last executing test programs: 2.719806474s ago: executing program 3 (id=167): connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x5, 0x2, 0xfffff010}, {0x28, 0x7, 0x0, 0xa56e}, {0x6, 0x0, 0x0, 0xa1a}]}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0x20}}, 0x24040810) sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0) 2.522475327s ago: executing program 0 (id=171): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x4, 0x20}, @mpls={[], @ipv4=@udp={{0x7, 0x4, 0x2, 0x7, 0x24, 0x67, 0x0, 0x4, 0x11, 0x0, @loopback, @remote, {[@cipso={0x86, 0x6, 0x1}]}}, {0x4e22, 0x4e23, 0xfa4, 0x0, @gue={{0x2, 0x1, 0x0, 0xb0, 0xbd47641d3d1f53f2}, "1169dc03e8e76075702fb54639b51bb60da0310ecc9adffe47840a15f0ea5e5780afb0b7081977f7ea8b67dbd46f85cba6202e83bdab71f40b0376df02406e70907f592e0e5a8b155faa9e86efe85cd6da1fe2c1796b0a7b6bf052554c34437001bce89dc8f39ada3734ab0c9b69aef1bb7d287de058a9051f3587d35f126a6d8851d6eb429306496bf40e1e3c1c14fc8078010488d1b56f96885d34911f395abc08557fc611433a638f9222b2eb8f15f4184244e1997cb6be361b98023408eb70fa101c70213d0fb06d03107f94aefccc73402597175d5bf8be1d6dc55a20ddf05bb3acd2339c374b6757ce4c3f993bf87d3334b5ae7f061b7725fd59adeb77458fcc789d9c49a22137ffdedbda3931635f34c0a1f0c97f9afb6095875e77f1f459e88feac44294eb2b63abe77a2d0c781cdb4704c8aa91064f14252c30f69b2d350555e818193e8e7c927b7380fb84b21e958ca7968987f5a265d689b3f46b1abb8df42b8aa53442e180a6ee99cddf82698c5e8c2c93355af0306f50d2b74c11246a3317f5d4ea38297482b44912b7f3869f81e7a4dc047d211da528ebe23f8b0fc404217408af5fceb0b938a4dccad2e9cd6767428a6b05839dbd0bbf79bfcae17c4010fc24e5ba4f132db21871499493fe086458259b8eb169c44699dd86f1ca395c4475c89e2f1121ce5032ffad8eec1545144d775bb336d7a969f445f03f25ea9c4488176e50804b084f51fe35d3d31dba852e2018c9679ae2d5251de15222ed1c3bcc101ceb6cac406cc66bf47d6cf6dbe5605da111a74c7307c5151c7a08fae67e1ae1db5507b50ab7f6ea0a81a23e54dd19543649bbeb504639b30ced8e217d74080cf9b7abe99e8ca56a020c4cc95a8e0b89edb84cf670914df14e8e3321947803247ec1c1cb05dfd59e5e6c3fa828de88eadfedaf0876c222b9a2364db5addc72ba3caf1ba80d8e84c1bd5f6dd03d6f2bef74a0b124fdee7b15de87bb86965b021dc2a0b08f3927b9b0343cf35f5d99b901431a412372401c85f99b6a7f419c6aa2918f9dcfa6e05a955dfef3cec12ef9e55f268d46b3ee898cbbb5e36cdc575787daea45598a95f8093a09826acb36c13fd6a46b184e3c583d6e2fe3f08edcc23dd086cc781a778422ea5493488534992808da09da719a8da45c4f3118c80f8298a809687599b3a1000d99ad3db095fe20fd527a050fb7a36d309a4e1bdcf126bb766e4899c62b7f6b166c224fc36e3d88a6f4174070fd03965f5cf4dbb31ed19f74191cf8ddebbe596a6a697b255d23942aced5e7f736d571cc9372959140f8c7795c7f2a7bf7bea66cc0cbd95d4365faafdf14f232c182f0dc78ec62fcc8155f315520581397bb5b9847141a12c2ee3777b2d120e00cdf05c159a72676536da4396c8ec4d7bc52d379803aec66e5796f1fb3ac42f792c39a206dc2f7f03536a9442dd7467e57cb545ea5834bd41ee1c28c5e880264490fb7d41c86c27ac85aa6f925b899cb66aea1d1022eec54e6025ecc81f090beb3540a13b48df08cfafc37581afcd82aa49a3a324865772c1586dd4bdfe112de8df9923f33834a8239ad6d707d9e835461b5d84004b709a00b113f85dd092b6feb4860bd38593e8a907e5a7313a158ad3768f714cb52d0c1147b72b11b6690ffa201dad4736550f93f3ffeea3283df9eee21e0f36ed2c772aa952f103447d071b5aaca94fae2494e65505fb15bc8b37ed72b85fc284246f0075103187e4b91e9608809eacb68a89216e76df9387dd7ffb6ab3d720101cf05ff3d4d92e9750586f976f50ac735e7c9d89fb61e3b5bbad17c5380f98e3dff671b25aa49f551d434fa6da9dc1a2b19a6d63ca4623deec22a1efa43f4c77ce35c34c99dc03b482ad9e7eca73c3c816f89bf8893ed695197711948b20906834f1e86df5b5ee560afc6b33156f016b542cf839d61c891396ba8d797339bc19d4f8043788311db96ecc0ad9e240824f446e56348e2c6515623a2f30e32b45080de7223b987347ced13f33bdbc54745e31bdf43ac247c1a91ff43a0a30e7481b115e6f8603d5164379396425b527a4189aeb899660b9d59ce0efbf020c037b64aa6b78beef654c89b39b0826e8be1f103f665c1a7c51c3476297da7b9f37354478e06b5ab113bce20750dd52777d0e4979210fdc6b6a91213f0fc44a0e2b6d5a1922b2ed34f95332d8d7b546c2ff9e6f03ac87d7b56ff694e656bef5605f0f0343edc950eb356345dcece0923bc9c9bedf337c9d8030a4fff20e62bba66287628e755022ea8479aac492934b3691fcbfe7385542f2389352cdf07910790fb74618960b1462ac050939eb4b78f6b5021841718daea72a9ca7461536e4f6f263711492de7c11563b6e215d6f7fe21e642400dd96f5b11a1315517b78d760e0dadbd10316521f8045e2c6f8d3c33e241f8cc334e9365d0baefe78cf44c1b9c56314b2abacad9ebe9a7843efa4351ddf990f4d43735e56209f6214970197a835633c1c50ae13458e183c575cc7e828e66d8a441ce46b49544bfadbf642eb51ae6a3ac0a3ca62cd7ebf1e285a6a70f34dd991feff87b8e84aa5de6ac65a7d969583c2de141198093d44bfb37c5f4f940d15999c654c40207ecd40b5d847a4696bd9e6af2f274166bec7f5486195d21c52e5d5ef1c0f4b94ce3a2547dc57cb5adf85ccb658eaaff7919db0a60d9743be3aa278e07609c55a967ae12bebcaefa8332cc05e04ce178aaaef2f44e4940168baba7a79a08b67bae7fb54d542f1fa9072869925e93b8cab9f701e01bcae9e46624c3ef8c93cec7e9893dc9d4472570cea4df484c77c71777ac51dca839927023c14b78308d03ac9f3d40ca27310875062e7a6f67f8f0bc1adff60914844cdec1c93a4fa009b705b172728309166f8cf70f17ee8b392e8305fa7c524401bf812f5c705264a3a3b2ca30b9ffde76c66746ea273fd67ae672e34d4696972fd432bb5a5b3292a3e8df9dc84a7578df7fe76c9419e89f7cffd63ed60c491833acf2167b55307bf0b92bc07d007051cbba3fd79acff0892093444e7f1130cfd132acaf93e99793e20a00ffe3674075502f7a2cd3de656b9d6f50abddc57de1c7e06a971e20bf3caa24e582faae12db7a03a63e02d48ffc9d365ec2482bfe7789e289c8d326dc17b3c2dc54ee24e0e7add279e0db854c503ddaf8873a1ddc7e8bd690c0ef29f76027613ac04121b32f168802975ad294a5184e1810552055a11e302a5c496f8748d653025d4b340ec1a2fa5aec6e864a80062aaf0a0f9fe210464952ceefdb4b3d1e9eff3ef5e10947901c5cd761a79a0c2f7c8e9b71b4f7f921c7a461d7dffc760b60497cd96e8f07b0a95789ef1c213d73d841c0208ec042f6620d4e45395ab6e531941afd83cbad47e8c7d8ba275f6d221c9016b2608516f8daee1d71b9bee805af17efac66bd9676ab9b04ebc0cad8ad639ed54ade9f056a49704c856da5b92f9f763c7fe822025c0d7628368913b2b1c190d2014e342c389bc8d49b61c64ff1578341659da9c4f33f9081259e8c6bc1b23cf52ff885ba5ce8b62407698daced92835f364ddb982d865ac38df40a43429f0ce9b2356ffc6f2c14ae3f016d9d5b93fc97c5a37484c1c73752c5dbcd1b00a10dfa5f2c4fd8aa86617eaf5e12de4ece143948d9732a35b617f7ad3828c2043615ab8fd18942da01401d22d9d8270fdb1cccdc3bdb290297cdd2db4646f467c87a2873e28214538f6b20c33ebd2af47889b333a497d7b283591d6534c493e468368e9750c7cd6dc81823480c8c0310d4e7c0d0b13efbdc6020d944b09039cf7792653542fdec6aa966f6601d526ec18c016620c0567f8452b604656e0c22b905de4d49c90155af4e24f17d6605036bdc810dd272a0ffe6787363a48ceae7e335a50252956c7bf6a0ee236bbc326f75c2b11f5d6f6ed5ead7148a026cd42a1b3d3d6024b42ea279981e78e34c31b46827220697c511e900166a1783cefe0bd3b95645c3c41afd674a8f0b79a2f281dedcf5fb1e4013fdab24663c03fcae4fb847564e562457ff00c6770720a4984f233ff657cc4300a0cbdc989befb77ff07527ec72ec31ddf95a2cf41641638f1d486925c55c81a4240fad7cdaa60ebec455a483995216b4dd21055249f9b171e232e4a72c70a09858e9c9a07acbe219bb7f9f705875c8ab60c381c1f8b840279b9918f36bd3c549ae96c1325513815ac546024d22f5e1024de191a0fc3dbf24f2534e20dbd01477483e7626de19dcd42720fbf3336d588898dad595e41d6374f097fb245169102be32792a5dae43595dfd31398fcfdfd74d91f5a239af7a82604ca927abd4947b68aafefc15402f7fee275f8fa2455ccf14a84c9eb0679491eef6256fbbbe36d880e3cf8ccb5aa060db4331ad224f4a3fa70e562486da691a89be23ba68c9c31bc85865a8904fc2ae8daef2f28a98d3c4070cce08bd79d5c54db8472bfb21560b69ec1917fb9f20f7f90be556385f1ab5a4fab702b2b38b9ec0d9269ddcb72c640ea9439fcff8121737519488f36fdfae372592ae6c253a40928979c6c4c9451f2aef791539d3eff358e631440674e56d99c3e01e2f693d0ac4f3ed0b581c68cb8b5d03bae06300253095b8addb72c98e2e411569a6eeba5dfe5fb07bcc4e5ab5465f9fbafda95ae9c446729605a9467fd968d8d8905f737a3566cd47ab8bd547cf92cd65e880804cae009a9dfc3864a9d65d9d3e13ebb07fa6abff705cd96f5ccd8c3f72d8f926331022507594e5150e97faf2b1b3771dc758377e53930946379e447faec4bda7abcc4d91f9ccb40cad4361da5d36d512edf50021136bf6e9e25418737f80ea69b682895dbb88376305e1ee9509df85ce4905d6cb45182c505a9067311ad2f27e608a554e8b834efcac641b10b401da4197197b40f9f5c7afe9baf4ff2c5d67ad3957f50830e587d714b4cdbeba89501ce1c7df889da9de8f27be949badb8904529401f4c26908977a69d9ba2284a7b8a1e586ed02b64e57c4f1ccaeb1d0665104615f856b60318d910b17e6baf3671abc49365d5b95341fde159358bfe29c8752fdea58b9f66f99c0a15e8bcdd29c482df61d2e2a84b0d8fd92dbdcffb2fb1b8f2f1b65b32b73251f8ea6ad59dc4bf20754c8fe4a59c25e7d3410115405006d06bc48970fe2372d093c993e6a94e3f3017e875753dce512f7558325def9d66550105448fc368b8c60e9aa0a723e7158c58bca7f90979bf0ff3f9a16b60647fe6a99c4773fd94525c0768f68bc7f53c1d082ebe0fa755466ac4f4c9c3a103d488df460c7ddb92c98ba6f688fdaca6233cfae19f1103524b934100cde5aa59aa4805edbd35b0fcc494341265975e61342f15f266bd18ddcced765fd13b72205c92b17fece7d39b4483a374af69474240a5a2cf8fcf1b8f4837f4003a93a5732674f4bad4a9ec2e48af97a54943ab5766c33a23bba0e3abcfc527572993ad3039e9c3652a80be1b149bae2a432766e9da0fb752a222278111e7a8487a25c3371f98f4cbbf25ea4ed295b13c19d9b5afd37115c281c12c79f8baa02686f9df39de8bee188303617632faf5d2e57071db5de5fbad04b4dc9cc815838aca13702d1d589c8b1d2"}}}}}, 0xfce) 2.338634704s ago: executing program 3 (id=174): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000100)={r2, 0x401}, 0x8) 2.254567528s ago: executing program 0 (id=175): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) r1 = socket$inet6(0xa, 0x3, 0x1) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000040)={{{@in=@empty, @in=@remote, 0x4e24, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x53, 0xffffffffffffffff, 0x0, 0x0, 0x1e2, 0x0, 0x100000000}, {0x0, 0x0, 0x1, 0x1000}, 0xf6, 0x0, 0x1, 0x0, 0x2}, {{@in=@rand_addr=0x64010100, 0x0, 0x32}, 0x2, @in6=@private2={0xfc, 0x2, '\x00', 0x4}, 0x0, 0x4, 0x3, 0x0, 0xfffffffd, 0x0, 0xfffffff9}}, 0xe8) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) 2.213150208s ago: executing program 0 (id=177): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xc3490000) syz_open_procfs$namespace(0x0, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000140)={'filter\x00', 0x4}, 0x68) 1.598079166s ago: executing program 4 (id=184): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) writev(r0, &(0x7f0000000f40)=[{&(0x7f0000000400)="2e9b3d93dfb6c575963f88640000000000", 0x11}, {&(0x7f0000000180)="64c0", 0x2}, {&(0x7f0000000340)="7cbf2f00ea5797806224fa67fe6b81c398528470ec8e5d67eec255f1c5f1200f6422ad3a0a1cdce76d953ba05060d9fb9b08aaf6ebc74fd014c3e7c3da5bfbba9fc62ec59fcf961c6a38e9178a344775d392a12bd6e58dd1cfcb6f4508005be46e23fb5b", 0x64}], 0x3) 1.514435691s ago: executing program 1 (id=185): r0 = socket$key(0xf, 0x3, 0x2) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0x4018, 0x3, 0x240, 0xd0, 0x0, 0x148, 0x0, 0x148, 0x1d0, 0x240, 0x240, 0x1d0, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @broadcast, 0xffffffff, 0xffffffff, 'bond0\x00', 'ip6tnl0\x00', {}, {}, 0x6c, 0x2, 0x18}, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x98, 0xd8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x8}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0) recvmmsg(r0, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400}) setsockopt$sock_int(r0, 0x1, 0x4b, &(0x7f0000000040)=0xfd87, 0x4) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0) 1.400041659s ago: executing program 3 (id=187): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @random="2b883d36581f"}) write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="000086dd000311000400000000006eec00be10a42f01fe8000000000000000000000000000aaff02000000000000000000000000000133"], 0x10da) 1.244799153s ago: executing program 1 (id=188): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000900)='memory.swap.current\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) getsockopt$inet6_udp_int(r0, 0x11, 0x68, 0x0, &(0x7f0000000000)=0xffffffffffffff83) 1.236190517s ago: executing program 0 (id=189): sendmmsg(0xffffffffffffffff, &(0x7f0000002980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[{0x98, 0x101, 0x4, "9a36f7906c4ad49a6bbc8e77f26b6541845142a79e343a06fc0a73fe2688fc5c886c8101adb3bae46707fe67d05e3df4291f9c18dd24cb7718380b8fc9d713d400fa11ea6a19c51503d8d7db850dc230f79f91e398a5f6a78de3229b3f4aa86574468fb8662df070b814ba39ad7d38f4b8f7a441d4458050129755043264f36b74"}, {0x20, 0x111, 0x8, "c3d0c8c958e1555a66"}, {0x10, 0x3a, 0x5}, {0xb8, 0x10c, 0x2, "a5c43c77f369122820e680675eaa47577a25c4df104ad77192811487708c754a7fd280ea0c70717b17f7848efd0c104f8847118cb9bae282d4db5caa9fddfcf0c176cd6741e5a82a8ee93a97e8235895592a9b07cde8857c897954923d8a89c4987d169ebcbfdeffc9f79c8fecd8dbf0309098f174924276e5624830620abfff6032afd378f5c47f2607cca0aed32ef04d6a24773a18bfdcce1364039409ab074a"}, {0xa78, 0x102, 0x4, "2ceabac4fbff11846a3c303f017b6c6ac48008313e0137172db17ff887a0823c1c4d67fb413b66f62ae90e5950545cd4022fe8f6b06298306f3d1435b44c2b07e08197d61b14b32a16b5a647ce15b7bdbe824a6acfdb3c9b243d6f88df0d6a82f242f08dc300574622037b75e9ae58fdb16dbbf70b80bf617d496a8dad5dd1473007cd9b150f121e37249f12668ce152cf39903406af08c723af08b6240b5e8a2191510cd292099f9888723eb6131c6d4593426fae4567d29d87e071280e2cffd57ecec4ef39aecdbbbf2c0745d3d457d64a9c4e9ab7bc2cb504fa0b6c0e8afe9e7b1f6da83b99d26799e0ec3a6f765bf6eda7261f78b62bf58b463d411f762caecabd6c836349dcec4a661542ed55881f32e7c538f9259981c7c59dc003281f24a8e70f2fa6d2965521da9e94a07ea60794659f06d0043d09ffea096b3bbf76991832c1ce8be7a6f2a034b4c797e4d1fd870f7bf9b653fdd27c2aedd6867be5ad2f3b5f250989b9d319f5662c21e2b002425588e3c732bb398e783b56be50120a7451d0391c44902a46a14ce207c4899a81ae6453cd8186aa5f30fed69f64c28417627a3bee7a5dfdce55ccf39bfec79d4ab1378c39f1b4e7f002980395236645b626c38436b5f347e806b2f1131a9c705096c5487e37bbdd0b487318d18c8f3a591e77ab44569a28a5c570d8d34f6fa7c80a09a83f24bc2afdf30b87413c5fe17276207ab2b541b5ba24c354dfdb360bae93b509124f21b8dd7bf6ae3462e7ca9617490e685c2f588027f84c937c1de4a4cfefdcd054a5c4456e44c30bda9766e46279030a650de9114979134e15eec8490d1e173f12f087b6a07b6b1b7c10bcb84c0a7b0a3bbd3a03bb2c6843f04065b5607a615d21b66a53117c07ae5dfffe6a3e96c349be5da548e7c88fb3925342f36a0132d14cb3cd3f7c55980e0fa40a3257c97806f7973b51a7fe138e5c2345cf82325677899e9a6c5634da5e1ef10a8dd77537e48014b76266eb465b93d4d400ae31444397333db275b410c25a4ba33eecabd55b9c6edf7d1dae00f9235cc9cb8d2527b30c794a305bea7b365e7001f8d5dc9cb1debd459d3ba91ea4ae81f223e12466e18453c9952b4cd180dfb0b5da7283eeb8e00be0e4e4c0c9838c393166e4b200ca941134538b9306d6911a990411772a75a3bc3fa432a8b43967d0840d0a82f1ba365b99304e8a988a7bc4b986b69082601cff3aedcce368c0a39c43a37e8504a0a3bd8400a07b2f906214e94dc4902033f376d745f2a61d8655659364094566c787c85c905153034e292c6b74b4388d19773e5401f344ed7ce00c2c1aae5080cc04ca14653f7e858f730a52812fa73bdf315db78fd38255bc0e21345f15bb3c6aa0baa2309dbcaa966d9d4925d0e74d88d3c17adefe58bbd44bf5cc52a23f7956e147ce107bf44e65bca8742b45c913a11109479ffc4f857afefbbab23062168d65c6ad47353e3f420af33718e7665a1cd5cc3bcf481c5fec1d4f014b9fbb012673be172958fd925613c69250de8ff75664bcb6f9c46467554539e3a40db9b64f32cdb933afbae9f0984843fb2e8434a7fcec15bef3a26a73c187724c3bbfa3d282d4ddb6e37a17caa76e325bec8ced60d0fc3dabf9ec0facae47b8b83ca16175d9b7bc468ab5b2f71dbb4af5dd0c50ccd571d9a60965a1183df2767893cb789f09fff4f57d5e60698d9cc57925295bbb893fcdcf92a7c175cfd8bfb3fb90045c969cb0c90cdb31b3bb0d8b72f5d804fbc845028af82d6f3ceaaf90b32703b99a3ca000f6349666cb795628241b1b4571ee1c99750f8f82ab880177f65e9c409d40ac769ed4d7ada46b08899228684696a11d2913337b9ad217def4e64a2ca9f24f127eb18359deba38c08dedf774169e95533b34d859f6b5b2dc912075064303d0afed12e33f9ac5c64731b880aa6b950c776bf5ddce5e98718b6c25209466b9fbc581400bc52249247661e4cf2a7883de62b9c277adfea303d8d4170ded5782710450c93fffc3a0c6484bca2f67160431195beeef3eef19c8a2c95477cfc786276ea12730a2f01dddf6782c09152c949f44ecc0d8e51e0306d13f43fe29caff780e3f6d4bc238248ab82684431cc3f7d36ee1a270296186184f7194b75ca08cc325d653ddfc7c9969552445ecb41c30d891a2f43b211346d8a571d6759ce74a3b0282d8f3941ff5b5db82a79d997c71fbf83c4a212994bcc69f679e4d64d3e650434dc7d0dd1208706004c5cd98b57db4c9f07c093f2e2ab00513302d70cbf7e66363b72926beb25d2608d7e989a8540d184eea6169ba99c181f9621a9637d15bb9bea0341c11688ca9a4548b7bb03b853795ca5c6bb2409925c100a0d151eb41f58c12bf0903116a9629b3a70544bc3f28fe142ea65509d9a9ec5984e6b648d2ea4c0ba8d92e88620b9df7d9ac77c3723c2d95ca9b16b1a44f43b4ecade8ae697cfbd03bf0afc671392c2cd0ec899bfcb6ba385a5a6ee76b43716225a4919daf90b56c5822217f4262454fa1072975fd9ccbdfb97f15b98bdfceb81164542630cd871f529b8ba0e29d1f9600d058718908d21580b50aeece758e7d37a2f6120dabc2482552dc50c951115d7752609c2c52cd46f4401afcb701142bc88632f11eb5c02513700aa781d8292f4b73e1ba147fd97346abd147b4d51d67742a26e90084b622c10f0e25a14a1421cb602dd8ee84cdf21cceef2847808fee80356d004d03e819243b26eb012713b975b66fe63e7d2a646bb6bfb6eefcb69eb9ea09146b2c3ae154c96c1b500b626d03ef7bc2bf3ddf29da0671a013cf31bd8c40657389f47d385bece53a27053413df6430c611223e727e3994b39f46503a19276ffba04c80f9381efb352fb70ea0c93ca8c2b60b7ea4ab473cea210bb7bd1f688e50e49ec3fc82a99cf2b0030bd7cd3ef9f36b1d8d5f05719f917122e11dbfcacfd180c8761dd7b9d995a7f4f9d29afb9aca80ef4e327286d9f59f3be6c9ba17df23c102a6ab4270d98352dc4601e0e5b70b83c1a9fc4626b7e34df2af9ecb33bd1dbd9758cd0865a18623367cba00f09b21e13cced74c55cbd4c409e962869e477d1c3b4c9dcf2ed660894c465d8735b222ca3e80f2585266d6f01457402941ae554aa234538a2a681dddf7d4a027623e162cb9169c4b0e622e9d4a6e7c043ac0d77c7edd1446eb6ffe4ab723bc383c7beaaa1ebfdaa30d2d7e60e906d4e5314f72bb9e35fe7c824bff49c8faf73f5de3ae239e60aea08e27d4df1b11928680857aad0317267edacf9ff6be039069962c018d11338d97985a4042f3b8f884b6ec627066eec950b53811cb9e4eb20a4966cb873a01d17745a045d818571f762b98495a355ca65594051b57e48a88d0e38ddcbf8de25f2a572a646220945866340ce7d80ae1fc97d2c79a806c88af6f23a546268facd882125470fbb2b4b45df702a9cda485f32928a59525d66760b4e73b74d0ea8140ddea2b8e619e780fe3b927d0d78b63936363f9e7af1943a3b30bfbc2d523157aff5b721df2fa5e48ca4e4b3f9be2dcd8ab59340378b16c3add3113af5c4970f9e23614b77edaa5a3f1a63dc9ee9337e316caf82ea573a27c8b55178eefe602a0b43b393afb0066b4e248724fdb5e80b4770caa78e041891481024245b88d2cf12df07ae26e277c8fd0ce09b5f60a498f7a7dd281467707985db57cfe84afd96c03e568d7571cd868d97944061808343af0727bd0fde6b9215c1fee4f54d8"}, {0x10, 0x10a, 0x3}], 0xc08}}], 0x1, 0x40000) r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f0000000000), 0x10) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f00000000c0), 0xf00) close(r0) 1.121471554s ago: executing program 1 (id=191): r0 = socket(0x11, 0xa, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000680)={0x98, r3, 0x1, 0x70bd27, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x72, 0x33, @auth={{{0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x5}, @device_a, @broadcast, @initial, {0x3, 0xffb}, @value=@ver_80211n={0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1}}, 0x1, 0x1, 0x58, @void, [{0xdd, 0x42, "4ea6c37e8d0ad9a65ed32b0aff68308064ea6627647e3924140d402b7d4a7ef4ab258ecdb038abd638b34272b776c2ef6bbab159cb2324bcf4e698be4e2632e5fd53"}, {0xdd, 0x6, "ae0668a6a4bb"}]}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x8, 0xcd, [0x5, 0x52]}]}, 0x98}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be71}, 0x24008080) 1.066411416s ago: executing program 3 (id=192): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f00000021c0)=0x95) ppoll(&(0x7f0000000040)=[{r1, 0x840b}], 0x1, 0x0, 0x0, 0x0) close(r0) 1.005686409s ago: executing program 4 (id=193): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000580)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000005c0)={0x40, r1, 0x1, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x8}, @NL80211_ATTR_SCAN_SSIDS={0x10, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ibss_ssid}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4040004}, 0x4000) 998.173507ms ago: executing program 0 (id=194): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000700)="0800364b3a3bad78e61001", 0xb) r1 = accept4(r0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000540), r1) 970.693843ms ago: executing program 1 (id=195): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0xf6c52000) socket$inet6(0xa, 0x2, 0x3a) unshare(0xc040480) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x7f, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x8}, 0x1c) 826.071544ms ago: executing program 4 (id=197): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000001080)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000000)=0x40000005, 0x4) recvmmsg(r0, &(0x7f0000005d80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)=""/20, 0x14}, 0x9}], 0x1, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x4000, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 664.670636ms ago: executing program 2 (id=200): socket$packet(0x11, 0xa, 0x300) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020000000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0) syz_emit_ethernet(0x8c, &(0x7f0000001600)=ANY=[], 0x0) 614.922415ms ago: executing program 4 (id=201): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r0}, 0x18) sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="470d000000000000000000000000080002"], 0x1c}}, 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000740)=ANY=[@ANYBLOB="14020000140001002dbd7000000000000a"], 0x214}], 0x1}, 0x0) 509.120194ms ago: executing program 2 (id=202): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0xc, &(0x7f0000000480)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) r2 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r2, &(0x7f0000000cc0)=[{{&(0x7f0000000000)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000180)="e1", 0x1}], 0x1}}], 0x1, 0x800) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000340)={0x2, 0xfff, 0x1, 0x2, 0x100, 0x80, 0x8000, 0x7, r1}, 0x20) 497.252645ms ago: executing program 4 (id=203): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}}, 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x4, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in6=@mcast2, @in=@private=0xa010100, @in=@private=0xa010100, @in=@rand_addr=0x6, 0x3c, 0x0, 0xa801, 0x20, 0xa, 0xa}]}]}, 0xa0}}, 0x0) 387.926297ms ago: executing program 2 (id=204): socketpair(0x3, 0x3, 0x1, &(0x7f0000000000)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0, 0x0, 0x6}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xe0}}, 0x0) 355.114959ms ago: executing program 4 (id=205): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x4}}}}}}, 0x0) 270.002825ms ago: executing program 2 (id=206): r0 = socket$kcm(0x10, 0x2, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0xf, &(0x7f00000005c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r2, 0x4) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x300, &(0x7f0000000180)=[{&(0x7f0000000340)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f1400000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec001210000140090c0c00bdad446b9bbc7a46e39882a5dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1, 0x0, 0x0, 0xff0f0000}, 0x0) 215.926898ms ago: executing program 1 (id=207): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)={0x24, r2, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MEASUREMENT_DURATION={0x6, 0xeb, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x4044001}, 0x44) 165.820895ms ago: executing program 2 (id=208): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000ff7f0000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040), 0x4) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x8000}, 0x4) 142.284109ms ago: executing program 1 (id=209): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x20e, 0x0, 0x0, &(0x7f00000004c0), 0x0, 0x31, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x4c) r0 = socket$netlink(0x10, 0x3, 0x15) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4543(authenc(crct10dif-pclmul,cbc(aes)))\x00'}, 0x58) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="04010000100053"], 0x104}, 0x1, 0x0, 0x0, 0x20040890}, 0x200080c0) 70.672186ms ago: executing program 3 (id=210): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x4, [@const={0x0, 0x0, 0x0, 0x2, 0x3}, @fwd={0x2, 0x0, 0x0, 0x12}, @typedef={0x4, 0x0, 0x0, 0x12, 0x3}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x40}, 0x28) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0) 52.284241ms ago: executing program 0 (id=211): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r1) sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x2c, r2, 0x431, 0x70bd2b, 0x3, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) 12.656799ms ago: executing program 2 (id=212): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4) sendmmsg$inet6(r0, &(0x7f0000000e00)=[{{&(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x86a0}, 0x1c, 0x0}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000003880)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=""/29, 0x1d}}], 0x1, 0x12141, 0x0) 0s ago: executing program 3 (id=213): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700) pwritev(r0, &(0x7f00000004c0)=[{0x0}, {0x0}, {&(0x7f0000000200)="db", 0xfffff000}], 0x3, 0x8040000, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.226' (ED25519) to the list of known hosts. [ 83.231758][ T5822] cgroup: Unknown subsys name 'net' [ 83.345601][ T5822] cgroup: Unknown subsys name 'cpuset' [ 83.355209][ T5822] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.039242][ T5822] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.803966][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.807996][ T5835] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.816799][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.819168][ T5835] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.825797][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.832891][ T5835] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.840552][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.848649][ T5835] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.853947][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.860829][ T5835] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.894746][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.902890][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.910375][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.918719][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.926569][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.950707][ T5835] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.962902][ T5835] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.962914][ T5839] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.963599][ T5839] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.987297][ T5835] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.988537][ T5839] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.008441][ T5839] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.016436][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.036653][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.045280][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.484155][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 88.744681][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 88.790603][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 88.820502][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 88.874477][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.882860][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.890293][ T5832] bridge_slave_0: entered allmulticast mode [ 88.898546][ T5832] bridge_slave_0: entered promiscuous mode [ 88.955374][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.962664][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.969793][ T5832] bridge_slave_1: entered allmulticast mode [ 88.978322][ T5832] bridge_slave_1: entered promiscuous mode [ 88.999982][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 89.135266][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.147034][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.238468][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.246280][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.253931][ T5834] bridge_slave_0: entered allmulticast mode [ 89.262394][ T5834] bridge_slave_0: entered promiscuous mode [ 89.269542][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.276774][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.284411][ T5844] bridge_slave_0: entered allmulticast mode [ 89.291959][ T5844] bridge_slave_0: entered promiscuous mode [ 89.338215][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.345447][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.353484][ T5834] bridge_slave_1: entered allmulticast mode [ 89.360652][ T5834] bridge_slave_1: entered promiscuous mode [ 89.367929][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.375220][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.383096][ T5844] bridge_slave_1: entered allmulticast mode [ 89.390261][ T5844] bridge_slave_1: entered promiscuous mode [ 89.398840][ T5832] team0: Port device team_slave_0 added [ 89.464350][ T5832] team0: Port device team_slave_1 added [ 89.470475][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.478181][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.486254][ T5841] bridge_slave_0: entered allmulticast mode [ 89.493729][ T5841] bridge_slave_0: entered promiscuous mode [ 89.555093][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.562563][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.569698][ T5841] bridge_slave_1: entered allmulticast mode [ 89.578351][ T5841] bridge_slave_1: entered promiscuous mode [ 89.585113][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.594900][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.602564][ T5845] bridge_slave_0: entered allmulticast mode [ 89.609769][ T5845] bridge_slave_0: entered promiscuous mode [ 89.618425][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.625854][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.633968][ T5845] bridge_slave_1: entered allmulticast mode [ 89.641714][ T5845] bridge_slave_1: entered promiscuous mode [ 89.651043][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.664027][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.715317][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.745809][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.756066][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.763238][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.789284][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.856355][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.863775][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.890501][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.904436][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.916240][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.933744][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.945539][ T5834] team0: Port device team_slave_0 added [ 89.961842][ T51] Bluetooth: hci0: command tx timeout [ 89.967510][ T51] Bluetooth: hci1: command tx timeout [ 89.969190][ T5839] Bluetooth: hci2: command tx timeout [ 89.990305][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.017857][ T5834] team0: Port device team_slave_1 added [ 90.026401][ T5844] team0: Port device team_slave_0 added [ 90.036211][ T5844] team0: Port device team_slave_1 added [ 90.043333][ T5839] Bluetooth: hci4: command tx timeout [ 90.121603][ T5839] Bluetooth: hci3: command tx timeout [ 90.157656][ T5841] team0: Port device team_slave_0 added [ 90.165391][ T5845] team0: Port device team_slave_0 added [ 90.175034][ T5845] team0: Port device team_slave_1 added [ 90.214407][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.221469][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.247988][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.266063][ T5832] hsr_slave_0: entered promiscuous mode [ 90.272855][ T5832] hsr_slave_1: entered promiscuous mode [ 90.280821][ T5841] team0: Port device team_slave_1 added [ 90.317168][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.324368][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.351067][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.363536][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.370498][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.396827][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.444606][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.451953][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.478905][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.499277][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.506935][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.533225][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.557363][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.564530][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.590650][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.603335][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.610299][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.636626][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.683839][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.690825][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.717388][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.807883][ T5834] hsr_slave_0: entered promiscuous mode [ 90.814628][ T5834] hsr_slave_1: entered promiscuous mode [ 90.820777][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.828655][ T5834] Cannot create hsr debugfs directory [ 90.856584][ T5844] hsr_slave_0: entered promiscuous mode [ 90.863187][ T5844] hsr_slave_1: entered promiscuous mode [ 90.869535][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.877277][ T5844] Cannot create hsr debugfs directory [ 91.020919][ T5841] hsr_slave_0: entered promiscuous mode [ 91.027717][ T5841] hsr_slave_1: entered promiscuous mode [ 91.034332][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.042389][ T5841] Cannot create hsr debugfs directory [ 91.074396][ T5845] hsr_slave_0: entered promiscuous mode [ 91.080717][ T5845] hsr_slave_1: entered promiscuous mode [ 91.087184][ T5845] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.095653][ T5845] Cannot create hsr debugfs directory [ 91.513501][ T5832] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 91.554616][ T5832] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 91.608553][ T5832] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 91.626100][ T5832] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 91.736274][ T5845] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 91.755013][ T5845] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 91.768876][ T5845] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 91.785552][ T5845] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 91.813641][ T1213] cfg80211: failed to load regulatory.db [ 91.913536][ T5834] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 91.925475][ T5834] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 91.939241][ T5834] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 91.967407][ T5834] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.042956][ T5839] Bluetooth: hci2: command tx timeout [ 92.044272][ T5156] Bluetooth: hci1: command tx timeout [ 92.048405][ T5839] Bluetooth: hci0: command tx timeout [ 92.089736][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.098926][ T5841] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.111608][ T5841] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.122071][ T5839] Bluetooth: hci4: command tx timeout [ 92.144269][ T5841] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.159029][ T5841] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.202441][ T5839] Bluetooth: hci3: command tx timeout [ 92.249639][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.280241][ T1167] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.287632][ T1167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.312136][ T5844] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.325962][ T5844] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.337269][ T5844] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.360554][ T5844] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.377213][ T1153] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.384422][ T1153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.418798][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.467335][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.486893][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.529141][ T1153] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.536317][ T1153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.565188][ T1153] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.572326][ T1153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.612269][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.658601][ T1167] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.665787][ T1167] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.744075][ T1167] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.751303][ T1167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.780246][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.870398][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.888804][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.939773][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.989203][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.996383][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.020622][ T5834] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 93.065806][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.072996][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.126189][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.133405][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.166762][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.174042][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.229197][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.433280][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.590253][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.708462][ T5845] veth0_vlan: entered promiscuous mode [ 93.778126][ T5845] veth1_vlan: entered promiscuous mode [ 93.895249][ T5834] veth0_vlan: entered promiscuous mode [ 93.949852][ T5834] veth1_vlan: entered promiscuous mode [ 94.003832][ T5845] veth0_macvtap: entered promiscuous mode [ 94.022389][ T5845] veth1_macvtap: entered promiscuous mode [ 94.047470][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.079582][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.121721][ T5839] Bluetooth: hci0: command tx timeout [ 94.127123][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.135846][ T51] Bluetooth: hci2: command tx timeout [ 94.139673][ T5832] veth0_vlan: entered promiscuous mode [ 94.142823][ T5156] Bluetooth: hci1: command tx timeout [ 94.178864][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.200490][ T5834] veth0_macvtap: entered promiscuous mode [ 94.207424][ T5156] Bluetooth: hci4: command tx timeout [ 94.218175][ T5832] veth1_vlan: entered promiscuous mode [ 94.239773][ T5841] veth0_vlan: entered promiscuous mode [ 94.247939][ T1105] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.259013][ T1105] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.277274][ T5834] veth1_macvtap: entered promiscuous mode [ 94.283611][ T5156] Bluetooth: hci3: command tx timeout [ 94.296534][ T1105] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.307865][ T1105] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.328705][ T5841] veth1_vlan: entered promiscuous mode [ 94.376490][ T5844] veth0_vlan: entered promiscuous mode [ 94.413336][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.447753][ T5844] veth1_vlan: entered promiscuous mode [ 94.464144][ T5832] veth0_macvtap: entered promiscuous mode [ 94.476687][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.535117][ T1105] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.546412][ T1105] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.559800][ T5832] veth1_macvtap: entered promiscuous mode [ 94.572455][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.579859][ T1105] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.580392][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.620329][ T1105] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.667402][ T5841] veth0_macvtap: entered promiscuous mode [ 94.694383][ T5841] veth1_macvtap: entered promiscuous mode [ 94.710064][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.719723][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.732629][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.769900][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.793064][ T5844] veth0_macvtap: entered promiscuous mode [ 94.804847][ T5844] veth1_macvtap: entered promiscuous mode [ 94.864516][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.877301][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.891719][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.915220][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.928031][ T5845] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 94.936040][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.960971][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.970649][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.980590][ T1105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.993697][ T1105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.025399][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.096948][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.146480][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.159544][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.195058][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.196080][ T1105] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.225172][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.235296][ T1105] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.271565][ T1105] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.285774][ T1105] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.344121][ T1105] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.367132][ T1167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.376680][ T1167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.460473][ T5955] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 95.526349][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.552649][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.583139][ T1167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.590973][ T1167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.811978][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.824930][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.833642][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.843889][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.096596][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.110632][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.202795][ T5156] Bluetooth: hci2: command tx timeout [ 96.208341][ T5156] Bluetooth: hci1: command tx timeout [ 96.214711][ T5839] Bluetooth: hci0: command tx timeout [ 96.281894][ T51] Bluetooth: hci4: command tx timeout [ 96.365883][ T51] Bluetooth: hci3: command tx timeout [ 96.431087][ T5966] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 98.661318][ T6017] syz.3.27 uses obsolete (PF_INET,SOCK_PACKET) [ 98.852362][ T6022] Driver unsupported XDP return value 0 on prog (id 8) dev N/A, expect packet loss! [ 99.187111][ T6029] netlink: 8 bytes leftover after parsing attributes in process `syz.1.32'. [ 99.977843][ T6047] sctp: [Deprecated]: syz.2.37 (pid 6047) Use of struct sctp_assoc_value in delayed_ack socket option. [ 99.977843][ T6047] Use struct sctp_sack_info instead [ 101.183696][ T6077] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 101.885806][ T6097] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 101.960654][ T6097] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 102.877965][ T6119] tipc: Started in network mode [ 102.916781][ T6119] tipc: Node identity 4, cluster identity 4711 [ 102.961732][ T6119] tipc: Node number set to 4 [ 103.130255][ T6129] netlink: 12 bytes leftover after parsing attributes in process `syz.0.70'. [ 103.173956][ T6129] netlink: 12 bytes leftover after parsing attributes in process `syz.0.70'. [ 104.380758][ T6152] bridge0: port 3(vlan2) entered blocking state [ 104.405335][ T6152] bridge0: port 3(vlan2) entered disabled state [ 104.433788][ T6152] vlan2: entered allmulticast mode [ 104.438964][ T6152] dummy0: entered allmulticast mode [ 104.492094][ T6152] vlan2: entered promiscuous mode [ 104.521403][ T6152] dummy0: entered promiscuous mode [ 104.555668][ T6152] bridge0: port 3(vlan2) entered blocking state [ 104.562295][ T6152] bridge0: port 3(vlan2) entered forwarding state [ 104.913244][ T6169] af_packet: tpacket_rcv: packet too big, clamped from 3698 to 4294967272. macoff=96 [ 105.508192][ T6183] netlink: 'syz.3.93': attribute type 23 has an invalid length. [ 105.794352][ T6192] netlink: 4 bytes leftover after parsing attributes in process `syz.4.97'. [ 105.829216][ T6192] chnl_net:caif_netlink_parms(): no params data found [ 107.150208][ T6226] warning: `syz.3.111' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 107.201469][ T6230] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.114'. [ 107.435176][ T6237] syzkaller1: entered promiscuous mode [ 107.453461][ T6237] syzkaller1: entered allmulticast mode [ 107.595786][ T6247] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.122'. [ 108.191887][ T6265] syzkaller1: entered promiscuous mode [ 108.198593][ T6265] syzkaller1: entered allmulticast mode [ 108.218203][ T6264] netlink: 'syz.4.129': attribute type 10 has an invalid length. [ 108.268066][ T6264] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.293115][ T6264] bridge_slave_1: left allmulticast mode [ 108.301590][ T6264] bridge_slave_1: left promiscuous mode [ 108.324389][ T6264] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.366490][ T6264] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 108.555239][ T6273] netlink: 'syz.4.133': attribute type 1 has an invalid length. [ 108.678993][ T6275] sctp: [Deprecated]: syz.1.134 (pid 6275) Use of struct sctp_assoc_value in delayed_ack socket option. [ 108.678993][ T6275] Use struct sctp_sack_info instead [ 109.830392][ T6320] batadv_slave_1: entered promiscuous mode [ 109.851552][ T6318] batadv_slave_1: left promiscuous mode [ 109.934093][ T6326] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 110.255180][ T6339] netlink: 8 bytes leftover after parsing attributes in process `syz.0.162'. [ 110.329869][ T6339] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.338286][ T6339] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.462594][ T6388] Zero length message leads to an empty skb [ 111.603574][ T6391] block nbd0: server does not support multiple connections per device. [ 111.637417][ T6391] block nbd0: shutting down sockets [ 111.904672][ T6403] netlink: 'syz.2.186': attribute type 4 has an invalid length. [ 112.621947][ T6437] netlink: 504 bytes leftover after parsing attributes in process `syz.4.201'. [ 113.160618][ T6459] netlink: 36 bytes leftover after parsing attributes in process `syz.1.209'. [ 113.202075][ T6461] ================================================================== [ 113.210222][ T6461] BUG: KASAN: slab-out-of-bounds in pause_parse_request+0x40/0x160 [ 113.218181][ T6461] Read of size 8 at addr ffff8880793c0db0 by task syz.0.211/6461 [ 113.225926][ T6461] [ 113.228390][ T6461] CPU: 0 UID: 0 PID: 6461 Comm: syz.0.211 Not tainted 6.16.0-rc2-syzkaller-00867-ga9b24b3583ae #0 PREEMPT(full) [ 113.228419][ T6461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.228440][ T6461] Call Trace: [ 113.228452][ T6461] [ 113.228460][ T6461] dump_stack_lvl+0x189/0x250 [ 113.228495][ T6461] ? __virt_addr_valid+0x1c8/0x5c0 [ 113.228516][ T6461] ? rcu_is_watching+0x15/0xb0 [ 113.228545][ T6461] ? __kasan_check_byte+0x12/0x40 [ 113.228566][ T6461] ? __pfx_dump_stack_lvl+0x10/0x10 [ 113.228594][ T6461] ? rcu_is_watching+0x15/0xb0 [ 113.228624][ T6461] ? lock_release+0x4b/0x3e0 [ 113.228653][ T6461] ? __virt_addr_valid+0x1c8/0x5c0 [ 113.228673][ T6461] ? __virt_addr_valid+0x4a5/0x5c0 [ 113.228694][ T6461] print_report+0xd2/0x2b0 [ 113.228719][ T6461] ? pause_parse_request+0x40/0x160 [ 113.228741][ T6461] kasan_report+0x118/0x150 [ 113.228763][ T6461] ? pause_parse_request+0x40/0x160 [ 113.228790][ T6461] ? __pfx_pause_parse_request+0x10/0x10 [ 113.228811][ T6461] pause_parse_request+0x40/0x160 [ 113.228835][ T6461] ? __pfx_pause_parse_request+0x10/0x10 [ 113.228857][ T6461] ethnl_default_set_doit+0x2c1/0xa40 [ 113.228885][ T6461] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 113.228928][ T6461] genl_family_rcv_msg_doit+0x215/0x300 [ 113.228952][ T6461] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 113.228979][ T6461] ? bpf_lsm_capable+0x9/0x20 [ 113.228996][ T6461] ? security_capable+0x7e/0x2e0 [ 113.229027][ T6461] genl_rcv_msg+0x60e/0x790 [ 113.229049][ T6461] ? __pfx_genl_rcv_msg+0x10/0x10 [ 113.229066][ T6461] ? ref_tracker_free+0x63a/0x7d0 [ 113.229093][ T6461] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 113.229122][ T6461] ? __pfx_ref_tracker_free+0x10/0x10 [ 113.229164][ T6461] netlink_rcv_skb+0x205/0x470 [ 113.229191][ T6461] ? __pfx_genl_rcv_msg+0x10/0x10 [ 113.229210][ T6461] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 113.229255][ T6461] ? down_read+0x1ad/0x2e0 [ 113.229283][ T6461] genl_rcv+0x28/0x40 [ 113.229311][ T6461] netlink_unicast+0x758/0x8d0 [ 113.229338][ T6461] netlink_sendmsg+0x805/0xb30 [ 113.229369][ T6461] ? __pfx_netlink_sendmsg+0x10/0x10 [ 113.229395][ T6461] ? aa_sock_msg_perm+0x94/0x160 [ 113.229422][ T6461] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 113.229446][ T6461] ? __pfx_netlink_sendmsg+0x10/0x10 [ 113.229472][ T6461] __sock_sendmsg+0x21c/0x270 [ 113.229494][ T6461] ____sys_sendmsg+0x505/0x830 [ 113.229525][ T6461] ? __pfx_____sys_sendmsg+0x10/0x10 [ 113.229559][ T6461] ? import_iovec+0x74/0xa0 [ 113.229580][ T6461] ___sys_sendmsg+0x21f/0x2a0 [ 113.229609][ T6461] ? __pfx____sys_sendmsg+0x10/0x10 [ 113.229657][ T6461] ? __fget_files+0x2a/0x420 [ 113.229678][ T6461] ? __fget_files+0x3a0/0x420 [ 113.229704][ T6461] __x64_sys_sendmsg+0x19b/0x260 [ 113.229735][ T6461] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 113.229769][ T6461] ? rcu_is_watching+0x15/0xb0 [ 113.229803][ T6461] ? do_syscall_64+0xbe/0x3b0 [ 113.229829][ T6461] do_syscall_64+0xfa/0x3b0 [ 113.229852][ T6461] ? lockdep_hardirqs_on+0x9c/0x150 [ 113.229874][ T6461] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.229894][ T6461] ? clear_bhb_loop+0x60/0xb0 [ 113.229915][ T6461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.229934][ T6461] RIP: 0033:0x7f19a4f8e929 [ 113.229960][ T6461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.229977][ T6461] RSP: 002b:00007f19a5db4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 113.229999][ T6461] RAX: ffffffffffffffda RBX: 00007f19a51b5fa0 RCX: 00007f19a4f8e929 [ 113.230014][ T6461] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005 [ 113.230027][ T6461] RBP: 00007f19a5010b39 R08: 0000000000000000 R09: 0000000000000000 [ 113.230038][ T6461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 113.230050][ T6461] R13: 0000000000000000 R14: 00007f19a51b5fa0 R15: 00007fffccb55de8 [ 113.230072][ T6461] [ 113.230080][ T6461] [ 113.613803][ T6461] Allocated by task 6461: [ 113.618166][ T6461] kasan_save_track+0x3e/0x80 [ 113.622856][ T6461] __kasan_kmalloc+0x93/0xb0 [ 113.627456][ T6461] __kmalloc_noprof+0x27a/0x4f0 [ 113.632304][ T6461] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 113.638372][ T6461] genl_family_rcv_msg_doit+0xb8/0x300 [ 113.643833][ T6461] genl_rcv_msg+0x60e/0x790 [ 113.648332][ T6461] netlink_rcv_skb+0x205/0x470 [ 113.653138][ T6461] genl_rcv+0x28/0x40 [ 113.657157][ T6461] netlink_unicast+0x758/0x8d0 [ 113.661920][ T6461] netlink_sendmsg+0x805/0xb30 [ 113.666691][ T6461] __sock_sendmsg+0x21c/0x270 [ 113.671378][ T6461] ____sys_sendmsg+0x505/0x830 [ 113.676164][ T6461] ___sys_sendmsg+0x21f/0x2a0 [ 113.680851][ T6461] __x64_sys_sendmsg+0x19b/0x260 [ 113.685799][ T6461] do_syscall_64+0xfa/0x3b0 [ 113.690319][ T6461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.696217][ T6461] [ 113.698540][ T6461] The buggy address belongs to the object at ffff8880793c0d80 [ 113.698540][ T6461] which belongs to the cache kmalloc-64 of size 64 [ 113.712444][ T6461] The buggy address is located 8 bytes to the right of [ 113.712444][ T6461] allocated 40-byte region [ffff8880793c0d80, ffff8880793c0da8) [ 113.726861][ T6461] [ 113.729191][ T6461] The buggy address belongs to the physical page: [ 113.735607][ T6461] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x793c0 [ 113.744378][ T6461] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 113.751501][ T6461] page_type: f5(slab) [ 113.755494][ T6461] raw: 00fff00000000000 ffff88801a4418c0 ffffea0000c58240 dead000000000004 [ 113.764087][ T6461] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 113.772680][ T6461] page dumped because: kasan: bad access detected [ 113.779113][ T6461] page_owner tracks the page as allocated [ 113.784828][ T6461] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6025, tgid 6024 (syz.4.30), ts 100722095193, free_ts 100662801604 [ 113.803943][ T6461] post_alloc_hook+0x240/0x2a0 [ 113.808725][ T6461] get_page_from_freelist+0x21e4/0x22c0 [ 113.814277][ T6461] __alloc_frozen_pages_noprof+0x181/0x370 [ 113.820189][ T6461] alloc_pages_mpol+0x232/0x4a0 [ 113.825056][ T6461] allocate_slab+0x8a/0x3b0 [ 113.829596][ T6461] ___slab_alloc+0xbfc/0x1480 [ 113.834288][ T6461] __kmalloc_noprof+0x305/0x4f0 [ 113.839163][ T6461] hash_netport4_resize+0xa82/0x1b60 [ 113.844656][ T6461] call_ad+0x44e/0xb00 [ 113.848734][ T6461] ip_set_ad+0x791/0x930 [ 113.852981][ T6461] nfnetlink_rcv_msg+0xb4a/0x1130 [ 113.858008][ T6461] netlink_rcv_skb+0x205/0x470 [ 113.862782][ T6461] nfnetlink_rcv+0x26a/0x2520 [ 113.867462][ T6461] netlink_unicast+0x758/0x8d0 [ 113.872234][ T6461] netlink_sendmsg+0x805/0xb30 [ 113.877015][ T6461] __sock_sendmsg+0x21c/0x270 [ 113.881698][ T6461] page last free pid 23 tgid 23 stack trace: [ 113.887677][ T6461] __free_frozen_pages+0xc71/0xe70 [ 113.892803][ T6461] __tlb_remove_table+0x2d2/0x3b0 [ 113.897845][ T6461] tlb_remove_table_rcu+0x85/0x100 [ 113.902978][ T6461] rcu_core+0xca5/0x1710 [ 113.907236][ T6461] handle_softirqs+0x286/0x870 [ 113.912014][ T6461] run_ksoftirqd+0x9b/0x100 [ 113.916517][ T6461] smpboot_thread_fn+0x53f/0xa60 [ 113.921463][ T6461] kthread+0x70e/0x8a0 [ 113.925536][ T6461] ret_from_fork+0x3f9/0x770 [ 113.930148][ T6461] ret_from_fork_asm+0x1a/0x30 [ 113.934937][ T6461] [ 113.937271][ T6461] Memory state around the buggy address: [ 113.942901][ T6461] ffff8880793c0c80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 113.951480][ T6461] ffff8880793c0d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 113.959542][ T6461] >ffff8880793c0d80: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 113.967599][ T6461] ^ [ 113.973231][ T6461] ffff8880793c0e00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 113.981311][ T6461] ffff8880793c0e80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 113.989378][ T6461] ================================================================== [ 114.027346][ T6461] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 114.034595][ T6461] CPU: 1 UID: 0 PID: 6461 Comm: syz.0.211 Not tainted 6.16.0-rc2-syzkaller-00867-ga9b24b3583ae #0 PREEMPT(full) [ 114.047214][ T6461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 114.057293][ T6461] Call Trace: [ 114.060597][ T6461] [ 114.063542][ T6461] dump_stack_lvl+0x99/0x250 [ 114.068173][ T6461] ? __asan_memcpy+0x40/0x70 [ 114.072792][ T6461] ? __pfx_dump_stack_lvl+0x10/0x10 [ 114.078034][ T6461] ? __pfx__printk+0x10/0x10 [ 114.082671][ T6461] panic+0x2db/0x790 [ 114.086593][ T6461] ? __pfx_panic+0x10/0x10 [ 114.091127][ T6461] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 114.097034][ T6461] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 114.103387][ T6461] ? print_memory_metadata+0x314/0x400 [ 114.108860][ T6461] ? pause_parse_request+0x40/0x160 [ 114.114063][ T6461] check_panic_on_warn+0x89/0xb0 [ 114.119008][ T6461] ? pause_parse_request+0x40/0x160 [ 114.124298][ T6461] end_report+0x78/0x160 [ 114.128560][ T6461] kasan_report+0x129/0x150 [ 114.133066][ T6461] ? pause_parse_request+0x40/0x160 [ 114.138280][ T6461] ? __pfx_pause_parse_request+0x10/0x10 [ 114.143924][ T6461] pause_parse_request+0x40/0x160 [ 114.148959][ T6461] ? __pfx_pause_parse_request+0x10/0x10 [ 114.154599][ T6461] ethnl_default_set_doit+0x2c1/0xa40 [ 114.159983][ T6461] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 114.166316][ T6461] genl_family_rcv_msg_doit+0x215/0x300 [ 114.171872][ T6461] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 114.177952][ T6461] ? bpf_lsm_capable+0x9/0x20 [ 114.182635][ T6461] ? security_capable+0x7e/0x2e0 [ 114.187587][ T6461] genl_rcv_msg+0x60e/0x790 [ 114.192108][ T6461] ? __pfx_genl_rcv_msg+0x10/0x10 [ 114.197135][ T6461] ? ref_tracker_free+0x63a/0x7d0 [ 114.202192][ T6461] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 114.208117][ T6461] ? __pfx_ref_tracker_free+0x10/0x10 [ 114.213508][ T6461] netlink_rcv_skb+0x205/0x470 [ 114.218279][ T6461] ? __pfx_genl_rcv_msg+0x10/0x10 [ 114.223310][ T6461] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 114.228615][ T6461] ? down_read+0x1ad/0x2e0 [ 114.233040][ T6461] genl_rcv+0x28/0x40 [ 114.237048][ T6461] netlink_unicast+0x758/0x8d0 [ 114.241833][ T6461] netlink_sendmsg+0x805/0xb30 [ 114.246610][ T6461] ? __pfx_netlink_sendmsg+0x10/0x10 [ 114.251903][ T6461] ? aa_sock_msg_perm+0x94/0x160 [ 114.256848][ T6461] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 114.262145][ T6461] ? __pfx_netlink_sendmsg+0x10/0x10 [ 114.267442][ T6461] __sock_sendmsg+0x21c/0x270 [ 114.272124][ T6461] ____sys_sendmsg+0x505/0x830 [ 114.276924][ T6461] ? __pfx_____sys_sendmsg+0x10/0x10 [ 114.282231][ T6461] ? import_iovec+0x74/0xa0 [ 114.286751][ T6461] ___sys_sendmsg+0x21f/0x2a0 [ 114.291624][ T6461] ? __pfx____sys_sendmsg+0x10/0x10 [ 114.296862][ T6461] ? __fget_files+0x2a/0x420 [ 114.301469][ T6461] ? __fget_files+0x3a0/0x420 [ 114.306178][ T6461] __x64_sys_sendmsg+0x19b/0x260 [ 114.311136][ T6461] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 114.316632][ T6461] ? rcu_is_watching+0x15/0xb0 [ 114.321419][ T6461] ? do_syscall_64+0xbe/0x3b0 [ 114.326107][ T6461] do_syscall_64+0xfa/0x3b0 [ 114.330638][ T6461] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.335842][ T6461] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.342171][ T6461] ? clear_bhb_loop+0x60/0xb0 [ 114.346862][ T6461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.352786][ T6461] RIP: 0033:0x7f19a4f8e929 [ 114.357207][ T6461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.376813][ T6461] RSP: 002b:00007f19a5db4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 114.385234][ T6461] RAX: ffffffffffffffda RBX: 00007f19a51b5fa0 RCX: 00007f19a4f8e929 [ 114.393213][ T6461] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005 [ 114.401292][ T6461] RBP: 00007f19a5010b39 R08: 0000000000000000 R09: 0000000000000000 [ 114.409267][ T6461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.417248][ T6461] R13: 0000000000000000 R14: 00007f19a51b5fa0 R15: 00007fffccb55de8 [ 114.425234][ T6461] [ 114.428606][ T6461] Kernel Offset: disabled [ 114.432935][ T6461] Rebooting in 86400 seconds..