last executing test programs: 1m35.438690321s ago: executing program 1 (id=1408): r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r0, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="1c00000000000000100100000d"], 0x68}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newsa={0x150, 0x10, 0x413, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@empty, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x3, 0x0, 0x0, 0x8000}, {0x2, 0x0, 0x4}, {0x1}, 0x0, 0x0, 0xa, 0x1}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "25cac5216d1c8af0a976902918bf448c5d9f5459"}}]}, 0x150}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58) r4 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000100)={0x20000014}) connect$unix(r6, &(0x7f0000000240)=@abs, 0x6e) r7 = accept(r3, 0x0, 0x0) r8 = socket$rds(0x15, 0x5, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) unshare(0x8040480) r9 = epoll_create1(0x0) ioctl$FS_IOC_SETFLAGS(r9, 0x40088a01, &(0x7f0000000000)) setsockopt$SO_RDS_TRANSPORT(r8, 0x114, 0x8, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet6(r7, &(0x7f0000002180)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000540)="291f4607208c52023d9f90c087e562f10810d82c38748f8faf41bfd5881033ca3a440fcde810d52983a5892a9086f8fad4136ee1394018af7b4a1dc1c1fe9518304668e5534437492774f4a945d7b157096b5318d5952b8e3fdead674f06e2e8ca9e578e655e0ecf1fc16770a05ce2adbe6252c4c577f7cff8fff0275d865692a21d7d0729b60a49c0fb6f2e97312639fad7ecd135bf31953bfbed7804dcb596c339c7ef2b8db41077d91e7d04f8162bc6632677bfb90fdedd", 0xb9}, {&(0x7f0000000600)="9804cb64109ac2d104edc6c32ccdc005ad666358251f13dc65aa3a9746ce0acb913333cee78ddc54160fdbfa7b061d4bd66a40be0cc1ff4646454e81d43132b8174c42e1631701", 0x47}, {&(0x7f00000006c0)="8c", 0x1}], 0x3}}], 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22}, 0x1c) syz_emit_ethernet(0x42, &(0x7f00000000c0)=ANY=[@ANYBLOB="e10000000053e8000000000086dd600164ca000c110020010000000000000000000000000000fe8000000000000000000000000000aa00000e22"], 0x0) 1m18.179498227s ago: executing program 1 (id=1408): r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r0, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="1c00000000000000100100000d"], 0x68}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newsa={0x150, 0x10, 0x413, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@empty, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x3, 0x0, 0x0, 0x8000}, {0x2, 0x0, 0x4}, {0x1}, 0x0, 0x0, 0xa, 0x1}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "25cac5216d1c8af0a976902918bf448c5d9f5459"}}]}, 0x150}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58) r4 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000100)={0x20000014}) connect$unix(r6, &(0x7f0000000240)=@abs, 0x6e) r7 = accept(r3, 0x0, 0x0) r8 = socket$rds(0x15, 0x5, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) unshare(0x8040480) r9 = epoll_create1(0x0) ioctl$FS_IOC_SETFLAGS(r9, 0x40088a01, &(0x7f0000000000)) setsockopt$SO_RDS_TRANSPORT(r8, 0x114, 0x8, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet6(r7, &(0x7f0000002180)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000540)="291f4607208c52023d9f90c087e562f10810d82c38748f8faf41bfd5881033ca3a440fcde810d52983a5892a9086f8fad4136ee1394018af7b4a1dc1c1fe9518304668e5534437492774f4a945d7b157096b5318d5952b8e3fdead674f06e2e8ca9e578e655e0ecf1fc16770a05ce2adbe6252c4c577f7cff8fff0275d865692a21d7d0729b60a49c0fb6f2e97312639fad7ecd135bf31953bfbed7804dcb596c339c7ef2b8db41077d91e7d04f8162bc6632677bfb90fdedd", 0xb9}, {&(0x7f0000000600)="9804cb64109ac2d104edc6c32ccdc005ad666358251f13dc65aa3a9746ce0acb913333cee78ddc54160fdbfa7b061d4bd66a40be0cc1ff4646454e81d43132b8174c42e1631701", 0x47}, {&(0x7f00000006c0)="8c", 0x1}], 0x3}}], 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22}, 0x1c) syz_emit_ethernet(0x42, &(0x7f00000000c0)=ANY=[@ANYBLOB="e10000000053e8000000000086dd600164ca000c110020010000000000000000000000000000fe8000000000000000000000000000aa00000e22"], 0x0) 1m0.197401632s ago: executing program 1 (id=1408): r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r0, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="1c00000000000000100100000d"], 0x68}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newsa={0x150, 0x10, 0x413, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@empty, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x3, 0x0, 0x0, 0x8000}, {0x2, 0x0, 0x4}, {0x1}, 0x0, 0x0, 0xa, 0x1}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "25cac5216d1c8af0a976902918bf448c5d9f5459"}}]}, 0x150}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58) r4 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000100)={0x20000014}) connect$unix(r6, &(0x7f0000000240)=@abs, 0x6e) r7 = accept(r3, 0x0, 0x0) r8 = socket$rds(0x15, 0x5, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) unshare(0x8040480) r9 = epoll_create1(0x0) ioctl$FS_IOC_SETFLAGS(r9, 0x40088a01, &(0x7f0000000000)) setsockopt$SO_RDS_TRANSPORT(r8, 0x114, 0x8, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet6(r7, &(0x7f0000002180)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000540)="291f4607208c52023d9f90c087e562f10810d82c38748f8faf41bfd5881033ca3a440fcde810d52983a5892a9086f8fad4136ee1394018af7b4a1dc1c1fe9518304668e5534437492774f4a945d7b157096b5318d5952b8e3fdead674f06e2e8ca9e578e655e0ecf1fc16770a05ce2adbe6252c4c577f7cff8fff0275d865692a21d7d0729b60a49c0fb6f2e97312639fad7ecd135bf31953bfbed7804dcb596c339c7ef2b8db41077d91e7d04f8162bc6632677bfb90fdedd", 0xb9}, {&(0x7f0000000600)="9804cb64109ac2d104edc6c32ccdc005ad666358251f13dc65aa3a9746ce0acb913333cee78ddc54160fdbfa7b061d4bd66a40be0cc1ff4646454e81d43132b8174c42e1631701", 0x47}, {&(0x7f00000006c0)="8c", 0x1}], 0x3}}], 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22}, 0x1c) syz_emit_ethernet(0x42, &(0x7f00000000c0)=ANY=[@ANYBLOB="e10000000053e8000000000086dd600164ca000c110020010000000000000000000000000000fe8000000000000000000000000000aa00000e22"], 0x0) 38.162813945s ago: executing program 1 (id=1408): r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r0, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="1c00000000000000100100000d"], 0x68}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newsa={0x150, 0x10, 0x413, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@empty, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x3, 0x0, 0x0, 0x8000}, {0x2, 0x0, 0x4}, {0x1}, 0x0, 0x0, 0xa, 0x1}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "25cac5216d1c8af0a976902918bf448c5d9f5459"}}]}, 0x150}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58) r4 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000100)={0x20000014}) connect$unix(r6, &(0x7f0000000240)=@abs, 0x6e) r7 = accept(r3, 0x0, 0x0) r8 = socket$rds(0x15, 0x5, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) unshare(0x8040480) r9 = epoll_create1(0x0) ioctl$FS_IOC_SETFLAGS(r9, 0x40088a01, &(0x7f0000000000)) setsockopt$SO_RDS_TRANSPORT(r8, 0x114, 0x8, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet6(r7, &(0x7f0000002180)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000540)="291f4607208c52023d9f90c087e562f10810d82c38748f8faf41bfd5881033ca3a440fcde810d52983a5892a9086f8fad4136ee1394018af7b4a1dc1c1fe9518304668e5534437492774f4a945d7b157096b5318d5952b8e3fdead674f06e2e8ca9e578e655e0ecf1fc16770a05ce2adbe6252c4c577f7cff8fff0275d865692a21d7d0729b60a49c0fb6f2e97312639fad7ecd135bf31953bfbed7804dcb596c339c7ef2b8db41077d91e7d04f8162bc6632677bfb90fdedd", 0xb9}, {&(0x7f0000000600)="9804cb64109ac2d104edc6c32ccdc005ad666358251f13dc65aa3a9746ce0acb913333cee78ddc54160fdbfa7b061d4bd66a40be0cc1ff4646454e81d43132b8174c42e1631701", 0x47}, {&(0x7f00000006c0)="8c", 0x1}], 0x3}}], 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22}, 0x1c) syz_emit_ethernet(0x42, &(0x7f00000000c0)=ANY=[@ANYBLOB="e10000000053e8000000000086dd600164ca000c110020010000000000000000000000000000fe8000000000000000000000000000aa00000e22"], 0x0) 22.616389707s ago: executing program 1 (id=1408): r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r0, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="1c00000000000000100100000d"], 0x68}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newsa={0x150, 0x10, 0x413, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@empty, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x3, 0x0, 0x0, 0x8000}, {0x2, 0x0, 0x4}, {0x1}, 0x0, 0x0, 0xa, 0x1}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "25cac5216d1c8af0a976902918bf448c5d9f5459"}}]}, 0x150}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58) r4 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000100)={0x20000014}) connect$unix(r6, &(0x7f0000000240)=@abs, 0x6e) r7 = accept(r3, 0x0, 0x0) r8 = socket$rds(0x15, 0x5, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) unshare(0x8040480) r9 = epoll_create1(0x0) ioctl$FS_IOC_SETFLAGS(r9, 0x40088a01, &(0x7f0000000000)) setsockopt$SO_RDS_TRANSPORT(r8, 0x114, 0x8, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet6(r7, &(0x7f0000002180)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000540)="291f4607208c52023d9f90c087e562f10810d82c38748f8faf41bfd5881033ca3a440fcde810d52983a5892a9086f8fad4136ee1394018af7b4a1dc1c1fe9518304668e5534437492774f4a945d7b157096b5318d5952b8e3fdead674f06e2e8ca9e578e655e0ecf1fc16770a05ce2adbe6252c4c577f7cff8fff0275d865692a21d7d0729b60a49c0fb6f2e97312639fad7ecd135bf31953bfbed7804dcb596c339c7ef2b8db41077d91e7d04f8162bc6632677bfb90fdedd", 0xb9}, {&(0x7f0000000600)="9804cb64109ac2d104edc6c32ccdc005ad666358251f13dc65aa3a9746ce0acb913333cee78ddc54160fdbfa7b061d4bd66a40be0cc1ff4646454e81d43132b8174c42e1631701", 0x47}, {&(0x7f00000006c0)="8c", 0x1}], 0x3}}], 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22}, 0x1c) syz_emit_ethernet(0x42, &(0x7f00000000c0)=ANY=[@ANYBLOB="e10000000053e8000000000086dd600164ca000c110020010000000000000000000000000000fe8000000000000000000000000000aa00000e22"], 0x0) 6.805929303s ago: executing program 1 (id=1408): r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r0, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="1c00000000000000100100000d"], 0x68}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newsa={0x150, 0x10, 0x413, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@empty, 0x0, 0x32}, @in=@dev, {0x0, 0x0, 0x3, 0x0, 0x0, 0x8000}, {0x2, 0x0, 0x4}, {0x1}, 0x0, 0x0, 0xa, 0x1}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "25cac5216d1c8af0a976902918bf448c5d9f5459"}}]}, 0x150}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58) r4 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r6, &(0x7f0000000100)={0x20000014}) connect$unix(r6, &(0x7f0000000240)=@abs, 0x6e) r7 = accept(r3, 0x0, 0x0) r8 = socket$rds(0x15, 0x5, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) unshare(0x8040480) r9 = epoll_create1(0x0) ioctl$FS_IOC_SETFLAGS(r9, 0x40088a01, &(0x7f0000000000)) setsockopt$SO_RDS_TRANSPORT(r8, 0x114, 0x8, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet6(r7, &(0x7f0000002180)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000540)="291f4607208c52023d9f90c087e562f10810d82c38748f8faf41bfd5881033ca3a440fcde810d52983a5892a9086f8fad4136ee1394018af7b4a1dc1c1fe9518304668e5534437492774f4a945d7b157096b5318d5952b8e3fdead674f06e2e8ca9e578e655e0ecf1fc16770a05ce2adbe6252c4c577f7cff8fff0275d865692a21d7d0729b60a49c0fb6f2e97312639fad7ecd135bf31953bfbed7804dcb596c339c7ef2b8db41077d91e7d04f8162bc6632677bfb90fdedd", 0xb9}, {&(0x7f0000000600)="9804cb64109ac2d104edc6c32ccdc005ad666358251f13dc65aa3a9746ce0acb913333cee78ddc54160fdbfa7b061d4bd66a40be0cc1ff4646454e81d43132b8174c42e1631701", 0x47}, {&(0x7f00000006c0)="8c", 0x1}], 0x3}}], 0x1, 0x0) bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22}, 0x1c) syz_emit_ethernet(0x42, &(0x7f00000000c0)=ANY=[@ANYBLOB="e10000000053e8000000000086dd600164ca000c110020010000000000000000000000000000fe8000000000000000000000000000aa00000e22"], 0x0) 4.620977395s ago: executing program 3 (id=2406): socket$inet6(0xa, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x13, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000010000008500000086000000bf91000000000000b7020000000000008500000085000000b70000000000010095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x1be0, 0x10, 0x0, 0x0, 0xd28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 4.224693212s ago: executing program 3 (id=2409): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=@newlink={0x34, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ip6vti={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x1200}, 0x0) 4.069291899s ago: executing program 3 (id=2410): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000040)=@bridge_setlink={0x28, 0x13, 0x0, 0x0, 0x0, {}, [@IFLA_WEIGHT={0x8}]}, 0x28}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000001800000000000000000000000a00000000000000000000000800100004"], 0x24}}, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xffffffffffffff02, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0x4}, @ETHTOOL_A_FEATURES_HEADER={0xc}]}, 0x24}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="d81400003b0001002fbd70000000000003"], 0x14d8}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000540)={'syztnl1\x00', &(0x7f00000004c0)={'syztnl1\x00', 0x0, 0x4, 0x0, 0x3, 0x4, 0x28, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x7810, 0x1, 0x0, 0x4}}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={0xffffffffffffffff, 0x0, 0x0}, 0x10) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)=@newsa={0x118, 0x10, 0xeac0e19b6999623b, 0x0, 0x0, {{@in6=@remote, @in=@remote}, {@in=@empty, 0x0, 0x2b}, @in=@private, {}, {}, {}, 0x0, 0x0, 0x2}, [@XFRMA_SET_MARK={0x8}, @coaddr={0x14, 0xe, @in6=@remote}, @mark={0xc}]}, 0x118}}, 0x0) socket(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r1, &(0x7f0000002cc0)=[{{&(0x7f0000000300)={0x2, 0x4e24, @private}, 0x10, 0x0, 0x0, &(0x7f00000000c0)=[@ip_retopts={{0x28, 0x0, 0x7, {[@cipso={0x86, 0x18, 0x3, [{0x1, 0x12, "2abdba426e3b6fe79216ea2493000068"}]}]}}}], 0x28}}], 0x1, 0x0) 3.955428654s ago: executing program 3 (id=2412): r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000001c0)={0x1d, r1}, 0x10) sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="05000000020c00000000020000000000", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000d00400100000000000040"], 0x80}}, 0x0) 3.84273726s ago: executing program 3 (id=2414): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000240)={0xfffffffffffffffd, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x2c, 0x2, 0x1, 0x101, 0x0, 0x0, {0xa}, [@CTA_TUPLE_REPLY={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @dev}}}]}]}, 0x2c}}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001400000000000000ff000000850000000e000000850000000700000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) connect$pppl2tp(r2, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x8, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, 0x32) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000080)='v', 0x180204}], 0x1) r4 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_mtu(r4, 0x29, 0x17, &(0x7f0000000040)=0x4, 0x4) recvmmsg(r4, 0x0, 0x0, 0x0, 0x0) sendmsg$inet6(r4, &(0x7f0000005a80)={&(0x7f00000059c0)={0xa, 0x0, 0xfffffffc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x80000000}, 0xfffffffffffffc88, 0x0, 0x0, 0x0, 0xfffffffffffffdbf}, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r5, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r5, 0x84, 0x15, &(0x7f0000000040)={0xa}, 0x1) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e21, @local}], 0x10) sendto$inet6(r5, &(0x7f0000000500)="a4", 0x1a000, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) bind$inet6(r4, &(0x7f0000000080)={0xa, 0x4e24, 0x9, @dev={0xfe, 0x80, '\x00', 0x1c}, 0x80000001}, 0x1c) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000240)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r7}, 0x10) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) writev(r8, &(0x7f0000000080)=[{&(0x7f0000000240)="ff57a21153298e2a79b6c247a84af1cd8bfb031125282ea4374c2a338e4d10f57acf35e9d0440f3e6227b4bd5854fd9cdfc5e60bc286b96ff80cc47ee2b87ea2a0", 0x41}], 0x1) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r8, 0x0) r9 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_BINDTODEVICE_wg(r9, 0x1, 0x19, &(0x7f0000000040)='wg1\x00', 0x4) socketpair(0xf, 0x3, 0x2, &(0x7f00000001c0)) unshare(0x42000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 3.217483685s ago: executing program 4 (id=2419): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020100000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a32000000001400000011001f"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000c80)=ANY=[@ANYBLOB="140000001000010000030000000000000000000a6c020000000a0102000000000000000002000001080002400000000002010600a0e8b8d751fc80bb77e0d7edbe90c804a22f44efa3e179c095e8bb2f2be7b7ecd2666f1efccdb867cb83e997a11f7e2ae34a1ee7c6d34603a50cb8ae347324a526a44caa4318ea94a0b8cc3acf7eb86af5c9d8616830c20630a06b9fefe32a12a4c361f9a47411316ae774d5b15bb318af4a92e2713c7ff01c5e492fc24f039160e3ad9142c313152d74b49b63aa63da3a5d1dce389d8e5dda51539064284402651bf068076c2425d2975ef01051ca3830c59fa76fd0d457a228d6f57c44639e211f5e0f60a1a803117a4a38d01feda1929c0c41b5a98b9a7ad4df06700760038022537b4f59b792fe0d57bb5839fadcc4ce5beaef0de7fea8c3827737d00000a40006005629eae16c3647eaac856d63141e930acf5b43b4ad48b3177906d1cd22e3b7b65024d3cdc03ec2762cdd321f9a4c21b94e3805b865159e65f2fd2fae269f5fece64baa192f19590c8f2c9fce242167e901c1c68769dea345dd5846942c2b52ff2d2a182ae1078ac903937e6cf13294b744c428776816bd9ff04683db970041b74d36ede74466699d7bac4e25af151f6f0102e1059037d5b91a793faa7752120d0c000440000000000000000208000240000000000900010073797a31000000000900010073797a31000000000900010073797a30"], 0x294}}, 0x0) 2.957477686s ago: executing program 4 (id=2422): socket$nl_xfrm(0x10, 0x3, 0x6) socketpair(0x0, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x87) syz_emit_ethernet(0x5e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd603000bb00282b00fce6ff00000000ea6000000000000000fe8000000000000000000000000000aa87"], 0x0) 2.924349205s ago: executing program 0 (id=2424): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83766b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42ddd5f393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05bea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd60b1a715c366da2b37ac7e9e3033f8ec04db1c2412e02ccd0617d9fb646c4897750d068c936c3558a94b05d7c65c0d458c0d70d0aa864bc1e324d3f69b1b4061627da875a4b5c2668ab0990623fe6f3b54cd1c79da4baf256f88750c18486330589473e267fa44e220cf40db662b570c2a2fbba9a34a3dd7bbd8368fe506daa62b45797d4b397905a69e58eb436c08cc78963197adb1b16ad83a1a9b4"], &(0x7f0000000100)='GPL\x00'}, 0x48) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$l2tp6(0xa, 0x2, 0x73) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) socket$inet_sctp(0x2, 0x5, 0x84) socket$inet(0x2, 0x0, 0x0) write$cgroup_int(r0, &(0x7f0000000200), 0x43451) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x4, 0x42073, 0xffffffffffffffff, 0x800000) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000240), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x13, r2, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0x42400) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) socket(0x1d, 0x2, 0x6) socket$caif_stream(0x25, 0x1, 0x0) pipe(&(0x7f0000000100)) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)) 2.589505221s ago: executing program 4 (id=2425): ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00'}) r0 = socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x166, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd5092c01f01302fff0000000000000000000000000000000100000000000000000000ffff000000002420886400000000000000214848e528b7e405c380cb2562a9d5b3d0ebf5ab71b83e5823ae287e1241446cb9badabdee48ce76963be731f4bbb0a5f600008deb12f655a2003e4372af2aba89a1496eb8c06f8b6fab469a0bd346a40bac5eae5e209b052f3e22faa73f904a0b86f4a3345e6426f0358c21ae3494340d8239000086ddff5486c36b065ab4684969c698bfc4b5b9bf116096f2606b34189d914038a5992ad642797f4a187645ea0711762b4e7d011a286e8a02627694c5528f15a639aec90e24b7f777134af4285a8a023a72e9b03d5f0caa6d00d7e712bb2272e06d3b51a2459f450b2eb81331e546d2d53fbfa1b2894fb1a9080088be00000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800000000000000001865900f6aecb3e48ae0e6c48f82561d4f63c02a97f80f7a01f7b2eaf70fa8496bcda95a8a47"], 0x0) sendmmsg(r0, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f0000000080)=[{}, {&(0x7f0000000040)="743d2a9750659b5a45ccae90c932b16430ba78df86667d04a9acce86e309521c232a47", 0x23}], 0x2, &(0x7f0000001000)=ANY=[@ANYBLOB="780000000000000013010000060000005c540aa9dffc692696ce2660d8c391ecf28a4fdabf0ad90504f950efb415d7f415874b6ed9079fc5d497f8bd312a5fe1c306b510f60f63a36683f03a2872230f2b13012df86cc13c16507934c4fc62ab37e03213afb6ba17664dcb6815ebd6689d4e000000000000d00000000000000010010000020000001720f4f8e100d85584e2b887d2756930018b6ce58a85841ab1f92c401c7765bdfecc0474b52635a104654dd16523d0fcd80ad72a72915736bd5d39610f361b5ae0850ab3c98f21ed829e31334dbaafbfb4f1d88a3be9dc1fb9f7d3ccc42162a44feaf8d43e1f18572af2edcc72d88907baeff0b179843390934ddf88e7bb388c2a52091dec16c89608c0f47c5ac8cf8aeac0ee141b23298253abd4738192ea0686e0fcb1838a11ec0c66b870142106d902e9d3a7e01f3e938cd6b7a698515ae9e99333839da2f84e200000c000000000000000160100009474fb714b140dcabb8a65a52f8849f2d0b625af0de65bf4798e2ef29873b1d2af431917723d012fcfaef899e0597a14a7060b67a1c7ae50b22ca8372232d83fb439f3f9cf04acf87d89111169345ee606e2864ccfbf7f3d63a9d957460a9a9df920c048ff559f9e33997f8fe5eed2c7b25af19ce6d0c8d3ce35c446ab8a3f7c9b977a7b8488d54c53efba4cbc09ce0f7d5026201a27ec07cebdad1a3e1349ee4bc2c13145f81d65033fc7bb66381e07fa814500300000000000000006000000000000004ea80b93822e2364e7e982c1694bf538b591845557340123e1ac0000000000009a5fa4e8fa6d046eb3145e8dec445a6123d0d37011c21db3f5d8b2acb8bfb093b303ee967d927d6bce7ae30e07229ddc6d4dd3773465b56530b909d0feaf1fe972a916d2a56df87fc5c676a6a51b79d99b7232bf5ecb8297ee647750dd7204a99925dde00995c52a70e80c36faf7b403d912de1e756a77792555c90b0ac26045d3e1d4dd358aafe391196fea424faf2e1b82d04c976091e7a717a0272b940f27377ff323fa479571da3c13ca5bed8293a5731056555250d2d9f8c3e16d379d"], 0x238}}, {{&(0x7f0000000200)=@nfc={0x27, 0x0, 0x1, 0x6}, 0x80, &(0x7f0000000600)=[{&(0x7f0000000540)="886d56668bffa2bbc6981381e4991ef8e8c4fcb10a733a43bd2e98201e8a67082a5b19fdf0d30ea688d077b8f353a77d65926c3298866ff18a47a31d90cf186ab0e6999dd9f3609bea2330333a1e800c1060f1b662668a21bebe6da0b14653fec891c7c2de22dc6ad5181e4455f66a85edcfc0f9a7af87b9046b4838920aba5dd6997989649a9544b66f1702827e6c7157eab138debfa59d61955910a4c911b5cef92846ed6d47e89b4d945e52f135d8f8958458ed933b", 0xb7}], 0x1}}, {{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000640)="7802dea9aab51b3208b37ce29bda236c4853ab0568cc1b9926f2e0aabe500b0544f491653fbec86f8d7533da1726382fb689a5eeb1e2959e84a06de1dadbaab6fd5881543486b89c265d5e6a5697f2f1941e2a61f65d217bf054344bcba4143278a6dfa3fd88db5d7c572fd4f72f2839ad918a7d07ed707165f8ac0eb0736a77ddb86971f825a3ada876ca8c3076c570ef56fd3cbc50447245bb84d4b763b7d7c0785a31a1333f41f3fe41ff56918bb5c802493e9e917e6887829a5e6110140b1b1992d42ab57236dd7951771c1be8d623d1d0139aa85812922f2510ea2ba9898ad3121e9802eb0a", 0xe8}, {&(0x7f0000000740)="946d98c4ddbd0b84d3a620c3767e5951cfac7b65357781a8b715c1bb976c93e9423960271ba9c102334849e8b4b297986bb4638c7d5de4397bcd3b9b515e6d9e6ae93beba380c079193a8c12b72ad9313ca826a38856d6a3cddab8b1534c9ede802bc9276c782f9d79719a8af764e2c497895e91743676b6faa485ace9e908bb4f9974afa7b4a7ca448be70b9dc7c74d688a88b47d91e192ad5eb39886a35df568ff6f9ef533118b4bdaaa532ccdf3b409542f1c162877c453a34750e72d0c54", 0xc0}, {&(0x7f0000000800)="fcd6d0a93d57e3aba67a84b12dda20751cf3bef25e633c8e658c0f0f5211165464bc8981acff06c33be22767c0f494adea0040d3b769b1749cb9ad7d535543244a2a969a3404d5fb68752b279b2e351fdf17dc869c4c9584439fe1547170140171cfbb655068b1bc70425070fe317acc6ae2797f5b7cbdace37ef96907b06e36e1f8efb5cfeab4abfb40eec002f77b8e05fd584eb9a26028f959a0c5", 0x9c}, {&(0x7f00000008c0)}], 0x4, &(0x7f00000009c0)=[{0x88, 0x84, 0x10040, "32510ab9fbfc0ba2f1ccd537153d5c746d26f1c0c1d5a71a26c53add13edca227cb2d381290d8de94d397b1e24f24dbba1e81b4d63a38eb44993f62516bf76ad1f79f1dc18bf6bcc02d468ed9fb6631caf556f903f6bc208dc2260c2239e77b3f295d3420030905a090781e8e05eb780e0c67802d6"}, {0x90, 0x6, 0x8, "2a434c79c3fd2b29be005e4a5a62117d407a349cb48c48fab416604796150b817344374b8c324b0f41aa03aafb42479ebb05916a986b169dcbeb2ed75a5d8aab5d4ec3e76933bb5727eb4d7d405dadac49f6b1f294ec12831c47f4d822eb5cd0eb201c10adbec640ab16f6ce19e933a42979241d7223760053003ecd4f78"}, {0x58, 0x29, 0x2, "511b91b4bc0add14edc9caa6a7b6d1cdb4df48af81de8fc20ea1484666dcb5939a798901c9439ffcd9748ec928e6e5970e954d403e59061ab57c967dc93863e4626cb3456ac1"}], 0x170}}], 0x3, 0x4000) 2.552219269s ago: executing program 4 (id=2426): r0 = socket$inet6(0xa, 0x3, 0x87) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@loopback, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x4380000, @remote}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000003000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x7, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="180000000000000000000000000000000010b600000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000850000001b0000809500000000000000"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b04, &(0x7f00000002c0)={'wlan1\x00'}) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000780)={0x1b, 0x0, 0x0, 0x40004, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x5}, 0x48) r4 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) listen(r4, 0x0) ioctl$int_in(r4, 0x5421, &(0x7f0000000180)=0x7) r5 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r5, &(0x7f00000002c0)={&(0x7f0000000280)=@name={0x1e, 0x2, 0x0, {{0x43, 0x2}, 0x1}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x24000000}, 0x0) accept4(r4, 0x0, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000028000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_MCAST_MSFILTER(r7, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYRES16, @ANYRES32=0x0, @ANYRESOCT=r6, @ANYRES32, @ANYRESOCT], 0x90) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_MPATH(r1, &(0x7f0000000500)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000004c0)={&(0x7f0000000bc0)=ANY=[@ANYRES16=r7, @ANYRES16=0x0, @ANYRESDEC=r8, @ANYRES32=r8, @ANYBLOB="0c009900010400003f0000000a001a00ffffa6db98b228f2c99c51000802110000000000913d9bbb6955bb0e8d23c3d4e4705bc31643be252adf8020114339e0681ad7faf06d10d04aa6f90316e880d01b7089dfc592067450c43ef820ddb90bbeffcff9c301864245d1db9adaae1b17287c03de8afd6bfadb3ccf0e124d5b2132ef5f6755a8e30dc432cb0e0a7777b1a2ffe42b733e893b912a56de277f2c3ca7266ef98e1b3f1beef9f164622ba10439bfaf378d4ef39565f52ed26ab4"], 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x80) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f00000002c0)=ANY=[@ANYRES64=r9, @ANYRES32], &(0x7f0000000240)='GPL\x00', 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="600000000206010800000000000001000000000005000400000000000900020073797a31000000001400078005001500030000000800124000000000050005000a00000005000100060000001100030068"], 0x60}}, 0x0) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) 2.428759891s ago: executing program 2 (id=2427): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) socket$inet6_tcp(0xa, 0x1, 0x0) (async) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000006c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000540)="ffa9dfd9"}, 0x50) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r3, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4) (async) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x17, &(0x7f0000000340), 0x14) (async) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x17, &(0x7f0000000340), 0x14) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x4, 0x4, 0x4, 0xbf25}, 0x48) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x4, 0x4, 0x4, 0xbf25}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000800000000000000000001811", @ANYRES32=r5], 0x0}, 0x90) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000800000000000000000001811", @ANYRES32=r5], 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) close(r4) 2.149583733s ago: executing program 2 (id=2428): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) r1 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000280)={&(0x7f0000000040)={0x1d, r2}, 0x10, &(0x7f0000000180)={&(0x7f0000000100)={0x1, 0x27, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "8dee362671b75ce6"}}, 0x48}, 0x1, 0x0, 0x2000000}, 0x0) 2.14421305s ago: executing program 0 (id=2429): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000240009008e9200000000000001"], 0x14}}, 0x0) 2.015097491s ago: executing program 0 (id=2430): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x275a, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x0, 0x3}, 0xff84) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r1, &(0x7f0000000280)={&(0x7f0000000040), 0x10, 0x0}, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r0, 0x28, 0x6, &(0x7f00000000c0), 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000140)=@framed={{}, [@printk={@lld, {}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffff6}, {}, {}, {0x85, 0x0, 0x0, 0x10}}]}, &(0x7f0000000080)='GPL\x00', 0x1, 0xfdf, &(0x7f0000001e00)=""/4063}, 0x90) 1.888478083s ago: executing program 0 (id=2431): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @remote}, @private1, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x0, 0x7fff, 0xfffc, 0x0, 0xc000000, 0x1260040}) 633.123109ms ago: executing program 4 (id=2432): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(r1, 0x0, 0x0, 0x20010004, 0x0, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="e40000000201010800000000000000000a000000d00001800c000280050001000000000014000180080001000000000008000200000000002c00018014000300ff0100000000000000000000000000011400040009"], 0xe4}}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f00000005c0)={0xfffffffc, 0x0, 0x0, 0x8}, 0x10) sendmsg$NFNL_MSG_CTHELPER_NEW(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000400)={&(0x7f0000000500)=ANY=[@ANYBLOB="74000000000901010000000000000000030000000c0004800800014000000001090001007300003100000000240002001400018008000100ac1e000108000200e00000010c000280050001002f000000080003400000000808000640000000011400020006000340000000000600034000000000"], 0x74}, 0x1, 0x0, 0x0, 0x804}, 0x4008090) r3 = socket$inet_sctp(0x2, 0x0, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, &(0x7f0000000240)={0x0, @in={{0x2, 0x4e23, @broadcast}}, 0x5}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="050071116000000000009500a505000000002482f0d332128bef481af78aefe81cb1ab2d"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x30, 0xffffffffffffffff, 0x6}, 0x90) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETLINK(r4, 0x400454cd, 0x339) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'pim6reg\x00', 0x20}) ioctl$SIOCGSKNS(r4, 0x894c, &(0x7f00000000c0)={'veth1_to_hsr\x00', 0x400}) write(r4, &(0x7f00000001c0)="986b7ea28f25dbab1986c11110f1ac6e5c6312041d8c5adc4bb69ddce7fa71d78cf7305a908055f29c34ba3c3967297097", 0x31) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000480)=ANY=[@ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="2e003300d000000008021100000108021100000050505050"], 0x4c}, 0x1, 0x0, 0x0, 0x48010}, 0x0) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_REMOVE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="010000000000000d800004000000"], 0x14}, 0x1, 0xfcffffff00000000}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x20}]}, &(0x7f0000000080)='GPL\x00'}, 0x90) 615.85032ms ago: executing program 0 (id=2433): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$team(0x0, 0xffffffffffffffff) socket$inet6(0xa, 0x0, 0xff) setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000300)="4c0000001200ff09ff3a150099a283ff07b8008000f0ffff000000060040150024001d0042c411a0b598bc593ab6821148a730cc33a49868c62b2ca654a6613b6aab98eb1d9cc98c2a4f837c", 0x4c}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000001980)=[{{0x0, 0x0, 0x0}}], 0x1, 0x5865, 0x0) 604.306994ms ago: executing program 2 (id=2434): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0xd00, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x4}, {0x2, 0x0, @remote}}) 421.41726ms ago: executing program 2 (id=2435): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)={0x44, r1, 0x1, 0x0, 0x7000000, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5}, @ETHTOOL_A_COALESCE_TX_USECS_LOW={0x8}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8}]}, 0x44}}, 0x0) 347.781172ms ago: executing program 2 (id=2436): ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00'}) r0 = socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x166, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd5092c01f01302fff0000000000000000000000000000000100000000000000000000ffff000000002420886400000000000000214848e528b7e405c380cb2562a9d5b3d0ebf5ab71b83e5823ae287e1241446cb9badabdee48ce76963be731f4bbb0a5f600008deb12f655a2003e4372af2aba89a1496eb8c06f8b6fab469a0bd346a40bac5eae5e209b052f3e22faa73f904a0b86f4a3345e6426f0358c21ae3494340d8239000086ddff5486c36b065ab4684969c698bfc4b5b9bf116096f2606b34189d914038a5992ad642797f4a187645ea0711762b4e7d011a286e8a02627694c5528f15a639aec90e24b7f777134af4285a8a023a72e9b03d5f0caa6d00d7e712bb2272e06d3b51a2459f450b2eb81331e546d2d53fbfa1b2894fb1a9080088be00000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800000000000000001865900f6aecb3e48ae0e6c48f82561d4f63c02a97f80f7a01f7b2eaf70fa8496bcda95a8a47"], 0x0) sendmmsg(r0, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f0000000080)=[{}, {&(0x7f0000000040)="743d2a9750659b5a45ccae90c932b16430ba78df86667d04a9acce86e309521c232a47", 0x23}], 0x2, &(0x7f0000001000)=ANY=[@ANYBLOB="780000000000000013010000060000005c540aa9dffc692696ce2660d8c391ecf28a4fdabf0ad90504f950efb415d7f415874b6ed9079fc5d497f8bd312a5fe1c306b510f60f63a36683f03a2872230f2b13012df86cc13c16507934c4fc62ab37e03213afb6ba17664dcb6815ebd6689d4e000000000000d00000000000000010010000020000001720f4f8e100d85584e2b887d2756930018b6ce58a85841ab1f92c401c7765bdfecc0474b52635a104654dd16523d0fcd80ad72a72915736bd5d39610f361b5ae0850ab3c98f21ed829e31334dbaafbfb4f1d88a3be9dc1fb9f7d3ccc42162a44feaf8d43e1f18572af2edcc72d88907baeff0b179843390934ddf88e7bb388c2a52091dec16c89608c0f47c5ac8cf8aeac0ee141b23298253abd4738192ea0686e0fcb1838a11ec0c66b870142106d902e9d3a7e01f3e938cd6b7a698515ae9e99333839da2f84e200000c000000000000000160100009474fb714b140dcabb8a65a52f8849f2d0b625af0de65bf4798e2ef29873b1d2af431917723d012fcfaef899e0597a14a7060b67a1c7ae50b22ca8372232d83fb439f3f9cf04acf87d89111169345ee606e2864ccfbf7f3d63a9d957460a9a9df920c048ff559f9e33997f8fe5eed2c7b25af19ce6d0c8d3ce35c446ab8a3f7c9b977a7b8488d54c53efba4cbc09ce0f7d5026201a27ec07cebdad1a3e1349ee4bc2c13145f81d65033fc7bb66381e07fa814500300000000000000006000000000000004ea80b93822e2364e7e982c1694bf538b591845557340123e1ac0000000000009a5fa4e8fa6d046eb3145e8dec445a6123d0d37011c21db3f5d8b2acb8bfb093b303ee967d927d6bce7ae30e07229ddc6d4dd3773465b56530b909d0feaf1fe972a916d2a56df87fc5c676a6a51b79d99b7232bf5ecb8297ee647750dd7204a99925dde00995c52a70e80c36faf7b403d912de1e756a77792555c90b0ac26045d3e1d4dd358aafe391196fea424faf2e1b82d04c976091e7a717a0272b940f27377ff323fa479571da3c13ca5bed8293a5731056555250d2d9f8c3e16d379d"], 0x238}}, {{&(0x7f0000000200)=@nfc={0x27, 0x0, 0x1, 0x6}, 0x80, &(0x7f0000000600)=[{&(0x7f0000000540)="886d56668bffa2bbc6981381e4991ef8e8c4fcb10a733a43bd2e98201e8a67082a5b19fdf0d30ea688d077b8f353a77d65926c3298866ff18a47a31d90cf186ab0e6999dd9f3609bea2330333a1e800c1060f1b662668a21bebe6da0b14653fec891c7c2de22dc6ad5181e4455f66a85edcfc0f9a7af87b9046b4838920aba5dd6997989649a9544b66f1702827e6c7157eab138debfa59d61955910a4c911b5cef92846ed6d47e89b4d945e52f135d8f8958458ed933b", 0xb7}], 0x1}}, {{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000640)="7802dea9aab51b3208b37ce29bda236c4853ab0568cc1b9926f2e0aabe500b0544f491653fbec86f8d7533da1726382fb689a5eeb1e2959e84a06de1dadbaab6fd5881543486b89c265d5e6a5697f2f1941e2a61f65d217bf054344bcba4143278a6dfa3fd88db5d7c572fd4f72f2839ad918a7d07ed707165f8ac0eb0736a77ddb86971f825a3ada876ca8c3076c570ef56fd3cbc50447245bb84d4b763b7d7c0785a31a1333f41f3fe41ff56918bb5c802493e9e917e6887829a5e6110140b1b1992d42ab57236dd7951771c1be8d623d1d0139aa85812922f2510ea2ba9898ad3121e9802eb0a", 0xe8}, {&(0x7f0000000740)="946d98c4ddbd0b84d3a620c3767e5951cfac7b65357781a8b715c1bb976c93e9423960271ba9c102334849e8b4b297986bb4638c7d5de4397bcd3b9b515e6d9e6ae93beba380c079193a8c12b72ad9313ca826a38856d6a3cddab8b1534c9ede802bc9276c782f9d79719a8af764e2c497895e91743676b6faa485ace9e908bb4f9974afa7b4a7ca448be70b9dc7c74d688a88b47d91e192ad5eb39886a35df568ff6f9ef533118b4bdaaa532ccdf3b409542f1c162877c453a34750e72d0c54", 0xc0}, {&(0x7f0000000800)="fcd6d0a93d57e3aba67a84b12dda20751cf3bef25e633c8e658c0f0f5211165464bc8981acff06c33be22767c0f494adea0040d3b769b1749cb9ad7d535543244a2a969a3404d5fb68752b279b2e351fdf17dc869c4c9584439fe1547170140171cfbb655068b1bc70425070fe317acc6ae2797f5b7cbdace37ef96907b06e36e1f8efb5cfeab4abfb40eec002f77b8e05fd584eb9a26028f959a0c5", 0x9c}, {&(0x7f00000008c0)="fb18d8614f6c2725c74becf6843ea1ae25b1a06f56d8482f8dcc93abe1c46071adcbd9c7e27c1ec7c01fd3dbc9b379a0a57af49c460c0a0353579913faa2658ec2b86a0736cf4390f4521c26103f", 0x4e}], 0x4, &(0x7f00000009c0)=[{0x88, 0x84, 0x10040, "32510ab9fbfc0ba2f1ccd537153d5c746d26f1c0c1d5a71a26c53add13edca227cb2d381290d8de94d397b1e24f24dbba1e81b4d63a38eb44993f62516bf76ad1f79f1dc18bf6bcc02d468ed9fb6631caf556f903f6bc208dc2260c2239e77b3f295d3420030905a090781e8e05eb780e0c67802d6"}, {0x90, 0x6, 0x8, "2a434c79c3fd2b29be005e4a5a62117d407a349cb48c48fab416604796150b817344374b8c324b0f41aa03aafb42479ebb05916a986b169dcbeb2ed75a5d8aab5d4ec3e76933bb5727eb4d7d405dadac49f6b1f294ec12831c47f4d822eb5cd0eb201c10adbec640ab16f6ce19e933a42979241d7223760053003ecd4f78"}, {0x58, 0x29, 0x2, "511b91b4bc0add14edc9caa6a7b6d1cdb4df48af81de8fc20ea1484666dcb5939a798901c9439ffcd9748ec928e6e5970e954d403e59061ab57c967dc93863e4626cb3456ac1"}], 0x170}}], 0x3, 0x4000) 258.265138ms ago: executing program 2 (id=2437): r0 = socket$inet6(0xa, 0x80002, 0x0) socket$packet(0x11, 0xa, 0x300) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$rxrpc(0xffffffffffffffff, &(0x7f00000000c0)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e21, 0x122, @dev={0xfe, 0x80, '\x00', 0x3e}, 0x6}}, 0x24) getsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000140)=""/39, &(0x7f0000000180)=0x27) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x46, 0x0, 0x0) sendmsg$inet6(r1, &(0x7f0000000080)={&(0x7f00000000c0)={0xa, 0x4e24, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000400)=[@pktinfo={{0x24, 0x29, 0xb, {@mcast1}}}], 0x28}, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x800, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) accept4$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, &(0x7f0000000080)=0x1c, 0x80800) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={0x28, r3, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x4}, @ETHTOOL_A_COALESCE_TX_USECS={0x8, 0x6, 0x8001}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES={0x8, 0x3, 0x9}]}, 0x28}}, 0x20004004) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_SET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000007c0)=ANY=[@ANYBLOB="1c010000", @ANYRES16=r4, @ANYBLOB="0100000000000000000009000000280001801200010069623a73797a6b616c6c6572310000000d0001007564703a73797a3000000000e0000480090001"], 0x11c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x63, 0x11, 0x24}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, '\x00', 0x0, 0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x60000000}, 0x70) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx\x00'}, 0x58) accept4(r6, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x0, 0x17, &(0x7f00000007c0)=@ringbuf={{}, {}, {{0x6, 0x0, 0xb}, {0x65, 0x0, 0xc}}, [@printk={@lld, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0x2, 0xa, 0x9}, {0x7, 0x0, 0x3, 0x9}, {}, {}, {0x15}}], {{0x5, 0x1, 0x3, 0x3}, {0x5, 0x0, 0xb, 0x3}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x4001, 0x3, 0x238, 0x0, 0x0, 0x148, 0x0, 0x148, 0x220, 0x240, 0x240, 0x220, 0x240, 0x7fffffe, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'ip6gretap0\x00', 'netdevsim0\x00'}, 0x0, 0xc8, 0x110, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'lo\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast1, 'vxcan1\x00'}}}, {{@ip={@local, @loopback, 0x0, 0x0, 'veth0_vlan\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x90}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x298) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000100900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000010000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x2}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x54}}, 0x0) 4.762555ms ago: executing program 0 (id=2438): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[@ANYRESHEX=r1, @ANYRES16=r1, @ANYBLOB="01000000000000000c3bf952a4f600005100", @ANYRES32=r2, @ANYBLOB="0c0099000000000000000000"], 0x28}}, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000000c0)='ns/cgroup\x00') openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) unshare(0x2040080) unshare(0x20040480) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xe135be2487f58170, 0x8, &(0x7f00000012c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7235f1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a49bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2f}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="7d79434642152ef9f856845872bab9105363bba3bc60467fbdb80dd0cdf46a5aabeb490d9ee1d70ab40e7b9f257ea8453a0d22f1941376dd1dea03091ccb1dd1155b4daad66d2d42a2921de28a68cc3c71d8ec79e66cd7edde5f931016793f128a4c89d66cf32ae47fbc3fc1521a1545981386379aa7ca10c225fcec238aa942691b72", @ANYRESOCT=r5], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x90) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r6, r6, 0x2f, 0x0, 0x0, @prog_fd}, 0x20) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@map=r4, r6, 0x19, 0x30, 0x4, @prog_fd}, 0x20) socket$kcm(0xa, 0x922000000003, 0x11) r7 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r7, 0x1, 0x2, &(0x7f0000000000)=0x4, 0x4) bind$inet6(r7, &(0x7f0000000140)={0xa, 0xe22, 0x0, @loopback={0xff00000000000000}}, 0x1c) r8 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r8, &(0x7f0000000140)={0xa, 0xe22, 0x0, @loopback={0xff00000000000000}}, 0x1c) syz_emit_ethernet(0x162, &(0x7f0000000680)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd60010100012c1100fe8000000000000000000000000000bbff020000000000000000000000000001000004000048"], 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r3}, 0x10) r9 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r9, &(0x7f00000007c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) sendmsg$NL80211_CMD_START_AP(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="a183000000000000000005"], 0x1c}}, 0x1) r10 = socket$inet6(0xa, 0x2, 0x1) syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x2) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r11, 0x0) setsockopt$inet6_int(r10, 0x29, 0x34, &(0x7f0000000000)=0xfd, 0x4) 4.081079ms ago: executing program 3 (id=2439): r0 = socket$inet6(0xa, 0x6, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_ALPHA={0x8}, @TCA_FQ_PIE_TUPDATE={0x8}]}}]}, 0x44}}, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000000)=ANY=[], 0x70) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth0\x00', 0x0}) r7 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000200)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r7, 0xc0709411, &(0x7f00000004c0)={{r8, 0x3, 0x1f67ec50, 0x0, 0x8001, 0x9, 0x80000000, 0x2c000000, 0x9, 0x6, 0x0, 0x0, 0x3ff, 0xfffffffffffffff1, 0x8}, 0x28, [0x0, 0x0, 0x0, 0x0, 0x0]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x509, &(0x7f0000000040)={&(0x7f00000001c0)=@RTM_NEWMDB={0x38, 0x55, 0x1e5, 0x0, 0x0, {0x7, r6}, [@MDBA_SET_ENTRY={0x20, 0x1, {r10, 0x0, 0x0, 0x0, {@ip4=@broadcast}}}]}, 0x38}}, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) 0s ago: executing program 4 (id=2440): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x12}, 0x1c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) shutdown(r4, 0x0) sendmmsg$inet(r4, &(0x7f0000003940)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="600000000206050000000000000000000000000005000400000000000900020073797a3200000000140007800800064000006a000800084000005fdc050005000a000000050001000600000011000300686173683a69702c706f7274"], 0x60}}, 0x0) r5 = socket$rds(0x15, 0x5, 0x0) bind$rds(r5, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$inet6(0xa, 0x6, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r7, 0x40806685, &(0x7f0000000180)={0x1, 0x0, 0x1000, 0x7b, &(0x7f0000000080)="587d325c94f244b6a5c501c9ce1ad2e3a90dc9e9a94f7882334f24e61c208e559291013b32aaddf18d72f44e23e18ffe277f14754aff7aa2c32cd82671e00458b9bd53b4eb714a7875301da5c87b56d3e36c141960cb49b9f25eb29aae0c159505a4c22a1900ac792dc8f284f041b51fdd9819fdf58837e1002e92", 0x0, 0x0, &(0x7f0000000280)}) bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r8, &(0x7f0000000100)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) r9 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r9, 0x0, 0x0) r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa40000", @ANYRES32=r10, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) listen(r2, 0x0) r11 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r11, 0x0) r12 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r12, 0x0) kernel console output (not intermixed with test programs): r dequeue, screwing up backlog [ 201.038178][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 201.118571][ T9674] netlink: 2996 bytes leftover after parsing attributes in process `syz.2.1493'. [ 201.141688][ T9674] netlink: 'syz.2.1493': attribute type 1 has an invalid length. [ 201.150532][ T9674] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.1493'. [ 201.339683][ T9444] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.429170][ T9444] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.465717][ T6799] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.473167][ T6799] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.522865][ T6799] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.530160][ T6799] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.877095][ T9696] Bluetooth: hci3: unsupported parameter 64512 [ 201.905534][ T9696] Bluetooth: hci3: unsupported parameter 114 [ 201.945282][ T9696] Bluetooth: hci3: unsupported parameter 64512 [ 201.991799][ T9702] IPVS: set_ctl: invalid protocol: 0 172.20.20.36:20001 [ 202.019340][ T9696] Bluetooth: hci3: unsupported parameter 114 [ 202.096406][ T9710] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1504'. [ 202.098358][ T5104] Bluetooth: hci3: command tx timeout [ 202.161338][ T9713] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1505'. [ 202.285782][ T9444] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.309332][ T9717] FAULT_INJECTION: forcing a failure. [ 202.309332][ T9717] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 202.349320][ T9717] CPU: 0 PID: 9717 Comm: syz.4.1507 Not tainted 6.10.0-rc5-syzkaller-01200-gcda91d5b911a #0 [ 202.359469][ T9717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 202.369920][ T9717] Call Trace: [ 202.373243][ T9717] [ 202.376215][ T9717] dump_stack_lvl+0x241/0x360 [ 202.381002][ T9717] ? __pfx_dump_stack_lvl+0x10/0x10 [ 202.386531][ T9717] ? __pfx__printk+0x10/0x10 [ 202.391271][ T9717] should_fail_ex+0x3b0/0x4e0 [ 202.396010][ T9717] prepare_alloc_pages+0x1da/0x5d0 [ 202.401196][ T9717] __alloc_pages_noprof+0x166/0x6c0 [ 202.406719][ T9717] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 202.412517][ T9717] ? __pfx_validate_chain+0x10/0x10 [ 202.417786][ T9717] alloc_pages_mpol_noprof+0x3e8/0x680 [ 202.423438][ T9717] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 202.429524][ T9717] vma_alloc_folio_noprof+0xf3/0x1f0 [ 202.434878][ T9717] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 202.440810][ T9717] ? __lock_acquire+0x1346/0x1fd0 [ 202.445878][ T9717] folio_prealloc+0x31/0x170 [ 202.450501][ T9717] handle_pte_fault+0x257b/0x7090 [ 202.455556][ T9717] ? __pfx_lock_acquire+0x10/0x10 [ 202.460772][ T9717] ? __pfx_handle_pte_fault+0x10/0x10 [ 202.466163][ T9717] ? do_raw_spin_lock+0x14f/0x370 [ 202.471308][ T9717] ? follow_page_pte+0x292/0x1d90 [ 202.476350][ T9717] ? follow_page_pte+0x859/0x1d90 [ 202.481383][ T9717] ? __pfx_lock_release+0x10/0x10 [ 202.486520][ T9717] ? do_raw_spin_unlock+0x13c/0x8b0 [ 202.491838][ T9717] handle_mm_fault+0x10df/0x1ba0 [ 202.496819][ T9717] ? __pfx_handle_mm_fault+0x10/0x10 [ 202.502152][ T9717] ? __pfx_find_vma+0x10/0x10 [ 202.506929][ T9717] ? vma_is_secretmem+0xd/0x50 [ 202.511709][ T9717] ? check_vma_flags+0x531/0x5a0 [ 202.516664][ T9717] __get_user_pages+0x6ef/0x1590 [ 202.521643][ T9717] ? __pfx___get_user_pages+0x10/0x10 [ 202.527048][ T9717] __gup_longterm_locked+0x1ff6/0x2a80 [ 202.532520][ T9717] ? __pfx_lock_acquire+0x10/0x10 [ 202.537571][ T9717] ? __pfx___gup_longterm_locked+0x10/0x10 [ 202.543394][ T9717] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 202.549389][ T9717] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 202.555725][ T9717] ? sanity_check_pinned_pages+0x12c2/0x13c0 [ 202.561733][ T9717] ? gup_fast_fallback+0x220d/0x2b40 [ 202.567032][ T9717] gup_fast_fallback+0x2732/0x2b40 [ 202.572184][ T9717] ? __pfx_gup_fast_fallback+0x10/0x10 [ 202.577649][ T9717] ? __sys_getsockopt+0x271/0x330 [ 202.582687][ T9717] ? __x64_sys_getsockopt+0xb5/0xd0 [ 202.587902][ T9717] ? do_syscall_64+0xf3/0x230 [ 202.592599][ T9717] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.598731][ T9717] ? is_valid_gup_args+0x124/0x200 [ 202.603861][ T9717] pin_user_pages_fast+0xcc/0x160 [ 202.608959][ T9717] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 202.614637][ T9717] ? rds_info_getsockopt+0x20c/0x600 [ 202.619946][ T9717] ? rds_info_getsockopt+0x20c/0x600 [ 202.625247][ T9717] ? __kmalloc_noprof+0x217/0x400 [ 202.630291][ T9717] rds_info_getsockopt+0x22e/0x600 [ 202.635418][ T9717] ? __might_fault+0xaa/0x120 [ 202.640101][ T9717] ? __pfx_lock_release+0x10/0x10 [ 202.645209][ T9717] ? __pfx_rds_info_getsockopt+0x10/0x10 [ 202.650858][ T9717] ? __might_fault+0xc6/0x120 [ 202.655647][ T9717] ? rds_getsockopt+0x1bb/0x530 [ 202.660508][ T9717] ? __pfx_rds_getsockopt+0x10/0x10 [ 202.665718][ T9717] do_sock_getsockopt+0x373/0x850 [ 202.671026][ T9717] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 202.676603][ T9717] ? __fget_files+0x3f6/0x470 [ 202.681430][ T9717] __sys_getsockopt+0x271/0x330 [ 202.686301][ T9717] ? __pfx___sys_getsockopt+0x10/0x10 [ 202.691778][ T9717] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 202.698218][ T9717] ? do_syscall_64+0x100/0x230 [ 202.703014][ T9717] __x64_sys_getsockopt+0xb5/0xd0 [ 202.708071][ T9717] do_syscall_64+0xf3/0x230 [ 202.712606][ T9717] ? clear_bhb_loop+0x35/0x90 [ 202.717386][ T9717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.723292][ T9717] RIP: 0033:0x7fe632f75bd9 [ 202.727719][ T9717] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 202.747767][ T9717] RSP: 002b:00007fe633c65048 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 202.756195][ T9717] RAX: ffffffffffffffda RBX: 00007fe633103f60 RCX: 00007fe632f75bd9 [ 202.764177][ T9717] RDX: 0000000000002717 RSI: 0000200000000114 RDI: 0000000000000004 [ 202.772250][ T9717] RBP: 00007fe633c650a0 R08: 0000000020000240 R09: 0000000000000000 [ 202.780229][ T9717] R10: 00000000200198c0 R11: 0000000000000246 R12: 0000000000000002 [ 202.788211][ T9717] R13: 000000000000000b R14: 00007fe633103f60 R15: 00007ffc7ffe67c8 [ 202.796207][ T9717] [ 202.837508][ T9444] veth0_vlan: entered promiscuous mode [ 202.887318][ T9444] veth1_vlan: entered promiscuous mode [ 203.183938][ T9719] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1508'. [ 203.412420][ T9444] veth0_macvtap: entered promiscuous mode [ 203.498921][ T9749] netlink: 'syz.0.1517': attribute type 34 has an invalid length. [ 203.522929][ T9444] veth1_macvtap: entered promiscuous mode [ 203.615427][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 203.657557][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.698007][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 203.718031][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.761102][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 203.794152][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.816041][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 203.848500][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.874991][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 203.898213][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.918012][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 203.947860][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.981049][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.012372][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.040819][ T9444] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 204.130921][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.151051][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.171513][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.194177][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.214508][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.258462][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.278082][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.334216][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.368109][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.395846][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.444307][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.465803][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.496792][ T9444] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.519604][ T9444] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.533417][ T9444] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 204.584001][ T9444] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.614827][ T9444] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.635006][ T9444] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.669102][ T9444] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.870937][ T9756] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.930775][ T9756] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.978303][ T1736] net_ratelimit: 10 callbacks suppressed [ 204.978323][ T1736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 205.015557][ T9824] syz_tun: entered promiscuous mode [ 205.036257][ T9824] macvtap1: entered promiscuous mode [ 205.058860][ T9824] macvtap1: entered allmulticast mode [ 205.082582][ T9824] syz_tun: entered allmulticast mode [ 205.119759][ T9824] syz_tun: left allmulticast mode [ 205.135356][ T9824] syz_tun: left promiscuous mode [ 205.255816][ T9758] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.288160][ T9758] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.372175][ T9833] netlink: 'syz.2.1543': attribute type 3 has an invalid length. [ 205.381224][ T5202] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 205.408060][ T9833] netlink: 'syz.2.1543': attribute type 1 has an invalid length. [ 205.429055][ T9833] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.1543'. [ 205.586257][ T9834] can: request_module (can-proto-0) failed. [ 205.777599][ T9849] x_tables: duplicate entry at hook 3 [ 206.024995][ T9859] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1553'. [ 206.068070][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 206.497826][ T9880] team0: Port device virt_wifi0 added [ 206.947195][ T9909] netlink: 'syz.0.1569': attribute type 1 has an invalid length. [ 207.129898][ T5155] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 207.244361][ T973] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.456428][ T5202] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 207.559155][ T9932] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1579'. [ 207.664063][ T973] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.735740][ T9934] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1581'. [ 207.855969][ T9940] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1580'. [ 208.016250][ T5101] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 208.035679][ T5101] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 208.045821][ T5101] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 208.056785][ T5101] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 208.066815][ T5101] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 208.074523][ T5101] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 208.140263][ T973] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.168409][ T5155] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 208.408527][ T5202] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 209.218441][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 209.970644][ T973] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.116454][ T9947] lo speed is unknown, defaulting to 1000 [ 210.117148][ T9964] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1591'. [ 210.147470][ T9966] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1592'. [ 210.177492][ T5104] Bluetooth: hci3: command tx timeout [ 210.251212][ T5155] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 210.466357][ T973] bridge_slave_1: left allmulticast mode [ 210.488904][ T973] bridge_slave_1: left promiscuous mode [ 210.494784][ T973] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.533567][ T973] bridge_slave_0: left allmulticast mode [ 210.561818][ T973] bridge_slave_0: left promiscuous mode [ 210.576175][ T9987] netlink: 'syz.3.1599': attribute type 1 has an invalid length. [ 210.585292][ T973] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.162990][ T973] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 211.176832][ T973] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 211.190592][ T973] bond0 (unregistering): Released all slaves [ 211.216794][T10000] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1602'. [ 211.238091][T10000] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1602'. [ 211.290189][ T5097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 211.445752][T10009] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1608'. [ 211.458959][ T5202] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 211.642519][T10022] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1609'. [ 211.754642][ T9947] chnl_net:caif_netlink_parms(): no params data found [ 212.044043][ T973] hsr_slave_0: left promiscuous mode [ 212.059483][ T973] hsr_slave_1: left promiscuous mode [ 212.070785][ T973] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 212.082663][ T973] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 212.093303][ T973] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 212.116449][ T973] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 212.182135][ T973] veth1_macvtap: left promiscuous mode [ 212.195832][ T973] veth0_macvtap: left promiscuous mode [ 212.213424][ T973] veth1_vlan: left promiscuous mode [ 212.231611][ T973] veth0_vlan: left promiscuous mode [ 212.248627][ T5104] Bluetooth: hci3: command tx timeout [ 212.328513][ T5097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 213.005431][ T973] team0 (unregistering): Port device team_slave_1 removed [ 213.058268][ T973] team0 (unregistering): Port device team_slave_0 removed [ 213.373586][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 213.783303][T10069] netlink: 2060 bytes leftover after parsing attributes in process `syz.4.1622'. [ 213.793125][T10069] netlink: 'syz.4.1622': attribute type 1 has an invalid length. [ 213.801580][T10069] netlink: 193500 bytes leftover after parsing attributes in process `syz.4.1622'. [ 213.850181][T10071] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 213.898625][T10067] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1621'. [ 213.962429][ T9947] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.007584][ T9947] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.038190][ T9947] bridge_slave_0: entered allmulticast mode [ 214.045855][ T9947] bridge_slave_0: entered promiscuous mode [ 214.099694][ T9947] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.106889][ T9947] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.117072][T10079] IPVS: set_ctl: invalid protocol: 33 100.1.1.2:20004 [ 214.128746][ T9947] bridge_slave_1: entered allmulticast mode [ 214.148540][ T9947] bridge_slave_1: entered promiscuous mode [ 214.201109][T10080] vlan2: entered promiscuous mode [ 214.219865][T10080] bridge0: entered promiscuous mode [ 214.276208][T10080] team0: Port device vlan2 added [ 214.332346][ T5104] Bluetooth: hci3: command tx timeout [ 214.408580][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.490808][ T6799] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 214.544392][T10094] lo speed is unknown, defaulting to 1000 [ 214.565581][ T9947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 214.626104][ T9947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 214.648795][T10106] netlink: zone id is out of range [ 214.829359][T10109] ip6gretap0: entered promiscuous mode [ 214.866231][T10109] team0: entered promiscuous mode [ 214.890078][T10109] team_slave_0: entered promiscuous mode [ 214.902387][T10115] netlink: zone id is out of range [ 214.928190][T10109] team_slave_1: entered promiscuous mode [ 214.934305][T10109] mac80211_hwsim hwsim18 wlan1: entered promiscuous mode [ 215.009006][T10109] team0: left promiscuous mode [ 215.014033][T10109] team_slave_0: left promiscuous mode [ 215.053018][T10109] team_slave_1: left promiscuous mode [ 215.087586][T10109] mac80211_hwsim hwsim18 wlan1: left promiscuous mode [ 215.118688][T10109] ip6gretap0: left promiscuous mode [ 215.182629][ T9947] team0: Port device team_slave_0 added [ 215.220345][ T9947] team0: Port device team_slave_1 added [ 215.355753][ T9947] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 215.376298][ T9947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.442487][ T9947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 215.459022][ T25] net_ratelimit: 2 callbacks suppressed [ 215.459044][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 215.564237][ T9947] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 215.571786][ T9947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.600913][ T9947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 215.740758][T10134] lo speed is unknown, defaulting to 1000 [ 215.873595][ T9947] hsr_slave_0: entered promiscuous mode [ 215.913865][ T9947] hsr_slave_1: entered promiscuous mode [ 215.929271][ T9947] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 215.947033][ T9947] Cannot create hsr debugfs directory [ 216.265575][T10155] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 216.274661][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 216.386340][T10162] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1644'. [ 216.408664][ T5104] Bluetooth: hci3: command tx timeout [ 216.498425][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 216.600482][T10167] netlink: 'syz.3.1645': attribute type 10 has an invalid length. [ 216.653749][T10167] team0: Port device wlan1 removed [ 216.770081][T10175] IPVS: length: 96 != 8 [ 216.791433][T10175] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1647'. [ 216.822010][T10175] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1647'. [ 216.968351][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 216.977482][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 217.053362][ T6800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 217.191121][T10184] netlink: 'syz.4.1651': attribute type 4 has an invalid length. [ 217.252486][T10190] FAULT_INJECTION: forcing a failure. [ 217.252486][T10190] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 217.280086][T10190] CPU: 1 PID: 10190 Comm: syz.0.1652 Not tainted 6.10.0-rc5-syzkaller-01200-gcda91d5b911a #0 [ 217.290324][T10190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 217.300420][T10190] Call Trace: [ 217.303731][T10190] [ 217.306692][T10190] dump_stack_lvl+0x241/0x360 [ 217.311421][T10190] ? __pfx_dump_stack_lvl+0x10/0x10 [ 217.316663][T10190] ? __pfx__printk+0x10/0x10 [ 217.321307][T10190] ? __pfx_lock_release+0x10/0x10 [ 217.326388][T10190] should_fail_ex+0x3b0/0x4e0 [ 217.331121][T10190] _copy_to_iter+0x1f6/0x1960 [ 217.335864][T10190] ? __virt_addr_valid+0x183/0x520 [ 217.341034][T10190] ? __pfx_lock_release+0x10/0x10 [ 217.346198][T10190] ? __pfx__copy_to_iter+0x10/0x10 [ 217.351353][T10190] ? __virt_addr_valid+0x183/0x520 [ 217.356510][T10190] ? __virt_addr_valid+0x183/0x520 [ 217.361665][T10190] ? __virt_addr_valid+0x44e/0x520 [ 217.366823][T10190] ? __phys_addr_symbol+0x2f/0x70 [ 217.371896][T10190] ? __check_object_size+0x49c/0x900 [ 217.377246][T10190] __skb_datagram_iter+0x10f/0x870 [ 217.382496][T10190] ? __pfx_skb_recv_datagram+0x10/0x10 [ 217.388008][T10190] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 217.393702][T10190] skb_copy_datagram_iter+0xd1/0x250 [ 217.399058][T10190] netlink_recvmsg+0x2d0/0x11d0 [ 217.403972][T10190] ? __pfx_netlink_recvmsg+0x10/0x10 [ 217.409325][T10190] ? __pfx_aa_sk_perm+0x10/0x10 [ 217.414319][T10190] ? __fget_files+0x29/0x470 [ 217.418969][T10190] ? aa_sock_msg_perm+0x91/0x160 [ 217.423963][T10190] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 217.429296][T10190] ? security_socket_recvmsg+0x90/0xb0 [ 217.434807][T10190] ? __pfx_netlink_recvmsg+0x10/0x10 [ 217.440144][T10190] sock_recvmsg+0x22f/0x280 [ 217.444698][T10190] __sys_recvfrom+0x256/0x3e0 [ 217.449449][T10190] ? __pfx___sys_recvfrom+0x10/0x10 [ 217.454718][T10190] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 217.460832][T10190] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 217.467220][T10190] __x64_sys_recvfrom+0xde/0x100 [ 217.472220][T10190] do_syscall_64+0xf3/0x230 [ 217.477030][T10190] ? clear_bhb_loop+0x35/0x90 [ 217.481756][T10190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.487694][T10190] RIP: 0033:0x7fcf2d5778a4 [ 217.492161][T10190] Code: 89 4c 24 1c e8 ed 5a 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 5b 02 00 48 8b 04 [ 217.511898][T10190] RSP: 002b:00007fcf2e3acee0 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 217.520455][T10190] RAX: ffffffffffffffda RBX: 00007fcf2e3acfd0 RCX: 00007fcf2d5778a4 [ 217.528485][T10190] RDX: 0000000000001000 RSI: 00007fcf2e3ad020 RDI: 0000000000000006 [ 217.536503][T10190] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 217.544515][T10190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 217.552525][T10190] R13: 00007fcf2e3acf78 R14: 00007fcf2e3ad020 R15: 0000000000000000 [ 217.560560][T10190] [ 217.567267][ T6800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 217.575550][ T6800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 217.720167][T10200] netlink: 'syz.3.1656': attribute type 33 has an invalid length. [ 217.728591][T10200] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1656'. [ 217.820989][T10203] netlink: 'syz.4.1657': attribute type 1 has an invalid length. [ 217.854079][T10203] netlink: 'syz.4.1657': attribute type 2 has an invalid length. [ 217.929983][T10215] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 218.316939][ T9947] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 218.393960][ T9947] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 218.436355][ T9947] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 218.466844][T10238] netlink: 'syz.4.1666': attribute type 4 has an invalid length. [ 218.576276][ T9947] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 218.615895][T10243] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1668'. [ 218.628213][T10243] tipc: Started in network mode [ 218.639484][T10243] tipc: Node identity 1, cluster identity 4711 [ 218.657083][T10243] tipc: Node number set to 1 [ 218.709148][T10242] x_tables: unsorted entry at hook 3 [ 218.805513][T10252] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1670'. [ 218.868518][T10248] pim6reg1: entered promiscuous mode [ 218.887493][T10248] pim6reg1: entered allmulticast mode [ 218.924195][T10259] pimreg: entered allmulticast mode [ 218.996345][T10257] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1671'. [ 219.068748][T10266] netlink: 123 bytes leftover after parsing attributes in process `syz.0.1674'. [ 219.074552][T10264] ɶƣ0GCTw: entered promiscuous mode [ 219.087831][T10259] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1671'. [ 219.114090][T10263] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1671'. [ 219.194833][T10264] ɶƣ0GC: entered promiscuous mode [ 219.207102][T10262] netlink: 144316 bytes leftover after parsing attributes in process `syz.4.1673'. [ 219.265517][T10272] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1677'. [ 219.277368][T10272] netlink: 'syz.2.1677': attribute type 1 has an invalid length. [ 219.489640][T10272] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 219.510282][T10272] bond1: (slave batadv1): Enslaving as a backup interface with an up link [ 219.527596][T10284] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1678'. [ 219.597403][ T9947] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.680887][ T9947] 8021q: adding VLAN 0 to HW filter on device team0 [ 219.733130][ T6799] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.740405][ T6799] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.822791][ T6799] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.830074][ T6799] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.996040][ T9947] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 220.509887][T10331] Bluetooth: MGMT ver 1.22 [ 220.539758][T10331] Bluetooth: hci3: invalid length 0, exp 2 for type 29 [ 220.571525][ T6799] net_ratelimit: 161 callbacks suppressed [ 220.571549][ T6799] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 220.650985][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 220.765205][ T9947] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 220.783885][T10343] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1696'. [ 221.014219][ T9947] veth0_vlan: entered promiscuous mode [ 221.082478][ T9947] veth1_vlan: entered promiscuous mode [ 221.120074][T10351] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1701'. [ 221.223418][ T9947] veth0_macvtap: entered promiscuous mode [ 221.250892][ T9947] veth1_macvtap: entered promiscuous mode [ 221.314011][ T9947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.359092][ T9947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.393646][ T9947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.421517][ T9947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.444673][ T9947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.467170][ T9947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.490426][ T9947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.516689][ T9947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.543382][ T9947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.556497][ T9947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.573261][ T9947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.591395][ T9947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.614583][ T9947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.627089][ T9947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.659190][ T9947] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 221.667788][T10368] netlink: 'syz.4.1707': attribute type 2 has an invalid length. [ 221.696016][ T1736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 221.726008][ T9947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.751075][ T9947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.778303][ T9947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.798073][ T9947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.833808][ T9947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.886711][ T9947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.915045][ T9947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.937772][ T9947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.972107][ T9947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.022168][ T9947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.045693][ T9947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.083727][ T9947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.110990][ T9947] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.130405][ T9947] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.165762][ T9947] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 222.267801][ T9947] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.306442][ T9947] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.358069][ T9947] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.367014][ T9947] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.580759][T10416] bridge_slave_1: left allmulticast mode [ 222.608139][T10416] bridge_slave_1: left promiscuous mode [ 222.624264][T10416] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.682506][T10416] bridge1: port 1(bridge_slave_1) entered blocking state [ 222.695730][T10416] bridge1: port 1(bridge_slave_1) entered disabled state [ 222.705935][T10416] bridge_slave_1: entered allmulticast mode [ 222.714211][T10416] bridge_slave_1: entered promiscuous mode [ 222.729147][ T5155] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 222.738518][T10416] bridge1: port 1(bridge_slave_1) entered blocking state [ 222.745700][T10416] bridge1: port 1(bridge_slave_1) entered forwarding state [ 222.864828][T10421] bridge1: port 2(veth1_to_bond) entered blocking state [ 222.883483][T10421] bridge1: port 2(veth1_to_bond) entered disabled state [ 222.903799][T10421] veth1_to_bond: entered allmulticast mode [ 222.925649][T10421] veth1_to_bond: entered promiscuous mode [ 222.947490][T10421] bridge1: port 2(veth1_to_bond) entered blocking state [ 222.954735][T10421] bridge1: port 2(veth1_to_bond) entered forwarding state [ 223.102171][ T9756] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.116579][ T9756] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 223.184939][T10444] netlink: 'syz.2.1726': attribute type 1 has an invalid length. [ 223.419029][T10455] netlink: 'syz.4.1729': attribute type 10 has an invalid length. [ 223.426929][T10455] openvswitch: netlink: Flow key attr not present in new flow. [ 223.447317][T10451] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 223.472779][T10451] bond2: (slave batadv2): Enslaving as a backup interface with an up link [ 223.489011][ T2877] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.517288][ T2877] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 223.609539][ T6799] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 223.786722][ T5180] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 223.927465][T10474] __nla_validate_parse: 6 callbacks suppressed [ 223.927489][T10474] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1735'. [ 224.088490][T10489] openvswitch: netlink: Missing key (keys=20040, expected=80) [ 224.566569][ T61] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.729765][T10509] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1740'. [ 224.773186][T10509] openvswitch: netlink: Multiple metadata blocks provided [ 224.792359][ T61] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.809400][ T5097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 225.125628][ T61] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.269935][T10538] netlink: 'syz.0.1749': attribute type 3 has an invalid length. [ 225.296066][T10538] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1749'. [ 225.360842][ T61] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.456624][ T5101] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 225.470826][ T5101] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 225.483820][ T5101] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 225.497509][ T5101] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 225.505618][T10545] netlink: 'syz.3.1750': attribute type 5 has an invalid length. [ 225.517313][ T5101] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 225.525902][ T5101] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 225.805735][T10559] vlan5: entered promiscuous mode [ 225.821464][T10559] syz_tun: entered promiscuous mode [ 225.858036][ T5180] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 225.860512][T10559] vlan5: entered allmulticast mode [ 225.879720][T10564] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1755'. [ 225.917001][T10559] syz_tun: entered allmulticast mode [ 225.939907][T10559] team0: Port device vlan5 added [ 225.959947][T10548] lo speed is unknown, defaulting to 1000 [ 226.125400][T10566] netlink: 1 bytes leftover after parsing attributes in process `syz.2.1756'. [ 226.156064][T10573] netlink: 144316 bytes leftover after parsing attributes in process `syz.0.1757'. [ 226.251336][ T9758] wlan1: Trigger new scan to find an IBSS to join [ 226.400033][ T61] bridge_slave_1: left allmulticast mode [ 226.419872][ T61] bridge_slave_1: left promiscuous mode [ 226.435980][ T61] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.472304][T10594] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1761'. [ 226.530134][ T61] bridge_slave_0: left allmulticast mode [ 226.535855][ T61] bridge_slave_0: left promiscuous mode [ 226.579860][ T61] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.657222][ T5202] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 226.665741][ T6801] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 226.890157][ T1736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 226.899393][T10617] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 226.967830][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 227.020846][T10617] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 227.097660][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 227.131875][T10612] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 227.159363][T10617] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 227.611653][ T5101] Bluetooth: hci3: command tx timeout [ 227.784370][ T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 227.798290][ T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 227.812711][ T61] bond0 (unregistering): Released all slaves [ 228.834111][T10687] netlink: 'syz.3.1786': attribute type 3 has an invalid length. [ 228.872057][T10687] netlink: 'syz.3.1786': attribute type 11 has an invalid length. [ 228.903994][T10687] netlink: 128512 bytes leftover after parsing attributes in process `syz.3.1786'. [ 228.947055][T10548] chnl_net:caif_netlink_parms(): no params data found [ 229.119610][ T61] hsr_slave_0: left promiscuous mode [ 229.138647][T10698] netlink: 207496 bytes leftover after parsing attributes in process `syz.4.1789'. [ 229.171200][ T61] hsr_slave_1: left promiscuous mode [ 229.187620][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 229.212014][ T61] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 229.255612][ T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 229.268483][ T61] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 229.363457][ T61] veth1_macvtap: left promiscuous mode [ 229.389111][ T61] veth0_macvtap: left promiscuous mode [ 229.408631][ T61] veth1_vlan: left promiscuous mode [ 229.414164][ T61] veth0_vlan: left promiscuous mode [ 229.688302][ T5101] Bluetooth: hci3: command tx timeout [ 230.190105][ T61] team0 (unregistering): Port device team_slave_1 removed [ 230.237738][ T61] team0 (unregistering): Port device team_slave_0 removed [ 230.795486][T10721] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1794'. [ 231.049645][ T5180] net_ratelimit: 18 callbacks suppressed [ 231.049669][ T5180] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 231.270210][T10749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1800'. [ 231.289687][ T973] wlan1: Trigger new scan to find an IBSS to join [ 231.336762][T10548] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.361573][T10548] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.380663][T10548] bridge_slave_0: entered allmulticast mode [ 231.419686][T10548] bridge_slave_0: entered promiscuous mode [ 231.477324][T10548] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.517017][T10548] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.547451][T10548] bridge_slave_1: entered allmulticast mode [ 231.579415][T10548] bridge_slave_1: entered promiscuous mode [ 231.769026][ T5101] Bluetooth: hci3: command tx timeout [ 231.834873][T10548] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 231.883973][T10548] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 232.089567][T10548] team0: Port device team_slave_0 added [ 232.095937][ T1736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 232.144442][T10548] team0: Port device team_slave_1 added [ 232.224264][ T973] wlan1: Creating new IBSS network, BSSID fa:48:15:a8:d1:6f [ 232.291624][T10797] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 232.328462][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 232.356602][T10548] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 232.367376][T10548] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 232.424220][T10548] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 232.442391][T10801] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1816'. [ 232.462601][T10801] vlan3: entered promiscuous mode [ 232.476425][T10548] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 232.506205][T10548] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 232.570877][ T5101] Bluetooth: hci0: command 0x0406 tx timeout [ 232.611469][T10548] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 232.729717][ T6801] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 232.820903][T10821] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1818'. [ 232.893152][T10548] hsr_slave_0: entered promiscuous mode [ 232.907809][T10829] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1823'. [ 232.921341][T10548] hsr_slave_1: entered promiscuous mode [ 232.939196][T10548] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 232.955264][T10548] Cannot create hsr debugfs directory [ 233.004764][T10823] team_slave_0: entered promiscuous mode [ 233.010660][T10823] team_slave_1: entered promiscuous mode [ 233.016421][T10823] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 233.034442][T10823] vlan3: entered promiscuous mode [ 233.044753][T10823] team0: entered promiscuous mode [ 233.082816][T10823] vlan3: entered allmulticast mode [ 233.108597][T10823] team0: entered allmulticast mode [ 233.118620][T10823] team_slave_0: entered allmulticast mode [ 233.129997][ T5180] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 233.149516][T10823] team_slave_1: entered allmulticast mode [ 233.164010][T10823] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 233.171757][T10823] vlan2: entered allmulticast mode [ 233.177204][T10823] bridge0: entered allmulticast mode [ 233.190706][T10823] team0: left allmulticast mode [ 233.201847][T10823] team_slave_0: left allmulticast mode [ 233.210413][T10823] team_slave_1: left allmulticast mode [ 233.217791][T10823] net veth1_virt_wifi virt_wifi0: left allmulticast mode [ 233.235784][T10823] vlan2: left allmulticast mode [ 233.248383][T10823] bridge0: left allmulticast mode [ 233.258375][T10823] team0: left promiscuous mode [ 233.266978][T10823] team_slave_0: left promiscuous mode [ 233.272584][T10823] team_slave_1: left promiscuous mode [ 233.278247][T10823] net veth1_virt_wifi virt_wifi0: left promiscuous mode [ 233.420668][T10842] netlink: 'syz.0.1827': attribute type 3 has an invalid length. [ 233.854384][ T5104] Bluetooth: hci3: command tx timeout [ 233.901931][T10868] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1834'. [ 233.937651][T10867] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1832'. [ 233.969361][T10862] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1832'. [ 233.993172][T10865] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1835'. [ 234.179911][ T1736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 234.237571][T10881] __nla_validate_parse: 1 callbacks suppressed [ 234.237593][T10881] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1839'. [ 234.259782][T10879] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1838'. [ 234.295207][T10881] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1839'. [ 234.463500][T10882] netlink: 'syz.0.1839': attribute type 14 has an invalid length. [ 234.646555][T10895] xt_TPROXY: Can be used only with -p tcp or -p udp [ 234.672037][T10895] netlink: zone id is out of range [ 234.677439][T10895] netlink: zone id is out of range [ 234.683135][T10895] netlink: zone id is out of range [ 234.761533][T10893] netlink: 'syz.2.1844': attribute type 10 has an invalid length. [ 234.919135][T10893] veth1_macvtap (unregistering): left allmulticast mode [ 235.146640][T10903] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1846'. [ 235.205069][T10903] veth0_macvtap: left promiscuous mode [ 235.515903][T10918] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1851'. [ 235.616995][T10921] netlink: 'syz.2.1852': attribute type 1 has an invalid length. [ 235.659092][T10921] sctp: [Deprecated]: syz.2.1852 (pid 10921) Use of int in max_burst socket option deprecated. [ 235.659092][T10921] Use struct sctp_assoc_value instead [ 235.679586][T10548] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 235.713108][T10548] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 235.745873][T10926] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1854'. [ 235.783355][T10548] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 235.838530][T10548] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 236.008665][T10946] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1860'. [ 236.207091][T10960] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1862'. [ 236.249757][ T5097] net_ratelimit: 18 callbacks suppressed [ 236.249778][ T5097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 236.263609][ T5097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 236.265323][T10960] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1862'. [ 236.295218][T10964] netlink: 2060 bytes leftover after parsing attributes in process `syz.4.1865'. [ 236.338151][T10964] netlink: 'syz.4.1865': attribute type 1 has an invalid length. [ 236.477036][T10548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.576146][T10548] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.664614][ T1736] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.671859][ T1736] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.741485][ T1736] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.748719][ T1736] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.813396][T10981] vlan2: entered promiscuous mode [ 236.828506][T10981] bridge0: entered promiscuous mode [ 236.851521][T10988] netlink: zone id is out of range [ 236.864095][T10988] netlink: zone id is out of range [ 236.893343][T10981] team0: Port device vlan2 added [ 236.958460][T10988] netlink: set zone limit has 4 unknown bytes [ 237.289491][ T1736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 237.782354][T10548] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 237.858343][T11022] lo speed is unknown, defaulting to 1000 [ 238.146547][T10548] veth0_vlan: entered promiscuous mode [ 238.331708][ T5155] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 238.380542][T11046] macvlan2: entered allmulticast mode [ 238.399393][T11046] team_slave_0: entered promiscuous mode [ 238.405348][T11046] team_slave_1: entered promiscuous mode [ 238.411188][T11046] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 238.440906][T11046] team0: entered allmulticast mode [ 238.446194][T11046] team_slave_0: entered allmulticast mode [ 238.468097][T11046] team_slave_1: entered allmulticast mode [ 238.478035][T11046] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 238.495563][T11046] vlan2: entered allmulticast mode [ 238.508025][T11046] bridge0: entered allmulticast mode [ 238.524403][T11046] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 238.545733][T11046] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 238.584500][T10548] veth1_vlan: entered promiscuous mode [ 238.809769][ T6800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 238.817786][T11027] dvmrp0: entered allmulticast mode [ 238.859820][T11058] lo speed is unknown, defaulting to 1000 [ 239.307669][T11078] __nla_validate_parse: 3 callbacks suppressed [ 239.307695][T11078] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1894'. [ 239.368925][ T5155] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 239.464328][T11080] netlink: 'syz.4.1894': attribute type 1 has an invalid length. [ 239.617076][T11097] dccp_invalid_packet: P.type (CLOSE) not Data || [Data]Ack, while P.X == 0 [ 239.647405][T11078] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 239.672428][T11078] bond1: (slave batadv1): Enslaving as a backup interface with an up link [ 239.716619][T11097] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1897'. [ 239.810553][T10548] veth0_macvtap: entered promiscuous mode [ 239.862795][T10548] veth1_macvtap: entered promiscuous mode [ 240.358943][T10548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 240.398201][T10548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.427570][T10548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 240.444206][T10548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.462654][T10548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 240.475109][T10548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.487317][T10548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 240.499596][T10548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.509688][T10548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 240.520483][T10548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.530379][T10548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 240.541291][T10548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.561967][T10548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 240.572813][T10548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.589679][T10548] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 240.605109][T11135] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1906'. [ 240.730462][T10548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 240.765867][T10548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.791128][T10548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 240.814996][T11140] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1907'. [ 240.825288][T10548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.844191][T10548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 240.859183][T10548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.866606][T11143] xt_limit: Overflow, try lower: 262144/524288 [ 240.872857][T10548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 240.886453][T10548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.902156][T10548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 240.916200][T10548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.926915][T11146] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 240.942869][T10548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 240.955135][T10548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.965389][T10548] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 240.984866][T10548] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.999480][T10548] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 241.014777][T11144] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1909'. [ 241.120873][T10548] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.174589][T10548] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.203591][T10548] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.213455][T10548] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.436479][T11162] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1915'. [ 241.448830][ T5097] net_ratelimit: 3 callbacks suppressed [ 241.448851][ T5097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 241.478777][T11157] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1912'. [ 241.499476][T11158] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1913'. [ 241.528758][T11158] 0XD: renamed from vxcan0 (while UP) [ 241.567661][T11158] 0XD: entered allmulticast mode [ 241.596677][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.626883][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.642568][T11170] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1917'. [ 241.761792][ T9758] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.788127][ T9758] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.959116][T11185] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1922'. [ 242.210176][T11198] netlink: 'syz.0.1924': attribute type 15 has an invalid length. [ 242.239704][T11198] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 65023 - 0 [ 242.250702][T11198] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 65023 - 0 [ 242.260617][T11198] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 65023 - 0 [ 242.269825][T11198] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 65023 - 0 [ 242.310208][T11198] vxlan0: entered promiscuous mode [ 242.489330][ T5180] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 242.490658][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.620808][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.713779][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.782558][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.007837][ T12] bridge_slave_1: left allmulticast mode [ 243.013976][ T12] bridge_slave_1: left promiscuous mode [ 243.023680][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.044514][ T12] bridge_slave_0: left allmulticast mode [ 243.058730][ T12] bridge_slave_0: left promiscuous mode [ 243.064770][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.295126][T11222] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 243.354003][T11222] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 243.398562][T11222] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 243.436549][T11222] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 243.477265][T11222] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 243.528880][ T5097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 243.716444][ T5101] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 243.727397][ T5101] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 243.735865][ T5101] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 243.752331][ T5101] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 243.769201][ T6801] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 243.783663][ T5101] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 243.794005][ T5101] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 244.013257][T11218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 244.335803][ T5101] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 244.361867][ T5101] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 244.371685][ T5101] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 244.386486][ T5101] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 244.394679][ T5101] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 244.416476][ T5101] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 244.489429][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 244.502569][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 244.514427][ T12] bond0 (unregistering): Released all slaves [ 244.967802][T11265] FAULT_INJECTION: forcing a failure. [ 244.967802][T11265] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 244.994278][T11239] lo speed is unknown, defaulting to 1000 [ 245.018196][T11265] CPU: 1 PID: 11265 Comm: syz.3.1943 Not tainted 6.10.0-rc5-syzkaller-01200-gcda91d5b911a #0 [ 245.028421][T11265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 245.038514][T11265] Call Trace: [ 245.041827][T11265] [ 245.044795][T11265] dump_stack_lvl+0x241/0x360 [ 245.049524][T11265] ? __pfx_dump_stack_lvl+0x10/0x10 [ 245.054767][T11265] ? __pfx__printk+0x10/0x10 [ 245.059399][T11265] ? do_sys_openat2+0x17a/0x1d0 [ 245.064372][T11265] ? __pfx_lock_release+0x10/0x10 [ 245.069465][T11265] should_fail_ex+0x3b0/0x4e0 [ 245.074200][T11265] _copy_from_user+0x2f/0xe0 [ 245.078824][T11265] __x64_sys_epoll_ctl+0x124/0x1a0 [ 245.083987][T11265] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 245.089672][T11265] ? do_syscall_64+0x100/0x230 [ 245.094496][T11265] ? do_syscall_64+0xb6/0x230 [ 245.099227][T11265] do_syscall_64+0xf3/0x230 [ 245.103788][T11265] ? clear_bhb_loop+0x35/0x90 [ 245.108522][T11265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.114466][T11265] RIP: 0033:0x7fe7ad575bd9 [ 245.118954][T11265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 245.138715][T11265] RSP: 002b:00007fe7ae25f048 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 245.147188][T11265] RAX: ffffffffffffffda RBX: 00007fe7ad703f60 RCX: 00007fe7ad575bd9 [ 245.155296][T11265] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 [ 245.163322][T11265] RBP: 00007fe7ae25f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 245.171345][T11265] R10: 0000000020000100 R11: 0000000000000246 R12: 0000000000000001 [ 245.179356][T11265] R13: 000000000000000b R14: 00007fe7ad703f60 R15: 00007fff1b42aa28 [ 245.187569][T11265] [ 245.215171][T11245] lo speed is unknown, defaulting to 1000 [ 245.606534][T11277] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 245.615104][T11284] __nla_validate_parse: 2 callbacks suppressed [ 245.615124][T11284] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1948'. [ 245.615532][T11277] macvtap1: entered allmulticast mode [ 245.636659][T11277] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 245.795543][ T12] hsr_slave_0: left promiscuous mode [ 245.819917][ T12] hsr_slave_1: left promiscuous mode [ 245.850934][ T5104] Bluetooth: hci3: command tx timeout [ 245.859261][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 245.866749][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 245.902711][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 245.921551][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 246.048295][ T12] veth1_macvtap: left promiscuous mode [ 246.053922][ T12] veth0_macvtap: left promiscuous mode [ 246.079070][ T12] veth1_vlan: left promiscuous mode [ 246.094709][ T12] veth0_vlan: left promiscuous mode [ 246.491708][ T5101] Bluetooth: hci4: command tx timeout [ 246.656861][ T25] net_ratelimit: 2 callbacks suppressed [ 246.656886][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 246.809422][ T6801] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 247.062594][ T12] team0 (unregistering): Port device team_slave_1 removed [ 247.113024][ T12] team0 (unregistering): Port device team_slave_0 removed [ 247.688570][ T1736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 247.938134][ T5101] Bluetooth: hci3: command tx timeout [ 247.954281][T11319] netlink: 'syz.3.1960': attribute type 11 has an invalid length. [ 248.242081][T11329] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1963'. [ 248.257306][T11245] chnl_net:caif_netlink_parms(): no params data found [ 248.389619][T11336] openvswitch: netlink: nsh attribute has 4 unknown bytes. [ 248.523136][T11239] chnl_net:caif_netlink_parms(): no params data found [ 248.568838][ T5101] Bluetooth: hci4: command tx timeout [ 248.706356][T11351] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1967'. [ 248.731071][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 248.761603][T11351] openvswitch: netlink: Geneve option length err (len 3060, max 255). [ 248.884106][T11245] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.922370][T11245] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.949664][T11245] bridge_slave_0: entered allmulticast mode [ 248.960903][T11245] bridge_slave_0: entered promiscuous mode [ 248.974467][T11356] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1968'. [ 249.066197][T11245] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.106586][T11245] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.136884][T11245] bridge_slave_1: entered allmulticast mode [ 249.164333][T11376] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1972'. [ 249.178285][T11245] bridge_slave_1: entered promiscuous mode [ 249.195340][T11376] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1972'. [ 249.301568][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 65023 - 0 [ 249.341513][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.477646][T11381] lo speed is unknown, defaulting to 1000 [ 249.576414][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 65023 - 0 [ 249.587325][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.665858][T11245] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 249.709170][T11386] lo speed is unknown, defaulting to 1000 [ 249.761285][T11239] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.769117][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 249.787981][T11239] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.795449][T11239] bridge_slave_0: entered allmulticast mode [ 249.820250][T11239] bridge_slave_0: entered promiscuous mode [ 249.859990][ T5202] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 249.910402][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 65023 - 0 [ 249.952037][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.008629][ T5101] Bluetooth: hci3: command tx timeout [ 250.025684][T11245] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 250.133557][T11239] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.155502][T11239] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.171209][T11239] bridge_slave_1: entered allmulticast mode [ 250.187019][T11239] bridge_slave_1: entered promiscuous mode [ 250.286763][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 65023 - 0 [ 250.300908][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.330283][ T6801] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 250.345420][ T9758] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 250.366522][T11245] team0: Port device team_slave_0 added [ 250.392393][T11399] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1977'. [ 250.456090][T11245] team0: Port device team_slave_1 added [ 250.516692][T11239] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 250.594751][T11404] netlink: 'syz.4.1978': attribute type 34 has an invalid length. [ 250.606935][T11239] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 250.648328][ T5101] Bluetooth: hci4: command tx timeout [ 250.727421][T11245] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 250.735671][T11245] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 250.774467][T11413] netlink: 116 bytes leftover after parsing attributes in process `syz.4.1979'. [ 250.783808][T11245] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 250.886411][T11239] team0: Port device team_slave_0 added [ 250.905771][T11245] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 250.918036][T11245] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.028035][T11245] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 251.181079][T11239] team0: Port device team_slave_1 added [ 251.282109][T11424] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1980'. [ 251.388336][T11239] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 251.395432][T11239] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.444110][T11239] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 251.499734][T11245] hsr_slave_0: entered promiscuous mode [ 251.506753][T11245] hsr_slave_1: entered promiscuous mode [ 251.513770][T11245] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 251.521794][T11245] Cannot create hsr debugfs directory [ 251.575738][T11239] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 251.584269][T11239] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.612208][T11239] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 251.748103][ T12] bridge_slave_1: left allmulticast mode [ 251.753864][ T12] bridge_slave_1: left promiscuous mode [ 251.770363][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.794326][ T12] bridge_slave_0: left allmulticast mode [ 251.808076][ T12] bridge_slave_0: left promiscuous mode [ 251.824329][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.848958][ T5097] net_ratelimit: 8 callbacks suppressed [ 251.848978][ T5097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 252.059025][ T12] bridge0: left promiscuous mode [ 252.096122][ T5101] Bluetooth: hci3: command tx timeout [ 252.280484][ T12] dvmrp0 (unregistering): left allmulticast mode [ 252.379025][ T12] team0: Port device vlan2 removed [ 252.560522][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 252.578905][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 252.600567][ T12] bond0 (unregistering): Released all slaves [ 252.702389][T11239] hsr_slave_0: entered promiscuous mode [ 252.711077][T11239] hsr_slave_1: entered promiscuous mode [ 252.718573][T11239] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 252.726261][T11239] Cannot create hsr debugfs directory [ 252.728607][ T5101] Bluetooth: hci4: command tx timeout [ 252.788379][ T12] tipc: Left network mode [ 252.888349][ T1736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 252.982830][T11448] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1990'. [ 253.440466][T11465] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1994'. [ 253.719211][T11474] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1997'. [ 253.812829][T11474] lo speed is unknown, defaulting to 1000 [ 253.854471][ T12] hsr_slave_0: left promiscuous mode [ 253.901262][ T12] hsr_slave_1: left promiscuous mode [ 253.924990][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 253.933478][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 253.958338][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 253.984124][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 254.001347][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 254.012201][ T6800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 254.095183][ T12] veth1_macvtap: left promiscuous mode [ 254.109374][ T12] veth0_macvtap: left promiscuous mode [ 254.123298][ T12] veth1_vlan: left promiscuous mode [ 254.132272][ T12] veth0_vlan: left promiscuous mode [ 254.975958][ T5180] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 255.008930][ T12] team0 (unregistering): Port device team_slave_1 removed [ 255.046324][ T12] team0 (unregistering): Port device team_slave_0 removed [ 255.633901][T11490] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2002'. [ 255.735011][T11493] lo speed is unknown, defaulting to 1000 [ 255.954330][T11505] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2006'. [ 256.025635][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 256.108793][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.267777][T11519] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2009'. [ 256.398249][T11245] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 256.442862][T11245] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 256.698374][T11245] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 256.750504][T11245] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 256.896803][T11540] netlink: 'syz.2.2012': attribute type 1 has an invalid length. [ 256.920797][T11540] netlink: 9116 bytes leftover after parsing attributes in process `syz.2.2012'. [ 256.934129][T11540] netlink: 'syz.2.2012': attribute type 1 has an invalid length. [ 256.949560][T11540] netlink: 209 bytes leftover after parsing attributes in process `syz.2.2012'. [ 257.050000][ T6801] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 257.058297][ T6801] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 257.454194][T11551] netlink: 'syz.2.2017': attribute type 5 has an invalid length. [ 257.660865][T11559] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.671546][T11245] 8021q: adding VLAN 0 to HW filter on device bond0 [ 257.777464][T11562] netlink: 'syz.4.2022': attribute type 33 has an invalid length. [ 257.817050][T11562] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2022'. [ 257.856849][T11239] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 257.874763][T11567] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2024'. [ 257.890283][T11239] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 257.934955][T11245] 8021q: adding VLAN 0 to HW filter on device team0 [ 257.948093][T11239] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 257.995765][T11239] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 258.066369][ T1736] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.073657][ T1736] bridge0: port 1(bridge_slave_0) entered forwarding state [ 258.099944][ T5097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 258.169639][ T5202] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.176900][ T5202] bridge0: port 2(bridge_slave_1) entered forwarding state [ 258.519833][T11239] 8021q: adding VLAN 0 to HW filter on device bond0 [ 258.606280][T11239] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.662572][ T5202] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.669927][ T5202] bridge0: port 1(bridge_slave_0) entered forwarding state [ 258.744206][ T5202] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.751514][ T5202] bridge0: port 2(bridge_slave_1) entered forwarding state [ 259.006577][T11245] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 259.130624][ T5097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 259.175528][T11614] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2036'. [ 259.203396][T11614] xfrm1: entered promiscuous mode [ 259.220262][T11614] xfrm1: entered allmulticast mode [ 259.230544][T11617] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2037'. [ 259.273653][T11245] veth0_vlan: entered promiscuous mode [ 259.333791][T11245] veth1_vlan: entered promiscuous mode [ 259.507057][T11245] veth0_macvtap: entered promiscuous mode [ 259.556635][T11245] veth1_macvtap: entered promiscuous mode [ 259.625857][T11239] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 259.672263][T11245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.718158][T11245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.748000][T11245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.784376][T11245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.808010][T11245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.828313][T11245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.869021][T11245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.897006][T11245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.914849][T11245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.929806][ T6798] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 259.935792][T11245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.968165][T11245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.988491][T11245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.010465][T11245] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 260.032897][T11646] netlink: 'syz.4.2043': attribute type 2 has an invalid length. [ 260.054368][T11245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.092771][ T6798] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 260.107786][T11245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.119502][T11245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.130036][T11245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.168803][ T1736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 260.177172][T11245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.195139][T11245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.218382][T11245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.238103][T11245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.249963][T11245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.260771][T11245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.271927][T11245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 260.295716][T11245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 260.351106][T11245] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 260.403121][T11657] ip6gretap0: entered promiscuous mode [ 260.411629][T11657] bridge0: entered promiscuous mode [ 260.420856][T11657] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 260.429450][T11657] Cannot create hsr debugfs directory [ 260.441869][T11245] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.443389][T11664] FAULT_INJECTION: forcing a failure. [ 260.443389][T11664] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 260.468383][T11245] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.484571][T11664] CPU: 1 PID: 11664 Comm: syz.3.2048 Not tainted 6.10.0-rc5-syzkaller-01200-gcda91d5b911a #0 [ 260.494793][T11664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 260.497466][T11245] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.504862][T11664] Call Trace: [ 260.504877][T11664] [ 260.504888][T11664] dump_stack_lvl+0x241/0x360 [ 260.504921][T11664] ? __pfx_dump_stack_lvl+0x10/0x10 [ 260.504945][T11664] ? __pfx__printk+0x10/0x10 [ 260.504975][T11664] ? snprintf+0xda/0x120 [ 260.505005][T11664] should_fail_ex+0x3b0/0x4e0 [ 260.505044][T11664] _copy_to_user+0x2f/0xb0 [ 260.505073][T11664] simple_read_from_buffer+0xca/0x150 [ 260.505106][T11664] proc_fail_nth_read+0x1e9/0x250 [ 260.505134][T11664] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 260.505163][T11664] ? rw_verify_area+0x514/0x6b0 [ 260.505198][T11664] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 260.505225][T11664] vfs_read+0x204/0xbd0 [ 260.505255][T11664] ? __pfx_aa_sk_perm+0x10/0x10 [ 260.505290][T11664] ? __pfx_vfs_read+0x10/0x10 [ 260.505317][T11664] ? data_sock_bind+0x106/0x7d0 [ 260.505348][T11664] ? bpf_lsm_socket_bind+0x9/0x10 [ 260.597803][T11664] ? security_socket_bind+0x87/0xb0 [ 260.603042][T11664] ? __sys_bind+0x256/0x2f0 [ 260.607574][T11664] ksys_read+0x1a0/0x2c0 [ 260.611837][T11664] ? __pfx_ksys_read+0x10/0x10 [ 260.616612][T11664] ? do_syscall_64+0x100/0x230 [ 260.621390][T11664] ? do_syscall_64+0xb6/0x230 [ 260.626082][T11664] do_syscall_64+0xf3/0x230 [ 260.630598][T11664] ? clear_bhb_loop+0x35/0x90 [ 260.635291][T11664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.641196][T11664] RIP: 0033:0x7fe7ad5746bc [ 260.645619][T11664] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 260.665251][T11664] RSP: 002b:00007fe7ae25f040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 260.673680][T11664] RAX: ffffffffffffffda RBX: 00007fe7ad703f60 RCX: 00007fe7ad5746bc [ 260.681661][T11664] RDX: 000000000000000f RSI: 00007fe7ae25f0b0 RDI: 0000000000000004 [ 260.689638][T11664] RBP: 00007fe7ae25f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 260.697614][T11664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 260.705593][T11664] R13: 000000000000000b R14: 00007fe7ad703f60 R15: 00007fff1b42aa28 [ 260.713587][T11664] [ 260.719252][T11245] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.009688][T11673] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 261.049663][T11668] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2049'. [ 261.089734][T11668] veth1_macvtap: left promiscuous mode [ 261.095407][T11668] macsec0: entered allmulticast mode [ 261.215795][T11239] veth0_vlan: entered promiscuous mode [ 261.218131][ T5097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 261.330595][ T9758] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 261.332633][T11688] netlink: 'syz.4.2053': attribute type 2 has an invalid length. [ 261.369430][ T9758] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 261.393089][T11239] veth1_vlan: entered promiscuous mode [ 261.556739][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 261.604927][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 261.627247][T11695] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 261.635353][T11239] veth0_macvtap: entered promiscuous mode [ 261.676322][T11239] veth1_macvtap: entered promiscuous mode [ 261.771620][T11239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 261.828449][T11239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 261.871106][T11239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 261.919247][T11239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 261.938169][T11239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 261.958037][T11239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 261.976962][T11239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 262.020258][T11239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.057962][T11239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 262.088901][T11239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.115270][T11239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 262.134691][T11239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.155249][T11239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 262.178911][T11239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.234270][T11239] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 262.268704][ T5180] net_ratelimit: 55 callbacks suppressed [ 262.268728][ T5180] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 262.367620][T11239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 262.398844][T11239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.447979][T11239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 262.493528][T11239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.519613][T11239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 262.537346][T11239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.560055][T11239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 262.581092][T11239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.605934][T11239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 262.630224][T11239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.651471][T11239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 262.676474][T11239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.695634][T11239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 262.723454][T11239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.754497][T11239] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 262.853045][T11239] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.890255][T11239] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.917490][T11239] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.932448][T11239] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.971663][T11758] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2068'. [ 263.026627][T11755] Bluetooth: MGMT ver 1.22 [ 263.099750][T11762] FAULT_INJECTION: forcing a failure. [ 263.099750][T11762] name failslab, interval 1, probability 0, space 0, times 0 [ 263.129134][ T6801] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 263.156313][T11762] CPU: 0 PID: 11762 Comm: syz.0.2070 Not tainted 6.10.0-rc5-syzkaller-01200-gcda91d5b911a #0 [ 263.166547][T11762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 263.176645][T11762] Call Trace: [ 263.179961][T11762] [ 263.182927][T11762] dump_stack_lvl+0x241/0x360 [ 263.187653][T11762] ? __pfx_dump_stack_lvl+0x10/0x10 [ 263.192989][T11762] ? __pfx__printk+0x10/0x10 [ 263.197766][T11762] ? __pfx___might_resched+0x10/0x10 [ 263.203196][T11762] ? percpu_counter_add_batch+0x291/0x2f0 [ 263.208994][T11762] should_fail_ex+0x3b0/0x4e0 [ 263.213733][T11762] ? ep_insert+0x273/0x1ac0 [ 263.218325][T11762] should_failslab+0x9/0x20 [ 263.222876][T11762] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 263.228311][T11762] ep_insert+0x273/0x1ac0 [ 263.232709][T11762] ? __pfx_aa_get_newest_label+0x10/0x10 [ 263.236168][T11765] netlink: 'syz.2.2071': attribute type 3 has an invalid length. [ 263.238377][T11762] ? __pfx_ep_insert+0x10/0x10 [ 263.250963][T11762] ? do_epoll_ctl+0x43e/0xf70 [ 263.255704][T11762] ? __pfx___mutex_lock+0x10/0x10 [ 263.260793][T11762] ? bpf_lsm_capable+0x9/0x10 [ 263.265532][T11762] do_epoll_ctl+0x8d2/0xf70 [ 263.270094][T11762] ? do_epoll_ctl+0x7e1/0xf70 [ 263.274829][T11762] __x64_sys_epoll_ctl+0x161/0x1a0 [ 263.280001][T11762] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 263.285687][T11762] ? do_syscall_64+0x100/0x230 [ 263.290498][T11762] ? do_syscall_64+0xb6/0x230 [ 263.291773][T11765] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2071'. [ 263.295198][T11762] do_syscall_64+0xf3/0x230 [ 263.308761][T11762] ? clear_bhb_loop+0x35/0x90 [ 263.313489][T11762] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.318242][ T5180] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 263.319404][T11762] RIP: 0033:0x7f2125d75bd9 [ 263.319431][T11762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.351664][T11762] RSP: 002b:00007f2126bfb048 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 263.360168][T11762] RAX: ffffffffffffffda RBX: 00007f2125f03f60 RCX: 00007f2125d75bd9 [ 263.368183][T11762] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 [ 263.376192][T11762] RBP: 00007f2126bfb0a0 R08: 0000000000000000 R09: 0000000000000000 [ 263.384395][T11762] R10: 0000000020000100 R11: 0000000000000246 R12: 0000000000000001 [ 263.392414][T11762] R13: 000000000000000b R14: 00007f2125f03f60 R15: 00007ffe55d8a1b8 [ 263.400456][T11762] [ 263.632162][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 263.659441][T11779] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2075'. [ 263.670479][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 263.774455][T11781] netlink: 'syz.3.2077': attribute type 1 has an invalid length. [ 263.791265][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 263.817458][T11781] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2077'. [ 263.829208][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 263.903852][T11790] openvswitch: ɶƣ0GC: Dropping previously announced user features [ 264.330743][ T5097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 264.499285][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.912405][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.035458][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.390842][ T1736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 265.501970][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.571712][T11873] dccp_invalid_packet: pskb_may_pull failed [ 265.640819][T11875] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2088'. [ 265.754147][T11879] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2089'. [ 265.837831][T11886] netlink: 'syz.3.2092': attribute type 1 has an invalid length. [ 265.853131][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 266.030828][ T12] bridge_slave_1: left allmulticast mode [ 266.051796][ T12] bridge_slave_1: left promiscuous mode [ 266.057636][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.146966][ T12] bridge_slave_0: left allmulticast mode [ 266.169468][ T6801] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 266.188132][ T12] bridge_slave_0: left promiscuous mode [ 266.203173][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 266.361254][ T6801] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 266.397062][ T5104] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 266.407642][ T5104] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 266.416866][ T5104] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 266.426541][ T5104] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 266.449331][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 266.459030][ T5104] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 266.467511][ T5104] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 267.155279][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 267.167162][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 267.179033][ T12] bond0 (unregistering): Released all slaves [ 267.193669][T11894] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2096'. [ 267.244464][T11907] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2098'. [ 267.280780][T11907] netlink: 'syz.0.2098': attribute type 7 has an invalid length. [ 267.317611][T11907] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 267.326985][T11907] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 267.336261][T11907] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 267.346117][T11907] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 267.399479][T11915] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2101'. [ 267.418851][T11907] vxlan0: entered promiscuous mode [ 267.435220][T11915] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 267.442562][T11915] IPv6: NLM_F_CREATE should be set when creating new route [ 267.449923][T11915] IPv6: NLM_F_CREATE should be set when creating new route [ 267.532554][ T5180] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 267.859365][T11908] lo speed is unknown, defaulting to 1000 [ 268.080497][T11943] sctp: [Deprecated]: syz.4.2106 (pid 11943) Use of int in maxseg socket option. [ 268.080497][T11943] Use struct sctp_assoc_value instead [ 268.119254][T11921] lo speed is unknown, defaulting to 1000 [ 268.288026][ T12] hsr_slave_0: left promiscuous mode [ 268.330009][ T12] hsr_slave_1: left promiscuous mode [ 268.356338][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 268.381581][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 268.413184][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 268.434935][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 268.515860][ T12] veth1_macvtap: left promiscuous mode [ 268.529369][ T12] veth0_macvtap: left promiscuous mode [ 268.536792][ T12] veth1_vlan: left promiscuous mode [ 268.552739][ T12] veth0_vlan: left promiscuous mode [ 268.574277][ T5180] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 268.583366][ T5101] Bluetooth: hci3: command tx timeout [ 269.130977][T11976] sctp: [Deprecated]: syz.3.2112 (pid 11976) Use of int in max_burst socket option deprecated. [ 269.130977][T11976] Use struct sctp_assoc_value instead [ 269.211743][ T6801] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 269.573842][ T12] team0 (unregistering): Port device team_slave_1 removed [ 269.608261][ T5097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 269.626353][ T12] team0 (unregistering): Port device team_slave_0 removed [ 270.538515][T11908] chnl_net:caif_netlink_parms(): no params data found [ 270.655187][ T5097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 270.666748][ T5101] Bluetooth: hci3: command tx timeout [ 270.724839][T12000] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2117'. [ 270.905362][T12000] lo speed is unknown, defaulting to 1000 [ 270.943586][T12015] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2120'. [ 271.196603][T12022] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2122'. [ 271.259811][T11908] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.311359][T11908] bridge0: port 1(bridge_slave_0) entered disabled state [ 271.338906][T11908] bridge_slave_0: entered allmulticast mode [ 271.360940][T11908] bridge_slave_0: entered promiscuous mode [ 271.389053][T11908] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.418603][T11908] bridge0: port 2(bridge_slave_1) entered disabled state [ 271.432853][T11908] bridge_slave_1: entered allmulticast mode [ 271.455810][T11908] bridge_slave_1: entered promiscuous mode [ 271.539235][T12039] netlink: 17 bytes leftover after parsing attributes in process `syz.4.2126'. [ 271.572350][T11908] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 271.623396][T11908] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 271.688500][ T25] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 271.837504][T11908] team0: Port device team_slave_0 added [ 271.873802][T11908] team0: Port device team_slave_1 added [ 271.990982][T11908] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 272.011816][T11908] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 272.055496][T11908] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 272.208897][T11908] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 272.215909][T11908] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 272.249262][ T6798] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 272.303759][T11908] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 272.444320][T12068] netlink: 'syz.0.2135': attribute type 1 has an invalid length. [ 272.458296][T12068] netlink: 112860 bytes leftover after parsing attributes in process `syz.0.2135'. [ 272.482707][T12068] netlink: 'syz.0.2135': attribute type 1 has an invalid length. [ 272.502657][T11908] hsr_slave_0: entered promiscuous mode [ 272.531600][T11908] hsr_slave_1: entered promiscuous mode [ 272.557728][T11908] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 272.565881][T11908] Cannot create hsr debugfs directory [ 272.681318][T12081] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2139'. [ 272.729484][ T5101] Bluetooth: hci3: command tx timeout [ 272.736336][ T5097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 272.798916][T12088] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2140'. [ 273.310181][T12114] netlink: zone id is out of range [ 273.329183][T12117] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2149'. [ 273.350977][T12114] netlink: zone id is out of range [ 273.403473][T12117] lo speed is unknown, defaulting to 1000 [ 273.454070][T12114] netlink: set zone limit has 4 unknown bytes [ 273.678074][T12134] x_tables: ip_tables: ah match: only valid for protocol 51 [ 273.782073][ T1736] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 273.943730][T12148] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2157'. [ 274.303797][T12156] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2159'. [ 274.332084][T12156] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 274.573862][T12179] netlink: 'syz.3.2166': attribute type 4 has an invalid length. [ 274.715081][T11908] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 274.760140][T11908] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 274.806271][T11908] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 274.808228][ T5101] Bluetooth: hci3: command tx timeout [ 274.813629][ T5097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 274.853890][T11908] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 275.290950][ T6801] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 275.333931][T11908] 8021q: adding VLAN 0 to HW filter on device bond0 [ 275.437761][T11908] 8021q: adding VLAN 0 to HW filter on device team0 [ 275.551222][ T6801] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.558516][ T6801] bridge0: port 1(bridge_slave_0) entered forwarding state [ 275.590301][ T6801] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.597519][ T6801] bridge0: port 2(bridge_slave_1) entered forwarding state [ 276.013790][T12233] netlink: 'syz.0.2184': attribute type 13 has an invalid length. [ 276.046403][T12229] lo speed is unknown, defaulting to 1000 [ 276.366088][T12250] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2188'. [ 276.520857][T11908] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 276.571938][ T9757] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 276.586026][T12266] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 276.633043][T12264] netlink: 'syz.0.2192': attribute type 1 has an invalid length. [ 276.824792][T11908] veth0_vlan: entered promiscuous mode [ 276.893182][T12274] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2196'. [ 276.938802][T11908] veth1_vlan: entered promiscuous mode [ 277.091724][T11908] veth0_macvtap: entered promiscuous mode [ 277.151455][T11908] veth1_macvtap: entered promiscuous mode [ 277.261574][T11908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.328079][T11908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.355886][T11908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.397563][T11908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.438175][T11908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.477959][T11908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.500956][T11908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.525117][T11908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.558229][T11908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.598084][T11908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.639219][T11908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.668486][T11908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.688293][T11908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.721601][T11908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.744961][T11908] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 277.912388][T12299] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2203'. [ 277.973468][T11908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 278.001891][T12309] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 278.009114][T12309] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 278.036702][T11908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 278.057344][T11908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 278.077816][T11908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 278.089531][T11908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 278.108294][T11908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 278.124817][T11908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 278.133315][T12314] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2209'. [ 278.136063][T11908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 278.173943][T11908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 278.198016][T11908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 278.218085][T11908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 278.238046][T11908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 278.253473][T11908] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 278.276752][T11908] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 278.289235][T11908] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 278.339185][T11908] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.364309][T11908] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.396042][T11908] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.412920][T11908] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.555579][T12332] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2216'. [ 278.584143][T12331] netlink: 'syz.3.2214': attribute type 2 has an invalid length. [ 278.651330][ T5104] Bluetooth: hci1: command 0x0406 tx timeout [ 278.736703][T12338] vlan0: entered allmulticast mode [ 278.742549][T12338] mac80211_hwsim hwsim23 wlan1: entered allmulticast mode [ 278.760431][T12338] mac80211_hwsim hwsim23 wlan1: left allmulticast mode [ 278.975383][T11867] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 279.026636][T11867] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 279.071058][T12350] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 279.109951][T12351] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 279.132521][T12351] macvtap0: entered allmulticast mode [ 279.142455][T12351] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 279.213661][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 279.253045][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 279.335210][T12365] netlink: 232 bytes leftover after parsing attributes in process `syz.2.2228'. [ 279.375815][T12361] netlink: 'syz.4.2229': attribute type 10 has an invalid length. [ 279.406494][T12361] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2229'. [ 279.611066][T12378] netlink: 209844 bytes leftover after parsing attributes in process `syz.4.2233'. [ 279.713291][T12381] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2233'. [ 279.851814][T11908] syz-executor (11908) used greatest stack depth: 18368 bytes left [ 280.032751][T12395] netlink: 'syz.4.2237': attribute type 29 has an invalid length. [ 280.052451][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.076771][T12395] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2237'. [ 280.221296][T12391] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2238'. [ 280.233744][T12395] netlink: 'syz.4.2237': attribute type 29 has an invalid length. [ 280.247463][T12395] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2237'. [ 280.270188][T12398] netlink: 'syz.4.2237': attribute type 29 has an invalid length. [ 280.333744][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.606674][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.672021][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.960808][ T12] bridge_slave_1: left allmulticast mode [ 280.966557][ T12] bridge_slave_1: left promiscuous mode [ 281.004616][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.089323][ T12] bridge_slave_0: left allmulticast mode [ 281.108804][ T12] bridge_slave_0: left promiscuous mode [ 281.137372][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.486176][ T5104] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 281.514724][ T5104] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 281.524113][ T5104] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 281.542755][ T5104] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 281.552111][ T5104] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 281.567252][ T5104] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 282.094972][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 282.109800][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 282.123125][ T12] bond0 (unregistering): Released all slaves [ 282.149517][T12417] bridge0: port 3(team0) entered disabled state [ 282.157434][T12417] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.165301][T12417] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.469466][T12452] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 282.543928][T12430] lo speed is unknown, defaulting to 1000 [ 282.593504][T12459] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 282.687757][T12463] netlink: 'syz.0.2253': attribute type 3 has an invalid length. [ 282.887172][T12467] atomic_op ffff8880786fe998 conn xmit_atomic 0000000000000000 [ 282.927554][T12467] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 283.014184][ T12] hsr_slave_0: left promiscuous mode [ 283.058369][ T12] hsr_slave_1: left promiscuous mode [ 283.076219][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 283.109126][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 283.139225][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 283.158211][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 283.188455][T12442] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 283.243755][ T12] veth1_macvtap: left promiscuous mode [ 283.260751][ T12] veth0_macvtap: left promiscuous mode [ 283.279836][ T12] veth1_vlan: left promiscuous mode [ 283.294419][ T12] veth0_vlan: left promiscuous mode [ 283.609496][ T5104] Bluetooth: hci3: command tx timeout [ 284.168419][T12506] x_tables: duplicate underflow at hook 4 [ 284.451924][ T12] team0 (unregistering): Port device team_slave_1 removed [ 284.546260][ T12] team0 (unregistering): Port device team_slave_0 removed [ 285.264859][ C0] vxcan0: j1939_tp_rxtimer: 0xffff8880756d2c00: rx timeout, send abort [ 285.268324][T12514] __nla_validate_parse: 4 callbacks suppressed [ 285.268346][T12514] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2265'. [ 285.273725][ C0] vxcan0: j1939_tp_rxtimer: 0xffff888068f42000: rx timeout, send abort [ 285.297617][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff8880756d2c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 285.312327][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff888068f42000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 285.589716][T12527] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2268'. [ 285.708949][ T5104] Bluetooth: hci3: command tx timeout [ 285.709538][T12430] chnl_net:caif_netlink_parms(): no params data found [ 285.886747][T12540] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2269'. [ 286.230178][T12560] xt_CT: You must specify a L4 protocol and not use inversions on it [ 286.292365][T12430] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.317239][T12430] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.341230][T12430] bridge_slave_0: entered allmulticast mode [ 286.357471][T12430] bridge_slave_0: entered promiscuous mode [ 286.374647][T12560] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2274'. [ 286.399754][T12430] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.429189][T12430] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.436556][T12430] bridge_slave_1: entered allmulticast mode [ 286.480792][T12430] bridge_slave_1: entered promiscuous mode [ 286.819719][T12430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 286.838486][T12589] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2282'. [ 286.842165][T12430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 287.044255][T12430] team0: Port device team_slave_0 added [ 287.102320][T12430] team0: Port device team_slave_1 added [ 287.188137][T12606] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2287'. [ 287.219417][T12600] team0: entered promiscuous mode [ 287.224522][T12600] team_slave_0: entered promiscuous mode [ 287.258258][T12600] team_slave_1: entered promiscuous mode [ 287.315369][T12604] team_slave_0: entered allmulticast mode [ 287.356421][T12604] team0: Port device team_slave_0 removed [ 287.386946][T12599] team0: left promiscuous mode [ 287.406137][T12599] team_slave_1: left promiscuous mode [ 287.477040][T12430] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 287.489763][T12430] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.537576][T12430] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 287.552441][T12615] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2288'. [ 287.576968][T12430] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 287.598976][T12430] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.671459][T12430] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 287.709498][T12630] netlink: 'syz.2.2291': attribute type 13 has an invalid length. [ 287.780402][ T5104] Bluetooth: hci3: command tx timeout [ 287.819625][T12626] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2290'. [ 288.013700][T12430] hsr_slave_0: entered promiscuous mode [ 288.087265][T12430] hsr_slave_1: entered promiscuous mode [ 288.130756][T12430] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 288.160869][T12430] Cannot create hsr debugfs directory [ 288.575594][T12666] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2300'. [ 288.769304][T12678] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2304'. [ 289.848118][ T5104] Bluetooth: hci3: command tx timeout [ 289.968147][T12730] lo speed is unknown, defaulting to 1000 [ 290.362902][T12430] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 290.411463][T12430] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 290.418518][T12751] __nla_validate_parse: 3 callbacks suppressed [ 290.418538][T12751] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2325'. [ 290.476442][T12430] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 290.524362][T12430] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 290.598851][T12751] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2325'. [ 290.679485][T12762] netlink: 'syz.4.2328': attribute type 2 has an invalid length. [ 291.040011][T12783] netlink: set zone limit has 4 unknown bytes [ 291.245935][T12430] 8021q: adding VLAN 0 to HW filter on device bond0 [ 291.351232][T12430] 8021q: adding VLAN 0 to HW filter on device team0 [ 291.521434][ T5180] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.528803][ T5180] bridge0: port 1(bridge_slave_0) entered forwarding state [ 291.614987][ T1736] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.622447][ T1736] bridge0: port 2(bridge_slave_1) entered forwarding state [ 291.750390][T12814] bridge_slave_1: left allmulticast mode [ 291.760611][T12814] bridge_slave_1: left promiscuous mode [ 291.777801][T12814] bridge1: port 1(bridge_slave_1) entered disabled state [ 291.836469][T12818] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 291.963442][T12826] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2345'. [ 292.029262][T12833] netlink: 'syz.2.2345': attribute type 2 has an invalid length. [ 292.078515][T12830] netlink: 'syz.2.2345': attribute type 2 has an invalid length. [ 292.348317][T12844] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2349'. [ 292.525179][T12430] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 292.766299][T12430] veth0_vlan: entered promiscuous mode [ 292.814599][T12430] veth1_vlan: entered promiscuous mode [ 292.925571][T12430] veth0_macvtap: entered promiscuous mode [ 292.988654][T12430] veth1_macvtap: entered promiscuous mode [ 293.045431][T12430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.098360][T12430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.121110][T12883] netlink: zone id is out of range [ 293.138574][T12430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.178541][T12430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.226818][T12430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.267972][T12430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.295436][T12889] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2362'. [ 293.317550][T12430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.338434][T12430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.358930][T12430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.398268][T12430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.428210][T12430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.453268][T12430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.479306][T12430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.530072][T12430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.568829][T12430] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 293.662202][T12430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.699510][T12430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.716196][T12430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.734175][T12430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.756427][T12430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.791522][T12430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.809376][T12430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.838061][T12430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.860334][ T5104] Bluetooth: hci3: command tx timeout [ 293.867317][T12430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.890405][T12430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.918130][T12430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.937063][T12430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.947428][T12430] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.959565][T12430] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.972011][T12430] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 294.090443][T12430] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.108268][T12430] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.117267][T12430] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.144492][T12430] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.533523][ T9758] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 294.543643][T12951] netlink: 'syz.4.2377': attribute type 10 has an invalid length. [ 294.568682][ T9758] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 294.577325][T12951] netlink: 212848 bytes leftover after parsing attributes in process `syz.4.2377'. [ 294.643826][ T2877] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 294.672595][ T2877] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 294.681422][T12956] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2376'. [ 295.280797][T12975] netlink: 'syz.0.2383': attribute type 13 has an invalid length. [ 295.339317][T12982] IPVS: Unknown mcast interface: vcan0 [ 295.413713][T12987] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2385'. [ 295.469154][T12989] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2387'. [ 295.917721][ T51] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.602713][ T51] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.721939][ T51] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.796678][ T51] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.233772][ T51] bridge_slave_1: left allmulticast mode [ 297.278749][ T51] bridge_slave_1: left promiscuous mode [ 297.284598][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.376457][ T51] bridge_slave_0: left allmulticast mode [ 297.402316][ T51] bridge_slave_0: left promiscuous mode [ 297.438336][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.539957][T13069] netlink: 'syz.3.2403': attribute type 2 has an invalid length. [ 297.635074][ T5101] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 297.646327][ T5101] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 297.657480][ T5101] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 297.671228][ T5101] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 297.693152][ T5101] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 297.701116][ T5101] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 298.850051][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 298.885808][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 298.916788][ T51] bond0 (unregistering): Released all slaves [ 298.962084][T13058] vlan2: entered allmulticast mode [ 298.967285][T13058] mac80211_hwsim hwsim38 wlan1: entered allmulticast mode [ 299.040177][T13058] mac80211_hwsim hwsim38 wlan1: left allmulticast mode [ 299.322938][T13115] lo speed is unknown, defaulting to 1000 [ 299.359311][T13128] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2419'. [ 299.520806][T13072] lo speed is unknown, defaulting to 1000 [ 299.769661][ T5101] Bluetooth: hci3: command tx timeout [ 300.141911][ T51] hsr_slave_0: left promiscuous mode [ 300.164439][ T51] hsr_slave_1: left promiscuous mode [ 300.190003][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 300.215433][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 300.279295][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 300.300090][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 300.404687][ T51] veth1_macvtap: left promiscuous mode [ 300.418034][ T51] veth0_macvtap: left promiscuous mode [ 300.434087][ T51] veth1_vlan: left promiscuous mode [ 300.448430][ T51] veth0_vlan: left promiscuous mode [ 301.249009][ T51] team0 (unregistering): Port device team_slave_1 removed [ 301.305345][ T51] team0 (unregistering): Port device team_slave_0 removed [ 301.848887][ T5101] Bluetooth: hci3: command tx timeout [ 302.078756][T13199] netlink: 'syz.0.2433': attribute type 29 has an invalid length. [ 302.097633][T13199] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2433'. [ 302.248258][ T9758] wlan1: Trigger new scan to find an IBSS to join [ 302.332875][T13199] netlink: 'syz.0.2433': attribute type 29 has an invalid length. [ 302.358994][T13199] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2433'. [ 302.449749][T13208] netlink: 208 bytes leftover after parsing attributes in process `syz.2.2437'. [ 302.551981][ T45] ================================================================== [ 302.560107][ T45] BUG: KASAN: slab-use-after-free in nf_tables_trans_destroy_work+0x152b/0x1750 [ 302.569691][ T45] Read of size 2 at addr ffff88802b69cdc4 by task kworker/1:1/45 [ 302.577514][ T45] [ 302.579861][ T45] CPU: 1 PID: 45 Comm: kworker/1:1 Not tainted 6.10.0-rc5-syzkaller-01200-gcda91d5b911a #0 [ 302.589864][ T45] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 302.599946][ T45] Workqueue: events nf_tables_trans_destroy_work [ 302.606293][ T45] Call Trace: [ 302.609579][ T45] [ 302.612532][ T45] dump_stack_lvl+0x241/0x360 [ 302.617222][ T45] ? __pfx_dump_stack_lvl+0x10/0x10 [ 302.622433][ T45] ? __pfx__printk+0x10/0x10 [ 302.627114][ T45] ? _printk+0xd5/0x120 [ 302.631273][ T45] ? __virt_addr_valid+0x183/0x520 [ 302.636397][ T45] ? __virt_addr_valid+0x183/0x520 [ 302.641529][ T45] print_report+0x169/0x550 [ 302.646043][ T45] ? __virt_addr_valid+0x183/0x520 [ 302.651172][ T45] ? __virt_addr_valid+0x183/0x520 [ 302.656293][ T45] ? __virt_addr_valid+0x44e/0x520 [ 302.661501][ T45] ? __phys_addr+0xba/0x170 [ 302.666012][ T45] ? nf_tables_trans_destroy_work+0x152b/0x1750 [ 302.672258][ T45] kasan_report+0x143/0x180 [ 302.676777][ T45] ? nf_tables_trans_destroy_work+0x152b/0x1750 [ 302.683040][ T45] nf_tables_trans_destroy_work+0x152b/0x1750 [ 302.689121][ T45] ? __pfx_nf_tables_trans_destroy_work+0x10/0x10 [ 302.695540][ T45] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 302.701530][ T45] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 302.707876][ T45] ? process_scheduled_works+0x945/0x1830 [ 302.713608][ T45] process_scheduled_works+0xa2c/0x1830 [ 302.719173][ T45] ? __pfx_process_scheduled_works+0x10/0x10 [ 302.725172][ T45] ? assign_work+0x364/0x3d0 [ 302.729765][ T45] worker_thread+0x86d/0xd50 [ 302.734368][ T45] ? __kthread_parkme+0x169/0x1d0 [ 302.739400][ T45] ? __pfx_worker_thread+0x10/0x10 [ 302.744513][ T45] kthread+0x2f0/0x390 [ 302.748592][ T45] ? __pfx_worker_thread+0x10/0x10 [ 302.753706][ T45] ? __pfx_kthread+0x10/0x10 [ 302.758305][ T45] ret_from_fork+0x4b/0x80 [ 302.762731][ T45] ? __pfx_kthread+0x10/0x10 [ 302.767329][ T45] ret_from_fork_asm+0x1a/0x30 [ 302.772127][ T45] [ 302.775164][ T45] [ 302.777488][ T45] Allocated by task 13208: [ 302.781902][ T45] kasan_save_track+0x3f/0x80 [ 302.786598][ T45] __kasan_kmalloc+0x98/0xb0 [ 302.791199][ T45] kmalloc_trace_noprof+0x19c/0x2c0 [ 302.796404][ T45] nf_tables_newtable+0x52e/0x1dc0 [ 302.801526][ T45] nfnetlink_rcv+0x1427/0x2a90 [ 302.806295][ T45] netlink_unicast+0x7f0/0x990 [ 302.811062][ T45] netlink_sendmsg+0x8e4/0xcb0 [ 302.815837][ T45] __sock_sendmsg+0x221/0x270 [ 302.820544][ T45] ____sys_sendmsg+0x525/0x7d0 [ 302.825316][ T45] __sys_sendmsg+0x2b0/0x3a0 [ 302.829914][ T45] do_syscall_64+0xf3/0x230 [ 302.834440][ T45] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.840617][ T45] [ 302.842952][ T45] Freed by task 13207: [ 302.847019][ T45] kasan_save_track+0x3f/0x80 [ 302.851712][ T45] kasan_save_free_info+0x40/0x50 [ 302.856748][ T45] poison_slab_object+0xe0/0x150 [ 302.861697][ T45] __kasan_slab_free+0x37/0x60 [ 302.866471][ T45] kfree+0x149/0x360 [ 302.870395][ T45] __nft_release_table+0xe80/0xf40 [ 302.875508][ T45] nft_rcv_nl_event+0x55f/0x6d0 [ 302.880379][ T45] notifier_call_chain+0x19f/0x3e0 [ 302.885492][ T45] blocking_notifier_call_chain+0x69/0x90 [ 302.891218][ T45] netlink_release+0x11a6/0x1b10 [ 302.896312][ T45] sock_close+0xbc/0x240 [ 302.900581][ T45] __fput+0x406/0x8b0 [ 302.904581][ T45] task_work_run+0x24f/0x310 [ 302.909462][ T45] syscall_exit_to_user_mode+0x168/0x370 [ 302.915111][ T45] do_syscall_64+0x100/0x230 [ 302.919713][ T45] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.925616][ T45] [ 302.927945][ T45] Last potentially related work creation: [ 302.933660][ T45] kasan_save_stack+0x3f/0x60 [ 302.938432][ T45] __kasan_record_aux_stack+0xac/0xc0 [ 302.943895][ T45] insert_work+0x3e/0x330 [ 302.948314][ T45] __queue_work+0xc16/0xee0 [ 302.952823][ T45] queue_work_on+0x1c2/0x380 [ 302.957416][ T45] rhltable_remove+0x1097/0x1160 [ 302.962362][ T45] __nft_release_table+0xc57/0xf40 [ 302.967486][ T45] nft_rcv_nl_event+0x55f/0x6d0 [ 302.972435][ T45] notifier_call_chain+0x19f/0x3e0 [ 302.977548][ T45] blocking_notifier_call_chain+0x69/0x90 [ 302.983268][ T45] netlink_release+0x11a6/0x1b10 [ 302.988211][ T45] sock_close+0xbc/0x240 [ 302.992471][ T45] __fput+0x406/0x8b0 [ 302.996450][ T45] task_work_run+0x24f/0x310 [ 303.001080][ T45] syscall_exit_to_user_mode+0x168/0x370 [ 303.006835][ T45] do_syscall_64+0x100/0x230 [ 303.011442][ T45] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.017362][ T45] [ 303.019706][ T45] The buggy address belongs to the object at ffff88802b69cc00 [ 303.019706][ T45] which belongs to the cache kmalloc-cg-512 of size 512 [ 303.034037][ T45] The buggy address is located 452 bytes inside of [ 303.034037][ T45] freed 512-byte region [ffff88802b69cc00, ffff88802b69ce00) [ 303.048032][ T45] [ 303.050537][ T45] The buggy address belongs to the physical page: [ 303.056972][ T45] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b69c [ 303.065743][ T45] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 303.074242][ T45] memcg:ffff88802547b401 [ 303.078524][ T45] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 303.086103][ T45] page_type: 0xffffefff(slab) [ 303.090806][ T45] raw: 00fff00000000040 ffff88801504f140 dead000000000100 dead000000000122 [ 303.099521][ T45] raw: 0000000000000000 0000000080100010 00000001ffffefff ffff88802547b401 [ 303.108211][ T45] head: 00fff00000000040 ffff88801504f140 dead000000000100 dead000000000122 [ 303.117120][ T45] head: 0000000000000000 0000000080100010 00000001ffffefff ffff88802547b401 [ 303.125806][ T45] head: 00fff00000000002 ffffea0000ada701 ffffffffffffffff 0000000000000000 [ 303.134529][ T45] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 303.143222][ T45] page dumped because: kasan: bad access detected [ 303.149651][ T45] page_owner tracks the page as allocated [ 303.155468][ T45] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4759, tgid 4759 (dhcpcd), ts 47463434498, free_ts 47446911210 [ 303.176334][ T45] post_alloc_hook+0x1f3/0x230 [ 303.181120][ T45] get_page_from_freelist+0x2e4c/0x2f10 [ 303.186703][ T45] __alloc_pages_noprof+0x256/0x6c0 [ 303.191926][ T45] alloc_slab_page+0x5f/0x120 [ 303.196702][ T45] allocate_slab+0x5a/0x2f0 [ 303.201217][ T45] ___slab_alloc+0xcd1/0x14b0 [ 303.205899][ T45] __slab_alloc+0x58/0xa0 [ 303.210257][ T45] kmalloc_node_track_caller_noprof+0x281/0x440 [ 303.216594][ T45] kmalloc_reserve+0x111/0x2a0 [ 303.221367][ T45] __alloc_skb+0x1f3/0x440 [ 303.225794][ T45] alloc_skb_with_frags+0xc3/0x770 [ 303.230915][ T45] sock_alloc_send_pskb+0x91a/0xa60 [ 303.236124][ T45] unix_dgram_sendmsg+0x6d3/0x1f80 [ 303.241260][ T45] __sock_sendmsg+0x221/0x270 [ 303.245940][ T45] sock_write_iter+0x2dd/0x400 [ 303.250717][ T45] vfs_write+0xa72/0xc90 [ 303.255139][ T45] page last free pid 4759 tgid 4759 stack trace: [ 303.261460][ T45] free_unref_page+0xd22/0xea0 [ 303.266239][ T45] __folio_put+0x3b9/0x620 [ 303.270659][ T45] free_large_kmalloc+0x105/0x1c0 [ 303.275685][ T45] kfree+0x1c4/0x360 [ 303.279589][ T45] skb_release_data+0x676/0x880 [ 303.284446][ T45] consume_skb+0xb1/0x160 [ 303.288796][ T45] __unix_dgram_recvmsg+0xcea/0x12f0 [ 303.294106][ T45] sock_recvmsg+0x22f/0x280 [ 303.298615][ T45] sock_read_iter+0x2ca/0x3e0 [ 303.303291][ T45] do_iter_readv_writev+0x5a4/0x800 [ 303.308492][ T45] vfs_readv+0x2b6/0xa90 [ 303.312742][ T45] do_readv+0x1b1/0x350 [ 303.316893][ T45] do_syscall_64+0xf3/0x230 [ 303.321397][ T45] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.327293][ T45] [ 303.329616][ T45] Memory state around the buggy address: [ 303.335247][ T45] ffff88802b69cc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 303.343304][ T45] ffff88802b69cd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 303.351362][ T45] >ffff88802b69cd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 303.359550][ T45] ^ [ 303.365811][ T45] ffff88802b69ce00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 303.373875][ T45] ffff88802b69ce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 303.382019][ T45] ================================================================== [ 303.495967][T13072] chnl_net:caif_netlink_parms(): no params data found [ 303.520586][ T45] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 303.527849][ T45] CPU: 1 PID: 45 Comm: kworker/1:1 Not tainted 6.10.0-rc5-syzkaller-01200-gcda91d5b911a #0 [ 303.537859][ T45] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 303.548292][ T45] Workqueue: events nf_tables_trans_destroy_work [ 303.554666][ T45] Call Trace: [ 303.557999][ T45] [ 303.560964][ T45] dump_stack_lvl+0x241/0x360 [ 303.565687][ T45] ? __pfx_dump_stack_lvl+0x10/0x10 [ 303.570921][ T45] ? __pfx__printk+0x10/0x10 [ 303.575553][ T45] ? preempt_schedule+0xe1/0xf0 [ 303.580443][ T45] ? vscnprintf+0x5d/0x90 [ 303.584812][ T45] panic+0x349/0x860 [ 303.588740][ T45] ? check_panic_on_warn+0x21/0xb0 [ 303.593909][ T45] ? __pfx_panic+0x10/0x10 [ 303.598410][ T45] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 303.604518][ T45] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 303.610889][ T45] ? print_report+0x502/0x550 [ 303.615588][ T45] check_panic_on_warn+0x86/0xb0 [ 303.620548][ T45] ? nf_tables_trans_destroy_work+0x152b/0x1750 [ 303.626973][ T45] end_report+0x77/0x160 [ 303.631248][ T45] kasan_report+0x154/0x180 [ 303.635763][ T45] ? nf_tables_trans_destroy_work+0x152b/0x1750 [ 303.642016][ T45] nf_tables_trans_destroy_work+0x152b/0x1750 [ 303.648102][ T45] ? __pfx_nf_tables_trans_destroy_work+0x10/0x10 [ 303.654519][ T45] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 303.660619][ T45] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 303.666964][ T45] ? process_scheduled_works+0x945/0x1830 [ 303.672714][ T45] process_scheduled_works+0xa2c/0x1830 [ 303.678283][ T45] ? __pfx_process_scheduled_works+0x10/0x10 [ 303.684271][ T45] ? assign_work+0x364/0x3d0 [ 303.688871][ T45] worker_thread+0x86d/0xd50 [ 303.693562][ T45] ? __kthread_parkme+0x169/0x1d0 [ 303.698595][ T45] ? __pfx_worker_thread+0x10/0x10 [ 303.703720][ T45] kthread+0x2f0/0x390 [ 303.707799][ T45] ? __pfx_worker_thread+0x10/0x10 [ 303.713007][ T45] ? __pfx_kthread+0x10/0x10 [ 303.717609][ T45] ret_from_fork+0x4b/0x80 [ 303.722038][ T45] ? __pfx_kthread+0x10/0x10 [ 303.726635][ T45] ret_from_fork_asm+0x1a/0x30 [ 303.731438][ T45] [ 303.734802][ T45] Kernel Offset: disabled [ 303.739149][ T45] Rebooting in 86400 seconds..