, [0x0, 0xffffffff, 0xff, 0xff0000ff], [0xff, 0xff000000, 0xff000000, 0xffffffff], 'erspan0\x00', 'hsr0\x00', {}, {0xff}, 0x62, 0x1b, 0x4, 0x21}, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x2, 0x5, {0x100000000}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000008c0)='blkio.bfq.io_serviced\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x3938700}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000500)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEV(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)={0x2c, r3, 0xc21, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0102}}}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc8800}, 0x8000) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x44, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYRESHEX=r1, @ANYRES32=0x0, @ANYBLOB="0002000000000000140012800b028008001a0000000000000000000000000088d101fc48070467e7baaad13534f00c10a23308720adf265f3aad38789ebb6d4fec3887fb3919c535c253f044da6f0188a51b3eecfd73fad88bd228"], 0x3c}}, 0x0) 25.714063885s ago: executing program 4 (id=1049): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}]}, &(0x7f0000000000)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7a, &(0x7f0000000340)={r1, @in={{0x2, 0x4e21, @broadcast}}}, &(0x7f0000000040)=0x84) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r4) sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)={0x24, r5, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0xfeffffff}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}]}, 0x24}}, 0x0) (async) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000580)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000480)={&(0x7f00000005c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="00022dbd7000fcdbdf2506000000080009000000000008000c0004000000140008006272696467655f736c6176655f30000006001c00050000003e7a2ee2dcecf3754b593ba15cd8aa54daa85882339625d717024231ee56fc6e44a36fef47f21085e7f71650b31a41826b5f16ed14d1ca309e670e227e39abd20f6860779f80f21d6c2e3d16fef2785b9eef1bb7195bba717ec84c0db111eedd484a4ff7476038d665d2dbd68180db17bb9f5e2c2a34"], 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) (async) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r7, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) (async) socketpair(0x2c, 0x0, 0x504, &(0x7f00000000c0)={0xffffffffffffffff}) sendmsg$NFT_MSG_GETRULE(r9, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000400)={&(0x7f0000000500)={0x74, 0x7, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_COMPAT={0x34, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x7}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x8917}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x6004}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x2f}]}, @NFTA_RULE_COMPAT={0x2c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x2f}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0xea66}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x5c}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x8}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000) (async) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r8, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) (async) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCETHTOOL(r10, 0x8946, &(0x7f0000000f80)={'team_slave_1\x00', &(0x7f0000000f40)=@ethtool_stats={0x23}}) (async) sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) (async) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@gettfilter={0x24, 0x2e, 0x621, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, r8, {0xc, 0xb}, {0x2, 0xfff3}, {0xffff, 0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x84}, 0x0) 17.428755104s ago: executing program 4 (id=1049): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}]}, &(0x7f0000000000)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7a, &(0x7f0000000340)={r1, @in={{0x2, 0x4e21, @broadcast}}}, &(0x7f0000000040)=0x84) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r4) sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)={0x24, r5, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0xfeffffff}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x1}]}, 0x24}}, 0x0) (async) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000580)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000480)={&(0x7f00000005c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="00022dbd7000fcdbdf2506000000080009000000000008000c0004000000140008006272696467655f736c6176655f30000006001c00050000003e7a2ee2dcecf3754b593ba15cd8aa54daa85882339625d717024231ee56fc6e44a36fef47f21085e7f71650b31a41826b5f16ed14d1ca309e670e227e39abd20f6860779f80f21d6c2e3d16fef2785b9eef1bb7195bba717ec84c0db111eedd484a4ff7476038d665d2dbd68180db17bb9f5e2c2a34"], 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) (async) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r7, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) (async) socketpair(0x2c, 0x0, 0x504, &(0x7f00000000c0)={0xffffffffffffffff}) sendmsg$NFT_MSG_GETRULE(r9, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000400)={&(0x7f0000000500)={0x74, 0x7, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_COMPAT={0x34, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x7}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x8917}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x6004}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x2f}]}, @NFTA_RULE_COMPAT={0x2c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x2f}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0xea66}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x5c}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x8}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000) (async) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r8, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) (async) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCETHTOOL(r10, 0x8946, &(0x7f0000000f80)={'team_slave_1\x00', &(0x7f0000000f40)=@ethtool_stats={0x23}}) (async) sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) (async) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@gettfilter={0x24, 0x2e, 0x621, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, r8, {0xc, 0xb}, {0x2, 0xfff3}, {0xffff, 0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x84}, 0x0) 4.382369892s ago: executing program 3 (id=1153): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0x100, 0x9, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcff5, r0}, 0x38) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x2, r0}, 0x38) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000380)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x31, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000, @void, @value}, 0xf6) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001780)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) r5 = accept(r4, &(0x7f0000000000)=@pptp={0x18, 0x2, {0x0, @local}}, &(0x7f00000000c0)=0x80) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000340)={r4}) ioctl$ifreq_SIOCGIFINDEX_wireguard(r7, 0x8933, &(0x7f00000003c0)={'wg0\x00'}) sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000440)={&(0x7f0000000100), 0xc, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="10002cbd7000fddbdf25060000000c001000030f00000000000008001700", @ANYRES32=r7, @ANYBLOB="050006005900000008001800ffffffffc7301ebfbd43626f163de94f428b4d6bd59d1ed2a20c510c35dd04c84c5e8272ba9006000000000000007d47772a13464e3dacb0f7ddcbfdf8480d9fb4188075ecb4d386024bf9c110dce4a729f6e214a8127ed668a81194"], 0x38}, 0x1, 0x0, 0x0, 0x20000050}, 0x40080) setsockopt$inet_tcp_buf(r4, 0x6, 0xd, &(0x7f0000000080)="f2", 0x1) setsockopt$IP_VS_SO_SET_STARTDAEMON(r4, 0x0, 0x48b, 0x0, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100001f00702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r9, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendto$packet(r9, &(0x7f0000000180)="0b032200e0ff25000200475400", 0xd, 0x0, &(0x7f0000000140)={0x11, 0x0, r10}, 0x14) 3.879992693s ago: executing program 0 (id=1157): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) close(r0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x100002, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x48400) r2 = socket$alg(0x26, 0x5, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000005c0)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$cgroup_subtree(r4, &(0x7f0000000100)=ANY=[], 0x32600) (async) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000001c0), 0x4) setsockopt$inet6_IPV6_ADDRFORM(r5, 0x29, 0x1, 0x0, 0x0) (async) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), r6) sendmsg$IEEE802154_LLSEC_DEL_KEY(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000500)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010026bd7000fbdbdf252800000005002e000f0000000c002d000200aaaaaaaaaaaa05002b000300000008000200", @ANYRES32=r6], 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x40850) r8 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r8, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) (async) setsockopt$SO_BINDTODEVICE(r8, 0x1, 0x19, 0x0, 0x0) setsockopt$sock_int(r8, 0x1, 0x28, &(0x7f0000000040)=0x8004, 0x4) (async) recvmmsg(r8, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1, &(0x7f0000001480)=""/78, 0x4e}, 0x4298}], 0x1, 0x20, 0x0) (async) r9 = socket$inet6_udplite(0xa, 0x2, 0x88) (async) r10 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r10, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @rand_addr=' \x01\x00', 0x7}, 0x1c) sendmmsg$inet6(r9, &(0x7f0000001800)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'crc32\x00'}, 0x58) writev(r0, &(0x7f0000000080)=[{&(0x7f00000004c0)="50eab642bf632c5cde2c2827b6b0f95a7e02e4c01968106cc4f9018c7a395ea31a5397f228b4aeb94841e6689f034047fe46c28ce1be2bdee806f79c7bfe1e42ee4c2020807149a6663a459c2842bf9964ae05", 0x53}], 0x1) (async) r11 = accept4(r2, 0x0, 0x0, 0x0) sendfile(r11, r0, 0x0, 0xe47) 3.502102918s ago: executing program 0 (id=1159): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8}]}], {0x14}}, 0x64}, 0x1, 0x0, 0x0, 0x40080}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x10}, [@ldst={0x3, 0x3, 0x3, 0xa, 0x0, 0xfffffffffffffff8}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x8, 0xc3, &(0x7f0000000400)=""/198, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff52, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x37) 3.161962217s ago: executing program 1 (id=1160): r0 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8934, &(0x7f0000001ac0)={'vcan0\x00', 0x6}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x9, 0x8, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r4}, &(0x7f0000000180), &(0x7f0000000100)=r3}, 0x20) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10) ppoll(&(0x7f0000000500)=[{r5}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0xffffffff, 0x0, 0x0, 0x4, 0x2, 0x1}}) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0) sendmsg$nl_route(r7, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001800490400000000000014000a100000000000000100000008001e0001000000"], 0x24}}, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x800}) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b400000000000000791048000000000071006400000000009500000000000000db74589d4b38cc306ac390649f72dea0e50e2317db042855d6c74ff3493c7e31e3f6c643155a8e2e01d50bc3347475750472719cc516fa14b769e7f385ba72c60242263c05ddab05e37efe81b8bffc35cdf2ac0d93263ff755d611c4cca1684b1470af6a83366aa430ad2d700b186da622d6fba70000000000000000000000000200"/173], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x1b) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r8, 0x84, 0x6b, &(0x7f00000000c0)=[@in={0x2, 0x4e20, @local}], 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008001500b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r9}, 0x10) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0x1, 0x10}, {0xd}, {0xe, 0x10}}, [@TCA_RATE={0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c800}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x13, &(0x7f0000000680)=ANY=[@ANYRESHEX=r0, @ANYRESHEX, @ANYBLOB="00000000000000006608000000000000180000008a4fec1bed8060d654c30000000000000000000000009500000000000000360a020000000000180100002020782500000000202020207b1af8ff00000000bfa100000000000005010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff7ffffd, @void, @value}, 0x94) r10 = socket$inet(0x2, 0x4000000805, 0x0) setsockopt$inet_sctp_SCTP_CONTEXT(r10, 0x84, 0x11, &(0x7f0000000140)={0x0, 0x6}, 0x8) 2.734400335s ago: executing program 2 (id=1162): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61106800000000006113740000000000bfa00000000000000700000008ffffffd503010017740040950000000000000069163a0000000000bf67100000000000350607000fff07201706000020190000160300000ee60060bf050000000000007b650000000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x28, 0x5, 0x0) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x30, 0x7, 0xa, 0x5, 0x0, 0x0, {0xce40c4e68efd8f0e, 0x0, 0x2}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x44001) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000004c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r3, @ANYBLOB="08002700851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x4000804) 2.645986795s ago: executing program 0 (id=1163): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01000000000000000000090000003c000380140002007663616e30000000000000000000000014000600ff0500000000000000000000000000010800010001000000080003"], 0x50}}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmmsg$unix(r4, &(0x7f0000003e80)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000009c0)="18acf8b1ed479de320cdbff21bc648a4423880b9fb95564f48c38e3fdaea755288c2a91a1ef344702de01af77d599320e22a0ea41b13aa09f1b359b0e2d2e8b6074bb4119ea219d2055df8bab18280f3c3ea8e45510d60a28f7af2a9c471dbe0a88f57ae4580b0b420f5f90b70efb6805d81812d5d64c87c99f9c75e9f656dfd6e0cb005b1abd4d879a097dd9d3e6e12f85505cd45c840f9503b2fff6c33e6a675512ab99729da82acc41b65a398d515700ba76224267cdabfb9576027eb82a82c337e379c488d47691d7fe2c55bbe29a7a37633648559a31b90f145d0f5a2d8d9499f100ba95da30ce9df964d2af22e6551f8a35878071d2b5477c0f1c0ab067a8bd9368c04ed9b6e1547f04d022d726bb32daf66bded05624baa409848f50d96df5d0a86c6ce2b9b0767e85c5233c1e30aaad953301d7294b375db43804290971c857070e9d2c8b6397ab8d56358476fc0359ee79b7956f0ef1ce2edefc6bd340037706a57aa98105019c21be58ce8c868c90db57bfe8304416b3e7e02837ea3ce01ce463321f2ea429ee0c42b27d28c2b6063eb5cd746e26ade0c9ae3049ebb8c5038b01281f26c9777fb1263a5ba1262fa783e07ef5ded966eb85a4a811f5aab0d9575551239e9b0f76e5217744b0a8edcb1504774e36818033e3ab03ca6164df64fdf4352b9c88bfa91add131e13bee44e7eb4e38e613f3bab3c6c8a5038e446d57c9058b975f05f36e0e49171b426b99aa82a0656d7ffc46169ee20456aab06ee429bff9408fb1961e3976e288bee69e9ec6dc72862e1cfcc6c4804457285efcb056b0d834666748129994a3fc172c4c9c622a0c4ddd84bce972d56c70f3687222e5857f9a24b0e138a8359409f5b4ba3206c1a7f35c9e90f3ad903715ab7283e700f9ec2c641f38e998122266a8b1731ce1f03d12a643f281b3ace22f1e403dfe05052fdca3da258f8f1bd7c88949d2a14510b4116c5e403b6cee434d4969113ff8eebc1052e6a1dfa710cadfa0dbd96afa3dd1ab32b10e97d4c015e357bb938d5c2420ed83fff6a17ca9c334fc1b1a3b171f3ca2f4f88a66c59477a73265a8dc10c6d0e5ab2f595e4b9bdd160f35a7917d46df4a50b7651a5991f2444fc0a235f210e8ce8afede0b725d0cabfa20e4d36a836314d180f66614db4fbbd15ef7a947247f7f6f0eb34af0b7aeaaa9210154285dcd0389de273ad3459a1d87f062d9a050c57b6325750aeb9f47d7242117d8e0d38ae1e6cef179809d422ae852bf41f8d5ec42fac487ed46e0511a1f554cd6181e6c81dfdafa7c69daa2ba822e22e305b4b8f34c20fcc8e50cf451f053df249a7f5b20cbc0bc127f55d80bc9c0ba3cf9f0a9c56286215c20f9d60cb61276c6bbf772c151be2520e22b8f6daea2aa1f9e1b30bbeed092d3c2fb92a10fb71e7fea336a0258620c918581487ec04c54ca4e9811a83a6bf39dca6a4e89092cdee6e40024bd7c1ae7b3a8cdbb38c21ccb1de68f7fc9fa4726b832cedcfdd22b71f37d66f350e78e3c19bcae0322f8f070c316bc3c2ba0cb12a43746bd8aaa1645e3f8800b93722ac1791396bb3def1678cb5ab3f42c097c4c3684ea61dc89209ae57906bd4577a93b14eceff6f18893064198d9141a927ced2af06226011187f1851d6a5c1b5ff78a4c6d8b387a781c06a286f052d2e828ed94110cd7b9e6cfcb840e12019678080a6e9e517ce8ba6276c5a919197fd0adf86547135fcec083f2c1fea0e40564f279ceec580e827e39fa77bfa823d6e08aa7bd320491381f21be8b10dc2ed7fee1524680a52bb1e14cb6248519100edd7df29bac5c4ad1c893ee99db03aa7e077ba6608b0db797f31a6cd6d5a01077a41df98fc373ac5c149b87c55bb73bb17b09dffa7847b134b866b9ce179d547750dd2fb9c280e2003d132c87e2535f31232a32d738aeedeff052f256a9c866b6c2cb880d15f1acca7396a8f6113afe45e46e96a6c7762eb09d2c568df561d5484356b4ae71f89bf0126c6670c4fbeee59a89e20206401ef85f083039aa9ceacc2912427b031c35e29c7a702e0054f4dbb01062c0daab2a5faa49a86cd5d48d64bbee12f60ee529a00ad13a579934faff4ec12778038a3e48217fc4eb97ebe3dec9ecdfc0af3e722ed7ca0f12952c2902b0db061098d4bf14664104c440c9d07af7fbaa375274f61b04c17050a3e139dcce999071f18468139182cfe78a84c90c0428d7c75a621a6eaa69e028ce47626235ca3edbbb53e15afebebb25e18c732a820edca2f60be8c0ecd7e5a30282a0add95c6eb43b0afea34d91de7b20f4fb999d17c7fc418738f61cce38d656ce86e2d0a97f31dad0296ee63fb48e859003f88d0a27c874a47301dc0f1fd4f4e9b1bcd7806f715c751b94e182307d2d01278eb0ad2e1a48c3cac80ea5ec28b9b52f5cf6ea8b5611be5a24f91545cae2f581fd58fd47e6aa3b88b380442f21739319050ef702ffe604d7b1341013d330ad4e8d7c3cec17da298b4fcf1205e156f30642d654384d4be8b9eb4add6d9603e8fe122b9d70171d6f8ea5", 0xfffffdef}], 0x1}}], 0x1, 0x0) sendmsg$AUDIT_DEL_RULE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000840) recvmsg$can_j1939(r4, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x10100) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[], 0x128}, 0x24008804) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb01c5d854f89ceea35300240000002400000003000000000000000200001302000000010000000000000000000000fdffffff0000000000000000002e0087400a53b8a70500a9c3a275725db855ab0eb5c1732c80037659b76f7015464d1460cb78a523eecefe7d9c8810325cd2d29137a26f72e5b536fa0f646c8ec7c632a8bc796aee56dac4aa3bb31e80b490"], 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) getpeername$inet(0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000280)=0x10) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r7, 0x400448cb, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="400100001000330600000000fcfffffffe8000000000000000000000000000aaffffffff00000000000000000000000000004000000080040000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac14143f0000000030f36531707bd57a3c609f5d000000000000000000000000320000000a0101020000000000000000000000002703000000000000050000000000000000000000000000000400000000000000ff0f00000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000008f000000000000800800000028bd7000000000000a0001000000000000000000080016000600000048000200656362286369706865725f6e756c6c2900"/260], 0x140}, 0x1, 0x0, 0x0, 0x8000}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r8, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) r9 = socket$inet(0x2, 0x2, 0x0) r10 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r10, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) bind$inet6(r10, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) bind$inet(r9, &(0x7f0000000200)={0x2, 0x4e20, @broadcast}, 0x10) write(r8, &(0x7f0000000040)="05000000010000", 0x7) sendfile(r5, 0xffffffffffffffff, 0x0, 0x8) 2.45738427s ago: executing program 3 (id=1164): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0x14c, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x11c, 0x2, [@TCA_CHOKE_STAB={0x104, 0x2, "547d9ed0effe82c024750032ea49f09c72384049bcc87e42ca7e2c78d6a85178e447e32b5f4e4fabff6fb16a40901dc4221e42eb745b6332c476d0c3aefed8dc95af179570cf8cc43bc29eb93c6e78f5e1153d3d7c1542f77dc4b29877e2002685e850f2969cf2164fbf8db7e1713786899d2a8ab03ca5accb2e9b50e1fb7a4e3681b35f0f68461daa4f4e1583b9a02195dee35ae7c8bca085399157d5f30c2ec691c39267b2655c782b363a11645a0c78a39fab8c0ce69f11f2db45ee16e2975a80664f687d01bd7444244a25bdb9ec5b0fa8b1afc0254ddbca2e22ca1b189502b74d7ec4665c23804df713183d428f50a0d64e31e110c707eb3fe69f437992"}, @TCA_CHOKE_PARMS={0x14, 0x1, {0xffffffff, 0x401, 0xffff, 0x2, 0xc, 0xe, 0x4}}]}}]}, 0x14c}}, 0x0) (async) syz_emit_ethernet(0x76, &(0x7f0000000040)={@local, @random="618e38850ee1", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x40, 0x6, 0x0, @remote, @local, {[], {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x10, 0x2, 0x0, 0x0, 0x0, {[@mptcp=@syn={0x1e, 0xc, 0x7, 0x1, 0xfb, 0x800, 0x7}, @sack={0x5, 0x6, [0x5513]}, @sack_perm={0x4, 0x2}, @sack_perm={0x4, 0x2}, @timestamp={0x8, 0xa}, @fastopen={0x22, 0x5, "9800af"}, @mptcp=@ack={0x1e, 0x4, 0x40}]}}}}}}}}, 0x0) 2.447330813s ago: executing program 2 (id=1165): r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_PORT_GET(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x3c, r0, 0x1, 0x0, 0x0, {0x54}, [{{@nsim={{0xe, 0x2}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x3c}}, 0x0) r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x12, r3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0xf, &(0x7f0000000600)=@ringbuf={{0x18, 0x3, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {0x5, 0x0, 0xb, 0x2}, {}, {0x4}}}, &(0x7f00000003c0)='syzkaller\x00', 0xf, 0x1004, &(0x7f0000001c00)=""/4100, 0x40f00, 0x47, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94) 2.245781702s ago: executing program 3 (id=1166): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=@newtaction={0x48, 0x31, 0x1, 0x70bd25, 0x0, {0x0, 0x0, 0x11}, [{0x34, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x3, {0x1}}, {0xc}}}]}]}, 0x48}}, 0x44) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) sendmsg(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000001000000101000000000000100001000032edc67500000002000000351d7aad254106a9ad713d979b114a130ea3d6fd2ef9e6067aa5aeed770bb9323431a2e1e1bea48c90e15c95b5053056071e71fc1168f6fafd0956da6b619ca2c5f63f106f5b23679c115da990f9aec84b77cdcddfadca832fee49c9acd2e912fa4f1f57258f515b77f8986ea4d5ea310f4b03c788aad09eff61e93513b34c57e630e6"], 0x20}, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_int(r3, 0x29, 0x1a, &(0x7f0000000100)=0x20000002, 0x4) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x1cb0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000020305030000000000000000000016b9080001000157a292deef9f8de86e8a15a7ff2c2d063b47220b936ff5a5d38147d7c4517e32f0f41e824ab9179b314ce51833eac60de2f2fde5fd2334587e8a417aaaf106e152d7751e49a2356f47c7254d0860446ca8653d944a58b2a844012961abaea8f2b5b678f28e5e4f4e078812b9e2c23205fa4818486ccaee2fb5fe2ba117d0555629"], 0x1c}}, 0x0) write$tun(r4, &(0x7f0000000380)=ANY=[], 0x4e) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x85, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e23, @rand_addr=0x64010101}}, 0xffff, 0x1}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB, @ANYRES32=0x1, @ANYBLOB="860600000000000000000000000000000000000039d67e59914907e35fe4e54373d9d1b2acc92bdca793fa278ad8d91f4dd746cf14ff3a1630833da37122a105730c0d66492083dbec026ef01d387dc16cdaa56ea0f012dde72c99f2159ee7cedfe9676f74f8e5af3b8ec678cc613e055e893b39e41bbc6c03e9829ebb5218fdf12ab4baa57f61bedef51015", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="03000000010000000500"/28], 0x50) close(r2) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f0000001540), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000340), r6) sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r6, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x30, r7, 0x100, 0x70bd2c, 0x25dfdbfe, {{}, {}, {0x14, 0x19, {0xad9, 0x1, 0x1000, 0xa}}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x44001}, 0x8000) r8 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000008c0)="d8000000180081000181f782db4cb904021d0800fe007c05e8fe50a10a000700014002020c600e41b0000900ac000a0501000000120012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5a02000000ca9ec855eff0eb3f365d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed", 0xa2}], 0x1}, 0x0) writev(r1, &(0x7f0000000000)=[{&(0x7f00000007c0)="89e7ee2c7cdad9b4b47380c988cafbe88acac5050093517d176c709a6dca0dcca46a57b9762b645d9941a0e3a26cbe04a15c060684735069a8f2ac", 0x3b}], 0x1) 2.196686763s ago: executing program 2 (id=1167): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0x100, 0x9, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcff5, r0}, 0x38) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x2, r0}, 0x38) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000380)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x31, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000, @void, @value}, 0xf6) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001780)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) r5 = accept(r4, &(0x7f0000000000)=@pptp={0x18, 0x2, {0x0, @local}}, &(0x7f00000000c0)=0x80) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000340)={r4}) ioctl$ifreq_SIOCGIFINDEX_wireguard(r7, 0x8933, &(0x7f00000003c0)={'wg0\x00'}) sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000440)={&(0x7f0000000100), 0xc, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="10002cbd7000fddbdf25060000000c001000030f00000000000008001700", @ANYRES32=r7, @ANYBLOB="050006005900000008001800ffffffffc7301ebfbd43626f163de94f428b4d6bd59d1ed2a20c510c35dd04c84c5e8272ba9006000000000000007d47772a13464e3dacb0f7ddcbfdf8480d9fb4188075ecb4d386024bf9c110dce4a729f6e214a8127ed668a81194"], 0x38}, 0x1, 0x0, 0x0, 0x20000050}, 0x40080) setsockopt$inet_tcp_buf(r4, 0x6, 0xd, &(0x7f0000000080)="f2", 0x1) setsockopt$IP_VS_SO_SET_STARTDAEMON(r4, 0x0, 0x48b, 0x0, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100001f00702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r9, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendto$packet(r9, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb1000000", 0x14, 0x0, &(0x7f0000000140)={0x11, 0x0, r10}, 0x14) 1.984325883s ago: executing program 1 (id=1168): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x2, 0x8, 0xd0eb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000003c0)={{{@in=@private=0xa010100, @in=@multicast2, 0x0, 0x0, 0x4e21, 0x0, 0xa}, {0x0, 0x5, 0x6, 0x80, 0x0, 0x0, 0xffffdffffffffffd}, {0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in6=@mcast2, 0x0, 0x2b}, 0x0, @in6=@private1, 0x0, 0x0, 0x3}}, 0xe8) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e21, 0x7, @loopback, 0xfcb}, 0x1c) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$kcm(0x29, 0x5, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000002140)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(michael_mic-generic,xchacha20-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x7, &(0x7f00000000c0)="fdffffff", 0x4) r5 = socket$rxrpc(0x21, 0x2, 0xa) setsockopt$RXRPC_SECURITY_KEYRING(r5, 0x110, 0x2, &(0x7f0000000000)='+@%.\x00', 0x5) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000440)={'macsec0\x00', 0x0}) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x215}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x4c}, 0x1, 0xba01}, 0x0) pipe(0x0) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000100)) connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x0) r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0ff1100001f79a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7040000050000006a0af2fe00000000850000001a000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffffffff55bb2007ee51050512da90b5b42128aa090a79507df719af36349f298129da4871307b534bf901115e17392ac66ad022186a8929d1c000006146001e04aeacea799a22a2fa030000c412f6cae80043eb27d53319d0ad229e5752548300000000dbc2777df1509516f06f1330cf8c3a8b1ff72e6127b0dd488318b5790bee7ebd4745b7cdd77b85b941092314fd085f028f4e09d63781987af2abd55a87ac0394b2f92ffab7d153d62058d0a413b217369ca8b6712f000000001b1df65b3e1b9bf115646914ce53d13d0ccacda1ef16fdcceaede3faedc51d29a47fc813ce3d32cfc7a504c271d6d6f4ea6bf97f2f1be2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804d4a69bf9bc5fa77ee293fbd165a5a68488e40b030166565a097b1b44b451de7940b0000db8db03d4b7745fef1d04ec633dee254a6d491b8496da787e814c4fdf0b4a387b4c8149d18c1020029a18986252a70f8f92eb6f0e8c7db000068fbaa2e2a27efd9104297f2c58159f02d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa909ac06b57479321a0574fb304bc2a1681989328c8ddc20ea011bf5742e0ef94234db1f00000000000000c20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b35f421c3552772ca7f3e2c25a65f75ca13fb7c8bbd6ff43cb78b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41aad8bda74d66f47cc17d8ba3eec0fd80f82c5f573c6d294d366505000000da0fde0745db06753a7ac7fe13cab6692422a46e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da323947004cacadcaff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c5f1e24d9f679e4fbe948dfb4cc4a389485ee7af1f0387c93559653f50a471c69608241730459f012b060e7d23fd39206000000000000eb55d00162325ba141bd587cc9dad46de56ef907b059b99a79ae5498f6589880ed6eea7b9c670012f80cd6a1397953ba5870786554df26236ebced9390cb6941b8365d936a7d2120eca291963eb2d537d87cbb54e588ee5d6944ee4de5c183c960119451c31539b22809e1d7f0c7a06a9fa87d64cb77872a0aa9a104e16b3b8c6e64836ac3f32f53c9a2bae513464ca03aff14b9aa4bd9539f5096412b92012e095b84c202060098df3314f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c363000000000223201780200c6ed7966130b547dbf8b497af0a77f52f2cd39000000200000e81c23cf14156951210001c800000000001500000000000928ee53595a779d243a48cea769470424d28804c026ab7f4a5c81921e0128dfd70b438af60b060000000000000056642b49b745f3bf2c01808b6d7d748308eea09f0161b4735efbf3411738d6ee7aebf9ef40662d7836d252c566e1ee938a9a6804ed3a1079b0282a12043408cd60b9e53978c81839be0000000000456f7d2a42cb13da2022f23eaec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea394cd8ffd3d628293e591dc6f71c2710a7ea8a4fdc214e1cc275b26adfa892e6de9200000000e50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab50fe82d5a96b09c68c73de2f04f15d005387577f480000ea65559eb00e014df20fa209bcbb5c252b11a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cdfba05e3633c26d3927ae1beb065f5ac33fdbe28a5ffc83f2f085185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2b2bdc0af7c4c61241750d50515a59a3ad09e8802e8f4f535447dc0fc9d5f99a145dfcedad69da9cd4b75c624600e78f4458542b14f29611f95d4a318384eb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d583f436137a3c5dc714c9402c21d181aae59efb28d4f91652f6750b9195599d60c534ee8e8ff0755b09004c25edb85bcff24c757aa80900000000b6638c420eb4304f66e3a37aaf000000c42a570f0e9d76fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284df80e4636c25b96174326d82761c26e329555f9290af40000000000000100000fd3763655500344bae34347f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419a5c16e2055b8505809ed2ee9647c5d3b0000bc00edf5e9020c09ab004321610b857e8717974b633b21cb32f0e03280e09758bd445ab91d201782d656ab09f508bbbaca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92b32af00f191b66b6a6f732a91f0a2e9120be61e58c79d497247d278888901d44bf77e8246605a644e9e3d769db497c3960df05caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f3101985602688888ccb85c87b4f8ffffff7f000000002c331fca28541b7ca211115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000000102000000000000000000000027c9585c0cead5d619d18475ccde2857279a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77a23b0000e49666c464d35ca9b50f3ed3b3da8c17a23692759ccf5a205311b7d122532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769da52b3d42c68a3102fa1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e8918a0d6e2949affcacb5ba0a56aa063b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76b0d395832f1e2aad3e519f1634e8fbd8d31330d89069f9448a2ff93060ff073b3a113e47edf76f7d1b8b90bc0df4cfb0b9c8c80158b44ecae9420654f7016b0aac117087406d343e27b372d6027ab2aec8f2bcad7fe6bb932bc5751d2974e95455a277fa3b472bc7bbdd2ac5a1ea608e8137ace03361607cc1a84be659355629ab13ad49008c3fcfa2423439a3607961d5b59da48a0155e8e42cc13c702cc40c99cf86c2021d72f9f4ab1b00de555a5a39593c93871ff7eb5ecadb64837a2d88723ef65aa5152e3d55e5c66585e2112f5ec64b639a9864e57581b61f2b0960600000000000000265f091e7bce17d20604c5ab751773a5cf8a719a7ada06ed03832bf274707c7c970edc20f4a1eaa3b61045a20097208d03f7a146a6901913618738679d4e0af53eae997eecfa0dc3dcec19d3d9205450765d659200c92701ee75c8710470d9eb6f62c5c721883f1544ba66271c8dab05a933746c16b6e93294b561c6715a32a394ed1e6c01670c931bfa76c58c6f34d64e758a7a7f7d33c49336d4cba2cbb170ad7539a45774dfcc55257215c8ae719dc1c232fc6699ef01005887d04a543030b4328ab48744ac23ff56fd2da52eb9fb2eefcdd2d92d73ac1b111ea895e1fec36a3579879acfe366d393f1fa9cbe08d9ba57a443643e9cd251dc88e91a5e458e66ea1e822d55d4dd919a95eb4c25a08cb6e1070000003a0fd07a4ad9df240e00006aaa2db0dfe416146840d88bd08365e547c970e2983200703864a3b9c4682cb479dad6d34d211b05267eb1355520e9ec0c5014b0832f7fb35782fdbfcbf5e23a7f5d51ea480371748d18d8e10608ab8261fe058d1732f28814a9981d84a04a2bb36c89bdd245e3293a14df1ac567301a79514f103abd387d6ef2d9d94508ac0f6135c8921279573eefd5d4e33b9ef585980789a94d9848906f545559d30000b5040f0776703363249ca984cbb09752f099efbb9e7362e4999594c1086d8958e9469db01d85fb0b9b3148663e9ea2e755d96c70e540b4200e4cf82986712dd733b26d00e947d03c42215118426d548cb2077b43b89e4163d260faea1db53e2cf3427c90aefa2662a1c2b28b0e020e872bda1d39da508de5dbc37d03ee056b2579a1d16799589a2600000000aa00006c94bcaf115fbbcb216e3cb7fd9afe16d1fff2d047e508aa5f6de0ea4e9ec1b3a4ab1f8b5f312fc50000000000000000000000000042709db6de7e969ac0ce18b47280fb1b1b1531648122fed3e25edecb5200f5000000000000166f7d36b2966c19af7ffa6afa69e50821c9aa3ae60fbc196cf8ad2f7f86d79db1bb0ecbf9c3d0d3d407574def838e4def26ed9c7e6c69858f7813be8ffc565583663bebfe7485660b67e1436cbc6d4d3c48ab7b033d7d1195173edb16643f69cb779802839d490a4df94e5ea89c192af2ae83876edd59c9a7140e12ba591f073ec604f7e8f1e100cd414e9237ecfc052d9a73a868cd0e4b06da0435af72fb0d25657e8f5464b19fa83f977e6900000000367871fa37420e7a232ef9b440bb0639994c655d144c5786939d6a187b81f9ddd2bec36cd28371b1754cb6c53697fb23576ee0d3fd0a5803c9be9fe364803184f1a7a9a8eb64d17d238fa3238a001aa8ed040a69e9ec0a627e3b3ca64d4680d819c14c71684581000000000000000000000000000000000000c6a6587715865fe14558960bc936bc838bd1f2a00b17a407457681d0760000000000000040000000000000000000004faeabea6de40ae30291662594c993099ef041c264a64d77d69e0cdfa620a191704cef91e269044acf844de65a099200265e13c2a8f9b717886dea8e79407e34bc268a17965033ca1dfeeaf9b49bc68f1546595642f9fc008875ddb7aebda7a16b1d20dd8b65bcdac8cdc75a173fd2e57a9c37bf5a52ea001ec981dd7ad4e5944575ced39233ada8f3c1b856644812828bb79536a5188d14fe537250dc107121534cbbc7598f48aa2335616ae8eb72acf6982048e568e37f1f58e9714343587734c7ec0fa5c44d13165d6384bf9500757b4b0275950d6e7c451eef3fd353d47c54c4c2cf7318e6c24583ba0966225284d1abac80786519c563ddf0e6c023d537ca6e0d6d4e072c98f45415d13f0dcea174f162ebd00b42264f6fa3dccd09f4101dd254e54423b30e06713eccfacb6ffb38afff920980af938a4d78f4b9a6b5c7424e91121cda789104ee490d25843f1622bba93257cc23e45cd7ed42abdb991d51804e674e507dfd53b5ab6944df33f4f494b926f2ceb329550b46e82a939ad82b385e66809d7d4d3630b6f22c2f41fdaa0fadeea09fa4f7005813643c2d6307d55689faf6f656327ac5872a3bd4c11363909a8b9f30e5401993a0f6e1a9b42287542647d1e86b02b7e36319414629ac1f35e1457f922da0c2de76c9e97944efad0a3ad78cda81c5b82709d696e85bbf4595ef9664a6aff8cf96446cb6c26595f4eb659d26c846471f6551dbb24fc6c03a01e33efcd5939472b687d31be9bd9bd1bcda45bd2236f06c000000007d348ebcb9d810d4dc3d55bbe4055ce9c45267daeec7a7d8b498f507e933cc02fb53c2c28fa09ce5ada5de1415309761f6378c794f8ce23c1f7add4f65280ab446ea2d130000000000000000000000d1a0313ff63bc4e4463688db1d6ac7f4595a02c89349a973f118d936f33ea18e69d7739f4532e1b8580ef125b47cf5b402b6f2beffed6cc9afe2b548c4dbc78363118818d9473f29d52444685c41620eeaeb1f8786e87aeaf287fb9b63b30e6761507503dcd47b64f0b6157999c82bd151bee0c67f3e664225bd917b38aeae1da5524eefef1772d759df9ec9b4197383f9a66217e180e434e650dd560aa3ed42acddd44d6f45807a3c63e15929cfbebc7eef1a319d3147a6c06bd974168ac689392fa851ebdf524ca2331148ff7e855cccc106074ca92153734d5c5e3f9efc6592b08e0c07c7b5d42ec71484bb2a4c0f4293138369f39f9fa4a9cc607b42ba6102f918ce4e76d66fba450e940ed6a6a301a0b761a9cd849962fae5059bda419fd2a170ea387c10a4ada5893f38486069ef1bfdbb432ab322c887d7a94fa967135833157bafbed3b48bb267fc3aa56d1e5b66417a673b40884fc91ec9558eab6a08222dfe37767095b2d94cda881290d6017137595cdd53972353f485adfde8015cac0e1acd64ca97d67023f75a54b1ebe55053652ad16292a15e79dc58ba080f795f1a548da6f669e5c34afc272e5a32e85d5f44979431eab3fcd8d33d54000000000000000000ff1f3f6f4b33adcbee66736b4b35b5b909bc7ddd03f17f5f6436156a56c7e77e0808703b370f0cb4f00074200ae3e4ea0611d548f34582848903e4459d0a18ab9b113ebc614fafe4bd03cb1a8843e592f1b102b1bb87f13c50a1dc5df223e5bbcd06c55393f9c0e08ab6509bbed0dfedbf37309c99bf1e1fc7512afb7bd334653356419f8aa57f1224a54a85a3041657fb5037dda5b0f2e6a9673cc0d51b28954ef8c0ca82e69d198729b2c984a04b0f6ef9486767f5928461df5b8f84e0b790fa7d9088fdb7b7e6f020d4eae420155f1739307421fc3e9d4ffaffff2434f3d167d24bead3c6cedb2dd480d5c8b21c0edb06893c1fb18e9e716525f115055a84daca135d8972280324a9ffd4e636c87225c2512eb3e0fe65972c84361536e52a6ea677ffcb4bf8fac2009f24c01b7c86c203ce9093dd53b154110f033a25034752dc8561ed7bb7343e069ba1ad6f1d7437b584d2c292088d3d80e8834ae8760cc0211cb03f3ed168131eba4c8a0000000000000000000000000019c2dbe83523a58f68e66fa9fdf1d2878bf2ff524e6da7f918e87c1b1de17ff8077ba247fd5498310ae532b9bc6c583edfa97f7a4c00cce855a225dc017afc3c06e8a72b62bdb64e83cb6a319eb5"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r12, 0x0, 0x4a, 0x0, &(0x7f0000000140)="d510faffffdb674c5ae4000b0094", 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r11}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x0, 0x3, 0xa, 0x2}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x9}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r10}, {}, {0x46, 0x8, 0xfff1, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 1.512077142s ago: executing program 0 (id=1169): syz_emit_ethernet(0x56, &(0x7f00000008c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, @void, {@ipv6={0x86dd, @dccp_packet={0x0, 0x6, 'z\a\x00', 0x20, 0x21, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[@fragment={0x2c, 0x0, 0x2, 0x1, 0x0, 0x0, 0x64}, @hopopts={0x73}], {{0x0, 0x4e20, 0x4, 0x1, 0x0, 0x0, 0x0, 0x2, 0x3, "eca20d", 0x0, "0200ff"}}}}}}}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) close(0x3) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f00000000c0)={0x1d, r2, 0x0, {}, 0xfe}, 0x18) connect$can_j1939(r1, &(0x7f0000000080)={0x1d, r2, 0x0, {0x0, 0xf0}, 0xfe}, 0x18) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) getpeername$llc(r0, 0x0, &(0x7f0000000180)) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xa, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="620ac4ff0000000071105f00000000009500000000400004"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = accept4$unix(0xffffffffffffffff, &(0x7f0000000180), &(0x7f0000000240)=0x6e, 0x40800) sendto$unix(r4, &(0x7f00000002c0)="181c2168c9bb0d5d46cad829af7a06d73b471ad002e3af4788e984c64ed84a6da6cdf280d6de2fe99b44010331a489a8c5053abe4fc780f7bccd4b2057a6ac57e340aed450b234a9218d0bf73771a958af72d563bce2605be147272d7cae", 0x5e, 0x4000, 0x0, 0x0) r5 = socket(0x23, 0x1, 0x1) socket(0x25, 0x1, 0x1) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x20, 0x29, 0x1, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42800}}, 0x20}}, 0x8010) getsockopt$IP6T_SO_GET_INFO(r5, 0x29, 0x40, &(0x7f00000003c0)={'mangle\x00', 0x0, [0x4, 0x1, 0x7fffffff, 0x7, 0x20]}, &(0x7f0000000200)=0x54) r6 = socket(0x10, 0x80002, 0x0) getsockopt$sock_buf(r6, 0x1, 0x3e, &(0x7f0000000000)=""/8, &(0x7f0000000040)=0x8) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000040)={{{@in=@empty, @in6=@ipv4={""/10, ""/2, @remote}}}, {{@in6=@initdev}, 0x0, @in6=@private0}}, &(0x7f0000000140)=0xe8) 1.505272513s ago: executing program 3 (id=1170): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r1, 0x89f7, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000000)={@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x20, 0x0, [{}, {@initdev}]}}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0xb0, 0x24, 0xf0b, 0x0, 0x1000000, {0x0, 0x0, 0x12, r2, {0x0, 0x300}, {0xffff, 0xffff}, {0x0, 0x4}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x80, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0xd645, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffff]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x1c, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x3f0000}]}, {0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xbff3}]}]}]}}]}, 0xb0}, 0x1, 0x7a00}, 0x24008080) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) getsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f00000001c0), &(0x7f0000000200)=0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)=@generic={&(0x7f0000000040)='./file0\x00', 0x0, 0x8}, 0x18) 1.210228336s ago: executing program 3 (id=1171): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000000104038a0000000000000000000000000a00021400000000020000000500010001", @ANYRESOCT=r1], 0x28}, 0x1, 0x0, 0x0, 0x40800}, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000080)={r4, 0xfffffffb}, 0x8) setsockopt$inet_sctp_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000240)={r4, 0x80, 0x5, 0x80000001}, 0x10) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000280)=ANY=[@ANYRES16, @ANYRES64=r3], 0xd3) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000180)=ANY=[@ANYBLOB="20000000010401020000000800000000000000000a0002000000000201000000"], 0x20}}, 0x0) sendto$inet6(r0, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) 1.170133816s ago: executing program 0 (id=1172): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000001c0), 0x12) r2 = openat$cgroup_freezer_state(r0, &(0x7f0000000080), 0x2, 0x0) write$cgroup_freezer_state(r2, &(0x7f00000000c0)='THAWED\x00', 0x7) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) getsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000380), &(0x7f0000000400)=0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0x17, &(0x7f0000000280)=ANY=[@ANYRESDEC=0x0], &(0x7f00000004c0)='syzkaller\x00', 0x400000, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000003340)={&(0x7f00000022c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@enum64={0x6, 0x0, 0x0, 0x13, 0x1, 0x7}]}, {0x0, [0x61, 0x5f, 0x5f, 0x2e]}}, 0x0, 0x2a, 0x0, 0x1, 0x4, 0x0, @void, @value}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x2000000000000000, 0x0, 0x48) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x50, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000106f56c49a51d41400000000000095000000000000003c12c2e71472b3e3ffbba731c7d3f6a64ea2a5f0cb4e1d"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r4}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x8, 0x10, r4, 0x41996000) socket(0x23, 0x0, 0x4) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r5) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r6, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x18}, 0x20000054) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x5, &(0x7f00000003c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x0, 0x2f}, @call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200000, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r7, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 1.072023067s ago: executing program 1 (id=1173): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) getsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000000), &(0x7f0000000140)=0xc) (async) r2 = socket$isdn(0x22, 0x2, 0x26) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x80044943, &(0x7f00000002c0)={'wlan0\x00'}) (async) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000180)={r1}) (async) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000980)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_IFNAME={0x14, 0x3, 'dummy0\x00'}, @IFLA_CARRIER={0x5}]}, 0x3c}}, 0x0) bind$llc(r3, &(0x7f00000001c0)={0x1a, 0x30b, 0x5, 0x1, 0x2, 0x10, @multicast}, 0x10) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=@newtaction={0x64, 0x30, 0x9e54f29ff072a93b, 0x0, 0xfffffffd, {}, [{0x50, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x71, 0x1, {{0x1, 0x800, 0x3, 0xd, 0x6}, 0x29}}]}, {0xfffffee7}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x81}, 0x0) (async) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x101842, 0x0) ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000040)=0xfffffffa) (async, rerun: 32) ioctl$PPPIOCSACTIVE(r5, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0}) (rerun: 32) socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) r7 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, 0x0, 0x0) (async, rerun: 64) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) (rerun: 64) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00', 0x0}) sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800c0001006d616376746170000400028008000500", @ANYRES32=r11, @ANYBLOB="080003"], 0x44}}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x670, 0xd0, 0xd0, 0x428, 0xd0, 0xd0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6, 0x0, 0x0, 0x4a}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@unspec=@connmark={{0x30}}, @common=@inet=@socket1={{0x28, 'socket\x00', 0x2}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@uncond, 0x0, 0x120, 0x148, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}}]}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0x138, 0x178, 0x0, {}, [@common=@dst={{0x48}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6d0) (async, rerun: 32) syz_emit_ethernet(0x6d, 0x0, 0x0) (async, rerun: 32) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) syz_emit_ethernet(0x5eb, 0x0, 0x0) 861.952554ms ago: executing program 0 (id=1174): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01000000000000000000090000003c000380140002007663616e30000000000000000000000014000600ff0500000000000000000000000000010800010001000000080003"], 0x50}}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmmsg$unix(r4, &(0x7f0000003e80)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000009c0)="18acf8b1ed479de320cdbff21bc648a4423880b9fb95564f48c38e3fdaea755288c2a91a1ef344702de01af77d599320e22a0ea41b13aa09f1b359b0e2d2e8b6074bb4119ea219d2055df8bab18280f3c3ea8e45510d60a28f7af2a9c471dbe0a88f57ae4580b0b420f5f90b70efb6805d81812d5d64c87c99f9c75e9f656dfd6e0cb005b1abd4d879a097dd9d3e6e12f85505cd45c840f9503b2fff6c33e6a675512ab99729da82acc41b65a398d515700ba76224267cdabfb9576027eb82a82c337e379c488d47691d7fe2c55bbe29a7a37633648559a31b90f145d0f5a2d8d9499f100ba95da30ce9df964d2af22e6551f8a35878071d2b5477c0f1c0ab067a8bd9368c04ed9b6e1547f04d022d726bb32daf66bded05624baa409848f50d96df5d0a86c6ce2b9b0767e85c5233c1e30aaad953301d7294b375db43804290971c857070e9d2c8b6397ab8d56358476fc0359ee79b7956f0ef1ce2edefc6bd340037706a57aa98105019c21be58ce8c868c90db57bfe8304416b3e7e02837ea3ce01ce463321f2ea429ee0c42b27d28c2b6063eb5cd746e26ade0c9ae3049ebb8c5038b01281f26c9777fb1263a5ba1262fa783e07ef5ded966eb85a4a811f5aab0d9575551239e9b0f76e5217744b0a8edcb1504774e36818033e3ab03ca6164df64fdf4352b9c88bfa91add131e13bee44e7eb4e38e613f3bab3c6c8a5038e446d57c9058b975f05f36e0e49171b426b99aa82a0656d7ffc46169ee20456aab06ee429bff9408fb1961e3976e288bee69e9ec6dc72862e1cfcc6c4804457285efcb056b0d834666748129994a3fc172c4c9c622a0c4ddd84bce972d56c70f3687222e5857f9a24b0e138a8359409f5b4ba3206c1a7f35c9e90f3ad903715ab7283e700f9ec2c641f38e998122266a8b1731ce1f03d12a643f281b3ace22f1e403dfe05052fdca3da258f8f1bd7c88949d2a14510b4116c5e403b6cee434d4969113ff8eebc1052e6a1dfa710cadfa0dbd96afa3dd1ab32b10e97d4c015e357bb938d5c2420ed83fff6a17ca9c334fc1b1a3b171f3ca2f4f88a66c59477a73265a8dc10c6d0e5ab2f595e4b9bdd160f35a7917d46df4a50b7651a5991f2444fc0a235f210e8ce8afede0b725d0cabfa20e4d36a836314d180f66614db4fbbd15ef7a947247f7f6f0eb34af0b7aeaaa9210154285dcd0389de273ad3459a1d87f062d9a050c57b6325750aeb9f47d7242117d8e0d38ae1e6cef179809d422ae852bf41f8d5ec42fac487ed46e0511a1f554cd6181e6c81dfdafa7c69daa2ba822e22e305b4b8f34c20fcc8e50cf451f053df249a7f5b20cbc0bc127f55d80bc9c0ba3cf9f0a9c56286215c20f9d60cb61276c6bbf772c151be2520e22b8f6daea2aa1f9e1b30bbeed092d3c2fb92a10fb71e7fea336a0258620c918581487ec04c54ca4e9811a83a6bf39dca6a4e89092cdee6e40024bd7c1ae7b3a8cdbb38c21ccb1de68f7fc9fa4726b832cedcfdd22b71f37d66f350e78e3c19bcae0322f8f070c316bc3c2ba0cb12a43746bd8aaa1645e3f8800b93722ac1791396bb3def1678cb5ab3f42c097c4c3684ea61dc89209ae57906bd4577a93b14eceff6f18893064198d9141a927ced2af06226011187f1851d6a5c1b5ff78a4c6d8b387a781c06a286f052d2e828ed94110cd7b9e6cfcb840e12019678080a6e9e517ce8ba6276c5a919197fd0adf86547135fcec083f2c1fea0e40564f279ceec580e827e39fa77bfa823d6e08aa7bd320491381f21be8b10dc2ed7fee1524680a52bb1e14cb6248519100edd7df29bac5c4ad1c893ee99db03aa7e077ba6608b0db797f31a6cd6d5a01077a41df98fc373ac5c149b87c55bb73bb17b09dffa7847b134b866b9ce179d547750dd2fb9c280e2003d132c87e2535f31232a32d738aeedeff052f256a9c866b6c2cb880d15f1acca7396a8f6113afe45e46e96a6c7762eb09d2c568df561d5484356b4ae71f89bf0126c6670c4fbeee59a89e20206401ef85f083039aa9ceacc2912427b031c35e29c7a702e0054f4dbb01062c0daab2a5faa49a86cd5d48d64bbee12f60ee529a00ad13a579934faff4ec12778038a3e48217fc4eb97ebe3dec9ecdfc0af3e722ed7ca0f12952c2902b0db061098d4bf14664104c440c9d07af7fbaa375274f61b04c17050a3e139dcce999071f18468139182cfe78a84c90c0428d7c75a621a6eaa69e028ce47626235ca3edbbb53e15afebebb25e18c732a820edca2f60be8c0ecd7e5a30282a0add95c6eb43b0afea34d91de7b20f4fb999d17c7fc418738f61cce38d656ce86e2d0a97f31dad0296ee63fb48e859003f88d0a27c874a47301dc0f1fd4f4e9b1bcd7806f715c751b94e182307d2d01278eb0ad2e1a48c3cac80ea5ec28b9b52f5cf6ea8b5611be5a24f91545cae2f581fd58fd47e6aa3b88b380442f21739319050ef702ffe604d7b1341013d330ad4e8d7c3cec17da298b4fcf1205e156f30642d654384d4be8b9eb4add6d9603e8fe122b9d70171d6f8ea5", 0xfffffdef}], 0x1}}], 0x1, 0x0) sendmsg$AUDIT_DEL_RULE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000840) recvmsg$can_j1939(r4, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x10100) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[], 0x128}, 0x24008804) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb01c5d854f89ceea35300240000002400000003000000000000000200001302000000010000000000000000000000fdffffff0000000000000000002e0087400a53b8a70500a9c3a275725db855ab0eb5c1732c80037659b76f7015464d1460cb78a523eecefe7d9c8810325cd2d29137a26f72e5b536fa0f646c8ec7c632a8bc796aee56dac4aa3bb31e80b490"], 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) getpeername$inet(0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000280)=0x10) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r7, 0x400448cb, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="400100001000330600000000fcfffffffe8000000000000000000000000000aaffffffff00000000000000000000000000004000000080040000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac14143f0000000030f36531707bd57a3c609f5d000000000000000000000000320000000a0101020000000000000000000000002703000000000000050000000000000000000000000000000400000000000000ff0f00000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000008f000000000000800800000028bd7000000000000a0001000000000000000000080016000600000048000200656362286369706865725f6e756c6c2900"/260], 0x140}, 0x1, 0x0, 0x0, 0x8000}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r8, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) r9 = socket$inet(0x2, 0x2, 0x0) r10 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r10, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) bind$inet6(r10, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) bind$inet(r9, &(0x7f0000000200)={0x2, 0x4e20, @broadcast}, 0x10) write(r8, &(0x7f0000000040)="05000000010000", 0x7) sendfile(r5, 0xffffffffffffffff, 0x0, 0x8) 711.834798ms ago: executing program 1 (id=1175): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@getchain={0x24, 0x66, 0x0, 0x3, 0x2000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x8}, {0x0, 0xffff}}}, 0x86}}, 0x400c0) getsockname$packet(r0, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000700)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}}, 0x20}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x9c, 0x10, 0x401, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r2, 0x2500}, [@IFLA_LINKINFO={0x7c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x6c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6}, @IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0x2}, @IFLA_IPTUN_LINK={0x8, 0x1, r2}, @IFLA_IPTUN_ENCAP_LIMIT={0x5, 0x6, 0x3}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x2b}}, @IFLA_IPTUN_FLOWINFO={0x8, 0x7, 0xfffffff5}, @IFLA_IPTUN_FLAGS={0x8, 0x8, 0x14}, @IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x3}, @IFLA_IPTUN_FWMARK={0x8, 0x14, 0x2}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @loopback}]}}}]}, 0x9c}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090) 540.910273ms ago: executing program 2 (id=1176): socket$inet6(0xa, 0x2, 0x0) (async) r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$sock(r0, &(0x7f0000001d80), 0x0, 0x4000) socket$kcm(0x10, 0x2, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x200522f5, 0x10}, &(0x7f00000000c0)=0xc) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000200)={r2, 0x1, 0xfffb}, 0x8) (async) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000200)={r2, 0x1, 0xfffb}, 0x8) r3 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1e000000010000000300000000004000fa060000f3e8f1e41c6b068152f7a8e020f9921a45e993d918b94027e5c6fcb8d4f272a937a5bfd3e8b08aa65a78ba4295c49aa5916d9db6b3eb04e4ea9df911355282dc6bc80ec4be2b7854c70a311fa287676de424a2599c675a", @ANYRES32, @ANYBLOB="25fcffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0400000009000000000000000f00"/28], 0x50) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1e000000010000000300000000004000fa060000f3e8f1e41c6b068152f7a8e020f9921a45e993d918b94027e5c6fcb8d4f272a937a5bfd3e8b08aa65a78ba4295c49aa5916d9db6b3eb04e4ea9df911355282dc6bc80ec4be2b7854c70a311fa287676de424a2599c675a", @ANYRES32, @ANYBLOB="25fcffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0400000009000000000000000f00"/28], 0x50) sendmsg$nl_route_sched(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=@deltaction={0x14, 0x18, 0x1, 0x0, 0x25dfdbfe, {0xa}}, 0x14}}, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-ssse3\x00'}, 0x58) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x12, r4, 0xffffc000) r5 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$SO_J1939_ERRQUEUE(r5, 0x6b, 0x4, &(0x7f0000000080)=0x1, 0x4) socket$nl_route(0x10, 0x3, 0x0) (async) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000040)={'vxcan0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000b00)=@can_delroute={0x24, 0x19, 0x1, 0xfffffffe, 0x80000, {0x1d, 0x1, 0x7}, [@CGW_SRC_IF={0x8, 0x9, r8}, @CGW_DST_IF={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) accept4(r1, 0x0, 0x0, 0x0) (async) r9 = accept4(r1, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1b000000000000000000000000800000dfeee1ce", @ANYRESDEC=r4, @ANYBLOB="00060400000000000c007819e40ab875aade531bcb0b0000000000000079cdf72b045b1961f143f65f0e1ab4822f82773ba5e9e7fb41f57bb37fa08b51dc07299bd98467b89779395b088ea632980eb07c14b2ca399306ced7a423cebc03987973df6031cbf2cb871a3a52b6a8ffdb4110cec1809397f36e024240bfcb4a316f8f582d03a87a68c1644f751b04e3a6783433bd2672d0eb286bc9dcbd5bfafa5284756120157e2e8e6180ed996e1daa7c3ed0ad2124939b0035d581bb3296b7bf4181e3c7", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000840)=ANY=[@ANYBLOB="1800"/24], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000840)=ANY=[@ANYBLOB="1800"/24], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000040)='mm_lru_insertion\x00', r10}, 0x10) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$cgroup_int(r11, &(0x7f0000000200), 0x12) (async) write$cgroup_int(r11, &(0x7f0000000200), 0x12) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r11, 0x0) r12 = socket(0x22, 0x2, 0x3) recvmmsg(r12, &(0x7f0000003a80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2062, 0x0) (async) recvmmsg(r12, &(0x7f0000003a80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2062, 0x0) r13 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002140)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb010018000483c1cf2e0ab5070000000000000000"], &(0x7f0000001500)=""/254, 0x26, 0xfe, 0x1, 0x0, 0x0, @void, @value}, 0x28) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000140)={0x6, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r13, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000140)={0x6, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r13, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) sendto$packet(r9, &(0x7f0000000100)="85f0d9", 0x3f, 0x0, 0x0, 0x0) 448.453613ms ago: executing program 1 (id=1177): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) r2 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000001440)={'bond0\x00', &(0x7f0000000180)=@ethtool_link_settings={0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4}}) bind$inet(r1, 0x0, 0x0) setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x5, &(0x7f0000000000)=@gcm_128={{}, "868a2dee9523d346", "bd4a1bd98174a620f0d347e8ca6a5dfb", "452c74c9", "bea3db3b3a60aa72"}, 0x28) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f00000000c0), 0x1) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000040)={0x9}, 0x1) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000080)={0x9}, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x12, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bb000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003100000095"], &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x66, '\x00', 0x0, @cgroup_sock_addr=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc84, @void, @value}, 0x94) 338.274578ms ago: executing program 2 (id=1178): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000440)={0x0, 0x9}, 0x8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="1400000080ff010000000000000000000000000a140000001000011000000000000000000000000a"], 0x28}}, 0x800) bind$inet6(r0, &(0x7f00000004c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000200), 0x0, 0x20004811) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x79, &(0x7f0000000000)=ANY=[], 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f00000000c0)=ANY=[@ANYRES8=r0], &(0x7f0000000080)='syzkaller\x00', 0x0, 0xfffffd43, 0x0, 0x40f00, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 309.716932ms ago: executing program 3 (id=1179): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001280)={0x1b, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r1}, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x24, 0x0, 0x0) getsockopt$inet6_tcp_int(r6, 0x6, 0x5, 0x0, 0x0) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r7 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0xfffffffe, 0x2ffffffff}, 0xc) r8 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r8, &(0x7f0000000100)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r8, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_NEW(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r10, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x34, r12, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0xfc}]}, 0x34}}, 0x0) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000007c0)=ANY=[@ANYBLOB="48cfe2979531b519a53cd68a496144645c9e32c26210dc943de6c9b11cc774d2", @ANYRES16=r4, @ANYBLOB="010000000000000000001d00000008000300", @ANYRES32=r5, @ANYBLOB="40002f800c0002000200aaaaaaaaaaaa280003801c00038006000100020000000800020002000000060003000000000008000100000000000800010006000000"], 0x5c}, 0x1, 0x0, 0x0, 0x5396ebcfacd913b0}, 0x20004010) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x8, 0xa, &(0x7f0000000680)=ANY=[@ANYBLOB="1808000000000000000000000000000085100000040000001800eb5f", @ANYRES32, @ANYBLOB="000000000000000064000000000000001800000000000000000000000000000095000000000000009500000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r13 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r13, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000001080)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, &(0x7f0000000180)=0x10) 189.2049ms ago: executing program 1 (id=1180): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bond0\x00', 0x10) bind$inet6(r0, &(0x7f0000000800)={0xa, 0xe22, 0x0, @mcast2, 0xffffffff}, 0x18) r1 = socket(0x10, 0x803, 0x0) connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e) socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41000, 0x22, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94) (async) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41000, 0x22, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94) r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r3, 0xf, 0x0, 0x38, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r3, 0xf, 0x0, 0x38, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r4}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x6}]}, @IFLA_GROUP={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20048050}, 0x0) (async) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r4}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x6}]}, @IFLA_GROUP={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20048050}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r2], 0x20}}, 0x0) (async) sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r2], 0x20}}, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r1, 0x6628) (async) ioctl$EXT4_IOC_CLEAR_ES_CACHE(r1, 0x6628) 0s ago: executing program 2 (id=1181): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000001c0), 0x12) r2 = openat$cgroup_freezer_state(r0, &(0x7f0000000080), 0x2, 0x0) write$cgroup_freezer_state(r2, &(0x7f00000000c0)='THAWED\x00', 0x7) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) getsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000380), &(0x7f0000000400)=0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0x17, &(0x7f0000000280)=ANY=[@ANYRESDEC=0x0], &(0x7f00000004c0)='syzkaller\x00', 0x400000, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000003340)={&(0x7f00000022c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@enum64={0x6, 0x0, 0x0, 0x13, 0x1, 0x7}]}, {0x0, [0x61, 0x5f, 0x5f, 0x2e]}}, 0x0, 0x2a, 0x0, 0x1, 0x4, 0x0, @void, @value}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x2000000000000000, 0x0, 0x48) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x50, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000106f56c49a51d41400000000000095000000000000003c12c2e71472b3e3ffbba731c7d3f6a64ea2a5f0cb4e1d"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r4}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x8, 0x10, r4, 0x41996000) socket(0x23, 0x0, 0x4) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r5) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r6, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x1800000000000000}, 0x20000054) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x5, &(0x7f00000003c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x0, 0x2f}, @call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200000, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r7, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) kernel console output (not intermixed with test programs): regulatory.db [ 92.032849][ T6253] __nla_validate_parse: 2 callbacks suppressed [ 92.032869][ T6253] netlink: 28 bytes leftover after parsing attributes in process `syz.0.102'. [ 92.149452][ T6253] pim6reg9: entered allmulticast mode [ 92.157575][ T6252] delete_channel: no stack [ 92.245015][ T5148] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 92.308304][ T6237] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 92.310048][ T6263] netlink: 4 bytes leftover after parsing attributes in process `syz.0.105'. [ 92.325982][ T6263] netlink: 8 bytes leftover after parsing attributes in process `syz.0.105'. [ 92.461129][ T6265] netlink: 'syz.0.106': attribute type 3 has an invalid length. [ 92.536520][ T6269] netlink: 16 bytes leftover after parsing attributes in process `syz.2.107'. [ 92.570078][ T6269] netlink: 8 bytes leftover after parsing attributes in process `syz.2.107'. [ 92.776245][ T6276] netlink: 'syz.1.112': attribute type 4 has an invalid length. [ 92.781498][ T6278] netlink: 'syz.3.111': attribute type 15 has an invalid length. [ 92.811171][ T6278] netlink: 1268 bytes leftover after parsing attributes in process `syz.3.111'. [ 92.827389][ T6280] hsr0: entered promiscuous mode [ 92.857494][ T6280] netlink: 4 bytes leftover after parsing attributes in process `syz.2.113'. [ 92.880566][ T6278] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 92.904466][ T6280] hsr_slave_0: left promiscuous mode [ 92.944538][ T6280] hsr_slave_1: left promiscuous mode [ 93.035183][ T6290] netlink: 28 bytes leftover after parsing attributes in process `syz.0.115'. [ 93.050520][ T6280] hsr0 (unregistering): left promiscuous mode [ 93.136846][ T6289] delete_channel: no stack [ 93.460205][ T6308] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 93.472911][ T6308] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 93.483961][ T6301] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 93.805152][ T6323] netlink: 'syz.3.126': attribute type 3 has an invalid length. [ 93.917865][ T6327] netlink: 'syz.2.128': attribute type 1 has an invalid length. [ 93.926302][ T6327] netlink: 3 bytes leftover after parsing attributes in process `syz.2.128'. [ 93.947526][ T6327] batadv1: entered allmulticast mode [ 94.025547][ T6332] netlink: 'syz.3.129': attribute type 4 has an invalid length. [ 94.143806][ T6334] hsr0: entered promiscuous mode [ 94.151387][ T6334] netlink: 4 bytes leftover after parsing attributes in process `syz.3.130'. [ 94.163318][ T6334] hsr_slave_0: left promiscuous mode [ 94.173102][ T6334] hsr_slave_1: left promiscuous mode [ 94.194096][ T6334] hsr0 (unregistering): left promiscuous mode [ 94.238586][ T6338] nbd: must specify at least one socket [ 94.536345][ T6340] delete_channel: no stack [ 95.029081][ T6362] bond1: entered promiscuous mode [ 95.056907][ T6362] 8021q: adding VLAN 0 to HW filter on device bond1 [ 95.257565][ T6372] FAULT_INJECTION: forcing a failure. [ 95.257565][ T6372] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 95.320735][ T6372] CPU: 1 UID: 0 PID: 6372 Comm: syz.1.143 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 95.320761][ T6372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 95.320775][ T6372] Call Trace: [ 95.320782][ T6372] [ 95.320790][ T6372] dump_stack_lvl+0x241/0x360 [ 95.320824][ T6372] ? __pfx_dump_stack_lvl+0x10/0x10 [ 95.320844][ T6372] ? __pfx__printk+0x10/0x10 [ 95.320863][ T6372] ? __pfx_lock_release+0x10/0x10 [ 95.320898][ T6372] should_fail_ex+0x40a/0x550 [ 95.320930][ T6372] _copy_from_user+0x2d/0xb0 [ 95.320956][ T6372] copy_msghdr_from_user+0xae/0x680 [ 95.320988][ T6372] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 95.321013][ T6372] ? __fget_files+0x2a/0x410 [ 95.321043][ T6372] ? __fget_files+0x2a/0x410 [ 95.321077][ T6372] __sys_sendmsg+0x209/0x350 [ 95.321104][ T6372] ? __pfx___sys_sendmsg+0x10/0x10 [ 95.321151][ T6372] ? __pfx___schedule+0x10/0x10 [ 95.321180][ T6372] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 95.321208][ T6372] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 95.321239][ T6372] ? do_syscall_64+0xb6/0x230 [ 95.321265][ T6372] do_syscall_64+0xf3/0x230 [ 95.321289][ T6372] ? clear_bhb_loop+0x35/0x90 [ 95.321316][ T6372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.321347][ T6372] RIP: 0033:0x7f1d9df8d169 [ 95.321366][ T6372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.321380][ T6372] RSP: 002b:00007f1d9bdf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 95.321399][ T6372] RAX: ffffffffffffffda RBX: 00007f1d9e1a5fa0 RCX: 00007f1d9df8d169 [ 95.321412][ T6372] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 0000000000000004 [ 95.321423][ T6372] RBP: 00007f1d9bdf6090 R08: 0000000000000000 R09: 0000000000000000 [ 95.321433][ T6372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 95.321443][ T6372] R13: 0000000000000000 R14: 00007f1d9e1a5fa0 R15: 00007ffdae54a518 [ 95.321468][ T6372] [ 95.614404][ T5148] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 95.703172][ T6367] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 95.947024][ T6380] delete_channel: no stack [ 96.223372][ T6390] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 96.242705][ T6390] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 96.509778][ T6411] validate_nla: 2 callbacks suppressed [ 96.509796][ T6411] netlink: 'syz.3.158': attribute type 4 has an invalid length. [ 96.530976][ T6413] FAULT_INJECTION: forcing a failure. [ 96.530976][ T6413] name failslab, interval 1, probability 0, space 0, times 1 [ 96.578540][ T6413] CPU: 1 UID: 0 PID: 6413 Comm: syz.0.159 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 96.578585][ T6413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 96.578598][ T6413] Call Trace: [ 96.578605][ T6413] [ 96.578614][ T6413] dump_stack_lvl+0x241/0x360 [ 96.578654][ T6413] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.578678][ T6413] ? __pfx__printk+0x10/0x10 [ 96.578701][ T6413] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 96.578733][ T6413] ? __pfx___might_resched+0x10/0x10 [ 96.578766][ T6413] should_fail_ex+0x40a/0x550 [ 96.578804][ T6413] should_failslab+0xac/0x100 [ 96.578834][ T6413] kmem_cache_alloc_node_noprof+0x77/0x380 [ 96.578863][ T6413] ? __alloc_skb+0x1c3/0x440 [ 96.578890][ T6413] __alloc_skb+0x1c3/0x440 [ 96.578917][ T6413] ? __pfx___alloc_skb+0x10/0x10 [ 96.578942][ T6413] ? netlink_autobind+0xd6/0x2f0 [ 96.578972][ T6413] ? netlink_autobind+0x2b0/0x2f0 [ 96.579013][ T6413] netlink_sendmsg+0x634/0xcb0 [ 96.579057][ T6413] ? __pfx_netlink_sendmsg+0x10/0x10 [ 96.579094][ T6413] ? aa_sock_msg_perm+0x91/0x160 [ 96.579132][ T6413] ? __pfx_netlink_sendmsg+0x10/0x10 [ 96.579162][ T6413] __sock_sendmsg+0x221/0x270 [ 96.579196][ T6413] ____sys_sendmsg+0x53a/0x860 [ 96.579229][ T6413] ? __pfx_____sys_sendmsg+0x10/0x10 [ 96.579252][ T6413] ? __fget_files+0x2a/0x410 [ 96.579286][ T6413] ? __fget_files+0x2a/0x410 [ 96.579326][ T6413] __sys_sendmsg+0x269/0x350 [ 96.579355][ T6413] ? __pfx___sys_sendmsg+0x10/0x10 [ 96.579393][ T6413] ? do_sys_openat2+0x17a/0x1d0 [ 96.579452][ T6413] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 96.579486][ T6413] ? do_syscall_64+0x100/0x230 [ 96.579517][ T6413] ? do_syscall_64+0xb6/0x230 [ 96.579547][ T6413] do_syscall_64+0xf3/0x230 [ 96.579574][ T6413] ? clear_bhb_loop+0x35/0x90 [ 96.579606][ T6413] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.579634][ T6413] RIP: 0033:0x7fe37218d169 [ 96.579672][ T6413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.579688][ T6413] RSP: 002b:00007fe36fff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 96.579709][ T6413] RAX: ffffffffffffffda RBX: 00007fe3723a5fa0 RCX: 00007fe37218d169 [ 96.579723][ T6413] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 0000000000000004 [ 96.579736][ T6413] RBP: 00007fe36fff6090 R08: 0000000000000000 R09: 0000000000000000 [ 96.579747][ T6413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 96.579759][ T6413] R13: 0000000000000000 R14: 00007fe3723a5fa0 R15: 00007ffd292a1e28 [ 96.579788][ T6413] [ 97.226047][ T6428] __nla_validate_parse: 7 callbacks suppressed [ 97.226066][ T6428] netlink: 4 bytes leftover after parsing attributes in process `syz.2.163'. [ 97.308114][ T6425] delete_channel: no stack [ 97.494964][ T6435] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 97.543848][ T6442] netlink: 'syz.3.170': attribute type 4 has an invalid length. [ 97.653257][ T6444] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 97.789926][ T6453] tipc: Started in network mode [ 97.804418][ T6453] tipc: Node identity ac14140f, cluster identity 4711 [ 97.830514][ T6453] tipc: New replicast peer: 255.255.255.255 [ 97.840828][ T6453] tipc: Enabled bearer , priority 10 [ 97.865172][ T6455] netlink: 4 bytes leftover after parsing attributes in process `syz.2.174'. [ 97.965252][ T6458] netlink: 71 bytes leftover after parsing attributes in process `syz.1.175'. [ 98.155279][ T6468] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 98.194465][ T6468] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 98.226672][ T6471] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 98.254824][ T6474] netlink: 'syz.4.181': attribute type 13 has an invalid length. [ 98.262811][ T6474] netlink: 16 bytes leftover after parsing attributes in process `syz.4.181'. [ 98.289421][ T6474] (unnamed net_device) (uninitialized): option fail_over_mac: invalid value (6) [ 98.519948][ T6488] netlink: 'syz.2.184': attribute type 4 has an invalid length. [ 98.806682][ T6494] FAULT_INJECTION: forcing a failure. [ 98.806682][ T6494] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 98.820241][ T6494] CPU: 1 UID: 0 PID: 6494 Comm: syz.4.188 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 98.820265][ T6494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 98.820275][ T6494] Call Trace: [ 98.820282][ T6494] [ 98.820289][ T6494] dump_stack_lvl+0x241/0x360 [ 98.820316][ T6494] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.820336][ T6494] ? __pfx__printk+0x10/0x10 [ 98.820355][ T6494] ? __pfx_lock_release+0x10/0x10 [ 98.820390][ T6494] should_fail_ex+0x40a/0x550 [ 98.820422][ T6494] _copy_from_iter+0x1df/0x1c40 [ 98.820445][ T6494] ? __virt_addr_valid+0x183/0x530 [ 98.820462][ T6494] ? __pfx_lock_release+0x10/0x10 [ 98.820494][ T6494] ? __alloc_skb+0x28f/0x440 [ 98.820513][ T6494] ? __pfx__copy_from_iter+0x10/0x10 [ 98.820536][ T6494] ? __virt_addr_valid+0x183/0x530 [ 98.820553][ T6494] ? __virt_addr_valid+0x183/0x530 [ 98.820568][ T6494] ? __virt_addr_valid+0x45f/0x530 [ 98.820585][ T6494] ? __phys_addr_symbol+0x2f/0x70 [ 98.820601][ T6494] ? __check_object_size+0x47a/0x730 [ 98.820631][ T6494] netlink_sendmsg+0x742/0xcb0 [ 98.820670][ T6494] ? __pfx_netlink_sendmsg+0x10/0x10 [ 98.820700][ T6494] ? aa_sock_msg_perm+0x91/0x160 [ 98.820733][ T6494] ? __pfx_netlink_sendmsg+0x10/0x10 [ 98.820758][ T6494] __sock_sendmsg+0x221/0x270 [ 98.820786][ T6494] ____sys_sendmsg+0x53a/0x860 [ 98.820815][ T6494] ? __pfx_____sys_sendmsg+0x10/0x10 [ 98.820834][ T6494] ? __fget_files+0x2a/0x410 [ 98.820863][ T6494] ? __fget_files+0x2a/0x410 [ 98.820897][ T6494] __sys_sendmsg+0x269/0x350 [ 98.820923][ T6494] ? __pfx___sys_sendmsg+0x10/0x10 [ 98.820953][ T6494] ? do_sys_openat2+0x17a/0x1d0 [ 98.820999][ T6494] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 98.821027][ T6494] ? do_syscall_64+0x100/0x230 [ 98.821053][ T6494] ? do_syscall_64+0xb6/0x230 [ 98.821077][ T6494] do_syscall_64+0xf3/0x230 [ 98.821099][ T6494] ? clear_bhb_loop+0x35/0x90 [ 98.821127][ T6494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.821151][ T6494] RIP: 0033:0x7f4bee98d169 [ 98.821166][ T6494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.821180][ T6494] RSP: 002b:00007f4bef7a4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 98.821198][ T6494] RAX: ffffffffffffffda RBX: 00007f4beeba5fa0 RCX: 00007f4bee98d169 [ 98.821210][ T6494] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 0000000000000004 [ 98.821227][ T6494] RBP: 00007f4bef7a4090 R08: 0000000000000000 R09: 0000000000000000 [ 98.821237][ T6494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 98.821246][ T6494] R13: 0000000000000000 R14: 00007f4beeba5fa0 R15: 00007ffc2f8c83e8 [ 98.821272][ T6494] [ 99.091631][ T5917] tipc: Node number set to 2886997007 [ 99.127278][ T6497] hsr0: entered promiscuous mode [ 99.132970][ T6497] netlink: 4 bytes leftover after parsing attributes in process `syz.0.190'. [ 99.142011][ T6497] hsr_slave_0: left promiscuous mode [ 99.169729][ T6497] hsr_slave_1: left promiscuous mode [ 99.243761][ T6497] hsr0 (unregistering): left promiscuous mode [ 99.338150][ T6510] netlink: 32 bytes leftover after parsing attributes in process `syz.3.194'. [ 99.544292][ T5148] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 99.864859][ T6536] FAULT_INJECTION: forcing a failure. [ 99.864859][ T6536] name failslab, interval 1, probability 0, space 0, times 0 [ 99.908437][ T6536] CPU: 1 UID: 0 PID: 6536 Comm: syz.2.202 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 99.908464][ T6536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 99.908475][ T6536] Call Trace: [ 99.908481][ T6536] [ 99.908489][ T6536] dump_stack_lvl+0x241/0x360 [ 99.908517][ T6536] ? __pfx_dump_stack_lvl+0x10/0x10 [ 99.908537][ T6536] ? __pfx__printk+0x10/0x10 [ 99.908567][ T6536] should_fail_ex+0x40a/0x550 [ 99.908599][ T6536] should_failslab+0xac/0x100 [ 99.908625][ T6536] ? skb_clone+0x20c/0x390 [ 99.908646][ T6536] kmem_cache_alloc_noprof+0x70/0x380 [ 99.908677][ T6536] skb_clone+0x20c/0x390 [ 99.908702][ T6536] __netlink_deliver_tap+0x3c4/0x7f0 [ 99.908740][ T6536] ? netlink_deliver_tap+0x2e/0x1b0 [ 99.908766][ T6536] netlink_deliver_tap+0x19d/0x1b0 [ 99.908793][ T6536] netlink_unicast+0x7c4/0x990 [ 99.908825][ T6536] ? __pfx_netlink_unicast+0x10/0x10 [ 99.908847][ T6536] ? __virt_addr_valid+0x45f/0x530 [ 99.908870][ T6536] ? __phys_addr_symbol+0x2f/0x70 [ 99.908886][ T6536] ? __check_object_size+0x47a/0x730 [ 99.908916][ T6536] netlink_sendmsg+0x8de/0xcb0 [ 99.908953][ T6536] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.908984][ T6536] ? aa_sock_msg_perm+0x91/0x160 [ 99.909018][ T6536] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.909042][ T6536] __sock_sendmsg+0x221/0x270 [ 99.909072][ T6536] ____sys_sendmsg+0x53a/0x860 [ 99.909102][ T6536] ? __pfx_____sys_sendmsg+0x10/0x10 [ 99.909121][ T6536] ? __fget_files+0x2a/0x410 [ 99.909150][ T6536] ? __fget_files+0x2a/0x410 [ 99.909190][ T6536] __sys_sendmsg+0x269/0x350 [ 99.909217][ T6536] ? __pfx___sys_sendmsg+0x10/0x10 [ 99.909251][ T6536] ? do_sys_openat2+0x17a/0x1d0 [ 99.909302][ T6536] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 99.909332][ T6536] ? do_syscall_64+0x100/0x230 [ 99.909359][ T6536] ? do_syscall_64+0xb6/0x230 [ 99.909384][ T6536] do_syscall_64+0xf3/0x230 [ 99.909407][ T6536] ? clear_bhb_loop+0x35/0x90 [ 99.909436][ T6536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.909459][ T6536] RIP: 0033:0x7f027d18d169 [ 99.909475][ T6536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.909489][ T6536] RSP: 002b:00007f027e01f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 99.909508][ T6536] RAX: ffffffffffffffda RBX: 00007f027d3a5fa0 RCX: 00007f027d18d169 [ 99.909521][ T6536] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 0000000000000004 [ 99.909532][ T6536] RBP: 00007f027e01f090 R08: 0000000000000000 R09: 0000000000000000 [ 99.909543][ T6536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 99.909553][ T6536] R13: 0000000000000000 R14: 00007f027d3a5fa0 R15: 00007ffcfc77d318 [ 99.909580][ T6536] [ 100.391469][ T6541] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 100.415881][ T6541] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 100.542716][ T6553] netlink: 830 bytes leftover after parsing attributes in process `syz.2.207'. [ 100.648896][ T6559] netlink: 4 bytes leftover after parsing attributes in process `syz.0.208'. [ 100.812077][ T6565] netlink: 56 bytes leftover after parsing attributes in process `syz.1.211'. [ 100.821309][ T6565] netlink: 8 bytes leftover after parsing attributes in process `syz.1.211'. [ 100.942806][ T6569] FAULT_INJECTION: forcing a failure. [ 100.942806][ T6569] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 100.968222][ T6569] CPU: 0 UID: 0 PID: 6569 Comm: syz.1.214 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 100.968248][ T6569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 100.968260][ T6569] Call Trace: [ 100.968266][ T6569] [ 100.968274][ T6569] dump_stack_lvl+0x241/0x360 [ 100.968303][ T6569] ? __pfx_dump_stack_lvl+0x10/0x10 [ 100.968324][ T6569] ? __pfx__printk+0x10/0x10 [ 100.968343][ T6569] ? rcu_is_watching+0x15/0xb0 [ 100.968365][ T6569] ? __pfx_lock_release+0x10/0x10 [ 100.968391][ T6569] ? __alloc_frozen_pages_noprof+0x350/0x710 [ 100.968422][ T6569] should_fail_ex+0x40a/0x550 [ 100.968456][ T6569] _copy_from_iter+0x1df/0x1c40 [ 100.968505][ T6569] ? __pfx__copy_from_iter+0x10/0x10 [ 100.968527][ T6569] ? tun_get_user+0x838/0x45b0 [ 100.968569][ T6569] ? set_page_refcounted+0xa1/0x1e0 [ 100.968597][ T6569] ? alloc_pages_noprof+0x136/0x190 [ 100.968620][ T6569] ? page_copy_sane+0x46/0x260 [ 100.968646][ T6569] copy_page_from_iter+0x7a/0x100 [ 100.968673][ T6569] tun_get_user+0x1ed6/0x45b0 [ 100.968699][ T6569] ? tun_get_user+0x838/0x45b0 [ 100.968729][ T6569] ? __lock_acquire+0x1397/0x2100 [ 100.968765][ T6569] ? __pfx_tun_get_user+0x10/0x10 [ 100.968805][ T6569] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 100.968825][ T6569] ? tun_get+0x1e/0x2f0 [ 100.968847][ T6569] ? __pfx_lock_release+0x10/0x10 [ 100.968889][ T6569] ? tun_get+0x1e/0x2f0 [ 100.968910][ T6569] ? tun_get+0x27d/0x2f0 [ 100.968953][ T6569] tun_chr_write_iter+0x10d/0x1f0 [ 100.968979][ T6569] vfs_write+0xacf/0xd10 [ 100.969006][ T6569] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 100.969032][ T6569] ? __pfx_vfs_write+0x10/0x10 [ 100.969052][ T6569] ? do_sys_openat2+0x17a/0x1d0 [ 100.969084][ T6569] ? __fget_files+0x2a/0x410 [ 100.969116][ T6569] ? __fget_files+0x2a/0x410 [ 100.969165][ T6569] ksys_write+0x18f/0x2b0 [ 100.969190][ T6569] ? __pfx_ksys_write+0x10/0x10 [ 100.969213][ T6569] ? do_syscall_64+0x100/0x230 [ 100.969243][ T6569] ? do_syscall_64+0xb6/0x230 [ 100.969271][ T6569] do_syscall_64+0xf3/0x230 [ 100.969297][ T6569] ? clear_bhb_loop+0x35/0x90 [ 100.969329][ T6569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.969356][ T6569] RIP: 0033:0x7f1d9df8bc1f [ 100.969374][ T6569] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 100.969390][ T6569] RSP: 002b:00007f1d9bdf6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 100.969412][ T6569] RAX: ffffffffffffffda RBX: 00007f1d9e1a5fa0 RCX: 00007f1d9df8bc1f [ 100.969427][ T6569] RDX: 000000000000002a RSI: 00004000000000c0 RDI: 00000000000000c8 [ 100.969439][ T6569] RBP: 00007f1d9bdf6090 R08: 0000000000000000 R09: 0000000000000000 [ 100.969452][ T6569] R10: 000000000000002a R11: 0000000000000293 R12: 0000000000000001 [ 100.969464][ T6569] R13: 0000000000000000 R14: 00007f1d9e1a5fa0 R15: 00007ffdae54a518 [ 100.969493][ T6569] [ 101.504777][ T6578] FAULT_INJECTION: forcing a failure. [ 101.504777][ T6578] name failslab, interval 1, probability 0, space 0, times 0 [ 101.587226][ T6578] CPU: 0 UID: 0 PID: 6578 Comm: syz.2.217 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 101.587252][ T6578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 101.587263][ T6578] Call Trace: [ 101.587269][ T6578] [ 101.587277][ T6578] dump_stack_lvl+0x241/0x360 [ 101.587305][ T6578] ? __pfx_dump_stack_lvl+0x10/0x10 [ 101.587326][ T6578] ? __pfx__printk+0x10/0x10 [ 101.587347][ T6578] ? __kmalloc_cache_noprof+0x48/0x390 [ 101.587372][ T6578] ? __pfx___might_resched+0x10/0x10 [ 101.587391][ T6578] ? unwind_get_return_address+0x4d/0x90 [ 101.587418][ T6578] should_fail_ex+0x40a/0x550 [ 101.587444][ T6578] should_failslab+0xac/0x100 [ 101.587477][ T6578] __kmalloc_cache_noprof+0x70/0x390 [ 101.587496][ T6578] ? rtnl_newlink+0x13e/0x1d90 [ 101.587539][ T6578] rtnl_newlink+0x13e/0x1d90 [ 101.587561][ T6578] ? stack_depot_save_flags+0x37/0x940 [ 101.587590][ T6578] ? kasan_save_track+0x51/0x80 [ 101.587606][ T6578] ? kasan_save_free_info+0x40/0x50 [ 101.587629][ T6578] ? __kasan_slab_free+0x59/0x70 [ 101.587645][ T6578] ? kmem_cache_free+0x195/0x410 [ 101.587666][ T6578] ? __pfx_rtnl_newlink+0x10/0x10 [ 101.587687][ T6578] ? __netlink_deliver_tap+0x561/0x7f0 [ 101.587710][ T6578] ? __pfx_validate_chain+0x10/0x10 [ 101.587726][ T6578] ? __sock_sendmsg+0x221/0x270 [ 101.587746][ T6578] ? ____sys_sendmsg+0x53a/0x860 [ 101.587762][ T6578] ? __sys_sendmsg+0x269/0x350 [ 101.587778][ T6578] ? do_syscall_64+0xf3/0x230 [ 101.587796][ T6578] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.587830][ T6578] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 101.587855][ T6578] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 101.587884][ T6578] ? mark_lock+0x9a/0x360 [ 101.587900][ T6578] ? __lock_acquire+0x1397/0x2100 [ 101.587944][ T6578] ? __pfx_lock_release+0x10/0x10 [ 101.587976][ T6578] ? __pfx_rtnl_newlink+0x10/0x10 [ 101.588000][ T6578] rtnetlink_rcv_msg+0x791/0xcf0 [ 101.588021][ T6578] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 101.588047][ T6578] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 101.588074][ T6578] ? ref_tracker_free+0x643/0x7e0 [ 101.588093][ T6578] netlink_rcv_skb+0x206/0x480 [ 101.588121][ T6578] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 101.588145][ T6578] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 101.588182][ T6578] ? netlink_deliver_tap+0x2e/0x1b0 [ 101.588206][ T6578] netlink_unicast+0x7f6/0x990 [ 101.588232][ T6578] ? __pfx_netlink_unicast+0x10/0x10 [ 101.588253][ T6578] ? __virt_addr_valid+0x45f/0x530 [ 101.588268][ T6578] ? __phys_addr_symbol+0x2f/0x70 [ 101.588282][ T6578] ? __check_object_size+0x47a/0x730 [ 101.588305][ T6578] netlink_sendmsg+0x8de/0xcb0 [ 101.588336][ T6578] ? __pfx_netlink_sendmsg+0x10/0x10 [ 101.588362][ T6578] ? aa_sock_msg_perm+0x91/0x160 [ 101.588390][ T6578] ? __pfx_netlink_sendmsg+0x10/0x10 [ 101.588411][ T6578] __sock_sendmsg+0x221/0x270 [ 101.588435][ T6578] ____sys_sendmsg+0x53a/0x860 [ 101.588458][ T6578] ? __pfx_____sys_sendmsg+0x10/0x10 [ 101.588474][ T6578] ? __fget_files+0x2a/0x410 [ 101.588498][ T6578] ? __fget_files+0x2a/0x410 [ 101.588526][ T6578] __sys_sendmsg+0x269/0x350 [ 101.588547][ T6578] ? __pfx___sys_sendmsg+0x10/0x10 [ 101.588573][ T6578] ? do_sys_openat2+0x17a/0x1d0 [ 101.588613][ T6578] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 101.588637][ T6578] ? do_syscall_64+0x100/0x230 [ 101.588658][ T6578] ? do_syscall_64+0xb6/0x230 [ 101.588679][ T6578] do_syscall_64+0xf3/0x230 [ 101.588698][ T6578] ? clear_bhb_loop+0x35/0x90 [ 101.588721][ T6578] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 101.588740][ T6578] RIP: 0033:0x7f027d18d169 [ 101.588754][ T6578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 101.588766][ T6578] RSP: 002b:00007f027e01f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 101.588782][ T6578] RAX: ffffffffffffffda RBX: 00007f027d3a5fa0 RCX: 00007f027d18d169 [ 101.588792][ T6578] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 0000000000000004 [ 101.588801][ T6578] RBP: 00007f027e01f090 R08: 0000000000000000 R09: 0000000000000000 [ 101.588810][ T6578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 101.588819][ T6578] R13: 0000000000000000 R14: 00007f027d3a5fa0 R15: 00007ffcfc77d318 [ 101.588839][ T6578] [ 102.436318][ T6591] netlink: 'syz.1.220': attribute type 1 has an invalid length. [ 102.461856][ T6591] netlink: 'syz.1.220': attribute type 1 has an invalid length. [ 102.527957][ T6588] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 102.645735][ T6599] netlink: 24 bytes leftover after parsing attributes in process `syz.1.224'. [ 103.224209][ T6620] bridge0: port 3(netdevsim2) entered blocking state [ 103.252780][ T6620] bridge0: port 3(netdevsim2) entered disabled state [ 103.267677][ T6620] netdevsim netdevsim2 netdevsim2: entered allmulticast mode [ 103.290125][ T6620] netdevsim netdevsim2 netdevsim2: entered promiscuous mode [ 103.307207][ T6620] bridge0: port 3(netdevsim2) entered blocking state [ 103.314373][ T6620] bridge0: port 3(netdevsim2) entered forwarding state [ 103.330143][ T6624] netlink: 'syz.0.233': attribute type 3 has an invalid length. [ 103.627836][ T6645] netlink: 60 bytes leftover after parsing attributes in process `syz.2.239'. [ 103.693294][ T6649] netlink: 'syz.3.241': attribute type 1 has an invalid length. [ 103.707573][ T6649] netlink: 40 bytes leftover after parsing attributes in process `syz.3.241'. [ 103.856434][ T6657] netlink: 'syz.2.242': attribute type 7 has an invalid length. [ 103.864136][ T6657] netlink: 8 bytes leftover after parsing attributes in process `syz.2.242'. [ 103.980295][ T6660] netlink: 28 bytes leftover after parsing attributes in process `syz.3.243'. [ 104.034875][ T6660] netlink: 28 bytes leftover after parsing attributes in process `syz.3.243'. [ 104.041070][ T6668] netlink: 368 bytes leftover after parsing attributes in process `syz.4.245'. [ 104.043812][ T6660] netlink: 'syz.3.243': attribute type 4 has an invalid length. [ 104.054756][ T6668] netlink: 4 bytes leftover after parsing attributes in process `syz.4.245'. [ 104.300599][ T6680] netlink: 'syz.2.251': attribute type 3 has an invalid length. [ 104.492396][ T6687] lo speed is unknown, defaulting to 1000 [ 104.506602][ T6687] lo speed is unknown, defaulting to 1000 [ 104.516774][ T6687] lo speed is unknown, defaulting to 1000 [ 104.565118][ T5148] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 104.573339][ T6655] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 104.665629][ T6687] infiniband syz0: set active [ 104.670596][ T6687] infiniband syz0: added lo [ 104.682571][ T26] lo speed is unknown, defaulting to 1000 [ 104.713958][ T6687] RDS/IB: syz0: added [ 104.718621][ T6687] smc: adding ib device syz0 with port count 1 [ 104.726139][ T6687] smc: ib device syz0 port 1 has pnetid [ 104.735886][ T26] lo speed is unknown, defaulting to 1000 [ 104.747220][ T6687] lo speed is unknown, defaulting to 1000 [ 104.958546][ T6687] lo speed is unknown, defaulting to 1000 [ 104.992507][ T6701] hsr0: entered promiscuous mode [ 105.034521][ T6701] netlink: 4 bytes leftover after parsing attributes in process `syz.1.257'. [ 105.052590][ T6705] netlink: 28 bytes leftover after parsing attributes in process `syz.2.258'. [ 105.078688][ T6705] netlink: 'syz.2.258': attribute type 4 has an invalid length. [ 105.098055][ T6701] hsr_slave_0: left promiscuous mode [ 105.112792][ T6708] sctp: [Deprecated]: syz.4.260 (pid 6708) Use of int in max_burst socket option. [ 105.112792][ T6708] Use struct sctp_assoc_value instead [ 105.185548][ T6701] hsr_slave_1: left promiscuous mode [ 105.221526][ T6701] hsr0 (unregistering): left promiscuous mode [ 105.239781][ T6687] lo speed is unknown, defaulting to 1000 [ 105.605762][ T6687] lo speed is unknown, defaulting to 1000 [ 105.666259][ T6734] netlink: 'syz.3.266': attribute type 3 has an invalid length. [ 105.817087][ T6741] ip6tnl1: entered promiscuous mode [ 105.940084][ T6687] lo speed is unknown, defaulting to 1000 [ 106.664420][ T6783] netlink: 'syz.2.281': attribute type 3 has an invalid length. [ 106.793204][ T6787] FAULT_INJECTION: forcing a failure. [ 106.793204][ T6787] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 106.820815][ T6787] CPU: 0 UID: 0 PID: 6787 Comm: syz.4.282 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 106.820840][ T6787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 106.820851][ T6787] Call Trace: [ 106.820858][ T6787] [ 106.820866][ T6787] dump_stack_lvl+0x241/0x360 [ 106.820893][ T6787] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.820914][ T6787] ? __pfx__printk+0x10/0x10 [ 106.820939][ T6787] ? snprintf+0xda/0x120 [ 106.820966][ T6787] should_fail_ex+0x40a/0x550 [ 106.820999][ T6787] _copy_to_user+0x31/0xb0 [ 106.821026][ T6787] simple_read_from_buffer+0xca/0x150 [ 106.821056][ T6787] proc_fail_nth_read+0x1e9/0x250 [ 106.821085][ T6787] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 106.821115][ T6787] ? rw_verify_area+0x243/0x630 [ 106.821135][ T6787] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 106.821163][ T6787] vfs_read+0x1f8/0xb40 [ 106.821184][ T6787] ? fdget_pos+0x254/0x320 [ 106.821213][ T6787] ? __pfx___mutex_lock+0x10/0x10 [ 106.821236][ T6787] ? __pfx_vfs_read+0x10/0x10 [ 106.821252][ T6787] ? do_sys_openat2+0x17a/0x1d0 [ 106.821282][ T6787] ? __fget_files+0x2a/0x410 [ 106.821310][ T6787] ? __fget_files+0x395/0x410 [ 106.821335][ T6787] ? __fget_files+0x2a/0x410 [ 106.821370][ T6787] ksys_read+0x18f/0x2b0 [ 106.821391][ T6787] ? __pfx_ksys_read+0x10/0x10 [ 106.821412][ T6787] ? do_syscall_64+0x100/0x230 [ 106.821439][ T6787] ? do_syscall_64+0xb6/0x230 [ 106.821466][ T6787] do_syscall_64+0xf3/0x230 [ 106.821489][ T6787] ? clear_bhb_loop+0x35/0x90 [ 106.821519][ T6787] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.821544][ T6787] RIP: 0033:0x7f4bee98bb7c [ 106.821560][ T6787] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 106.821574][ T6787] RSP: 002b:00007f4bef7a4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 106.821594][ T6787] RAX: ffffffffffffffda RBX: 00007f4beeba5fa0 RCX: 00007f4bee98bb7c [ 106.821607][ T6787] RDX: 000000000000000f RSI: 00007f4bef7a40a0 RDI: 0000000000000004 [ 106.821618][ T6787] RBP: 00007f4bef7a4090 R08: 0000000000000000 R09: 0000000000000000 [ 106.821630][ T6787] R10: 000000000000002a R11: 0000000000000246 R12: 0000000000000001 [ 106.821640][ T6787] R13: 0000000000000000 R14: 00007f4beeba5fa0 R15: 00007ffc2f8c83e8 [ 106.821668][ T6787] [ 107.477434][ T6818] Cannot find del_set index 0 as target [ 107.682563][ T6827] __nla_validate_parse: 21 callbacks suppressed [ 107.682584][ T6827] netlink: 8 bytes leftover after parsing attributes in process `syz.2.294'. [ 107.735264][ T6827] netlink: 8 bytes leftover after parsing attributes in process `syz.2.294'. [ 107.747230][ T6836] netlink: 16 bytes leftover after parsing attributes in process `syz.4.295'. [ 107.798685][ T6827] netlink: 8 bytes leftover after parsing attributes in process `syz.2.294'. [ 107.837201][ T6827] netlink: 8 bytes leftover after parsing attributes in process `syz.2.294'. [ 107.890910][ T6827] netlink: 8 bytes leftover after parsing attributes in process `syz.2.294'. [ 107.923608][ T6827] netlink: 8 bytes leftover after parsing attributes in process `syz.2.294'. [ 107.940433][ T6827] netlink: 8 bytes leftover after parsing attributes in process `syz.2.294'. [ 107.961623][ T6827] netlink: 8 bytes leftover after parsing attributes in process `syz.2.294'. [ 107.976937][ T6827] netlink: 8 bytes leftover after parsing attributes in process `syz.2.294'. [ 108.017675][ T6827] bridge0: port 3(netdevsim2) entered disabled state [ 108.024661][ T6827] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.033029][ T6827] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.192117][ T6827] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 108.213467][ T6827] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 108.353187][ T6827] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.370892][ T6827] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.380640][ T6827] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.390105][ T6827] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.497492][ T6827] bond1: left promiscuous mode [ 108.509209][ T6834] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 108.525178][ T6834] batadv_slave_0: entered promiscuous mode [ 108.549072][ T6838] validate_nla: 1 callbacks suppressed [ 108.549090][ T6838] netlink: 'syz.1.297': attribute type 4 has an invalid length. [ 108.567406][ T6840] netlink: 'syz.3.298': attribute type 3 has an invalid length. [ 108.802647][ T6867] xt_connbytes: Forcing CT accounting to be enabled [ 108.817425][ T6867] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 108.838709][ T6867] xt_bpf: check failed: parse error [ 109.068273][ T6880] FAULT_INJECTION: forcing a failure. [ 109.068273][ T6880] name failslab, interval 1, probability 0, space 0, times 0 [ 109.103604][ T6880] CPU: 0 UID: 0 PID: 6880 Comm: syz.0.303 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 109.103631][ T6880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 109.103642][ T6880] Call Trace: [ 109.103660][ T6880] [ 109.103667][ T6880] dump_stack_lvl+0x241/0x360 [ 109.103694][ T6880] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.103715][ T6880] ? __pfx__printk+0x10/0x10 [ 109.103735][ T6880] ? __kmalloc_node_noprof+0xb9/0x4d0 [ 109.103760][ T6880] ? __pfx___might_resched+0x10/0x10 [ 109.103790][ T6880] should_fail_ex+0x40a/0x550 [ 109.103832][ T6880] should_failslab+0xac/0x100 [ 109.103857][ T6880] __kmalloc_node_noprof+0xe1/0x4d0 [ 109.103882][ T6880] ? __kvmalloc_node_noprof+0x72/0x190 [ 109.103915][ T6880] __kvmalloc_node_noprof+0x72/0x190 [ 109.103945][ T6880] alloc_netdev_mqs+0xac6/0x1210 [ 109.103975][ T6880] rtnl_create_link+0x2f9/0xc90 [ 109.104005][ T6880] rtnl_newlink_create+0x2e1/0xbd0 [ 109.104047][ T6880] ? __pfx_aa_get_newest_label+0x10/0x10 [ 109.104080][ T6880] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 109.104104][ T6880] ? __pfx___mutex_lock+0x10/0x10 [ 109.104139][ T6880] ? ns_capable+0x8a/0xf0 [ 109.104166][ T6880] rtnl_newlink+0x167a/0x1d90 [ 109.104197][ T6880] ? stack_depot_save_flags+0x37/0x940 [ 109.104244][ T6880] ? __pfx_rtnl_newlink+0x10/0x10 [ 109.104270][ T6880] ? __netlink_deliver_tap+0x561/0x7f0 [ 109.104298][ T6880] ? __pfx_validate_chain+0x10/0x10 [ 109.104316][ T6880] ? __sock_sendmsg+0x221/0x270 [ 109.104341][ T6880] ? ____sys_sendmsg+0x53a/0x860 [ 109.104361][ T6880] ? __sys_sendmsg+0x269/0x350 [ 109.104380][ T6880] ? do_syscall_64+0xf3/0x230 [ 109.104403][ T6880] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.104450][ T6880] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 109.104482][ T6880] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 109.104519][ T6880] ? mark_lock+0x9a/0x360 [ 109.104541][ T6880] ? __lock_acquire+0x1397/0x2100 [ 109.104603][ T6880] ? __pfx_lock_release+0x10/0x10 [ 109.104647][ T6880] ? __pfx_rtnl_newlink+0x10/0x10 [ 109.104678][ T6880] rtnetlink_rcv_msg+0x791/0xcf0 [ 109.104704][ T6880] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 109.104736][ T6880] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 109.104771][ T6880] ? ref_tracker_free+0x643/0x7e0 [ 109.104805][ T6880] netlink_rcv_skb+0x206/0x480 [ 109.104834][ T6880] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 109.104864][ T6880] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 109.104915][ T6880] ? netlink_deliver_tap+0x2e/0x1b0 [ 109.104947][ T6880] netlink_unicast+0x7f6/0x990 [ 109.104981][ T6880] ? __pfx_netlink_unicast+0x10/0x10 [ 109.105004][ T6880] ? __virt_addr_valid+0x45f/0x530 [ 109.105024][ T6880] ? __phys_addr_symbol+0x2f/0x70 [ 109.105041][ T6880] ? __check_object_size+0x47a/0x730 [ 109.105072][ T6880] netlink_sendmsg+0x8de/0xcb0 [ 109.105113][ T6880] ? __pfx_netlink_sendmsg+0x10/0x10 [ 109.105147][ T6880] ? aa_sock_msg_perm+0x91/0x160 [ 109.105181][ T6880] ? __pfx_netlink_sendmsg+0x10/0x10 [ 109.105208][ T6880] __sock_sendmsg+0x221/0x270 [ 109.105238][ T6880] ____sys_sendmsg+0x53a/0x860 [ 109.105269][ T6880] ? __pfx_____sys_sendmsg+0x10/0x10 [ 109.105289][ T6880] ? __fget_files+0x2a/0x410 [ 109.105320][ T6880] ? __fget_files+0x2a/0x410 [ 109.105357][ T6880] __sys_sendmsg+0x269/0x350 [ 109.105385][ T6880] ? __pfx___sys_sendmsg+0x10/0x10 [ 109.105421][ T6880] ? do_sys_openat2+0x17a/0x1d0 [ 109.105474][ T6880] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 109.105505][ T6880] ? do_syscall_64+0x100/0x230 [ 109.105532][ T6880] ? do_syscall_64+0xb6/0x230 [ 109.105560][ T6880] do_syscall_64+0xf3/0x230 [ 109.105584][ T6880] ? clear_bhb_loop+0x35/0x90 [ 109.105612][ T6880] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.105636][ T6880] RIP: 0033:0x7fe37218d169 [ 109.105653][ T6880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.105669][ T6880] RSP: 002b:00007fe36fff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 109.105706][ T6880] RAX: ffffffffffffffda RBX: 00007fe3723a5fa0 RCX: 00007fe37218d169 [ 109.105721][ T6880] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 0000000000000004 [ 109.105732][ T6880] RBP: 00007fe36fff6090 R08: 0000000000000000 R09: 0000000000000000 [ 109.105744][ T6880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 109.105756][ T6880] R13: 0000000000000000 R14: 00007fe3723a5fa0 R15: 00007ffd292a1e28 [ 109.105787][ T6880] [ 109.642960][ T6888] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 109.709810][ T6888] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 109.820754][ T6899] 8021q: adding VLAN 0 to HW filter on device bond2 [ 109.832876][ T6908] netlink: 'syz.1.312': attribute type 4 has an invalid length. [ 109.925104][ T6899] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 109.933814][ T6899] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 109.981970][ T6913] netlink: 'syz.1.314': attribute type 4 has an invalid length. [ 110.052944][ T6922] netlink: 'syz.4.316': attribute type 3 has an invalid length. [ 110.355548][ T6936] netlink: 'syz.4.322': attribute type 10 has an invalid length. [ 110.367649][ T6936] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.375702][ T6936] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.403384][ T6936] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.410917][ T6936] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.419603][ T6936] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.427055][ T6936] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.447046][ T6936] team0: Port device bridge0 added [ 110.462659][ T6936] syz.4.322 (6936) used greatest stack depth: 17328 bytes left [ 110.624757][ T6952] IPVS: length: 78 != 13088928 [ 110.897472][ T6961] lo speed is unknown, defaulting to 1000 [ 111.130706][ T6960] lo speed is unknown, defaulting to 1000 [ 111.500574][ T6979] netlink: del zone limit has 4 unknown bytes [ 112.184467][ T6998] lo speed is unknown, defaulting to 1000 [ 112.417047][ T7013] pim6reg: entered allmulticast mode [ 112.428739][ T7011] delete_channel: no stack [ 112.573609][ T7016] netlink: 'syz.1.348': attribute type 1 has an invalid length. [ 112.591674][ T7024] xt_hashlimit: max too large, truncated to 1048576 [ 112.683677][ T7024] No such timeout policy "syz1" [ 112.767405][ T7031] pimreg: entered allmulticast mode [ 112.827626][ T7031] pimreg: left allmulticast mode [ 113.063259][ T7045] __nla_validate_parse: 83 callbacks suppressed [ 113.063301][ T7045] netlink: 28 bytes leftover after parsing attributes in process `syz.3.357'. [ 113.100445][ T7045] netlink: 28 bytes leftover after parsing attributes in process `syz.3.357'. [ 113.118201][ T7045] netlink: 'syz.3.357': attribute type 4 has an invalid length. [ 113.149127][ T7047] hsr0: entered promiscuous mode [ 113.153308][ T7053] netlink: 12 bytes leftover after parsing attributes in process `syz.1.360'. [ 113.158803][ T7047] netlink: 4 bytes leftover after parsing attributes in process `syz.4.358'. [ 113.182685][ T7057] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 3, id = 0 [ 113.200120][ T7047] hsr_slave_0: left promiscuous mode [ 113.207011][ T7053] netlink: 12 bytes leftover after parsing attributes in process `syz.1.360'. [ 113.217402][ T7049] sctp: [Deprecated]: syz.0.359 (pid 7049) Use of struct sctp_assoc_value in delayed_ack socket option. [ 113.217402][ T7049] Use struct sctp_sack_info instead [ 113.254924][ T7047] hsr_slave_1: left promiscuous mode [ 113.273912][ T7049] IPVS: stopping backup sync thread 7057 ... [ 113.341039][ T7047] hsr0 (unregistering): left promiscuous mode [ 113.503717][ T7068] pim6reg9: entered allmulticast mode [ 113.696552][ T7081] x_tables: duplicate underflow at hook 1 [ 113.710453][ T7082] x_tables: duplicate underflow at hook 1 [ 113.718078][ T7083] netlink: 4 bytes leftover after parsing attributes in process `syz.0.364'. [ 113.790240][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 113.796772][ C0] vcan0: j1939_xtp_rx_dat: no rx connection found [ 113.853085][ T7085] netlink: 'syz.4.368': attribute type 3 has an invalid length. [ 114.158753][ T7062] delete_channel: no stack [ 114.259477][ T7101] netlink: 'syz.2.373': attribute type 5 has an invalid length. [ 114.271683][ T7105] syzkaller0: entered promiscuous mode [ 114.277420][ T7105] syzkaller0: entered allmulticast mode [ 114.302975][ T7112] netlink: 4 bytes leftover after parsing attributes in process `syz.3.376'. [ 114.590512][ T7118] team0: Device ipvlan2 failed to register rx_handler [ 115.871710][ T7114] lo speed is unknown, defaulting to 1000 [ 116.289654][ T7147] netlink: 4 bytes leftover after parsing attributes in process `syz.3.388'. [ 116.554059][ T7145] pim6reg9: entered allmulticast mode [ 116.613890][ T7159] netlink: 8 bytes leftover after parsing attributes in process `syz.3.391'. [ 116.994738][ T7137] delete_channel: no stack [ 117.131858][ T7181] netlink: 4 bytes leftover after parsing attributes in process `syz.2.401'. [ 117.583870][ T7195] netlink: 'syz.0.405': attribute type 4 has an invalid length. [ 117.906367][ T7208] netlink: 'syz.2.411': attribute type 13 has an invalid length. [ 117.948433][ T7213] netlink: 'syz.2.411': attribute type 13 has an invalid length. [ 118.117070][ T7220] netlink: 'syz.2.415': attribute type 4 has an invalid length. [ 118.196851][ T7222] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 118.214443][ T7222] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 118.248996][ T7226] delete_channel: no stack [ 118.369597][ T7240] __nla_validate_parse: 5 callbacks suppressed [ 118.369617][ T7240] netlink: 4 bytes leftover after parsing attributes in process `syz.2.420'. [ 118.387328][ T7240] netdevsim netdevsim2 netdevsim2: left allmulticast mode [ 118.396209][ T7240] netdevsim netdevsim2 netdevsim2: left promiscuous mode [ 118.403665][ T7240] bridge0: port 3(netdevsim2) entered disabled state [ 118.418535][ T7240] bridge_slave_1: left allmulticast mode [ 118.424514][ T7240] bridge_slave_1: left promiscuous mode [ 118.441973][ T7240] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.457864][ T7240] bridge_slave_0: left allmulticast mode [ 118.463543][ T7240] bridge_slave_0: left promiscuous mode [ 118.474672][ T7240] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.545772][ T7243] netlink: 4 bytes leftover after parsing attributes in process `syz.4.421'. [ 118.803639][ T7259] netlink: 28 bytes leftover after parsing attributes in process `syz.1.425'. [ 118.820396][ T7259] netlink: 28 bytes leftover after parsing attributes in process `syz.1.425'. [ 118.829830][ T7259] netlink: 'syz.1.425': attribute type 4 has an invalid length. [ 119.040580][ T7272] netlink: 4 bytes leftover after parsing attributes in process `syz.2.430'. [ 119.147979][ T7283] netlink: 4 bytes leftover after parsing attributes in process `syz.3.432'. [ 119.297185][ T7288] netlink: 'syz.2.435': attribute type 3 has an invalid length. [ 119.316213][ T7288] netlink: 8 bytes leftover after parsing attributes in process `syz.2.435'. [ 119.411717][ T7298] netlink: 'syz.0.439': attribute type 3 has an invalid length. [ 119.458587][ T7300] netlink: 28 bytes leftover after parsing attributes in process `syz.3.440'. [ 119.484601][ T7300] netlink: 28 bytes leftover after parsing attributes in process `syz.3.440'. [ 119.493673][ T7300] netlink: 'syz.3.440': attribute type 4 has an invalid length. [ 119.660521][ T7312] lo speed is unknown, defaulting to 1000 [ 119.758572][ T7322] tipc: Started in network mode [ 119.763565][ T7322] tipc: Node identity aaaaaaaaaa3, cluster identity 4711 [ 119.771572][ T7322] tipc: Enabled bearer , priority 10 [ 119.774709][ T7264] delete_channel: no stack [ 119.790945][ T7321] netlink: 4 bytes leftover after parsing attributes in process `syz.0.445'. [ 120.558560][ T7353] lo speed is unknown, defaulting to 1000 [ 120.705748][ T7356] netlink: 'syz.3.454': attribute type 4 has an invalid length. [ 120.884602][ T10] tipc: Node number set to 10136234 [ 120.911272][ T7363] netlink: 'syz.1.456': attribute type 3 has an invalid length. [ 121.629890][ T7386] openvswitch: netlink: Multiple metadata blocks provided [ 121.690228][ T7386] netlink: 'syz.0.464': attribute type 1 has an invalid length. [ 121.706592][ T7386] netlink: 'syz.0.464': attribute type 3 has an invalid length. [ 121.872940][ T7368] delete_channel: no stack [ 122.058714][ T7405] netlink: 'syz.0.468': attribute type 4 has an invalid length. [ 122.202402][ T7410] netlink: 'syz.0.471': attribute type 4 has an invalid length. [ 122.240412][ T7412] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 122.256168][ T7410] netlink: 'syz.0.471': attribute type 4 has an invalid length. [ 122.304789][ T6858] lo speed is unknown, defaulting to 1000 [ 122.334903][ T6858] lo speed is unknown, defaulting to 1000 [ 122.355181][ T10] lo speed is unknown, defaulting to 1000 [ 122.363986][ T7412] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 122.833002][ T7434] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 122.885179][ T7434] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 122.914814][ T7433] raw_sendmsg: syz.0.479 forgot to set AF_INET. Fix it! [ 123.118318][ T6846] IPVS: starting estimator thread 0... [ 123.214483][ T7446] IPVS: using max 23 ests per chain, 55200 per kthread [ 123.417415][ T7462] __nla_validate_parse: 14 callbacks suppressed [ 123.417435][ T7462] netlink: 48 bytes leftover after parsing attributes in process `syz.1.487'. [ 123.436806][ T7464] Cannot find add_set index 3 as target [ 123.773359][ T7475] lo speed is unknown, defaulting to 1000 [ 123.804888][ T7477] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 124.026671][ T7483] netlink: 28 bytes leftover after parsing attributes in process `syz.2.494'. [ 124.070459][ T7483] netlink: 28 bytes leftover after parsing attributes in process `syz.2.494'. [ 124.181974][ T7487] FAULT_INJECTION: forcing a failure. [ 124.181974][ T7487] name failslab, interval 1, probability 0, space 0, times 0 [ 124.196700][ T7487] CPU: 0 UID: 0 PID: 7487 Comm: syz.0.496 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 124.196726][ T7487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 124.196737][ T7487] Call Trace: [ 124.196744][ T7487] [ 124.196752][ T7487] dump_stack_lvl+0x241/0x360 [ 124.196787][ T7487] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.196808][ T7487] ? __pfx__printk+0x10/0x10 [ 124.196834][ T7487] ? ref_tracker_alloc+0x332/0x490 [ 124.196857][ T7487] should_fail_ex+0x40a/0x550 [ 124.196891][ T7487] should_failslab+0xac/0x100 [ 124.196918][ T7487] ? skb_clone+0x20c/0x390 [ 124.196941][ T7487] kmem_cache_alloc_noprof+0x70/0x380 [ 124.196974][ T7487] skb_clone+0x20c/0x390 [ 124.197001][ T7487] __netlink_deliver_tap+0x3c4/0x7f0 [ 124.197038][ T7487] ? netlink_deliver_tap+0x2e/0x1b0 [ 124.197065][ T7487] netlink_deliver_tap+0x19d/0x1b0 [ 124.197095][ T7487] netlink_sendskb+0x68/0x140 [ 124.197122][ T7487] netlink_unicast+0x39d/0x990 [ 124.197144][ T7487] ? __asan_memcpy+0x40/0x70 [ 124.197172][ T7487] ? __pfx_netlink_unicast+0x10/0x10 [ 124.197207][ T7487] netlink_rcv_skb+0x294/0x480 [ 124.197236][ T7487] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 124.197267][ T7487] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 124.197317][ T7487] ? netlink_deliver_tap+0x2e/0x1b0 [ 124.197347][ T7487] netlink_unicast+0x7f6/0x990 [ 124.197380][ T7487] ? __pfx_netlink_unicast+0x10/0x10 [ 124.197404][ T7487] ? __virt_addr_valid+0x45f/0x530 [ 124.197423][ T7487] ? __phys_addr_symbol+0x2f/0x70 [ 124.197440][ T7487] ? __check_object_size+0x47a/0x730 [ 124.197471][ T7487] netlink_sendmsg+0x8de/0xcb0 [ 124.197512][ T7487] ? __pfx_netlink_sendmsg+0x10/0x10 [ 124.197545][ T7487] ? aa_sock_msg_perm+0x91/0x160 [ 124.197587][ T7487] ? __pfx_netlink_sendmsg+0x10/0x10 [ 124.197614][ T7487] __sock_sendmsg+0x221/0x270 [ 124.197645][ T7487] ____sys_sendmsg+0x53a/0x860 [ 124.197676][ T7487] ? __pfx_____sys_sendmsg+0x10/0x10 [ 124.197697][ T7487] ? __fget_files+0x2a/0x410 [ 124.197729][ T7487] ? __fget_files+0x2a/0x410 [ 124.197766][ T7487] __sys_sendmsg+0x269/0x350 [ 124.197793][ T7487] ? __pfx___sys_sendmsg+0x10/0x10 [ 124.197840][ T7487] ? do_sys_openat2+0x17a/0x1d0 [ 124.197891][ T7487] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 124.197921][ T7487] ? do_syscall_64+0x100/0x230 [ 124.197947][ T7487] ? do_syscall_64+0xb6/0x230 [ 124.197972][ T7487] do_syscall_64+0xf3/0x230 [ 124.197994][ T7487] ? clear_bhb_loop+0x35/0x90 [ 124.198021][ T7487] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.198043][ T7487] RIP: 0033:0x7fe37218d169 [ 124.198059][ T7487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.198073][ T7487] RSP: 002b:00007fe36fff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 124.198090][ T7487] RAX: ffffffffffffffda RBX: 00007fe3723a5fa0 RCX: 00007fe37218d169 [ 124.198102][ T7487] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 0000000000000004 [ 124.198112][ T7487] RBP: 00007fe36fff6090 R08: 0000000000000000 R09: 0000000000000000 [ 124.198122][ T7487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 124.198131][ T7487] R13: 0000000000000000 R14: 00007fe3723a5fa0 R15: 00007ffd292a1e28 [ 124.198156][ T7487] [ 124.570078][ T7489] netlink: 8 bytes leftover after parsing attributes in process `syz.1.497'. [ 124.697136][ T7478] netlink: zone id is out of range [ 124.725697][ T7497] netlink: 8 bytes leftover after parsing attributes in process `syz.3.501'. [ 124.741896][ T7497] netlink: 8 bytes leftover after parsing attributes in process `syz.3.501'. [ 124.754483][ T7497] netlink: 8 bytes leftover after parsing attributes in process `syz.3.501'. [ 124.763766][ T7497] netlink: 8 bytes leftover after parsing attributes in process `syz.3.501'. [ 124.773271][ T7497] netlink: 8 bytes leftover after parsing attributes in process `syz.3.501'. [ 124.782723][ T7497] netlink: 8 bytes leftover after parsing attributes in process `syz.3.501'. [ 125.362520][ T7524] ipip0: entered promiscuous mode [ 126.590540][ T7629] lo speed is unknown, defaulting to 1000 [ 126.840677][ T7639] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 126.850079][ T7639] batadv_slave_0: entered promiscuous mode [ 126.857810][ T7639] batadv_slave_0: entered allmulticast mode [ 126.921704][ T7644] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 126.933849][ T7644] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 127.243191][ T7654] bridge: RTM_NEWNEIGH with invalid ether address [ 127.323272][ T7657] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.401259][ T7658] lo speed is unknown, defaulting to 1000 [ 127.543895][ T7657] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.588116][ T7662] syzkaller1: entered promiscuous mode [ 127.597975][ T7668] FAULT_INJECTION: forcing a failure. [ 127.597975][ T7668] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 127.615082][ T7668] CPU: 0 UID: 0 PID: 7668 Comm: syz.0.531 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 127.615109][ T7668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 127.615120][ T7668] Call Trace: [ 127.615126][ T7668] [ 127.615134][ T7668] dump_stack_lvl+0x241/0x360 [ 127.615162][ T7668] ? __pfx_dump_stack_lvl+0x10/0x10 [ 127.615184][ T7668] ? __pfx__printk+0x10/0x10 [ 127.615209][ T7668] ? snprintf+0xda/0x120 [ 127.615230][ T7668] should_fail_ex+0x40a/0x550 [ 127.615263][ T7668] _copy_to_user+0x31/0xb0 [ 127.615292][ T7668] simple_read_from_buffer+0xca/0x150 [ 127.615322][ T7668] proc_fail_nth_read+0x1e9/0x250 [ 127.615369][ T7668] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 127.615416][ T7668] ? rw_verify_area+0x243/0x630 [ 127.615436][ T7668] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 127.615465][ T7668] vfs_read+0x1f8/0xb40 [ 127.615486][ T7668] ? fdget_pos+0x254/0x320 [ 127.615515][ T7668] ? __pfx___mutex_lock+0x10/0x10 [ 127.615540][ T7668] ? __pfx_vfs_read+0x10/0x10 [ 127.615569][ T7668] ? do_sys_openat2+0x17a/0x1d0 [ 127.615598][ T7668] ? __fget_files+0x2a/0x410 [ 127.615626][ T7668] ? __fget_files+0x395/0x410 [ 127.615650][ T7668] ? __fget_files+0x2a/0x410 [ 127.615685][ T7668] ksys_read+0x18f/0x2b0 [ 127.615706][ T7668] ? __pfx_ksys_read+0x10/0x10 [ 127.615726][ T7668] ? do_syscall_64+0x100/0x230 [ 127.615752][ T7668] ? do_syscall_64+0xb6/0x230 [ 127.615778][ T7668] do_syscall_64+0xf3/0x230 [ 127.615801][ T7668] ? clear_bhb_loop+0x35/0x90 [ 127.615829][ T7668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.615852][ T7668] RIP: 0033:0x7fe37218bb7c [ 127.615868][ T7668] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 127.615881][ T7668] RSP: 002b:00007fe36fff6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 127.615900][ T7668] RAX: ffffffffffffffda RBX: 00007fe3723a5fa0 RCX: 00007fe37218bb7c [ 127.615912][ T7668] RDX: 000000000000000f RSI: 00007fe36fff60a0 RDI: 0000000000000005 [ 127.615923][ T7668] RBP: 00007fe36fff6090 R08: 0000000000000000 R09: 0000000000000000 [ 127.615934][ T7668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 127.615944][ T7668] R13: 0000000000000000 R14: 00007fe3723a5fa0 R15: 00007ffd292a1e28 [ 127.615971][ T7668] [ 127.621667][ T7662] syzkaller1: entered allmulticast mode [ 127.970955][ T7657] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.021241][ T7677] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 128.056058][ T7657] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.296125][ T7692] rdma_rxe: rxe_newlink: rxe creation allowed on top of a real device only [ 128.297455][ T7657] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.324221][ T7657] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.341352][ T7657] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.362644][ T7657] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.517783][ T7697] __nla_validate_parse: 15 callbacks suppressed [ 128.517805][ T7697] netlink: 28 bytes leftover after parsing attributes in process `syz.0.538'. [ 128.580270][ T7701] ieee802154 phy0 wpan0: encryption failed: -22 [ 128.614508][ T7697] validate_nla: 4 callbacks suppressed [ 128.614526][ T7697] netlink: 'syz.0.538': attribute type 7 has an invalid length. [ 128.657412][ T7697] netlink: 'syz.0.538': attribute type 8 has an invalid length. [ 128.692305][ T7697] netlink: 4 bytes leftover after parsing attributes in process `syz.0.538'. [ 128.917867][ T7717] netlink: 4 bytes leftover after parsing attributes in process `syz.0.544'. [ 129.014416][ T7717] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 129.102405][ T7721] netlink: 4 bytes leftover after parsing attributes in process `syz.1.545'. [ 129.213610][ T7739] netlink: 4 bytes leftover after parsing attributes in process `syz.2.547'. [ 129.257084][ T7740] netlink: 'syz.3.549': attribute type 12 has an invalid length. [ 129.449321][ T7752] pim6reg1: entered promiscuous mode [ 129.464458][ T7752] pim6reg1: entered allmulticast mode [ 129.522900][ T7748] lo speed is unknown, defaulting to 1000 [ 129.609978][ T7759] netlink: 8 bytes leftover after parsing attributes in process `syz.3.555'. [ 129.732009][ T7766] xt_TCPMSS: Only works on TCP SYN packets [ 129.769448][ T7767] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 129.881391][ T7767] netlink: 40 bytes leftover after parsing attributes in process `syz.4.556'. [ 129.919670][ T7780] netlink: 4 bytes leftover after parsing attributes in process `syz.3.560'. [ 129.938049][ T7780] bridge_slave_1: left allmulticast mode [ 129.943811][ T7767] netlink: 64 bytes leftover after parsing attributes in process `syz.4.556'. [ 129.953428][ T7780] bridge_slave_1: left promiscuous mode [ 129.964042][ T7780] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.996956][ T7780] bridge_slave_0: left allmulticast mode [ 130.012770][ T7780] bridge_slave_0: left promiscuous mode [ 130.020060][ T7780] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.264420][ T7784] netlink: 'syz.0.563': attribute type 5 has an invalid length. [ 130.347810][ T7785] netlink: 'syz.0.563': attribute type 4 has an invalid length. [ 130.385280][ T7785] netlink: 'syz.0.563': attribute type 4 has an invalid length. [ 130.394068][ T10] lo speed is unknown, defaulting to 1000 [ 130.442086][ T7785] netlink: 'syz.0.563': attribute type 4 has an invalid length. [ 130.448799][ T10] lo speed is unknown, defaulting to 1000 [ 130.531400][ T7785] netlink: 'syz.0.563': attribute type 4 has an invalid length. [ 130.559754][ T7785] netlink: 'syz.0.563': attribute type 4 has an invalid length. [ 130.578312][ T7785] netlink: 'syz.0.563': attribute type 4 has an invalid length. [ 130.615061][ T7798] netlink: 3 bytes leftover after parsing attributes in process `syz.2.567'. [ 130.653479][ T7798] 0ªX¹¦À: renamed from caif0 [ 130.696305][ T7798] 0ªX¹¦À: entered allmulticast mode [ 130.714430][ T7798] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 130.991756][ T7819] lo speed is unknown, defaulting to 1000 [ 131.037448][ T7823] ip6tnl1: entered promiscuous mode [ 131.701405][ T7835] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 131.710680][ T7835] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 131.719628][ T7835] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 131.728436][ T7835] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 131.790256][ T7839] xt_ecn: cannot match TCP bits for non-tcp packets [ 132.088749][ T7857] ipt_ECN: cannot use operation on non-tcp rule [ 132.106955][ T7861] IPv6: Can't replace route, no match found [ 132.739510][ T7892] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 132.753775][ T7892] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 132.894840][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.901310][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.358700][ T7932] xt_CT: No such helper "pptp" [ 133.553335][ T7940] __nla_validate_parse: 16 callbacks suppressed [ 133.553355][ T7940] netlink: 20 bytes leftover after parsing attributes in process `syz.0.602'. [ 133.585550][ T7944] pim6reg: entered allmulticast mode [ 133.618415][ T7940] x_tables: ip_tables: bpf.1 match: invalid size 528 (kernel) != (user) 536 [ 134.087432][ T7970] lo speed is unknown, defaulting to 1000 [ 134.107825][ T7975] netlink: 8 bytes leftover after parsing attributes in process `syz.4.615'. [ 134.170424][ T7975] netlink: 32 bytes leftover after parsing attributes in process `syz.4.615'. [ 134.213243][ T7937] delete_channel: no stack [ 134.235226][ T7975] validate_nla: 65 callbacks suppressed [ 134.235245][ T7975] netlink: 'syz.4.615': attribute type 30 has an invalid length. [ 134.270954][ T7975] TCP: tcp_parse_options: Illegal window scaling value 254 > 14 received [ 134.314717][ T7983] netlink: 'syz.0.617': attribute type 21 has an invalid length. [ 134.377519][ T7983] netlink: 132 bytes leftover after parsing attributes in process `syz.0.617'. [ 134.397241][ T7983] netlink: 'syz.0.617': attribute type 21 has an invalid length. [ 134.433285][ T7983] netlink: 132 bytes leftover after parsing attributes in process `syz.0.617'. [ 134.468131][ T7994] netlink: 40 bytes leftover after parsing attributes in process `syz.2.619'. [ 134.628774][ T8000] bond0: entered promiscuous mode [ 134.651055][ T8000] bond_slave_0: entered promiscuous mode [ 134.689544][ T8000] bond_slave_1: entered promiscuous mode [ 135.092192][ T8027] netlink: 8 bytes leftover after parsing attributes in process `syz.3.626'. [ 135.128469][ T8025] bond1: entered promiscuous mode [ 135.133752][ T8025] bond1: entered allmulticast mode [ 135.140217][ T8025] 8021q: adding VLAN 0 to HW filter on device bond1 [ 135.397886][ T8047] netlink: 28 bytes leftover after parsing attributes in process `syz.4.630'. [ 135.419383][ T8047] netlink: 28 bytes leftover after parsing attributes in process `syz.4.630'. [ 135.434473][ T8047] netlink: 'syz.4.630': attribute type 4 has an invalid length. [ 135.652291][ T8050] lo speed is unknown, defaulting to 1000 [ 135.816935][ T8051] lo speed is unknown, defaulting to 1000 [ 135.889673][ T8071] netlink: 132 bytes leftover after parsing attributes in process `syz.2.634'. [ 136.817350][ T8091] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.937138][ T8081] delete_channel: no stack [ 136.996689][ T8091] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.045399][ T8099] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 137.074438][ T8099] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.155140][ T8091] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.241206][ T8103] atomic_op ffff888055cce998 conn xmit_atomic 0000000000000000 [ 137.264099][ T8099] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 137.278213][ T8099] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.338877][ T8091] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.431972][ T8099] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 137.462019][ T8099] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.533377][ T8091] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.611694][ T8099] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 137.629734][ T8099] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.661215][ T8091] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.679560][ T8091] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.700228][ T8091] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.814016][ T8099] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.834349][ T8099] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.899532][ T8099] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.915362][ T8123] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 137.934350][ T8099] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.971914][ T8099] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 138.012482][ T8099] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.052983][ T8099] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 138.071362][ T8099] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.202149][ T8132] syzkaller1: entered promiscuous mode [ 138.213546][ T8132] syzkaller1: entered allmulticast mode [ 138.498829][ T8159] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 138.548565][ T8149] team0 (unregistering): Port device C removed [ 138.593996][ T8149] team0 (unregistering): Port device team_slave_1 removed [ 138.618785][ T8149] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.626343][ T8149] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.792433][ T8149] team0 (unregistering): Port device bridge0 removed [ 138.870575][ T8162] netlink: 'syz.1.663': attribute type 12 has an invalid length. [ 138.879428][ T8163] veth1_to_bridge: entered allmulticast mode [ 138.919514][ T8161] __nla_validate_parse: 8 callbacks suppressed [ 138.919532][ T8161] netlink: 8 bytes leftover after parsing attributes in process `syz.2.664'. [ 139.000039][ T8177] netlink: 52 bytes leftover after parsing attributes in process `syz.1.668'. [ 139.029301][ T8177] netlink: 28 bytes leftover after parsing attributes in process `syz.1.668'. [ 139.047782][ T8177] xt_TPROXY: Can be used only with -p tcp or -p udp [ 139.061213][ T8177] batman_adv: batadv0: Adding interface: dummy0 [ 139.067870][ T8177] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.098826][ T8177] batman_adv: batadv0: Interface activated: dummy0 [ 139.130122][ T8179] netlink: 1256 bytes leftover after parsing attributes in process `syz.2.669'. [ 139.140618][ T8179] openvswitch: netlink: Unexpected mask (mask=4, allowed=10048) [ 139.151876][ T8177] batadv0: mtu less than device minimum [ 139.165942][ T8177] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 139.178846][ T8177] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 139.191159][ T8177] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 139.203809][ T8177] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 139.216333][ T8177] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 139.228872][ T8177] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 139.241450][ T8177] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 139.326642][ T8187] netlink: 8 bytes leftover after parsing attributes in process `syz.0.671'. [ 139.465405][ T8197] bridge0: port 3(dummy0) entered blocking state [ 139.471953][ T8197] bridge0: port 3(dummy0) entered disabled state [ 139.479498][ T8197] dummy0: entered allmulticast mode [ 139.486630][ T8197] dummy0: entered promiscuous mode [ 139.492448][ T8197] bridge0: port 3(dummy0) entered blocking state [ 139.499747][ T8197] bridge0: port 3(dummy0) entered forwarding state [ 139.548455][ T8197] netlink: 3696 bytes leftover after parsing attributes in process `syz.0.674'. [ 139.561578][ T8197] netlink: 3696 bytes leftover after parsing attributes in process `syz.0.674'. [ 139.591848][ T8203] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 139.601029][ T8203] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 139.609936][ T8203] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 139.618760][ T8203] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 139.665917][ T8203] team0: Port device vxlan0 added [ 139.860300][ T8218] netlink: 32 bytes leftover after parsing attributes in process `syz.2.680'. [ 140.025023][ T8222] netlink: 'syz.2.681': attribute type 2 has an invalid length. [ 140.053127][ T8213] netlink: 332 bytes leftover after parsing attributes in process `syz.0.679'. [ 140.063662][ T8213] netlink: 104 bytes leftover after parsing attributes in process `syz.0.679'. [ 140.179461][ T8226] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 140.196005][ T8226] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 140.357895][ T8237] gre0: entered promiscuous mode [ 140.363042][ T8237] gre0: entered allmulticast mode [ 140.372952][ T8238] xt_l2tp: v2 sid > 0xffff: 4294967293 [ 140.736058][ T6859] IPVS: starting estimator thread 0... [ 140.834878][ T8262] IPVS: using max 20 ests per chain, 48000 per kthread [ 141.166565][ T8281] tc_dump_action: action bad kind [ 141.664963][ T8296] netlink: 'syz.0.698': attribute type 6 has an invalid length. [ 141.731020][ T8298] xt_hashlimit: size too large, truncated to 1048576 [ 141.786039][ T8273] delete_channel: no stack [ 142.181981][ T8317] netlink: 'syz.0.703': attribute type 39 has an invalid length. [ 142.219582][ T8319] netlink: 'syz.3.705': attribute type 7 has an invalid length. [ 142.330597][ T8321] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.437093][ T8321] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.547091][ T8329] dvmrp1: entered allmulticast mode [ 142.665247][ T8321] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.700918][ T8323] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 142.716878][ T8323] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 142.796228][ T8321] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.907105][ T8321] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.952843][ T8321] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.955930][ T8346] netlink: 'syz.2.712': attribute type 1 has an invalid length. [ 142.988111][ T8321] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.004913][ T8321] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.095584][ T8349] bond3: (slave gretap2): making interface the new active one [ 143.185322][ T8349] bond3: (slave gretap2): Enslaving as an active interface with an up link [ 143.468487][ T8361] ax25_connect(): syz.0.718 uses autobind, please contact jreuter@yaina.de [ 143.612923][ T8361] lo speed is unknown, defaulting to 1000 [ 143.647116][ T8365] IPVS: set_ctl: invalid protocol: 44 255.255.255.255:20000 [ 143.895510][ T6849] IPVS: starting estimator thread 0... [ 144.005912][ T8375] IPVS: using max 23 ests per chain, 55200 per kthread [ 144.105941][ T8382] __nla_validate_parse: 15 callbacks suppressed [ 144.105960][ T8382] netlink: 8 bytes leftover after parsing attributes in process `syz.1.725'. [ 144.491765][ T8391] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 144.514373][ T8391] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 144.548966][ T8392] sctp: [Deprecated]: syz.4.721 (pid 8392) Use of struct sctp_assoc_value in delayed_ack socket option. [ 144.548966][ T8392] Use struct sctp_sack_info instead [ 144.733141][ T8373] delete_channel: no stack [ 144.908065][ T8401] netlink: 8 bytes leftover after parsing attributes in process `syz.4.728'. [ 145.036086][ T8408] netlink: 'syz.2.731': attribute type 4 has an invalid length. [ 145.168975][ T8413] veth1_macvtap: left promiscuous mode [ 145.183532][ T8413] macsec0: entered promiscuous mode [ 145.189353][ T8413] macsec0: entered allmulticast mode [ 145.259755][ T8416] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 145.280596][ T8418] tipc: Trying to set illegal importance in message [ 145.313957][ T8413] veth1_macvtap: entered promiscuous mode [ 145.327957][ T8413] veth1_macvtap: entered allmulticast mode [ 145.343262][ T8413] macsec0: left promiscuous mode [ 145.370958][ T8413] macsec0: left allmulticast mode [ 145.390456][ T8413] veth1_macvtap: left allmulticast mode [ 145.444044][ T8416] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 145.593893][ T8416] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 145.637888][ T8431] lo speed is unknown, defaulting to 1000 [ 145.695223][ T8416] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 145.820621][ T8416] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 145.896803][ T8416] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 145.908943][ T8440] netlink: 64 bytes leftover after parsing attributes in process `syz.0.740'. [ 145.940057][ T8416] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 145.971313][ T8439] delete_channel: no stack [ 145.982138][ T8442] netlink: 100 bytes leftover after parsing attributes in process `syz.3.737'. [ 146.016264][ T8416] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 146.224451][ T8450] netlink: 'syz.0.742': attribute type 27 has an invalid length. [ 146.242825][ T8450] bond0: left promiscuous mode [ 146.288132][ T8450] bond_slave_0: left promiscuous mode [ 146.293720][ T8450] bond_slave_1: left promiscuous mode [ 146.325816][ T8450] 8021q: adding VLAN 0 to HW filter on device bond0 [ 146.339964][ T8453] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6 [ 146.409742][ T8450] net_ratelimit: 14 callbacks suppressed [ 146.409754][ T8450] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 146.433053][ T6859] lo speed is unknown, defaulting to 1000 [ 146.439176][ T6859] lo speed is unknown, defaulting to 1000 [ 146.584562][ T8459] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 146.614440][ T8459] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 146.628620][ T8461] lo speed is unknown, defaulting to 1000 [ 147.071778][ T8471] x_tables: duplicate underflow at hook 2 [ 147.982412][ T8492] netlink: 20 bytes leftover after parsing attributes in process `syz.3.753'. [ 147.991951][ T8492] netlink: 12 bytes leftover after parsing attributes in process `syz.3.753'. [ 148.294044][ T8508] netlink: 20 bytes leftover after parsing attributes in process `syz.0.758'. [ 148.324152][ T8508] netlink: 20 bytes leftover after parsing attributes in process `syz.0.758'. [ 148.375999][ T8506] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 148.386864][ T8506] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 148.500577][ T8521] (unnamed net_device) (uninitialized): option arp_interval: mode dependency failed, not supported in mode 802.3ad(4) [ 148.652578][ T8526] No such timeout policy "syz0" [ 148.791908][ T8528] netlink: 8 bytes leftover after parsing attributes in process `syz.0.765'. [ 149.017136][ T8542] netlink: 4 bytes leftover after parsing attributes in process `syz.3.767'. [ 149.333148][ T8563] netlink: 28 bytes leftover after parsing attributes in process `syz.2.773'. [ 149.354914][ T8563] netlink: 28 bytes leftover after parsing attributes in process `syz.2.773'. [ 149.356138][ T8564] netlink: 'syz.0.772': attribute type 1 has an invalid length. [ 149.365005][ T8563] netlink: 'syz.2.773': attribute type 4 has an invalid length. [ 149.421841][ T8564] bond1: entered promiscuous mode [ 149.450191][ T8564] 8021q: adding VLAN 0 to HW filter on device bond1 [ 149.472064][ T8571] netlink: 8 bytes leftover after parsing attributes in process `syz.1.774'. [ 149.523780][ T8567] 8021q: adding VLAN 0 to HW filter on device bond1 [ 149.532625][ T8567] bond1: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 149.545482][ T8567] bond1: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 149.562345][ T8567] bond1: (slave ip6gre1): making interface the new active one [ 149.570651][ T8567] ip6gre1: entered promiscuous mode [ 149.577713][ T8567] bond1: (slave ip6gre1): Enslaving as an active interface with an up link [ 149.625751][ T8577] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.634558][ T8577] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.821250][ T8586] netlink: 'syz.2.777': attribute type 1 has an invalid length. [ 149.888645][ T8586] netlink: 8 bytes leftover after parsing attributes in process `syz.2.777'. [ 149.909153][ T8586] bond4: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 150.138366][ T8605] netlink: 24 bytes leftover after parsing attributes in process `syz.3.783'. [ 150.339158][ T8609] netlink: 'syz.2.785': attribute type 4 has an invalid length. [ 150.363690][ T8613] netlink: 8 bytes leftover after parsing attributes in process `syz.1.786'. [ 150.651930][ T8626] netlink: 'syz.0.792': attribute type 3 has an invalid length. [ 150.685539][ T8626] netlink: 8 bytes leftover after parsing attributes in process `syz.0.792'. [ 150.843893][ T8639] netlink: 4 bytes leftover after parsing attributes in process `syz.4.797'. [ 150.964808][ T5849] Bluetooth: hci4: command 0x0405 tx timeout [ 151.153367][ T8644] netlink: 'syz.2.799': attribute type 1 has an invalid length. [ 152.165255][ T8662] netlink: 12 bytes leftover after parsing attributes in process `syz.0.801'. [ 152.178079][ T8662] netlink: 'syz.0.801': attribute type 1 has an invalid length. [ 152.190336][ T8662] netlink: 'syz.0.801': attribute type 2 has an invalid length. [ 152.202197][ T8662] netlink: 80 bytes leftover after parsing attributes in process `syz.0.801'. [ 152.355595][ T8687] netlink: 'syz.2.812': attribute type 10 has an invalid length. [ 152.391408][ T8687] netlink: 'syz.2.812': attribute type 10 has an invalid length. [ 152.413083][ T8687] team0: entered promiscuous mode [ 152.428958][ T8687] team_slave_0: entered promiscuous mode [ 152.445489][ T8687] team_slave_1: entered promiscuous mode [ 152.463571][ T8687] vxlan0: entered promiscuous mode [ 152.483948][ T8687] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.818952][ T8704] netlink: 'syz.4.817': attribute type 1 has an invalid length. [ 152.837654][ T8673] delete_channel: no stack [ 152.869894][ T8704] 8021q: adding VLAN 0 to HW filter on device bond1 [ 153.046294][ T8706] bond1: (slave gretap1): making interface the new active one [ 153.067438][ T8706] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 153.204467][ T5849] Bluetooth: hci4: command 0x0405 tx timeout [ 153.513563][ T8735] netlink: 'syz.4.826': attribute type 4 has an invalid length. [ 153.700711][ T8743] netlink: 'syz.3.825': attribute type 16 has an invalid length. [ 153.752248][ T8743] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 154.142041][ T8758] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 154.153647][ T8758] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 154.810298][ T8783] __nla_validate_parse: 12 callbacks suppressed [ 154.810318][ T8783] netlink: 4 bytes leftover after parsing attributes in process `syz.1.841'. [ 154.816648][ T8785] netlink: 4 bytes leftover after parsing attributes in process `syz.3.842'. [ 155.094588][ T8795] netlink: 21 bytes leftover after parsing attributes in process `syz.4.844'. [ 155.145336][ T8795] gretap0: entered promiscuous mode [ 155.243013][ T8798] DRBG: could not allocate CTR cipher TFM handle: ctr(aes) [ 155.325187][ T8799] DRBG: could not allocate CTR cipher TFM handle: ctr(aes) [ 155.730401][ T8822] netlink: 28 bytes leftover after parsing attributes in process `syz.3.848'. [ 156.113412][ T8842] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 156.123974][ T8842] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 156.140829][ T8843] netlink: 8 bytes leftover after parsing attributes in process `syz.0.854'. [ 156.214976][ T8847] netlink: 8 bytes leftover after parsing attributes in process `syz.0.854'. [ 156.524637][ T8856] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 4, id = 0 [ 156.775928][ T8866] netlink: 24 bytes leftover after parsing attributes in process `syz.4.861'. [ 156.808543][ T8864] netlink: 8 bytes leftover after parsing attributes in process `syz.0.860'. [ 156.892585][ T8871] netlink: 24 bytes leftover after parsing attributes in process `syz.4.861'. [ 156.910808][ T8864] vlan2: entered allmulticast mode [ 156.974728][ T8864] bond0: entered allmulticast mode [ 156.979898][ T8864] bond_slave_0: entered allmulticast mode [ 156.995499][ T8871] workqueue: Failed to create a rescuer kthread for wq "nbd64-recv": -EINTR [ 156.997905][ T8871] block (null): Could not allocate knbd recv work queue. [ 157.014567][ T8864] bond_slave_1: entered allmulticast mode [ 157.028655][ T8864] bond0: left allmulticast mode [ 157.034696][ T8871] nbd: failed to add new device [ 157.060808][ T8864] bond_slave_0: left allmulticast mode [ 157.083983][ T8864] bond_slave_1: left allmulticast mode [ 157.216329][ T8885] netlink: 4 bytes leftover after parsing attributes in process `syz.1.865'. [ 157.900009][ T8923] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 157.918880][ T8923] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 157.948519][ T8922] lo speed is unknown, defaulting to 1000 [ 158.935942][ T8951] nbd: couldn't find device at index 0 [ 159.276782][ T8927] delete_channel: no stack [ 159.376777][ T8964] x_tables: duplicate underflow at hook 2 [ 159.693019][ T8983] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 159.730632][ T8983] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 160.419235][ T9006] validate_nla: 1 callbacks suppressed [ 160.419252][ T9006] netlink: 'syz.1.898': attribute type 32 has an invalid length. [ 160.457045][ T9006] __nla_validate_parse: 6 callbacks suppressed [ 160.457062][ T9006] netlink: 8 bytes leftover after parsing attributes in process `syz.1.898'. [ 160.478364][ T9006] (unnamed net_device) (uninitialized): Setting coupled_control to off (0) [ 160.693039][ T9018] 8021q: adding VLAN 0 to HW filter on device bond2 [ 160.701280][ T9025] netlink: 4 bytes leftover after parsing attributes in process `syz.4.901'. [ 160.712291][ T9023] netlink: 'syz.1.905': attribute type 4 has an invalid length. [ 160.945117][ T9032] netlink: 'syz.0.908': attribute type 11 has an invalid length. [ 161.024362][ T9036] netlink: 'syz.1.909': attribute type 4 has an invalid length. [ 161.292422][ T9054] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 161.318010][ T9054] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 161.692094][ T9077] netlink: 4 bytes leftover after parsing attributes in process `syz.1.920'. [ 161.745259][ T9080] netlink: 'syz.4.921': attribute type 1 has an invalid length. [ 161.763559][ T9080] netlink: 4 bytes leftover after parsing attributes in process `syz.4.921'. [ 161.793253][ T9080] netlink: 12 bytes leftover after parsing attributes in process `syz.4.921'. [ 162.140946][ T9096] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 162.200065][ T9101] netlink: 'syz.0.930': attribute type 3 has an invalid length. [ 162.208418][ T9101] netlink: 4 bytes leftover after parsing attributes in process `syz.0.930'. [ 162.259187][ T9103] netlink: 3 bytes leftover after parsing attributes in process `syz.1.931'. [ 162.298881][ T9103] batadv1: entered promiscuous mode [ 162.306820][ T9103] batadv1: entered allmulticast mode [ 162.335332][ T9096] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 162.404182][ T9113] netlink: 4 bytes leftover after parsing attributes in process `syz.0.933'. [ 162.432215][ T9096] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 162.456168][ T9115] netlink: 48 bytes leftover after parsing attributes in process `syz.1.931'. [ 162.541743][ T9118] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96 [ 162.557325][ T9096] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 162.579303][ T9118] lo speed is unknown, defaulting to 1000 [ 162.590070][ T9118] lo speed is unknown, defaulting to 1000 [ 162.598369][ T9118] lo speed is unknown, defaulting to 1000 [ 162.614754][ T9120] netlink: 20 bytes leftover after parsing attributes in process `syz.3.936'. [ 162.617860][ T9118] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 162.654132][ T9118] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 162.685664][ T9118] lo speed is unknown, defaulting to 1000 [ 162.706350][ T9096] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.724943][ T9118] lo speed is unknown, defaulting to 1000 [ 162.745833][ T9096] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.755671][ T9118] lo speed is unknown, defaulting to 1000 [ 162.763406][ T9118] lo speed is unknown, defaulting to 1000 [ 162.781614][ T9118] lo speed is unknown, defaulting to 1000 [ 162.796473][ T9096] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.812709][ T9096] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.937803][ T9131] Bluetooth: hci0: Opcode 0x0c20 failed: -22 [ 162.949886][ T9135] netlink: 'syz.3.942': attribute type 4 has an invalid length. [ 162.968710][ T9131] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 163.126636][ T9148] tipc: Enabling of bearer rejected, failed to enable media [ 163.155586][ T9148] tipc: Enabling of bearer rejected, failed to enable media [ 163.795631][ T9185] lo speed is unknown, defaulting to 1000 [ 164.005510][ T9185] lo speed is unknown, defaulting to 1000 [ 164.467248][ T9198] infiniband syz1: set active [ 164.511184][ T9198] infiniband syz1: added team_slave_0 [ 164.519382][ T9198] syz1: rxe_create_cq: returned err = -12 [ 164.525713][ T9198] infiniband syz1: Couldn't create ib_mad CQ [ 164.531898][ T9198] infiniband syz1: Couldn't open port 1 [ 164.566845][ T9198] RDS/IB: syz1: added [ 164.570949][ T9198] smc: adding ib device syz1 with port count 1 [ 164.578226][ T9198] smc: ib device syz1 port 1 has pnetid [ 165.035194][ T9230] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 165.046101][ T9230] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 165.556930][ T9243] __nla_validate_parse: 5 callbacks suppressed [ 165.556950][ T9243] netlink: 8 bytes leftover after parsing attributes in process `syz.4.972'. [ 165.618330][ T9243] netlink: 44 bytes leftover after parsing attributes in process `syz.4.972'. [ 165.781807][ T9247] lo speed is unknown, defaulting to 1000 [ 165.929734][ T9247] lo speed is unknown, defaulting to 1000 [ 166.062655][ T9254] netlink: 'syz.3.974': attribute type 4 has an invalid length. [ 166.123295][ T9258] netlink: 'syz.3.974': attribute type 4 has an invalid length. [ 166.240560][ T9257] netlink: 4 bytes leftover after parsing attributes in process `syz.0.975'. [ 194.337568][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 201.528778][ T5849] Bluetooth: hci3: command 0x0406 tx timeout [ 201.534960][ T5836] Bluetooth: hci2: command 0x0406 tx timeout [ 201.535655][ T5148] Bluetooth: hci1: command 0x0406 tx timeout [ 210.938217][ T9276] veth0_to_bond: entered promiscuous mode [ 210.970857][ T9273] dummy0: entered promiscuous mode [ 210.986040][ T9273] dummy0: entered allmulticast mode [ 211.038411][ T9279] syzkaller1: entered promiscuous mode [ 211.068605][ T9279] syzkaller1: entered allmulticast mode [ 211.352154][ T9294] netlink: 'syz.4.983': attribute type 16 has an invalid length. [ 211.385960][ T9294] netlink: 'syz.4.983': attribute type 17 has an invalid length. [ 211.412336][ T9294] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.419573][ T9294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.427252][ T9294] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.434446][ T9294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.449480][ T9294] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 211.468938][ T6859] lo speed is unknown, defaulting to 1000 [ 211.637048][ T9303] netlink: 5 bytes leftover after parsing attributes in process `syz.1.986'. [ 211.653506][ T9303] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 211.939272][ T9307] lo speed is unknown, defaulting to 1000 [ 212.243603][ T9318] netlink: 4 bytes leftover after parsing attributes in process `syz.4.989'. [ 212.403706][ T9307] lo speed is unknown, defaulting to 1000 [ 212.637168][ T9310] siw: device registration error -23 [ 212.783398][ T9334] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 4, id = 0 [ 213.430017][ T9355] x_tables: duplicate underflow at hook 3 [ 213.471173][ T9355] x_tables: duplicate underflow at hook 3 [ 213.527832][ T9358] delete_channel: no stack [ 213.644389][ T9333] delete_channel: no stack [ 213.655942][ T9365] IPVS: Error connecting to the multicast addr [ 213.720021][ T9368] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1003'. [ 213.768334][ T9368] netlink: 'syz.2.1003': attribute type 1 has an invalid length. [ 214.221323][ T9387] netlink: 404 bytes leftover after parsing attributes in process `syz.1.1011'. [ 214.267165][ T9387] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1011'. [ 214.283856][ T9387] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1011'. [ 214.299103][ T9387] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1011'. [ 214.357252][ T9392] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1014'. [ 214.373455][ T9387] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1011'. [ 214.441090][ T9399] netlink: 'syz.4.1013': attribute type 16 has an invalid length. [ 214.450549][ T9399] netlink: 'syz.4.1013': attribute type 17 has an invalid length. [ 214.461427][ T9405] openvswitch: netlink: Missing key (keys=40, expected=100) [ 214.606211][ T9399] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 214.798978][ T9420] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1017'. [ 214.910321][ T9423] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 214.984903][ T9423] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 215.077592][ T9435] gre0: left promiscuous mode [ 215.082336][ T9435] gre0: left allmulticast mode [ 215.197632][ T9435] batman_adv: batadv0: Interface deactivated: dummy0 [ 215.476324][ T9435] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 215.500511][ T9452] No such timeout policy "syz0" [ 215.508335][ T9452] dccp_invalid_packet: P.Data Offset(0) too small [ 215.516549][ T9435] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 215.570928][ T9435] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.579597][ T9435] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.588056][ T9435] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.596824][ T9435] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.650549][ T9436] IPVS: Unknown mcast interface: vcan0 [ 215.728308][ T9456] lo speed is unknown, defaulting to 1000 [ 215.976916][ T9464] netlink: 'syz.0.1028': attribute type 4 has an invalid length. [ 216.043116][ T9456] lo speed is unknown, defaulting to 1000 [ 216.507218][ T9487] lo speed is unknown, defaulting to 1000 [ 216.688465][ T9487] lo speed is unknown, defaulting to 1000 [ 216.976810][ T9504] lo speed is unknown, defaulting to 1000 [ 217.124822][ T9509] __nla_validate_parse: 4 callbacks suppressed [ 217.124841][ T9509] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1039'. [ 217.294952][ T9504] lo speed is unknown, defaulting to 1000 [ 217.705414][ T9529] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1044'. [ 217.731320][ T9529] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1044'. [ 217.801705][ T9529] bridge0: entered promiscuous mode [ 218.835020][ T9546] IPVS: Unknown mcast interface: vcan0 [ 218.958154][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 218.973234][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 218.985217][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 218.994950][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 219.002726][ T5840] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 219.012055][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 219.071692][ T9550] lo speed is unknown, defaulting to 1000 [ 219.241311][ T9550] lo speed is unknown, defaulting to 1000 [ 219.316103][ T9555] Bluetooth: MGMT ver 1.23 [ 219.320931][ T9554] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 219.417342][ T9541] delete_channel: no stack [ 219.608495][ T9550] chnl_net:caif_netlink_parms(): no params data found [ 219.686087][ T9572] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1057'. [ 219.710093][ T9568] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 219.733735][ T9568] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 219.764725][ T9550] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.771946][ T9550] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.780037][ T9550] bridge_slave_0: entered allmulticast mode [ 219.787715][ T9550] bridge_slave_0: entered promiscuous mode [ 219.801179][ T9577] ip6tnl3: entered promiscuous mode [ 219.811074][ T9550] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.818626][ T9550] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.826010][ T9550] bridge_slave_1: entered allmulticast mode [ 219.832899][ T9550] bridge_slave_1: entered promiscuous mode [ 219.886606][ T9550] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.903579][ T9550] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.988933][ T9550] team0: Port device team_slave_0 added [ 219.998360][ T9550] team0: Port device team_slave_1 added [ 220.032802][ T9589] tipc: Started in network mode [ 220.039295][ T9589] tipc: Node identity fee00000000000000079940000000001, cluster identity 4711 [ 220.048762][ T9589] tipc: Enabling of bearer rejected, failed to enable media [ 220.072696][ T9550] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 220.079882][ T9550] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 220.113691][ T9550] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 220.128167][ T9550] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 220.135963][ T9550] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 220.162455][ T9550] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 220.247682][ T9594] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1063'. [ 220.277801][ T9550] hsr_slave_0: entered promiscuous mode [ 220.294934][ T9550] hsr_slave_1: entered promiscuous mode [ 220.302595][ T9550] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 220.311132][ T9550] Cannot create hsr debugfs directory [ 220.469689][ T9601] netlink: 'syz.0.1062': attribute type 16 has an invalid length. [ 220.477707][ T9601] netlink: 'syz.0.1062': attribute type 17 has an invalid length. [ 220.506144][ T9601] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 220.579047][ T9550] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 220.602936][ T9550] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.675101][ T9608] IPVS: Error connecting to the multicast addr [ 220.929521][ T9550] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 220.941189][ T9550] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.374300][ T5838] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 221.411832][ T9614] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1067'. [ 221.471295][ T9550] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 221.482929][ T9550] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.495938][ T9611] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 221.591022][ T9550] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 221.602185][ T9550] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 221.667938][ T9624] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1072'. [ 221.793856][ T9550] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 221.804169][ T9550] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 221.822192][ T9550] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 221.839202][ T9550] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 221.920224][ T9628] lo speed is unknown, defaulting to 1000 [ 221.953641][ T9550] 8021q: adding VLAN 0 to HW filter on device bond0 [ 221.979904][ T9550] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.992593][ T54] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.999761][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.022088][ T7582] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.029263][ T7582] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.273171][ T9628] lo speed is unknown, defaulting to 1000 [ 222.339320][ T9550] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 222.712000][ T9655] FAULT_INJECTION: forcing a failure. [ 222.712000][ T9655] name failslab, interval 1, probability 0, space 0, times 0 [ 222.737705][ T9655] CPU: 0 UID: 0 PID: 9655 Comm: syz.2.1078 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 222.737738][ T9655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 222.737752][ T9655] Call Trace: [ 222.737759][ T9655] [ 222.737768][ T9655] dump_stack_lvl+0x241/0x360 [ 222.737810][ T9655] ? __pfx_dump_stack_lvl+0x10/0x10 [ 222.737833][ T9655] ? __pfx__printk+0x10/0x10 [ 222.737856][ T9655] ? kmem_cache_alloc_noprof+0x48/0x380 [ 222.737886][ T9655] ? __pfx___might_resched+0x10/0x10 [ 222.737920][ T9655] should_fail_ex+0x40a/0x550 [ 222.737956][ T9655] should_failslab+0xac/0x100 [ 222.737985][ T9655] ? skb_clone+0x20c/0x390 [ 222.738010][ T9655] kmem_cache_alloc_noprof+0x70/0x380 [ 222.738043][ T9655] skb_clone+0x20c/0x390 [ 222.738072][ T9655] nfnetlink_rcv+0x575/0x2ab0 [ 222.738102][ T9655] ? __pfx_validate_chain+0x10/0x10 [ 222.738136][ T9655] ? mark_lock+0x9a/0x360 [ 222.738153][ T9655] ? __pfx_validate_chain+0x10/0x10 [ 222.738177][ T9655] ? __lock_acquire+0x1397/0x2100 [ 222.738216][ T9655] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 222.738270][ T9655] ? __lock_acquire+0x1397/0x2100 [ 222.738335][ T9655] ? __pfx_lock_release+0x10/0x10 [ 222.738367][ T9655] ? netlink_deliver_tap+0x2e/0x1b0 [ 222.738398][ T9655] ? __pfx_lock_release+0x10/0x10 [ 222.738441][ T9655] ? netlink_deliver_tap+0x2e/0x1b0 [ 222.738473][ T9655] netlink_unicast+0x7f6/0x990 [ 222.738510][ T9655] ? __pfx_netlink_unicast+0x10/0x10 [ 222.738536][ T9655] ? __virt_addr_valid+0x45f/0x530 [ 222.738558][ T9655] ? __phys_addr_symbol+0x2f/0x70 [ 222.738578][ T9655] ? __check_object_size+0x47a/0x730 [ 222.738612][ T9655] netlink_sendmsg+0x8de/0xcb0 [ 222.738656][ T9655] ? __pfx_netlink_sendmsg+0x10/0x10 [ 222.738693][ T9655] ? aa_sock_msg_perm+0x91/0x160 [ 222.738732][ T9655] ? __pfx_netlink_sendmsg+0x10/0x10 [ 222.738762][ T9655] __sock_sendmsg+0x221/0x270 [ 222.738796][ T9655] ____sys_sendmsg+0x53a/0x860 [ 222.738830][ T9655] ? __pfx_____sys_sendmsg+0x10/0x10 [ 222.738853][ T9655] ? __fget_files+0x2a/0x410 [ 222.738888][ T9655] ? __fget_files+0x2a/0x410 [ 222.738927][ T9655] __sys_sendmsg+0x269/0x350 [ 222.738957][ T9655] ? __pfx___sys_sendmsg+0x10/0x10 [ 222.738997][ T9655] ? do_sys_openat2+0x17a/0x1d0 [ 222.739056][ T9655] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 222.739098][ T9655] ? do_syscall_64+0x100/0x230 [ 222.739129][ T9655] ? do_syscall_64+0xb6/0x230 [ 222.739160][ T9655] do_syscall_64+0xf3/0x230 [ 222.739187][ T9655] ? clear_bhb_loop+0x35/0x90 [ 222.739222][ T9655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.739250][ T9655] RIP: 0033:0x7f027d18d169 [ 222.739276][ T9655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.739294][ T9655] RSP: 002b:00007f027e01f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 222.739324][ T9655] RAX: ffffffffffffffda RBX: 00007f027d3a5fa0 RCX: 00007f027d18d169 [ 222.739340][ T9655] RDX: 0000000000000000 RSI: 00004000000000c0 RDI: 0000000000000003 [ 222.739354][ T9655] RBP: 00007f027e01f090 R08: 0000000000000000 R09: 0000000000000000 [ 222.739366][ T9655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 222.739379][ T9655] R13: 0000000000000000 R14: 00007f027d3a5fa0 R15: 00007ffcfc77d318 [ 222.739410][ T9655] [ 223.197739][ T9656] team0 (unregistering): Port device team_slave_0 removed [ 223.208851][ T9656] team0 (unregistering): Port device team_slave_1 removed [ 223.270885][ T9550] veth0_vlan: entered promiscuous mode [ 223.283322][ T9550] veth1_vlan: entered promiscuous mode [ 223.316929][ T9666] IPVS: Error connecting to the multicast addr [ 223.341331][ T9550] veth0_macvtap: entered promiscuous mode [ 223.350297][ T9550] veth1_macvtap: entered promiscuous mode [ 223.367294][ T9550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 223.377824][ T9550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.388795][ T9550] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 223.398268][ T9550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.409609][ T9550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.419900][ T9550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.430714][ T9550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.440848][ T9550] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 223.453349][ T9550] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 223.472772][ T9550] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 223.520529][ T9550] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.546210][ T9550] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.555846][ T9550] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.565418][ T9550] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.679458][ T9669] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 223.730861][ T7562] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.756012][ T7562] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 223.812658][ T7582] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.831570][ T7582] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.182976][ T9680] netlink: 'syz.1.1084': attribute type 3 has an invalid length. [ 224.185820][ T9679] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1083'. [ 224.356129][ T9682] lo speed is unknown, defaulting to 1000 [ 224.390129][ T9679] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1083'. [ 224.391523][ T9684] delete_channel: no stack [ 224.410251][ T9679] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1083'. [ 224.426086][ T9684] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1085'. [ 224.449136][ T9685] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 0, id = 0 [ 224.545669][ T9690] syzkaller1: entered promiscuous mode [ 224.551810][ T9690] syzkaller1: entered allmulticast mode [ 224.670015][ T9682] lo speed is unknown, defaulting to 1000 [ 224.909905][ T9703] bond0: (slave bond_slave_0): Releasing backup interface [ 224.928620][ T9706] netlink: 408 bytes leftover after parsing attributes in process `syz.0.1091'. [ 224.948063][ T9703] bond0: (slave bond_slave_1): Releasing backup interface [ 224.971161][ T9703] team0: Port device team_slave_0 removed [ 224.982540][ T9708] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1091'. [ 224.985365][ T9703] team0: Port device team_slave_1 removed [ 224.998402][ T9703] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 225.007367][ T9703] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 225.014933][ T9703] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 225.038260][ T9707] team0: Mode changed to "loadbalance" [ 225.256332][ T9713] IPVS: Error connecting to the multicast addr [ 225.292603][ T9715] lo speed is unknown, defaulting to 1000 [ 225.306762][ T9719] FAULT_INJECTION: forcing a failure. [ 225.306762][ T9719] name failslab, interval 1, probability 0, space 0, times 0 [ 225.320672][ T9719] CPU: 1 UID: 0 PID: 9719 Comm: syz.2.1095 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 225.320699][ T9719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 225.320711][ T9719] Call Trace: [ 225.320718][ T9719] [ 225.320726][ T9719] dump_stack_lvl+0x241/0x360 [ 225.320755][ T9719] ? __pfx_dump_stack_lvl+0x10/0x10 [ 225.320776][ T9719] ? __pfx__printk+0x10/0x10 [ 225.320798][ T9719] ? __kmalloc_noprof+0xb5/0x4c0 [ 225.320826][ T9719] ? __pfx___might_resched+0x10/0x10 [ 225.320857][ T9719] should_fail_ex+0x40a/0x550 [ 225.320890][ T9719] should_failslab+0xac/0x100 [ 225.320927][ T9719] __kmalloc_noprof+0xdd/0x4c0 [ 225.320953][ T9719] ? nla_strdup+0x9c/0x140 [ 225.320971][ T9719] ? __kasan_kmalloc+0x98/0xb0 [ 225.320998][ T9719] nla_strdup+0x9c/0x140 [ 225.321022][ T9719] nf_tables_newtable+0x59b/0x1e10 [ 225.321056][ T9719] ? nfnl_pernet+0x23/0x240 [ 225.321084][ T9719] ? __pfx_nf_tables_newtable+0x10/0x10 [ 225.321123][ T9719] ? __nla_parse+0x40/0x60 [ 225.321147][ T9719] nfnetlink_rcv+0x14e3/0x2ab0 [ 225.321168][ T9719] ? __pfx_validate_chain+0x10/0x10 [ 225.321217][ T9719] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 225.321249][ T9719] ? __lock_acquire+0x1397/0x2100 [ 225.321308][ T9719] ? netlink_deliver_tap+0x2e/0x1b0 [ 225.321337][ T9719] ? __pfx_lock_release+0x10/0x10 [ 225.321382][ T9719] ? netlink_deliver_tap+0x2e/0x1b0 [ 225.321415][ T9719] netlink_unicast+0x7f6/0x990 [ 225.321450][ T9719] ? __pfx_netlink_unicast+0x10/0x10 [ 225.321476][ T9719] ? __virt_addr_valid+0x45f/0x530 [ 225.321496][ T9719] ? __phys_addr_symbol+0x2f/0x70 [ 225.321514][ T9719] ? __check_object_size+0x47a/0x730 [ 225.321547][ T9719] netlink_sendmsg+0x8de/0xcb0 [ 225.321590][ T9719] ? __pfx_netlink_sendmsg+0x10/0x10 [ 225.321625][ T9719] ? aa_sock_msg_perm+0x91/0x160 [ 225.321666][ T9719] ? __pfx_netlink_sendmsg+0x10/0x10 [ 225.321693][ T9719] __sock_sendmsg+0x221/0x270 [ 225.321726][ T9719] ____sys_sendmsg+0x53a/0x860 [ 225.321758][ T9719] ? __pfx_____sys_sendmsg+0x10/0x10 [ 225.321779][ T9719] ? __fget_files+0x2a/0x410 [ 225.321811][ T9719] ? __fget_files+0x2a/0x410 [ 225.321848][ T9719] __sys_sendmsg+0x269/0x350 [ 225.321878][ T9719] ? __pfx___sys_sendmsg+0x10/0x10 [ 225.321923][ T9719] ? do_sys_openat2+0x17a/0x1d0 [ 225.321981][ T9719] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 225.322013][ T9719] ? do_syscall_64+0x100/0x230 [ 225.322062][ T9719] ? do_syscall_64+0xb6/0x230 [ 225.322094][ T9719] do_syscall_64+0xf3/0x230 [ 225.322121][ T9719] ? clear_bhb_loop+0x35/0x90 [ 225.322155][ T9719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.322184][ T9719] RIP: 0033:0x7f027d18d169 [ 225.322203][ T9719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.322221][ T9719] RSP: 002b:00007f027e01f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 225.322244][ T9719] RAX: ffffffffffffffda RBX: 00007f027d3a5fa0 RCX: 00007f027d18d169 [ 225.322260][ T9719] RDX: 0000000000000000 RSI: 00004000000000c0 RDI: 0000000000000003 [ 225.322272][ T9719] RBP: 00007f027e01f090 R08: 0000000000000000 R09: 0000000000000000 [ 225.322286][ T9719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 225.322297][ T9719] R13: 0000000000000000 R14: 00007f027d3a5fa0 R15: 00007ffcfc77d318 [ 225.322329][ T9719] [ 225.739639][ T9715] lo speed is unknown, defaulting to 1000 [ 225.764393][ T5838] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 225.931204][ T9724] netlink: 'syz.2.1096': attribute type 10 has an invalid length. [ 226.018968][ T9729] netlink: 'syz.1.1097': attribute type 3 has an invalid length. [ 226.273390][ T9734] ipt_ECN: cannot use operation on non-tcp rule [ 226.281317][ T9736] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1099'. [ 226.465263][ T9743] syzkaller0: entered allmulticast mode [ 226.513913][ T9743] syzkaller0 (unregistering): left allmulticast mode [ 226.918987][ T7582] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.108032][ T7582] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.317254][ T7582] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.472839][ T7582] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.625679][ T9777] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1109'. [ 227.659020][ T9783] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1108'. [ 227.761044][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 227.790809][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 227.799068][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 227.808388][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 227.819765][ T5840] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 227.828445][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 229.561856][ T9798] mac80211_hwsim hwsim3 wlan0: entered promiscuous mode [ 229.573287][ T9798] macsec2: entered promiscuous mode [ 229.582227][ T9798] macsec2: entered allmulticast mode [ 229.591032][ T9798] mac80211_hwsim hwsim3 wlan0: entered allmulticast mode [ 229.699356][ T9786] lo speed is unknown, defaulting to 1000 [ 229.924934][ T5838] Bluetooth: hci0: command tx timeout [ 229.981901][ T9786] lo speed is unknown, defaulting to 1000 [ 229.982234][ T7582] bridge_slave_1: left allmulticast mode [ 229.993694][ T7582] bridge_slave_1: left promiscuous mode [ 230.000947][ T7582] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.024937][ T7582] bridge_slave_0: left allmulticast mode [ 230.030638][ T7582] bridge_slave_0: left promiscuous mode [ 230.038059][ T7582] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.590123][ T7582] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 230.602265][ T7582] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 230.612817][ T7582] bond0 (unregistering): Released all slaves [ 230.686607][ T9836] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 230.714490][ T9836] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 230.798937][ T9830] syzkaller0: entered promiscuous mode [ 230.820443][ T9830] syzkaller0: entered allmulticast mode [ 230.906561][ T9826] lo speed is unknown, defaulting to 1000 [ 231.159359][ T9847] can: request_module (can-proto-5) failed. [ 231.378226][ T9855] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1124'. [ 231.385568][ T9861] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1123'. [ 232.009087][ T5840] Bluetooth: hci0: command tx timeout [ 232.760541][ T9826] lo speed is unknown, defaulting to 1000 [ 232.761133][ T9853] veth1_to_bond: entered allmulticast mode [ 232.782202][ T9856] veth1_to_bond: entered promiscuous mode [ 232.812908][ T9860] veth1_to_bond: left promiscuous mode [ 232.818953][ T9860] veth1_to_bond: left allmulticast mode [ 232.825974][ T9861] dummy0: Device is already in use. [ 232.953888][ T9867] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1125'. [ 232.974408][ T9867] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1125'. [ 233.008178][ T9867] netlink: 332 bytes leftover after parsing attributes in process `syz.1.1125'. [ 233.400072][ T9786] chnl_net:caif_netlink_parms(): no params data found [ 233.756024][ T9901] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 233.782537][ T9901] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 234.084316][ T5840] Bluetooth: hci0: command 0x040f tx timeout [ 234.301284][ T9786] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.338590][ T9786] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.391332][ T9786] bridge_slave_0: entered allmulticast mode [ 234.414128][ T9786] bridge_slave_0: entered promiscuous mode [ 234.489702][ T7582] hsr_slave_0: left promiscuous mode [ 234.613894][ T7582] hsr_slave_1: left promiscuous mode [ 234.633967][ T7582] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 234.662023][ T7582] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 234.712109][ T7582] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 234.725116][ T7582] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 234.767797][ T7582] veth1_macvtap: left promiscuous mode [ 234.773981][ T7582] veth0_macvtap: left promiscuous mode [ 234.780350][ T7582] veth1_vlan: left promiscuous mode [ 234.787374][ T7582] veth0_vlan: left promiscuous mode [ 234.840962][ T9921] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1136'. [ 235.287005][ T9930] netlink: 'syz.1.1138': attribute type 16 has an invalid length. [ 235.295517][ T9930] netlink: 'syz.1.1138': attribute type 17 has an invalid length. [ 235.359451][ T7582] team0 (unregistering): Port device team_slave_1 removed [ 235.408965][ T7582] team0 (unregistering): Port device team_slave_0 removed [ 235.863391][ T9786] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.872066][ T9786] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.879802][ T9786] bridge_slave_1: entered allmulticast mode [ 235.891254][ T9786] bridge_slave_1: entered promiscuous mode [ 235.934684][ T9930] 8021q: adding VLAN 0 to HW filter on device bond0 [ 235.941937][ T9930] batman_adv: batadv0: Interface activated: dummy0 [ 235.949657][ T9930] batadv0: mtu less than device minimum [ 235.958063][ T9930] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 235.969682][ T9930] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 235.982343][ T9930] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 235.995055][ T9930] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 236.006850][ T9930] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 236.018804][ T9930] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 236.030970][ T9930] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 236.042912][ T9930] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 236.055026][ T9930] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 236.158031][ T9786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 236.167456][ T5838] Bluetooth: hci0: command 0x040f tx timeout [ 236.216441][ T9786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 236.223401][ T9918] netlink: 'syz.3.1136': attribute type 1 has an invalid length. [ 236.233737][ T9918] netlink: 'syz.3.1136': attribute type 3 has an invalid length. [ 236.250736][ T9918] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1136'. [ 236.321226][ T9786] team0: Port device team_slave_0 added [ 236.357891][ T9786] team0: Port device team_slave_1 added [ 236.371985][ T9933] delete_channel: no stack [ 236.465203][ T9939] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1141'. [ 236.502632][ T9786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 236.510405][ T9786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 236.552674][ T9786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 236.582807][ T9786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 236.601842][ T9786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 236.602132][ T9941] netlink: 'syz.3.1140': attribute type 16 has an invalid length. [ 236.643049][ T9786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 236.684028][ T9941] netlink: 'syz.3.1140': attribute type 17 has an invalid length. [ 236.860788][ T9786] hsr_slave_0: entered promiscuous mode [ 236.885812][ T9786] hsr_slave_1: entered promiscuous mode [ 236.894543][ T9786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 236.910309][ T9786] Cannot create hsr debugfs directory [ 236.922583][ T9954] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1143'. [ 236.934361][ T9954] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1143'. [ 236.943661][ T9954] netlink: 'syz.1.1143': attribute type 4 has an invalid length. [ 236.952733][ T9959] IPVS: Error connecting to the multicast addr [ 237.185707][ T9968] netlink: 'syz.0.1144': attribute type 16 has an invalid length. [ 237.214519][ T9968] netlink: 'syz.0.1144': attribute type 17 has an invalid length. [ 237.325108][ T9970] Bluetooth: MGMT ver 1.23 [ 237.357893][ T9967] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 238.015161][ T9981] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1149'. [ 239.454733][ T5838] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 239.494022][ T9981] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 239.515048][ T9981] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 239.714941][ T9786] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 239.744683][ T9786] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 239.764700][ T9786] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 239.808620][ T9786] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 239.866396][T10005] Bluetooth: MGMT ver 1.23 [ 239.875136][T10006] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 239.893038][T10006] batman_adv: batadv0: Adding interface: ip6gretap1 [ 239.900743][T10006] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.940988][T10006] batman_adv: batadv0: Interface activated: ip6gretap1 [ 240.055562][T10013] netlink: 'syz.2.1156': attribute type 16 has an invalid length. [ 240.215738][T10013] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.373220][ T9786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.480635][ T9786] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.521510][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.528682][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.615439][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.622614][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.170836][T10043] validate_nla: 1 callbacks suppressed [ 241.170854][T10043] netlink: 'syz.1.1160': attribute type 16 has an invalid length. [ 241.192002][T10043] netlink: 'syz.1.1160': attribute type 17 has an invalid length. [ 241.221046][T10043] net_ratelimit: 14 callbacks suppressed [ 241.221059][T10043] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 241.410456][T10048] IPVS: Unknown mcast interface: vcan0 [ 241.438642][ T9786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 241.870482][T10062] netlink: 'syz.3.1166': attribute type 3 has an invalid length. [ 241.890523][T10059] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 242.207699][T10074] vlan2: entered allmulticast mode [ 242.315009][ T9786] veth0_vlan: entered promiscuous mode [ 242.356887][ T9786] veth1_vlan: entered promiscuous mode [ 242.429498][ T9786] veth0_macvtap: entered promiscuous mode [ 242.456712][ T9786] veth1_macvtap: entered promiscuous mode [ 242.503853][ T9786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 242.554483][ T9786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.586578][ T9786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 242.709715][ T9786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.749287][ T9786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.773271][ T9786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.790947][ T9786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.810419][ T9786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 242.843062][ T9786] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.872589][ T9786] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.895187][ T9786] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.903926][ T9786] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.978039][T10091] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1173'. [ 242.999980][T10091] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1173'. [ 243.010439][T10091] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1173'. [ 243.178072][T10097] IPVS: Unknown mcast interface: vcan0 [ 243.186241][ T7562] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.203604][ T7562] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.235708][T10093] delete_channel: no stack [ 243.301484][ T7582] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.340032][ T7582] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.879852][T10118] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.903376][T10122] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 243.926929][ T5838] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 243.938520][T10121] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 243.955425][T10102] ================================================================== [ 243.963514][T10102] BUG: KASAN: slab-use-after-free in skb_queue_purge_reason+0xb9/0x500 [ 243.971770][T10102] Read of size 8 at addr ffff88805a399858 by task syz.0.1174/10102 [ 243.979661][T10102] [ 243.982002][T10102] CPU: 0 UID: 0 PID: 10102 Comm: syz.0.1174 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 243.982026][T10102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 243.982039][T10102] Call Trace: [ 243.982046][T10102] [ 243.982054][T10102] dump_stack_lvl+0x241/0x360 [ 243.982081][T10102] ? __pfx_dump_stack_lvl+0x10/0x10 [ 243.982103][T10102] ? __pfx__printk+0x10/0x10 [ 243.982132][T10102] ? _printk+0xd5/0x120 [ 243.982149][T10102] ? __virt_addr_valid+0x183/0x530 [ 243.982167][T10102] ? __virt_addr_valid+0x183/0x530 [ 243.982184][T10102] print_report+0x16e/0x5b0 [ 243.982207][T10102] ? __virt_addr_valid+0x183/0x530 [ 243.982224][T10102] ? __virt_addr_valid+0x183/0x530 [ 243.982240][T10102] ? __virt_addr_valid+0x45f/0x530 [ 243.982257][T10102] ? __phys_addr+0xba/0x170 [ 243.982274][T10102] ? skb_queue_purge_reason+0xb9/0x500 [ 243.982303][T10102] kasan_report+0x143/0x180 [ 243.982326][T10102] ? skb_queue_purge_reason+0xb9/0x500 [ 243.982357][T10102] skb_queue_purge_reason+0xb9/0x500 [ 243.982388][T10102] ? __mutex_unlock_slowpath+0x227/0x800 [ 243.982413][T10102] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 243.982448][T10102] ? drain_workqueue+0x2d3/0x3a0 [ 243.982475][T10102] ? hci_conn_hash_flush+0x1da/0x240 [ 243.982520][T10102] vhci_flush+0x44/0x50 [ 243.982567][T10102] ? __pfx_vhci_flush+0x10/0x10 [ 243.982599][T10102] hci_dev_reset+0x42a/0x5d0 [ 243.982629][T10102] sock_do_ioctl+0x158/0x460 [ 243.982662][T10102] ? __pfx_sock_do_ioctl+0x10/0x10 [ 243.982702][T10102] sock_ioctl+0x626/0x8e0 [ 243.982731][T10102] ? __pfx_sock_ioctl+0x10/0x10 [ 243.982759][T10102] ? __fget_files+0x2a/0x410 [ 243.982792][T10102] ? __fget_files+0x2a/0x410 [ 243.982826][T10102] ? __pfx_sock_ioctl+0x10/0x10 [ 243.982854][T10102] __se_sys_ioctl+0xf5/0x170 [ 243.982888][T10102] do_syscall_64+0xf3/0x230 [ 243.982916][T10102] ? clear_bhb_loop+0x35/0x90 [ 243.982954][T10102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.982985][T10102] RIP: 0033:0x7fe37218d169 [ 243.983003][T10102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.983022][T10102] RSP: 002b:00007fe36fb91038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 243.983045][T10102] RAX: ffffffffffffffda RBX: 00007fe3723a6240 RCX: 00007fe37218d169 [ 243.983062][T10102] RDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000009 [ 243.983075][T10102] RBP: 00007fe37220e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 243.983088][T10102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 243.983101][T10102] R13: 0000000000000000 R14: 00007fe3723a6240 R15: 00007ffd292a1e28 [ 243.983125][T10102] [ 243.983133][T10102] [ 244.248743][T10102] Allocated by task 9786: [ 244.253066][T10102] kasan_save_track+0x3f/0x80 [ 244.257748][T10102] __kasan_kmalloc+0x98/0xb0 [ 244.262334][T10102] __kmalloc_cache_noprof+0x243/0x390 [ 244.267710][T10102] vhci_open+0x57/0x360 [ 244.271878][T10102] misc_open+0x2cc/0x340 [ 244.276129][T10102] chrdev_open+0x521/0x600 [ 244.280540][T10102] do_dentry_open+0xdec/0x1960 [ 244.285323][T10102] vfs_open+0x3b/0x370 [ 244.289409][T10102] path_openat+0x2c81/0x3590 [ 244.294012][T10102] do_filp_open+0x27f/0x4e0 [ 244.298514][T10102] do_sys_openat2+0x13e/0x1d0 [ 244.303207][T10102] __x64_sys_openat+0x247/0x2a0 [ 244.308076][T10102] do_syscall_64+0xf3/0x230 [ 244.312591][T10102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.318497][T10102] [ 244.320907][T10102] Freed by task 9786: [ 244.324884][T10102] kasan_save_track+0x3f/0x80 [ 244.329572][T10102] kasan_save_free_info+0x40/0x50 [ 244.334600][T10102] __kasan_slab_free+0x59/0x70 [ 244.339356][T10102] kfree+0x196/0x430 [ 244.343253][T10102] vhci_release+0xbc/0xd0 [ 244.347593][T10102] __fput+0x3e9/0x9f0 [ 244.351584][T10102] task_work_run+0x24f/0x310 [ 244.356168][T10102] do_exit+0xa2a/0x28e0 [ 244.360324][T10102] do_group_exit+0x207/0x2c0 [ 244.364921][T10102] __x64_sys_exit_group+0x3f/0x40 [ 244.369954][T10102] x64_sys_call+0x26a8/0x26b0 [ 244.374625][T10102] do_syscall_64+0xf3/0x230 [ 244.379125][T10102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.385019][T10102] [ 244.387337][T10102] The buggy address belongs to the object at ffff88805a399800 [ 244.387337][T10102] which belongs to the cache kmalloc-1k of size 1024 [ 244.401378][T10102] The buggy address is located 88 bytes inside of [ 244.401378][T10102] freed 1024-byte region [ffff88805a399800, ffff88805a399c00) [ 244.415171][T10102] [ 244.417492][T10102] The buggy address belongs to the physical page: [ 244.423897][T10102] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5a398 [ 244.432664][T10102] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 244.441161][T10102] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 244.449146][T10102] page_type: f5(slab) [ 244.453129][T10102] raw: 00fff00000000040 ffff88801b041dc0 0000000000000000 dead000000000001 [ 244.461711][T10102] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 244.470287][T10102] head: 00fff00000000040 ffff88801b041dc0 0000000000000000 dead000000000001 [ 244.478948][T10102] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 244.487609][T10102] head: 00fff00000000003 ffffea000168e601 ffffffffffffffff 0000000000000000 [ 244.496273][T10102] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 244.504949][T10102] page dumped because: kasan: bad access detected [ 244.511369][T10102] page_owner tracks the page as allocated [ 244.517081][T10102] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5021, tgid 5021 (kworker/u8:8), ts 82927057350, free_ts 23287700050 [ 244.536384][T10102] post_alloc_hook+0x1f4/0x240 [ 244.541156][T10102] get_page_from_freelist+0x365c/0x37a0 [ 244.546703][T10102] __alloc_frozen_pages_noprof+0x292/0x710 [ 244.552536][T10102] alloc_pages_mpol+0x311/0x660 [ 244.557393][T10102] allocate_slab+0x8f/0x3a0 [ 244.561896][T10102] ___slab_alloc+0xc27/0x14a0 [ 244.566576][T10102] __slab_alloc+0x58/0xa0 [ 244.570897][T10102] __kmalloc_noprof+0x2e6/0x4c0 [ 244.575747][T10102] ieee802_11_parse_elems_full+0x166/0x2ef0 [ 244.581654][T10102] ieee80211_inform_bss+0x15f/0x10d0 [ 244.586939][T10102] cfg80211_inform_single_bss_data+0xf5d/0x1ed0 [ 244.593176][T10102] cfg80211_inform_bss_data+0x3c3/0x5820 [ 244.598806][T10102] cfg80211_inform_bss_frame_data+0x3bb/0x720 [ 244.604877][T10102] ieee80211_bss_info_update+0x8a7/0xbc0 [ 244.610510][T10102] ieee80211_ibss_rx_queued_mgmt+0x1993/0x2e00 [ 244.616661][T10102] ieee80211_iface_work+0x933/0x1100 [ 244.621941][T10102] page last free pid 1 tgid 1 stack trace: [ 244.627732][T10102] free_frozen_pages+0xe0d/0x10e0 [ 244.632753][T10102] free_contig_range+0x14c/0x430 [ 244.637696][T10102] destroy_args+0x94/0x4b0 [ 244.642108][T10102] debug_vm_pgtable+0x551/0x590 [ 244.646956][T10102] do_one_initcall+0x248/0x930 [ 244.651711][T10102] do_initcall_level+0x157/0x210 [ 244.656643][T10102] do_initcalls+0x71/0xd0 [ 244.660969][T10102] kernel_init_freeable+0x435/0x5d0 [ 244.666164][T10102] kernel_init+0x1d/0x2b0 [ 244.670491][T10102] ret_from_fork+0x4b/0x80 [ 244.674903][T10102] ret_from_fork_asm+0x1a/0x30 [ 244.679664][T10102] [ 244.681978][T10102] Memory state around the buggy address: [ 244.687612][T10102] ffff88805a399700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 244.695670][T10102] ffff88805a399780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 244.703738][T10102] >ffff88805a399800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 244.711798][T10102] ^ [ 244.718725][T10102] ffff88805a399880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 244.726788][T10102] ffff88805a399900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 244.734843][T10102] ================================================================== [ 244.754360][T10118] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.852786][T10118] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.883471][T10127] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 244.894322][T10127] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 244.913973][T10102] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 244.921217][T10102] CPU: 0 UID: 0 PID: 10102 Comm: syz.0.1174 Not tainted 6.14.0-rc6-syzkaller-01216-gbfc6c67ec2d6 #0 [ 244.931977][T10102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 244.942035][T10102] Call Trace: [ 244.945341][T10102] [ 244.948270][T10102] dump_stack_lvl+0x241/0x360 [ 244.952951][T10102] ? __pfx_dump_stack_lvl+0x10/0x10 [ 244.958153][T10102] ? __pfx__printk+0x10/0x10 [ 244.962741][T10102] ? preempt_schedule+0xe1/0xf0 [ 244.967645][T10102] ? vscnprintf+0x5d/0x90 [ 244.971991][T10102] panic+0x349/0x880 [ 244.975887][T10102] ? check_panic_on_warn+0x21/0xb0 [ 244.981009][T10102] ? __pfx_panic+0x10/0x10 [ 244.985432][T10102] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 244.991429][T10102] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 244.997774][T10102] ? print_report+0x519/0x5b0 [ 245.002462][T10102] check_panic_on_warn+0x86/0xb0 [ 245.007425][T10102] ? skb_queue_purge_reason+0xb9/0x500 [ 245.012894][T10102] end_report+0x77/0x160 [ 245.017149][T10102] kasan_report+0x154/0x180 [ 245.021664][T10102] ? skb_queue_purge_reason+0xb9/0x500 [ 245.027141][T10102] skb_queue_purge_reason+0xb9/0x500 [ 245.032441][T10102] ? __mutex_unlock_slowpath+0x227/0x800 [ 245.038095][T10102] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 245.043991][T10102] ? drain_workqueue+0x2d3/0x3a0 [ 245.048929][T10102] ? hci_conn_hash_flush+0x1da/0x240 [ 245.054223][T10102] vhci_flush+0x44/0x50 [ 245.058388][T10102] ? __pfx_vhci_flush+0x10/0x10 [ 245.063244][T10102] hci_dev_reset+0x42a/0x5d0 [ 245.067848][T10102] sock_do_ioctl+0x158/0x460 [ 245.072452][T10102] ? __pfx_sock_do_ioctl+0x10/0x10 [ 245.077597][T10102] sock_ioctl+0x626/0x8e0 [ 245.081954][T10102] ? __pfx_sock_ioctl+0x10/0x10 [ 245.086825][T10102] ? __fget_files+0x2a/0x410 [ 245.091423][T10102] ? __fget_files+0x2a/0x410 [ 245.096051][T10102] ? __pfx_sock_ioctl+0x10/0x10 [ 245.100919][T10102] __se_sys_ioctl+0xf5/0x170 [ 245.105521][T10102] do_syscall_64+0xf3/0x230 [ 245.110044][T10102] ? clear_bhb_loop+0x35/0x90 [ 245.114729][T10102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.120624][T10102] RIP: 0033:0x7fe37218d169 [ 245.125052][T10102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 245.144675][T10102] RSP: 002b:00007fe36fb91038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 245.153102][T10102] RAX: ffffffffffffffda RBX: 00007fe3723a6240 RCX: 00007fe37218d169 [ 245.161101][T10102] RDX: 0000000000000000 RSI: 00000000400448cb RDI: 0000000000000009 [ 245.169084][T10102] RBP: 00007fe37220e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 245.177063][T10102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 245.185037][T10102] R13: 0000000000000000 R14: 00007fe3723a6240 R15: 00007ffd292a1e28 [ 245.193026][T10102] [ 245.196442][T10102] Kernel Offset: disabled [ 245.200778][T10102] Rebooting in 86400 seconds..