last executing test programs: 2.01618779s ago: executing program 1 (id=6): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0xa4}, [@ldst={0x4}]}, &(0x7f0000000080)='GPL\x00', 0x8, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76}, 0x48) (async) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x4, 0x1, 0x401, 0x0, 0x0, {0x7, 0x0, 0x4}, ["", "", "", "", "", "", "", ""]}, 0x14}}, 0x20000010) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'erspan0\x00', &(0x7f0000000040)=@ethtool_wolinfo={0x6, 0x7, 0x1ff, "fac16a590b17"}}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000002feffff720af0fff8ffffff71a4f0ff0000000071107100000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe040026ca7203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350844ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x44) socket$inet6_tcp(0xa, 0x1, 0x0) 1.895191249s ago: executing program 1 (id=7): r0 = socket$alg(0x26, 0x5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000100)=@framed={{0x18, 0x5}, [@printk={@li, {0x3, 0x3, 0x3, 0xa, 0x0}, {0x5, 0x1, 0xb, 0x1, 0x5}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe00}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x19}}]}, &(0x7f0000000000)='GPL\x00', 0x8, 0xde, &(0x7f0000003e40)=""/222}, 0x94) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40086602, &(0x7f0000000000)={0xfff}) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000412ff8), 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x28, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0, 0x82, 0x0, 0x1}, 0x28) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) (async) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) (async) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r4, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) (async) bind$netlink(r4, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f0000000440)=[@in6={0xa, 0x4e21, 0x0, @loopback}]}, &(0x7f0000000280)=0x10) (async) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f0000000440)=[@in6={0xa, 0x4e21, 0x0, @loopback}]}, &(0x7f0000000280)=0x10) socket$netlink(0x10, 0x3, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx2\x00'}, 0x58) (async) bind$alg(r5, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) (async) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) accept4(r5, 0x0, 0x0, 0x0) (async) r6 = accept4(r5, 0x0, 0x0, 0x0) sendmsg$alg(r6, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x48814}, 0x14000012) sendmsg$nl_route_sched_retired(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24}, 0x24}}, 0x8054) recvmmsg$unix(r6, &(0x7f00000029c0)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000002a00)=""/4100, 0x1004}], 0x1}}], 0x1, 0x10000, 0x0) r7 = socket$igmp6(0xa, 0x3, 0x2) getsockopt$inet6_int(r7, 0x29, 0xc8, 0x0, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x30, 0x16, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}]}, @NFT_MSG_DELFLOWTABLE={0x34, 0x18, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x8, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x4}]}]}], {0x14, 0x10}}, 0xac}}, 0x0) (async) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x30, 0x16, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}]}, @NFT_MSG_DELFLOWTABLE={0x34, 0x18, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x8, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x4}]}]}], {0x14, 0x10}}, 0xac}}, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) (async) r9 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) socket$alg(0x26, 0x5, 0x0) (async) r10 = socket$alg(0x26, 0x5, 0x0) bind$alg(r10, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-aesni\x00'}, 0x58) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r9, 0x89f2, &(0x7f0000000040)={'tunl0\x00', &(0x7f0000000640)={'gre0\x00', 0x0, 0x8000, 0x10, 0x3, 0x2, {{0x5, 0x4, 0x2, 0x19, 0x14, 0x65, 0x0, 0x0, 0x4, 0x0, @private=0xa010100, @rand_addr=0x64010102}}}}) 1.706307221s ago: executing program 1 (id=8): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0) (async) recvmmsg(r1, &(0x7f0000001000)=[{{0x0, 0x0, &(0x7f0000002740)=[{&(0x7f00000005c0)=""/248, 0xf8}, {&(0x7f0000000140)=""/114, 0x72}, {&(0x7f0000001480)=""/217, 0xd9}, {&(0x7f0000001600)=""/103, 0x67}, {&(0x7f0000001680)=""/4096, 0x1000}], 0x5}}, {{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000002f80)=""/4096, 0x1000}, {&(0x7f0000000440)=""/170, 0xaa}, {&(0x7f0000000500)=""/159, 0x9f}, {&(0x7f0000001200)=""/237, 0xed}, {&(0x7f00000001c0)=""/126, 0x7e}, {&(0x7f00000007c0)=""/70, 0x46}], 0x6}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000014c0)=@newsa={0x154, 0x10, 0x1, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@broadcast}, {@in, 0x0, 0x32}, @in6=@loopback, {}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x1}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}, @replay_esn_val={0x1c}]}, 0x154}}, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000061122c000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) 1.63607491s ago: executing program 0 (id=1): sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x34, 0x0, 0x1, 0x70bd2b, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5, 0x19, 0x1}]}, 0x34}}, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0x9, 0x4) syz_emit_ethernet(0x3e, &(0x7f0000000400)={@broadcast, @random="8eff80ec0031", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x4, 0x1, 0x0, @empty, @broadcast}, @source_quench={0x4, 0x0, 0x0, 0x1000000, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x11, 0x0, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x2c, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x5}, {0xffff, 0xffff}, {0xfff3, 0x10}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x7}]}, 0x2c}}, 0x44080) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000020000103feffffff000000000a000000000000000400010008000a000008000005001e"], 0x50}}, 0x4000850) 1.577291807s ago: executing program 1 (id=9): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) r1 = socket$inet6(0xa, 0x1, 0x0) pipe(&(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_GET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x3c, r3, 0x701, 0x0, 0x0, {0x2e}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}]}, 0x3c}, 0x1, 0x2000000, 0x0, 0xc008}, 0x4008010) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x50, &(0x7f0000000000)={0x0, 0x0}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@ipv4_newroute={0x2c, 0x1a, 0x400, 0x0, 0x0, {0x2, 0x0, 0x20}, [@RTA_OIF={0x8}, @RTA_IIF={0x8}]}, 0x2c}}, 0x0) 1.504770419s ago: executing program 3 (id=4): r0 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32) r1 = socket$inet6_udp(0xa, 0x2, 0x0) (rerun: 32) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_TIMER_SLACK={0x900, 0xd, 0x5}, @TCA_FQ_QUANTUM={0x2, 0x2, 0x3001029}]}}]}, 0x48}}, 0x0) (async) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$kcm(0x2, 0xa, 0x2) (async, rerun: 64) socketpair$nbd(0x1, 0x1, 0x0, 0x0) (async, rerun: 64) write$tun(r3, &(0x7f0000000940)={@void, @void, @eth={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x29}, @remote, @val={@val={0x88a8, 0x1, 0x0, 0x4}, {0x8100, 0x0, 0x0, 0xfff}}, {@generic={0x88fb}}}}, 0x16) 1.368979974s ago: executing program 0 (id=10): r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCGIFMTU(r0, 0x8921, &(0x7f0000000000)={'ipvlan0\x00'}) r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f00000000c0)={r3, 0x100, 0x2000000, 0x7fff}) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r4) ioctl$int_in(r3, 0x5452, &(0x7f0000000100)=0x9) writev(r3, &(0x7f00000033c0)=[{&(0x7f0000000140)='M', 0x1}], 0x1) connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000340)={r2, r2, 0xd, 0x1, &(0x7f00000009c0)="16", 0x9, 0x1, 0x16c0, 0x5505, 0x4, 0x1, 0x9, 'syz0\x00'}) socket$pppl2tp(0x18, 0x1, 0x1) (async) ioctl$SIOCGIFMTU(r0, 0x8921, &(0x7f0000000000)={'ipvlan0\x00'}) (async) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) (async) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) (async) socket$inet_smc(0x2b, 0x1, 0x0) (async) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f00000000c0)={r3, 0x100, 0x2000000, 0x7fff}) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r4) (async) ioctl$int_in(r3, 0x5452, &(0x7f0000000100)=0x9) (async) writev(r3, &(0x7f00000033c0)=[{&(0x7f0000000140)='M', 0x1}], 0x1) (async) connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) (async) ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000340)={r2, r2, 0xd, 0x1, &(0x7f00000009c0)="16", 0x9, 0x1, 0x16c0, 0x5505, 0x4, 0x1, 0x9, 'syz0\x00'}) (async) 1.282411191s ago: executing program 1 (id=11): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0xb, &(0x7f0000000140)=@framed={{}, [@printk={@x, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x62}}]}, &(0x7f0000000000)='syzkaller\x00', 0x5, 0xfe7, &(0x7f0000001e00)=""/4071}, 0x90) (async) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x6, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="18020000fcffffff0000000000000000850000003600000085000000d000000095"], &(0x7f0000000100)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000001580)="e0856497d56cf0f21a0000000010", 0x0, 0x20000700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) socket$nl_generic(0x10, 0x3, 0x10) (async) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000611494000000000005000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48) 1.198696978s ago: executing program 0 (id=12): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000000)=ANY=[@ANYBLOB="fc00000019000100000000000000000020010000000000000000000000000000ac1414aa00000000000000000000000000000000000000000a"], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000008c0)=ANY=[@ANYBLOB="84010000210001000000000000000000fc020000000000000000000000000000fe80000000000000000000000000003500000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000034011100ac14140c000000000000000000fffd00fc000000000000000000000000000001fc020000000000000000000000000000fe8000000000000000000000000000aa6c01a8000200000002000a00ac1414aa000000000000000000000000fe8000000000000000000000000000aa00000000000000000000000000000000ff020000000000000000000000000001ff020000003500000a000800ac"], 0x184}}, 0x0) 1.09994319s ago: executing program 4 (id=5): write$ppp(0xffffffffffffffff, &(0x7f0000000240)="1a37417a3ea1a51195fa86d3c1e6de5721c12d363fcc276722be61a00d1a0b234a296b0efabbeb78a3f565e52915475cc175f709d62e4950a577bc46ebd0de19a750cd7e25b05af2e52fb1aa894c29f7d82f7847d938af36a7284c1bc6c317965e9ea8406c249afac12916491e6c28c4354ccf72bf2a88abe7b921df476414fd0582159335e4f5e3b78aac3c48b8ff50aea658a8f23d4388e9bf925fbccb23ebd5a9c1983dca82a49cb44590e94308f9aae2e04aff1efdad75a6528981d841778b866218b18aec2f247704205202c63ad731", 0xd2) r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000001380)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18) (async) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) (async) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000080)="008101000040000000", 0x9}], 0x1}, 0x48045) readv(r0, &(0x7f0000000400)=[{&(0x7f00000000c0)=""/20, 0x14}], 0x1) r2 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000004c0)={'vcan0\x00', 0x0}) connect$can_bcm(r2, &(0x7f00000000c0)={0x1d, r3}, 0x10) sendmsg$can_bcm(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1, 0x840, 0x0, {}, {0x77359400}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "ef1d62ee7e923b0ad9cda5b28dd4753620a2f0271768a8284c18a4e2b5e44dc77098b18fd964df81213608ec503db52d42f1a78c97322f4ae4c8dc89cf2b1440"}}, 0x80}}, 0x0) (async) sendmsg$can_bcm(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1, 0x1, 0x3, {}, {0x0, 0x2710}, {0x3, 0x1, 0x1, 0x1}, 0x1, @can={{0x4, 0x0, 0x0, 0x1}, 0x7, 0x2, 0x0, 0x0, "d467aef0f23fe738"}}, 0x48}, 0x1, 0x0, 0x0, 0x4001}, 0x4000000) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c020000190001000000000010000000e0000001000000000000000000000000ac1414bb00000000000000000000000000000000ffff00000a00800000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000084010500ac1414aa000000000000000000000000000000003c00000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000800ac1414aa000000000000000000000000000000003c00000000000000fe80000000000000000000000000000000000000030000000008000000000000000000007f00000100000000000000000000000000000000320000000000000000000000000000000000ffff7f0000010000800003000000000000000000000000000000ff0100000000000000000000000000010000000033000000000000000a010101000000000000000000000000043500000000010000000000bf0a000000000000fe8000000000000000000000000000aa000004d46c00000000000000e00000010000000000000000000000000300000000000000000000000000000000000000fc000000000000000000000000000001000000003c0000000a000000fc010000000000accb6e156b4743068732ab9fa209"], 0x23c}}, 0x0) (async) sendmsg$can_bcm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x2, 0x89, 0xc, {}, {0x0, 0xea60}, {0x1, 0x0, 0x0, 0x1}, 0x1, @can={{0x0, 0x1}, 0x3, 0x0, 0x0, 0x0, "25696cebfc24467c"}}, 0x48}, 0x1, 0x0, 0x0, 0x8110}, 0x40004) 1.03017984s ago: executing program 0 (id=13): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000340)=@ccm_128={{0x303}, "a4457f8aa407495a", "e63bc7e08bd0f55cdd29e098d9a2ffab", "e2d13355", "e0cc0221e01f20fb"}, 0x28) r1 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@delqdisc={0x24, 0x25, 0x2, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x8}, {0x3, 0xd}, {0x8, 0x2}}}, 0x24}}, 0x40004) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f00000000c0)={@multicast2, @remote, 0x0, 0x3, [@empty, @dev={0xac, 0x14, 0x14, 0x19}, @loopback]}, 0x1c) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x1404, 0x1, 0x70bd2d}, 0x10}}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002a80)=@newtaction={0x8c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x78, 0x1, [@m_police={0x74, 0x1, 0x0, 0x0, {{0xb}, {0x48, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1000, 0x0, 0x0, 0x0, 0x4000000}}, @TCA_POLICE_RESULT={0x8, 0x5, 0xfffffffe}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0) writev(r4, &(0x7f00000005c0)=[{&(0x7f0000000080)="2fdf28e148dc2acfec49d5f3013ea7f65bc94c90c72403ef17e00e962669669e3f9d4195dc44a010b04af0a6ae30a60c618427e45d2b86", 0x37}], 0x1) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x2000000, 0x8010, r7, 0xbbb40000) r8 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockopt$llc_int(r8, 0x10c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r5, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x577801, 0x100408) 294.335387ms ago: executing program 1 (id=14): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000040)="0d000000010001", 0x7) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0) setsockopt$rose(r2, 0x104, 0x5, &(0x7f0000000300)=0xffffff6c, 0x4) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01080000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d65746100000000140002800800014000000012080002400000002114000000110001"], 0xd8}}, 0x0) 269.533712ms ago: executing program 4 (id=15): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}]}, @NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x66}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5, 0x3, 0x1}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xe0}}, 0x0) 154.447221ms ago: executing program 3 (id=16): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x7, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0xb3}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x7, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0xb3}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a40000002300000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) socket$nl_route(0x10, 0x3, 0x0) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x30, 0x1412, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x20}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}]}, 0x30}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380300000000000000001000fdffff7f00000000000000000c00020001000000150000000c000c8006000100050000000600030001000000"], 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r4) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x38, r5, 0x1, 0x0, 0x0, {0x4}, [@NLBL_UNLABEL_A_IPV4ADDR={0x5, 0x4, @multicast1}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth1_to_team\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x5, 0x5, @multicast1}]}, 0x38}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) (async) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x1c, 0xa, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) (async) sendmsg$IPSET_CMD_DEL(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x1c, 0xa, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001280)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x18) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) 111.786529ms ago: executing program 0 (id=17): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000004180)={'wlan0\x00'}) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000004180)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r3, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_COOKIE={0xc}]}, 0x28}, 0x1, 0x0, 0x0, 0x8040}, 0x80c4) (async) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r3, 0x1, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_COOKIE={0xc}]}, 0x28}, 0x1, 0x0, 0x0, 0x8040}, 0x80c4) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="8500000031000000760000000000000027000000000004009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8}, 0x23) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x18, 0x8, 0x43, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r4, &(0x7f0000001240), 0x0}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0xd, 0x17, &(0x7f0000000280)=ANY=[@ANYBLOB="0723fc0200800000184a0000f8ffffff000000000000000018570000040000000000000000000000b7080000000000007b8af8ff00000000b7080000ff0700007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0008000000000000b70400000800000085000000a5000000950000000000000085100000f8ffffffdbb8010008000000184b000004000000000000000040000075430f6a000000005a5694a0cde5b0dd58ea148c003c45ac923ed542a87a42c3d573a1aa80f593ef2ccec1d7d48412817d11bcaa408c2ca1c35e614c1d02188af6585d0ff15b0870b0efe7831656225b7f88e156c9b3b7e81a0200bdd21d37aa386141a5e69a7b1e577a01ed9204fbf9ae"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9}, 0x94) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0xd, 0x17, &(0x7f0000000280)=ANY=[@ANYBLOB="0723fc0200800000184a0000f8ffffff000000000000000018570000040000000000000000000000b7080000000000007b8af8ff00000000b7080000ff0700007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0008000000000000b70400000800000085000000a5000000950000000000000085100000f8ffffffdbb8010008000000184b000004000000000000000040000075430f6a000000005a5694a0cde5b0dd58ea148c003c45ac923ed542a87a42c3d573a1aa80f593ef2ccec1d7d48412817d11bcaa408c2ca1c35e614c1d02188af6585d0ff15b0870b0efe7831656225b7f88e156c9b3b7e81a0200bdd21d37aa386141a5e69a7b1e577a01ed9204fbf9ae"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9}, 0x94) 0s ago: executing program 2 (id=3): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) r2 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private=0x4000000}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0) connect$rxrpc(r1, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x400}}, 0x24) sendmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[{0x18, 0x110, 0x1, '$'}], 0x18, 0xe000}, 0x5}], 0x1, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = getpid() sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x1c, 0x15, 0x301, 0x0, 0x0, {0xc}, [@typed={0x8, 0x1, 0x0, 0x0, @pid=r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000) sendmsg$NLBL_UNLABEL_C_STATICADD(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0) getsockopt$bt_hci(r0, 0x84, 0x75, &(0x7f0000001f00)=""/4062, &(0x7f00000004c0)=0xfde) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.55' (ED25519) to the list of known hosts. [ 68.081962][ T5853] cgroup: Unknown subsys name 'net' [ 68.207260][ T5853] cgroup: Unknown subsys name 'cpuset' [ 68.215947][ T5853] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 69.629407][ T5853] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 71.354852][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.361311][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.024490][ T5878] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 72.032501][ T5878] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 72.042025][ T5878] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 72.051015][ T5878] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 72.058997][ T5878] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 72.067203][ T5878] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 72.075162][ T5878] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 72.083468][ T5878] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 72.085614][ T5880] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 72.091591][ T5878] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 72.115008][ T5880] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 72.123868][ T5882] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 72.132306][ T5880] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 72.139678][ T5882] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 72.147348][ T5884] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 72.147548][ T5880] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.155579][ T5884] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 72.162890][ T5880] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 72.170970][ T5884] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 72.184858][ T5187] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 72.192318][ T5187] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 72.193550][ T5880] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 72.200351][ T5187] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 72.214613][ T5880] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 72.221944][ T5880] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 72.819116][ T5865] chnl_net:caif_netlink_parms(): no params data found [ 72.900895][ T5876] chnl_net:caif_netlink_parms(): no params data found [ 72.928796][ T5864] chnl_net:caif_netlink_parms(): no params data found [ 73.047446][ T5863] chnl_net:caif_netlink_parms(): no params data found [ 73.152029][ T5867] chnl_net:caif_netlink_parms(): no params data found [ 73.236264][ T5865] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.243503][ T5865] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.252401][ T5865] bridge_slave_0: entered allmulticast mode [ 73.260113][ T5865] bridge_slave_0: entered promiscuous mode [ 73.309000][ T5865] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.318128][ T5865] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.325750][ T5865] bridge_slave_1: entered allmulticast mode [ 73.332760][ T5865] bridge_slave_1: entered promiscuous mode [ 73.339936][ T5864] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.347421][ T5864] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.354791][ T5864] bridge_slave_0: entered allmulticast mode [ 73.361745][ T5864] bridge_slave_0: entered promiscuous mode [ 73.374430][ T5876] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.381619][ T5876] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.389086][ T5876] bridge_slave_0: entered allmulticast mode [ 73.396373][ T5876] bridge_slave_0: entered promiscuous mode [ 73.432567][ T5864] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.439913][ T5864] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.447648][ T5864] bridge_slave_1: entered allmulticast mode [ 73.455149][ T5864] bridge_slave_1: entered promiscuous mode [ 73.466869][ T5876] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.474542][ T5876] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.481719][ T5876] bridge_slave_1: entered allmulticast mode [ 73.489071][ T5876] bridge_slave_1: entered promiscuous mode [ 73.563041][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.570536][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.578446][ T5863] bridge_slave_0: entered allmulticast mode [ 73.586522][ T5863] bridge_slave_0: entered promiscuous mode [ 73.596872][ T5865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.609884][ T5865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.660778][ T5876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.670250][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.678004][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.685891][ T5863] bridge_slave_1: entered allmulticast mode [ 73.692906][ T5863] bridge_slave_1: entered promiscuous mode [ 73.715356][ T5864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.728774][ T5864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.738265][ T5867] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.746551][ T5867] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.753719][ T5867] bridge_slave_0: entered allmulticast mode [ 73.760885][ T5867] bridge_slave_0: entered promiscuous mode [ 73.771017][ T5876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.822231][ T5867] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.830210][ T5867] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.837601][ T5867] bridge_slave_1: entered allmulticast mode [ 73.845519][ T5867] bridge_slave_1: entered promiscuous mode [ 73.880114][ T5865] team0: Port device team_slave_0 added [ 73.926658][ T5863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.938821][ T5865] team0: Port device team_slave_1 added [ 73.958192][ T5864] team0: Port device team_slave_0 added [ 73.967166][ T5864] team0: Port device team_slave_1 added [ 73.985141][ T5876] team0: Port device team_slave_0 added [ 73.993199][ T5863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.015522][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.022491][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.048655][ T5865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.078436][ T5867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.089329][ T5876] team0: Port device team_slave_1 added [ 74.108535][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.116029][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.142633][ T5865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.146821][ T51] Bluetooth: hci4: command tx timeout [ 74.174912][ T5867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.225257][ T51] Bluetooth: hci0: command tx timeout [ 74.227807][ T5863] team0: Port device team_slave_0 added [ 74.240178][ T5863] team0: Port device team_slave_1 added [ 74.249639][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.256676][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.282899][ T5864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.295538][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.302491][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.328745][ T51] Bluetooth: hci3: command tx timeout [ 74.329075][ T5864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.334857][ T5187] Bluetooth: hci2: command tx timeout [ 74.351178][ T5870] Bluetooth: hci1: command tx timeout [ 74.409796][ T5867] team0: Port device team_slave_0 added [ 74.416989][ T5876] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.424724][ T5876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.451287][ T5876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.475222][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.482185][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.508492][ T5863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.535559][ T5867] team0: Port device team_slave_1 added [ 74.541988][ T5876] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.549445][ T5876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.575567][ T5876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.599071][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.606080][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.632630][ T5863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.656094][ T5865] hsr_slave_0: entered promiscuous mode [ 74.662368][ T5865] hsr_slave_1: entered promiscuous mode [ 74.705914][ T5864] hsr_slave_0: entered promiscuous mode [ 74.712442][ T5864] hsr_slave_1: entered promiscuous mode [ 74.718740][ T5864] debugfs: 'hsr0' already exists in 'hsr' [ 74.725518][ T5864] Cannot create hsr debugfs directory [ 74.761591][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.768624][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.794940][ T5867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.837882][ T5863] hsr_slave_0: entered promiscuous mode [ 74.845124][ T5863] hsr_slave_1: entered promiscuous mode [ 74.851362][ T5863] debugfs: 'hsr0' already exists in 'hsr' [ 74.857217][ T5863] Cannot create hsr debugfs directory [ 74.863445][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.870742][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.896889][ T5867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.018840][ T5876] hsr_slave_0: entered promiscuous mode [ 75.025199][ T5876] hsr_slave_1: entered promiscuous mode [ 75.031170][ T5876] debugfs: 'hsr0' already exists in 'hsr' [ 75.037827][ T5876] Cannot create hsr debugfs directory [ 75.129954][ T5867] hsr_slave_0: entered promiscuous mode [ 75.136493][ T5867] hsr_slave_1: entered promiscuous mode [ 75.142515][ T5867] debugfs: 'hsr0' already exists in 'hsr' [ 75.149023][ T5867] Cannot create hsr debugfs directory [ 75.593090][ T5864] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 75.620008][ T5864] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 75.632263][ T5864] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 75.659950][ T5864] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 75.708527][ T5865] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.724336][ T5865] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.738151][ T5865] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.749567][ T5865] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.859299][ T5863] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 75.892772][ T5863] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 75.910099][ T5863] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 75.929175][ T5863] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 75.986347][ T5876] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 76.025507][ T5876] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 76.042752][ T5864] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.063300][ T5876] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 76.076342][ T5876] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 76.190548][ T5864] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.204657][ T5867] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 76.216846][ T5867] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 76.224367][ T5187] Bluetooth: hci4: command tx timeout [ 76.232596][ T5867] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 76.252516][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.259908][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.275143][ T5867] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 76.298878][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.306048][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.309218][ T5187] Bluetooth: hci0: command tx timeout [ 76.367491][ T5865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.389765][ T51] Bluetooth: hci3: command tx timeout [ 76.397613][ T5870] Bluetooth: hci1: command tx timeout [ 76.403158][ T5187] Bluetooth: hci2: command tx timeout [ 76.465395][ T5863] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.500014][ T5865] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.552967][ T3551] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.560201][ T3551] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.582077][ T5863] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.599020][ T5876] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.612559][ T78] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.619769][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.631039][ T78] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.638692][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.720196][ T78] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.727493][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.741682][ T5876] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.768882][ T78] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.776070][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.825653][ T1105] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.832921][ T1105] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.863538][ T5864] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.890163][ T5867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.985586][ T5867] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.039393][ T1160] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.046580][ T1160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.118752][ T1160] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.125932][ T1160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.199107][ T5864] veth0_vlan: entered promiscuous mode [ 77.233716][ T5864] veth1_vlan: entered promiscuous mode [ 77.458985][ T5863] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.483629][ T5864] veth0_macvtap: entered promiscuous mode [ 77.508201][ T5864] veth1_macvtap: entered promiscuous mode [ 77.532984][ T5865] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.652569][ T5876] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.706699][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.751436][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.798925][ T78] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.812635][ T78] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.842857][ T78] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.852388][ T78] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.878651][ T5865] veth0_vlan: entered promiscuous mode [ 77.919588][ T5876] veth0_vlan: entered promiscuous mode [ 77.930046][ T5865] veth1_vlan: entered promiscuous mode [ 77.942512][ T5867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.972396][ T5876] veth1_vlan: entered promiscuous mode [ 78.102213][ T5863] veth0_vlan: entered promiscuous mode [ 78.134731][ T5863] veth1_vlan: entered promiscuous mode [ 78.147646][ T5865] veth0_macvtap: entered promiscuous mode [ 78.157854][ T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.163399][ T5876] veth0_macvtap: entered promiscuous mode [ 78.178541][ T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.195961][ T5867] veth0_vlan: entered promiscuous mode [ 78.209795][ T5876] veth1_macvtap: entered promiscuous mode [ 78.250126][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.259759][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.260437][ T5865] veth1_macvtap: entered promiscuous mode [ 78.287517][ T5867] veth1_vlan: entered promiscuous mode [ 78.304663][ T5187] Bluetooth: hci4: command tx timeout [ 78.313549][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.358758][ T5863] veth0_macvtap: entered promiscuous mode [ 78.369945][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.384747][ T5187] Bluetooth: hci0: command tx timeout [ 78.388788][ T5876] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.399725][ T5864] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 78.406182][ T5863] veth1_macvtap: entered promiscuous mode [ 78.436707][ T5876] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.464890][ T51] Bluetooth: hci3: command tx timeout [ 78.470329][ T51] Bluetooth: hci1: command tx timeout [ 78.476824][ T5187] Bluetooth: hci2: command tx timeout [ 78.504093][ T1094] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.525103][ T3551] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.551375][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.560846][ T3551] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.583484][ T3551] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.592871][ T3551] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.605901][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.620082][ T5867] veth0_macvtap: entered promiscuous mode [ 78.641022][ T3551] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.650190][ T3551] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.672024][ T5867] veth1_macvtap: entered promiscuous mode [ 78.691625][ T1105] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.721940][ T3551] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.730858][ T3551] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.741793][ T5981] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 78.767171][ T3551] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.776259][ T3551] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.828659][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.860530][ T3551] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.868846][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.889211][ T3551] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.891561][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.899386][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.002718][ T1094] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.012374][ T1094] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.022128][ T1094] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.056659][ T1094] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.097010][ T3551] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.123363][ T3551] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.168802][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.196196][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.294915][ T3551] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.342829][ T3551] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.469922][ T6000] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1'. [ 79.503575][ T3551] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.534078][ T3551] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.679432][ T6006] syz.3.4 uses obsolete (PF_INET,SOCK_PACKET) [ 79.680331][ T24] hid-generic 0005:16C0:5505.0001: item fetching failed at offset 0/1 [ 79.699145][ T24] hid-generic 0005:16C0:5505.0001: probe with driver hid-generic failed with error -22 [ 79.728895][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.783982][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.802806][ T6022] netlink: 68 bytes leftover after parsing attributes in process `syz.0.12'. [ 79.847173][ T6019] Illegal XDP return value 2922086239 on prog (id 4) dev N/A, expect packet loss! [ 80.022405][ T6028] Zero length message leads to an empty skb [ 80.069385][ T6033] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 80.384033][ T51] Bluetooth: hci4: command tx timeout [ 80.463955][ T51] Bluetooth: hci0: command tx timeout [ 80.544330][ T51] Bluetooth: hci1: command tx timeout [ 80.547391][ T5187] Bluetooth: hci2: command tx timeout [ 80.549757][ T5870] Bluetooth: hci3: command tx timeout [ 80.676134][ T3551] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.692861][ T3551] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.820779][ T6042] Bluetooth: MGMT ver 1.23 [ 80.834704][ T6041] netlink: 68 bytes leftover after parsing attributes in process `syz.4.15'. [ 80.930331][ T6045] netlink: 16 bytes leftover after parsing attributes in process `syz.3.16'. [ 81.982314][ T6010] ================================================================== [ 81.990412][ T6010] BUG: KASAN: slab-use-after-free in __mutex_lock+0x801/0x1350 [ 81.997955][ T6010] Read of size 8 at addr ffff888032efc0a0 by task khidpd_16c05505/6010 [ 82.006181][ T6010] [ 82.008511][ T6010] CPU: 1 UID: 0 PID: 6010 Comm: khidpd_16c05505 Not tainted syzkaller #0 PREEMPT(full) [ 82.008539][ T6010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 82.008559][ T6010] Call Trace: [ 82.008565][ T6010] [ 82.008572][ T6010] dump_stack_lvl+0x189/0x250 [ 82.008596][ T6010] ? __kasan_check_byte+0x12/0x40 [ 82.008615][ T6010] ? __pfx_dump_stack_lvl+0x10/0x10 [ 82.008629][ T6010] ? lock_release+0x4b/0x3e0 [ 82.008649][ T6010] ? __virt_addr_valid+0x4a5/0x5c0 [ 82.008665][ T6010] print_report+0xca/0x240 [ 82.008677][ T6010] ? __mutex_lock+0x801/0x1350 [ 82.008691][ T6010] kasan_report+0x118/0x150 [ 82.008708][ T6010] ? __mutex_lock+0x801/0x1350 [ 82.008724][ T6010] __mutex_lock+0x801/0x1350 [ 82.008738][ T6010] ? __mutex_lock+0x5bb/0x1350 [ 82.008753][ T6010] ? l2cap_unregister_user+0x6a/0x1b0 [ 82.008772][ T6010] ? __pfx___mutex_lock+0x10/0x10 [ 82.008788][ T6010] ? __pfx___timer_delete_sync+0x10/0x10 [ 82.008806][ T6010] l2cap_unregister_user+0x6a/0x1b0 [ 82.008824][ T6010] hidp_session_thread+0x3c9/0x410 [ 82.008845][ T6010] ? __pfx_hidp_session_thread+0x10/0x10 [ 82.008861][ T6010] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 82.008873][ T6010] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 82.008892][ T6010] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 82.008909][ T6010] ? __kthread_parkme+0x7b/0x200 [ 82.008923][ T6010] ? __kthread_parkme+0x1a1/0x200 [ 82.008938][ T6010] kthread+0x70e/0x8a0 [ 82.008953][ T6010] ? __pfx_hidp_session_thread+0x10/0x10 [ 82.008970][ T6010] ? __pfx_kthread+0x10/0x10 [ 82.008984][ T6010] ? _raw_spin_unlock_irq+0x23/0x50 [ 82.008995][ T6010] ? lockdep_hardirqs_on+0x9c/0x150 [ 82.009007][ T6010] ? __pfx_kthread+0x10/0x10 [ 82.009021][ T6010] ret_from_fork+0x439/0x7d0 [ 82.009036][ T6010] ? __pfx_ret_from_fork+0x10/0x10 [ 82.009050][ T6010] ? __switch_to_asm+0x39/0x70 [ 82.009065][ T6010] ? __switch_to_asm+0x33/0x70 [ 82.009080][ T6010] ? __pfx_kthread+0x10/0x10 [ 82.009094][ T6010] ret_from_fork_asm+0x1a/0x30 [ 82.009114][ T6010] [ 82.009119][ T6010] [ 82.210525][ T6010] Allocated by task 5876: [ 82.214835][ T6010] kasan_save_track+0x3e/0x80 [ 82.219502][ T6010] __kasan_kmalloc+0x93/0xb0 [ 82.224074][ T6010] __kmalloc_noprof+0x27a/0x4f0 [ 82.228935][ T6010] hci_alloc_dev_priv+0x28/0x2060 [ 82.233944][ T6010] vhci_create_device+0x120/0x650 [ 82.238955][ T6010] vhci_write+0x3ce/0x4a0 [ 82.243270][ T6010] vfs_write+0x5c9/0xb30 [ 82.247496][ T6010] ksys_write+0x145/0x250 [ 82.251805][ T6010] do_syscall_64+0xfa/0x3b0 [ 82.256294][ T6010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.262177][ T6010] [ 82.264482][ T6010] Freed by task 5876: [ 82.268436][ T6010] kasan_save_track+0x3e/0x80 [ 82.273094][ T6010] kasan_save_free_info+0x46/0x50 [ 82.278098][ T6010] __kasan_slab_free+0x5b/0x80 [ 82.282846][ T6010] kfree+0x18e/0x440 [ 82.286722][ T6010] bt_host_release+0x82/0x90 [ 82.291295][ T6010] device_release+0x9c/0x1c0 [ 82.295870][ T6010] kobject_put+0x22b/0x480 [ 82.300268][ T6010] vhci_release+0x15a/0x1a0 [ 82.304753][ T6010] __fput+0x44c/0xa70 [ 82.308715][ T6010] task_work_run+0x1d1/0x260 [ 82.313287][ T6010] do_exit+0x6b5/0x2300 [ 82.317421][ T6010] do_group_exit+0x21c/0x2d0 [ 82.321991][ T6010] __x64_sys_exit_group+0x3f/0x40 [ 82.326997][ T6010] x64_sys_call+0x21f7/0x2200 [ 82.331659][ T6010] do_syscall_64+0xfa/0x3b0 [ 82.336144][ T6010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.342024][ T6010] [ 82.344331][ T6010] Last potentially related work creation: [ 82.350029][ T6010] kasan_save_stack+0x3e/0x60 [ 82.354686][ T6010] kasan_record_aux_stack+0xbd/0xd0 [ 82.359862][ T6010] insert_work+0x3d/0x330 [ 82.364174][ T6010] __queue_work+0xbaf/0xfb0 [ 82.368655][ T6010] queue_work_on+0x181/0x270 [ 82.373222][ T6010] process_scheduled_works+0xae1/0x17b0 [ 82.378799][ T6010] worker_thread+0x8a0/0xda0 [ 82.383390][ T6010] kthread+0x70e/0x8a0 [ 82.387442][ T6010] ret_from_fork+0x439/0x7d0 [ 82.392021][ T6010] ret_from_fork_asm+0x1a/0x30 [ 82.396781][ T6010] [ 82.399089][ T6010] Second to last potentially related work creation: [ 82.405656][ T6010] kasan_save_stack+0x3e/0x60 [ 82.410330][ T6010] kasan_record_aux_stack+0xbd/0xd0 [ 82.415519][ T6010] insert_work+0x3d/0x330 [ 82.419854][ T6010] __queue_work+0xcd2/0xfb0 [ 82.424428][ T6010] call_timer_fn+0x17b/0x5f0 [ 82.429007][ T6010] __run_timer_base+0x646/0x860 [ 82.433839][ T6010] run_timer_softirq+0xb7/0x180 [ 82.438694][ T6010] handle_softirqs+0x283/0x870 [ 82.443434][ T6010] do_softirq+0xec/0x180 [ 82.447656][ T6010] __local_bh_enable_ip+0x17d/0x1c0 [ 82.452837][ T6010] bpf_test_run_xdp_live+0x1868/0x1b10 [ 82.458275][ T6010] bpf_prog_test_run_xdp+0x713/0x1000 [ 82.463628][ T6010] bpf_prog_test_run+0x2c7/0x340 [ 82.468551][ T6010] __sys_bpf+0x581/0x870 [ 82.472776][ T6010] __x64_sys_bpf+0x7c/0x90 [ 82.477173][ T6010] do_syscall_64+0xfa/0x3b0 [ 82.481673][ T6010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.487567][ T6010] [ 82.489875][ T6010] The buggy address belongs to the object at ffff888032efc000 [ 82.489875][ T6010] which belongs to the cache kmalloc-8k of size 8192 [ 82.504343][ T6010] The buggy address is located 160 bytes inside of [ 82.504343][ T6010] freed 8192-byte region [ffff888032efc000, ffff888032efe000) [ 82.518296][ T6010] [ 82.520619][ T6010] The buggy address belongs to the physical page: [ 82.527026][ T6010] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x32ef8 [ 82.535772][ T6010] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 82.544251][ T6010] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 82.551785][ T6010] page_type: f5(slab) [ 82.555752][ T6010] raw: 00fff00000000040 ffff88801a442280 ffffea0000cb7800 0000000000000004 [ 82.564410][ T6010] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 82.572993][ T6010] head: 00fff00000000040 ffff88801a442280 ffffea0000cb7800 0000000000000004 [ 82.581658][ T6010] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 82.590315][ T6010] head: 00fff00000000003 ffffea0000cbbe01 00000000ffffffff 00000000ffffffff [ 82.598974][ T6010] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 82.607802][ T6010] page dumped because: kasan: bad access detected [ 82.614203][ T6010] page_owner tracks the page as allocated [ 82.619896][ T6010] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5522, tgid 5522 (S40network), ts 45672555620, free_ts 45671072300 [ 82.640282][ T6010] post_alloc_hook+0x240/0x2a0 [ 82.645047][ T6010] get_page_from_freelist+0x21e4/0x22c0 [ 82.650573][ T6010] __alloc_frozen_pages_noprof+0x181/0x370 [ 82.656365][ T6010] alloc_pages_mpol+0x232/0x4a0 [ 82.661201][ T6010] allocate_slab+0x8a/0x370 [ 82.665689][ T6010] ___slab_alloc+0xbeb/0x1420 [ 82.670353][ T6010] __kmalloc_cache_noprof+0x296/0x3d0 [ 82.675712][ T6010] tomoyo_init_log+0x111f/0x1f70 [ 82.680656][ T6010] tomoyo_supervisor+0x340/0x1480 [ 82.685751][ T6010] tomoyo_env_perm+0x149/0x1e0 [ 82.690499][ T6010] tomoyo_find_next_domain+0x15cf/0x1aa0 [ 82.696115][ T6010] tomoyo_bprm_check_security+0x11c/0x180 [ 82.701906][ T6010] security_bprm_check+0x89/0x270 [ 82.706916][ T6010] bprm_execve+0x8ee/0x1450 [ 82.711410][ T6010] do_execveat_common+0x510/0x6a0 [ 82.716430][ T6010] __x64_sys_execve+0x94/0xb0 [ 82.721100][ T6010] page last free pid 5522 tgid 5522 stack trace: [ 82.727495][ T6010] __free_frozen_pages+0xbc4/0xd30 [ 82.732611][ T6010] __slab_free+0x303/0x3c0 [ 82.737009][ T6010] qlist_free_all+0x97/0x140 [ 82.741583][ T6010] kasan_quarantine_reduce+0x148/0x160 [ 82.747030][ T6010] __kasan_slab_alloc+0x22/0x80 [ 82.751863][ T6010] __kmalloc_cache_noprof+0x1be/0x3d0 [ 82.757222][ T6010] tomoyo_init_log+0x183/0x1f70 [ 82.762055][ T6010] tomoyo_supervisor+0x340/0x1480 [ 82.767062][ T6010] tomoyo_find_next_domain+0x488/0x1aa0 [ 82.772596][ T6010] tomoyo_bprm_check_security+0x11c/0x180 [ 82.778300][ T6010] security_bprm_check+0x89/0x270 [ 82.783392][ T6010] bprm_execve+0x8ee/0x1450 [ 82.787885][ T6010] do_execveat_common+0x510/0x6a0 [ 82.792918][ T6010] __x64_sys_execve+0x94/0xb0 [ 82.797590][ T6010] do_syscall_64+0xfa/0x3b0 [ 82.802083][ T6010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.807966][ T6010] [ 82.810281][ T6010] Memory state around the buggy address: [ 82.815890][ T6010] ffff888032efbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 82.823931][ T6010] ffff888032efc000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.831973][ T6010] >ffff888032efc080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.840015][ T6010] ^ [ 82.845104][ T6010] ffff888032efc100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.853149][ T6010] ffff888032efc180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 82.861188][ T6010] ================================================================== [ 82.871912][ T6010] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 82.879121][ T6010] CPU: 1 UID: 0 PID: 6010 Comm: khidpd_16c05505 Not tainted syzkaller #0 PREEMPT(full) [ 82.888961][ T6010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 82.899025][ T6010] Call Trace: [ 82.902305][ T6010] [ 82.905225][ T6010] dump_stack_lvl+0x99/0x250 [ 82.909804][ T6010] ? __asan_memcpy+0x40/0x70 [ 82.914380][ T6010] ? __pfx_dump_stack_lvl+0x10/0x10 [ 82.919564][ T6010] ? __pfx__printk+0x10/0x10 [ 82.924152][ T6010] vpanic+0x281/0x750 [ 82.928122][ T6010] ? __pfx_vpanic+0x10/0x10 [ 82.932607][ T6010] ? irqentry_exit+0x74/0x90 [ 82.937182][ T6010] panic+0xb9/0xc0 [ 82.940885][ T6010] ? __pfx_panic+0x10/0x10 [ 82.945285][ T6010] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 82.951165][ T6010] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 82.957046][ T6010] ? __mutex_lock+0x801/0x1350 [ 82.961795][ T6010] check_panic_on_warn+0x89/0xb0 [ 82.966722][ T6010] ? __mutex_lock+0x801/0x1350 [ 82.971469][ T6010] end_report+0x78/0x160 [ 82.975717][ T6010] kasan_report+0x129/0x150 [ 82.980211][ T6010] ? __mutex_lock+0x801/0x1350 [ 82.984969][ T6010] __mutex_lock+0x801/0x1350 [ 82.989544][ T6010] ? __mutex_lock+0x5bb/0x1350 [ 82.994300][ T6010] ? l2cap_unregister_user+0x6a/0x1b0 [ 82.999667][ T6010] ? __pfx___mutex_lock+0x10/0x10 [ 83.004711][ T6010] ? __pfx___timer_delete_sync+0x10/0x10 [ 83.010335][ T6010] l2cap_unregister_user+0x6a/0x1b0 [ 83.015522][ T6010] hidp_session_thread+0x3c9/0x410 [ 83.020624][ T6010] ? __pfx_hidp_session_thread+0x10/0x10 [ 83.026246][ T6010] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 83.032125][ T6010] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 83.038363][ T6010] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 83.044596][ T6010] ? __kthread_parkme+0x7b/0x200 [ 83.049517][ T6010] ? __kthread_parkme+0x1a1/0x200 [ 83.054528][ T6010] kthread+0x70e/0x8a0 [ 83.058586][ T6010] ? __pfx_hidp_session_thread+0x10/0x10 [ 83.064210][ T6010] ? __pfx_kthread+0x10/0x10 [ 83.068788][ T6010] ? _raw_spin_unlock_irq+0x23/0x50 [ 83.073978][ T6010] ? lockdep_hardirqs_on+0x9c/0x150 [ 83.079166][ T6010] ? __pfx_kthread+0x10/0x10 [ 83.083745][ T6010] ret_from_fork+0x439/0x7d0 [ 83.088327][ T6010] ? __pfx_ret_from_fork+0x10/0x10 [ 83.093427][ T6010] ? __switch_to_asm+0x39/0x70 [ 83.098178][ T6010] ? __switch_to_asm+0x33/0x70 [ 83.102930][ T6010] ? __pfx_kthread+0x10/0x10 [ 83.107522][ T6010] ret_from_fork_asm+0x1a/0x30 [ 83.112292][ T6010] [ 83.115545][ T6010] Kernel Offset: disabled [ 83.119858][ T6010] Rebooting in 86400 seconds..