last executing test programs: 54.155606578s ago: executing program 2 (id=776): r0 = socket(0xe, 0x800, 0x3) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="5000000010003b15000000000000000000000000bcaa9aac01c37d335cb4d8d78bb6a25fb5c671b100be70333dd127b88b56a6fe65c614edc0b55b30f61783a6f7b2e7330afc9bc384a3c49dc201fd174abd61664abe0bc648b6c606b6309e7c37d852dff69f7893facfb43e5594e9be40c56739f244f9031cb4978fcf7488bc7c895298411ac1bb4e274e1b62db574c8b01a7988f729fded1b91d8da8a6d956dc103eda", @ANYRES32=0x0, @ANYBLOB="0000000004fa00300012800b00010065727370616e000020000200000000000000ff00250003000000000008001800000000000400120017d749bedb905d157645c2fc99c4bf685445a1841a642544343b990b0e476c59b4b785556f42b3ba770fbf38fe788fd3b595460f57f6330c8c9c867157b67a13856f7bc6c2656a71f6ec278cdb6a"], 0x50}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r2, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000480)={'ip6gre0\x00', &(0x7f0000000340)={'syztnl0\x00', r3, 0x29, 0xf7, 0x2, 0x2, 0x40, @private1, @private2, 0xf807, 0x40, 0xffffff84, 0x9}}) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0xb0, 0x44, 0x107, 0xfffffffc, 0x25dfdbfd, {0x1, 0x7c}, [@nested={0x9a, 0x3, 0x0, 0x1, [@generic="9e717292e16cd97adf13c84ccd87bd8acaff4e9154eb3eb705e84fab9df085e514ac9e7f8481d64221acdb5b1a2f4c6e3e75460bf69334d78b6288859803765a962e9538fffb75cc927394033dedf075cc6d6d196ffef0d8906e89d6159ca29a8115a6f78032149beca2e7981747f0f6b24e890136d9c798e70376e46ae7054b86403818053e10634ef0fe7670beb8b305f96c759b11"]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r7 = accept4(r6, 0x0, 0x0, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r7) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_GET(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14, r8, 0x10, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000894}, 0x8000) sendmsg$alg(r7, &(0x7f0000003540)={0x0, 0x0, 0x0, 0x0, &(0x7f0000003500)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x34000041) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) setsockopt$sock_attach_bpf(r5, 0x1, 0x2, 0x0, 0x0) bind$netlink(r0, &(0x7f0000000100)={0x10, 0x0, 0x25dddbfe, 0x10000000}, 0xc) 51.739987879s ago: executing program 2 (id=776): r0 = socket(0xe, 0x800, 0x3) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="5000000010003b15000000000000000000000000bcaa9aac01c37d335cb4d8d78bb6a25fb5c671b100be70333dd127b88b56a6fe65c614edc0b55b30f61783a6f7b2e7330afc9bc384a3c49dc201fd174abd61664abe0bc648b6c606b6309e7c37d852dff69f7893facfb43e5594e9be40c56739f244f9031cb4978fcf7488bc7c895298411ac1bb4e274e1b62db574c8b01a7988f729fded1b91d8da8a6d956dc103eda", @ANYRES32=0x0, @ANYBLOB="0000000004fa00300012800b00010065727370616e000020000200000000000000ff00250003000000000008001800000000000400120017d749bedb905d157645c2fc99c4bf685445a1841a642544343b990b0e476c59b4b785556f42b3ba770fbf38fe788fd3b595460f57f6330c8c9c867157b67a13856f7bc6c2656a71f6ec278cdb6a"], 0x50}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r2, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000480)={'ip6gre0\x00', &(0x7f0000000340)={'syztnl0\x00', r3, 0x29, 0xf7, 0x2, 0x2, 0x40, @private1, @private2, 0xf807, 0x40, 0xffffff84, 0x9}}) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0xb0, 0x44, 0x107, 0xfffffffc, 0x25dfdbfd, {0x1, 0x7c}, [@nested={0x9a, 0x3, 0x0, 0x1, [@generic="9e717292e16cd97adf13c84ccd87bd8acaff4e9154eb3eb705e84fab9df085e514ac9e7f8481d64221acdb5b1a2f4c6e3e75460bf69334d78b6288859803765a962e9538fffb75cc927394033dedf075cc6d6d196ffef0d8906e89d6159ca29a8115a6f78032149beca2e7981747f0f6b24e890136d9c798e70376e46ae7054b86403818053e10634ef0fe7670beb8b305f96c759b11"]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r7 = accept4(r6, 0x0, 0x0, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r7) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_GET(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14, r8, 0x10, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000894}, 0x8000) sendmsg$alg(r7, &(0x7f0000003540)={0x0, 0x0, 0x0, 0x0, &(0x7f0000003500)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x34000041) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) setsockopt$sock_attach_bpf(r5, 0x1, 0x2, 0x0, 0x0) bind$netlink(r0, &(0x7f0000000100)={0x10, 0x0, 0x25dddbfe, 0x10000000}, 0xc) 48.772687132s ago: executing program 2 (id=776): r0 = socket(0xe, 0x800, 0x3) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="5000000010003b15000000000000000000000000bcaa9aac01c37d335cb4d8d78bb6a25fb5c671b100be70333dd127b88b56a6fe65c614edc0b55b30f61783a6f7b2e7330afc9bc384a3c49dc201fd174abd61664abe0bc648b6c606b6309e7c37d852dff69f7893facfb43e5594e9be40c56739f244f9031cb4978fcf7488bc7c895298411ac1bb4e274e1b62db574c8b01a7988f729fded1b91d8da8a6d956dc103eda", @ANYRES32=0x0, @ANYBLOB="0000000004fa00300012800b00010065727370616e000020000200000000000000ff00250003000000000008001800000000000400120017d749bedb905d157645c2fc99c4bf685445a1841a642544343b990b0e476c59b4b785556f42b3ba770fbf38fe788fd3b595460f57f6330c8c9c867157b67a13856f7bc6c2656a71f6ec278cdb6a"], 0x50}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r2, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000480)={'ip6gre0\x00', &(0x7f0000000340)={'syztnl0\x00', r3, 0x29, 0xf7, 0x2, 0x2, 0x40, @private1, @private2, 0xf807, 0x40, 0xffffff84, 0x9}}) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0xb0, 0x44, 0x107, 0xfffffffc, 0x25dfdbfd, {0x1, 0x7c}, [@nested={0x9a, 0x3, 0x0, 0x1, [@generic="9e717292e16cd97adf13c84ccd87bd8acaff4e9154eb3eb705e84fab9df085e514ac9e7f8481d64221acdb5b1a2f4c6e3e75460bf69334d78b6288859803765a962e9538fffb75cc927394033dedf075cc6d6d196ffef0d8906e89d6159ca29a8115a6f78032149beca2e7981747f0f6b24e890136d9c798e70376e46ae7054b86403818053e10634ef0fe7670beb8b305f96c759b11"]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r7 = accept4(r6, 0x0, 0x0, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r7) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_GET(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14, r8, 0x10, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000894}, 0x8000) sendmsg$alg(r7, &(0x7f0000003540)={0x0, 0x0, 0x0, 0x0, &(0x7f0000003500)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x34000041) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) setsockopt$sock_attach_bpf(r5, 0x1, 0x2, 0x0, 0x0) bind$netlink(r0, &(0x7f0000000100)={0x10, 0x0, 0x25dddbfe, 0x10000000}, 0xc) 46.152815451s ago: executing program 2 (id=776): r0 = socket(0xe, 0x800, 0x3) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="5000000010003b15000000000000000000000000bcaa9aac01c37d335cb4d8d78bb6a25fb5c671b100be70333dd127b88b56a6fe65c614edc0b55b30f61783a6f7b2e7330afc9bc384a3c49dc201fd174abd61664abe0bc648b6c606b6309e7c37d852dff69f7893facfb43e5594e9be40c56739f244f9031cb4978fcf7488bc7c895298411ac1bb4e274e1b62db574c8b01a7988f729fded1b91d8da8a6d956dc103eda", @ANYRES32=0x0, @ANYBLOB="0000000004fa00300012800b00010065727370616e000020000200000000000000ff00250003000000000008001800000000000400120017d749bedb905d157645c2fc99c4bf685445a1841a642544343b990b0e476c59b4b785556f42b3ba770fbf38fe788fd3b595460f57f6330c8c9c867157b67a13856f7bc6c2656a71f6ec278cdb6a"], 0x50}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r2, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000480)={'ip6gre0\x00', &(0x7f0000000340)={'syztnl0\x00', r3, 0x29, 0xf7, 0x2, 0x2, 0x40, @private1, @private2, 0xf807, 0x40, 0xffffff84, 0x9}}) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0xb0, 0x44, 0x107, 0xfffffffc, 0x25dfdbfd, {0x1, 0x7c}, [@nested={0x9a, 0x3, 0x0, 0x1, [@generic="9e717292e16cd97adf13c84ccd87bd8acaff4e9154eb3eb705e84fab9df085e514ac9e7f8481d64221acdb5b1a2f4c6e3e75460bf69334d78b6288859803765a962e9538fffb75cc927394033dedf075cc6d6d196ffef0d8906e89d6159ca29a8115a6f78032149beca2e7981747f0f6b24e890136d9c798e70376e46ae7054b86403818053e10634ef0fe7670beb8b305f96c759b11"]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r7 = accept4(r6, 0x0, 0x0, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r7) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_GET(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14, r8, 0x10, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000894}, 0x8000) sendmsg$alg(r7, &(0x7f0000003540)={0x0, 0x0, 0x0, 0x0, &(0x7f0000003500)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x34000041) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) setsockopt$sock_attach_bpf(r5, 0x1, 0x2, 0x0, 0x0) bind$netlink(r0, &(0x7f0000000100)={0x10, 0x0, 0x25dddbfe, 0x10000000}, 0xc) 43.444844164s ago: executing program 2 (id=776): r0 = socket(0xe, 0x800, 0x3) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="5000000010003b15000000000000000000000000bcaa9aac01c37d335cb4d8d78bb6a25fb5c671b100be70333dd127b88b56a6fe65c614edc0b55b30f61783a6f7b2e7330afc9bc384a3c49dc201fd174abd61664abe0bc648b6c606b6309e7c37d852dff69f7893facfb43e5594e9be40c56739f244f9031cb4978fcf7488bc7c895298411ac1bb4e274e1b62db574c8b01a7988f729fded1b91d8da8a6d956dc103eda", @ANYRES32=0x0, @ANYBLOB="0000000004fa00300012800b00010065727370616e000020000200000000000000ff00250003000000000008001800000000000400120017d749bedb905d157645c2fc99c4bf685445a1841a642544343b990b0e476c59b4b785556f42b3ba770fbf38fe788fd3b595460f57f6330c8c9c867157b67a13856f7bc6c2656a71f6ec278cdb6a"], 0x50}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r2, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000480)={'ip6gre0\x00', &(0x7f0000000340)={'syztnl0\x00', r3, 0x29, 0xf7, 0x2, 0x2, 0x40, @private1, @private2, 0xf807, 0x40, 0xffffff84, 0x9}}) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0xb0, 0x44, 0x107, 0xfffffffc, 0x25dfdbfd, {0x1, 0x7c}, [@nested={0x9a, 0x3, 0x0, 0x1, [@generic="9e717292e16cd97adf13c84ccd87bd8acaff4e9154eb3eb705e84fab9df085e514ac9e7f8481d64221acdb5b1a2f4c6e3e75460bf69334d78b6288859803765a962e9538fffb75cc927394033dedf075cc6d6d196ffef0d8906e89d6159ca29a8115a6f78032149beca2e7981747f0f6b24e890136d9c798e70376e46ae7054b86403818053e10634ef0fe7670beb8b305f96c759b11"]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r7 = accept4(r6, 0x0, 0x0, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r7) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_GET(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14, r8, 0x10, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000894}, 0x8000) sendmsg$alg(r7, &(0x7f0000003540)={0x0, 0x0, 0x0, 0x0, &(0x7f0000003500)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x34000041) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) setsockopt$sock_attach_bpf(r5, 0x1, 0x2, 0x0, 0x0) bind$netlink(r0, &(0x7f0000000100)={0x10, 0x0, 0x25dddbfe, 0x10000000}, 0xc) 40.812446345s ago: executing program 2 (id=776): r0 = socket(0xe, 0x800, 0x3) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="5000000010003b15000000000000000000000000bcaa9aac01c37d335cb4d8d78bb6a25fb5c671b100be70333dd127b88b56a6fe65c614edc0b55b30f61783a6f7b2e7330afc9bc384a3c49dc201fd174abd61664abe0bc648b6c606b6309e7c37d852dff69f7893facfb43e5594e9be40c56739f244f9031cb4978fcf7488bc7c895298411ac1bb4e274e1b62db574c8b01a7988f729fded1b91d8da8a6d956dc103eda", @ANYRES32=0x0, @ANYBLOB="0000000004fa00300012800b00010065727370616e000020000200000000000000ff00250003000000000008001800000000000400120017d749bedb905d157645c2fc99c4bf685445a1841a642544343b990b0e476c59b4b785556f42b3ba770fbf38fe788fd3b595460f57f6330c8c9c867157b67a13856f7bc6c2656a71f6ec278cdb6a"], 0x50}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r2, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000480)={'ip6gre0\x00', &(0x7f0000000340)={'syztnl0\x00', r3, 0x29, 0xf7, 0x2, 0x2, 0x40, @private1, @private2, 0xf807, 0x40, 0xffffff84, 0x9}}) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0xb0, 0x44, 0x107, 0xfffffffc, 0x25dfdbfd, {0x1, 0x7c}, [@nested={0x9a, 0x3, 0x0, 0x1, [@generic="9e717292e16cd97adf13c84ccd87bd8acaff4e9154eb3eb705e84fab9df085e514ac9e7f8481d64221acdb5b1a2f4c6e3e75460bf69334d78b6288859803765a962e9538fffb75cc927394033dedf075cc6d6d196ffef0d8906e89d6159ca29a8115a6f78032149beca2e7981747f0f6b24e890136d9c798e70376e46ae7054b86403818053e10634ef0fe7670beb8b305f96c759b11"]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r7 = accept4(r6, 0x0, 0x0, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r7) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_GET(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14, r8, 0x10, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000894}, 0x8000) sendmsg$alg(r7, &(0x7f0000003540)={0x0, 0x0, 0x0, 0x0, &(0x7f0000003500)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x34000041) ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) setsockopt$sock_attach_bpf(r5, 0x1, 0x2, 0x0, 0x0) bind$netlink(r0, &(0x7f0000000100)={0x10, 0x0, 0x25dddbfe, 0x10000000}, 0xc) 8.708391909s ago: executing program 0 (id=1514): r0 = socket(0x11, 0xa, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000180), r0) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x18}, 0x18) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000002c0)={@empty, 0x0}, &(0x7f00000003c0)=0x14) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x10, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7d}, {}, {}, [@jmp={0x5, 0x1, 0x0, 0x0, 0x9, 0x2, 0x8}]}, &(0x7f0000000540)='syzkaller\x00', 0x2b, 0xfe, &(0x7f0000000580)=""/254, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x4, 0x5}, 0x8, 0x10, &(0x7f00000006c0)={0x1, 0x8, 0x10, 0xe}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000700)=[0x1], &(0x7f0000000740)=[{0x4, 0x5, 0x10, 0x8}, {0x3, 0x1, 0x9, 0x4}, {0x2, 0x5, 0x3, 0x3}], 0x10, 0x9, @void, @value}, 0x94) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x5e2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r6, 0xffffffffffffffff}, 0x4) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r7, &(0x7f00000001c0), 0x0}, 0x20) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_ext={0x1c, 0x17, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8001}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x6, 0x86, &(0x7f0000000200)=""/134, 0x41100, 0x11, '\x00', r2, 0x0, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x3, 0xd, 0x6, 0x9}, 0x10, 0x22f80, r4, 0x0, &(0x7f00000008c0)=[r5, r0, r0, r7], 0x0, 0x10, 0x4, @void, @value}, 0x94) 7.013471212s ago: executing program 0 (id=1514): r0 = socket(0x11, 0xa, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000180), r0) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x18}, 0x18) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000002c0)={@empty, 0x0}, &(0x7f00000003c0)=0x14) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x10, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7d}, {}, {}, [@jmp={0x5, 0x1, 0x0, 0x0, 0x9, 0x2, 0x8}]}, &(0x7f0000000540)='syzkaller\x00', 0x2b, 0xfe, &(0x7f0000000580)=""/254, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x4, 0x5}, 0x8, 0x10, &(0x7f00000006c0)={0x1, 0x8, 0x10, 0xe}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000700)=[0x1], &(0x7f0000000740)=[{0x4, 0x5, 0x10, 0x8}, {0x3, 0x1, 0x9, 0x4}, {0x2, 0x5, 0x3, 0x3}], 0x10, 0x9, @void, @value}, 0x94) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x5e2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r6, 0xffffffffffffffff}, 0x4) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r7, &(0x7f00000001c0), 0x0}, 0x20) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_ext={0x1c, 0x17, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8001}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x6, 0x86, &(0x7f0000000200)=""/134, 0x41100, 0x11, '\x00', r2, 0x0, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x3, 0xd, 0x6, 0x9}, 0x10, 0x22f80, r4, 0x0, &(0x7f00000008c0)=[r5, r0, r0, r7], 0x0, 0x10, 0x4, @void, @value}, 0x94) 5.003973225s ago: executing program 0 (id=1514): r0 = socket(0x11, 0xa, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000180), r0) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x18}, 0x18) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000002c0)={@empty, 0x0}, &(0x7f00000003c0)=0x14) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x10, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7d}, {}, {}, [@jmp={0x5, 0x1, 0x0, 0x0, 0x9, 0x2, 0x8}]}, &(0x7f0000000540)='syzkaller\x00', 0x2b, 0xfe, &(0x7f0000000580)=""/254, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x4, 0x5}, 0x8, 0x10, &(0x7f00000006c0)={0x1, 0x8, 0x10, 0xe}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000700)=[0x1], &(0x7f0000000740)=[{0x4, 0x5, 0x10, 0x8}, {0x3, 0x1, 0x9, 0x4}, {0x2, 0x5, 0x3, 0x3}], 0x10, 0x9, @void, @value}, 0x94) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x5e2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r6, 0xffffffffffffffff}, 0x4) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r7, &(0x7f00000001c0), 0x0}, 0x20) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_ext={0x1c, 0x17, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8001}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x6, 0x86, &(0x7f0000000200)=""/134, 0x41100, 0x11, '\x00', r2, 0x0, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x3, 0xd, 0x6, 0x9}, 0x10, 0x22f80, r4, 0x0, &(0x7f00000008c0)=[r5, r0, r0, r7], 0x0, 0x10, 0x4, @void, @value}, 0x94) 3.829336347s ago: executing program 0 (id=1514): r0 = socket(0x11, 0xa, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000180), r0) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x18}, 0x18) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000002c0)={@empty, 0x0}, &(0x7f00000003c0)=0x14) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x10, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7d}, {}, {}, [@jmp={0x5, 0x1, 0x0, 0x0, 0x9, 0x2, 0x8}]}, &(0x7f0000000540)='syzkaller\x00', 0x2b, 0xfe, &(0x7f0000000580)=""/254, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x4, 0x5}, 0x8, 0x10, &(0x7f00000006c0)={0x1, 0x8, 0x10, 0xe}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000700)=[0x1], &(0x7f0000000740)=[{0x4, 0x5, 0x10, 0x8}, {0x3, 0x1, 0x9, 0x4}, {0x2, 0x5, 0x3, 0x3}], 0x10, 0x9, @void, @value}, 0x94) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x5e2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r6, 0xffffffffffffffff}, 0x4) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r7, &(0x7f00000001c0), 0x0}, 0x20) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_ext={0x1c, 0x17, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8001}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x6, 0x86, &(0x7f0000000200)=""/134, 0x41100, 0x11, '\x00', r2, 0x0, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x3, 0xd, 0x6, 0x9}, 0x10, 0x22f80, r4, 0x0, &(0x7f00000008c0)=[r5, r0, r0, r7], 0x0, 0x10, 0x4, @void, @value}, 0x94) 2.678705061s ago: executing program 4 (id=1580): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xe, 0xb}, {0x0, 0xc}, {0x6, 0x9}}}, 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x40054) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f00000005c0)=ANY=[@ANYBLOB="8510000004000000950000000000000018000000000000000000000000000000950000000000000085100000fcffffff95"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r1, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, &(0x7f0000001680)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x20800) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000340)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x0, @remote}]}, &(0x7f0000000380)=0x10) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000005c0)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90}], 0x1, 0x1) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, 0x0, 0x0) setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, &(0x7f0000000000)={@remote, @multicast1, 0x4, "d30f388c52647612d91de4353d68b0fa00", 0x0, 0x0, 0x4000000, 0x8}, 0x3c) setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, &(0x7f0000000280)={@broadcast, @multicast1, 0x0, "7ea97ddb2ac127ffa5b7216fe75ebaa2855a422a8bf8ec7caf003751804500", 0x0, 0x0, 0x4, 0xfffffffe}, 0x3c) setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, 0x0, 0x0) setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, &(0x7f0000000040)=0x2, 0x4) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_COALESCE(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000004000ffffffff0200000008000300", @ANYRES32=r7, @ANYBLOB="080002002e"], 0x24}, 0x1, 0x6c00, 0x0, 0x4d080}, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) setsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x83, &(0x7f0000000080)={r8}, 0x8) syz_emit_ethernet(0x4c, &(0x7f0000002100)={@local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cedd00", 0x16, 0x3a, 0xff, @empty, @mcast2, {[], @ndisc_ns={0x87, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2e}, [{0x5}]}}}}}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000040)={r8, 0x0, 0x10}, 0xc) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x2, "000000001000000000040200050000ff"}}}]}, 0x48}}, 0x0) 2.463198934s ago: executing program 3 (id=1583): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080), 0x4) sendmsg$NFT_BATCH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001ac0)={{0x14}, [@NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x3, 0x0, 0x0, {0x3, 0x0, 0x8}, @NFT_OBJECT_SYNPROXY=@NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}}, @NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0xa}}], {0x14}}, 0x7c}, 0x1, 0x0, 0x0, 0x20040000}, 0x4000880) sendmsg$NFT_MSG_GETRULE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x14, 0x7, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x8044004}, 0xc0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x78, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x64, 0x1, [@m_tunnel_key={0x60, 0x1, 0x0, 0x0, {{0xf}, {0x30, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x20000000}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @loopback}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @broadcast}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0) 2.390069235s ago: executing program 3 (id=1584): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001240)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@newtfilter={0x24, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER(r3, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x44, 0x0, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xf}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x8000}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8001}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x44}, 0x1, 0x0, 0x0, 0xc881}, 0x10) 2.219911277s ago: executing program 3 (id=1587): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000040)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="4c00000010004b0422000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c00028008000400000000000800150000000000050016"], 0x4c}}, 0x0) sendmmsg$inet(r1, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0) 2.14982364s ago: executing program 3 (id=1589): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000180)={'wpan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan1\x00', 0x0}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000200)={'wpan4\x00'}) sendmsg$NL802154_CMD_SET_LBT_MODE(r0, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x70, 0x0, 0x2, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_LBT_MODE={0x5}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_LBT_MODE={0x5}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x70}, 0x1, 0x0, 0x0, 0x40011}, 0x8000) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)={0x3c, r1, 0x1, 0x0, 0x25dfdbfd, {0x1, 0x0, 0x41}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x25}, @NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8}}]}]}, 0x3c}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x11, 0x4, &(0x7f0000000000)=@framed={{}, [@generic={0xd7, 0x0, 0x0, 0x0, 0x40}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="020100090e000000000000000000000005000600000000000a00000000000000fc000000000000000000000000000000000000000000000005000500000000000a00000000000000060100000000000000000000000000aa0100000000000000020013"], 0x70}}, 0x0) sendmmsg(r5, &(0x7f0000000180), 0x393, 0x0) recvmmsg(r4, &(0x7f0000004400)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000600)=[{0xfffffffffffffffd}], 0x1}}], 0x2, 0x0, 0x0) r6 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r6, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff48) r7 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000500000000000000b64f7110b5000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r8 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), r0) sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r0, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40000001}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x14, r8, 0xf2139b70fedb39f8, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4000040}, 0x40080) ioctl$sock_inet_SIOCSIFADDR(r7, 0x8916, &(0x7f0000000000)={'lo\x00', {0x2, 0x4e21, @rand_addr=0x64010101}}) r9 = epoll_create(0x9) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r4, &(0x7f00000002c0)={0xb0000000}) 2.13924342s ago: executing program 0 (id=1514): r0 = socket(0x11, 0xa, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000180), r0) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x18}, 0x18) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000002c0)={@empty, 0x0}, &(0x7f00000003c0)=0x14) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x10, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7d}, {}, {}, [@jmp={0x5, 0x1, 0x0, 0x0, 0x9, 0x2, 0x8}]}, &(0x7f0000000540)='syzkaller\x00', 0x2b, 0xfe, &(0x7f0000000580)=""/254, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x4, 0x5}, 0x8, 0x10, &(0x7f00000006c0)={0x1, 0x8, 0x10, 0xe}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000700)=[0x1], &(0x7f0000000740)=[{0x4, 0x5, 0x10, 0x8}, {0x3, 0x1, 0x9, 0x4}, {0x2, 0x5, 0x3, 0x3}], 0x10, 0x9, @void, @value}, 0x94) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x5e2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r6, 0xffffffffffffffff}, 0x4) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r7, &(0x7f00000001c0), 0x0}, 0x20) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_ext={0x1c, 0x17, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8001}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x6, 0x86, &(0x7f0000000200)=""/134, 0x41100, 0x11, '\x00', r2, 0x0, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x3, 0xd, 0x6, 0x9}, 0x10, 0x22f80, r4, 0x0, &(0x7f00000008c0)=[r5, r0, r0, r7], 0x0, 0x10, 0x4, @void, @value}, 0x94) 1.22230968s ago: executing program 3 (id=1591): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000600)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000340)={0x134, 0x2, 0x2, 0x201, 0x0, 0x0, {0x1, 0x0, 0x3}, [@CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x4}, @CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_NAT={0x5c, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010101}, {0x8, 0x2, @empty}}}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x1c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x4}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8}]}, @CTA_EXPECT_NAT={0xa0, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x84, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x35}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x14, 0x4, @private1}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}]}]}, @CTA_EXPECT_MASK={0x18, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}]}, 0x134}, 0x1, 0x0, 0x0, 0x81}, 0x800) (async) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x74, 0x3, 0x1, 0x201, 0x0, 0x0, {0x0, 0x0, 0x4}, [@CTA_NAT_SRC={0xc, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @empty}]}, @CTA_SEQ_ADJ_ORIG={0x3c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x7}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xfffffff3}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x4}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x3}]}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0x9, 0x1, 'syz1\x00'}}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x6e}]}, 0x74}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) (async) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000030101030000000000"], 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x0) socket(0x22, 0x7e67755fc11ea131, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b40800000000000073113400000000008510000002000000b70089bd000000009500c2000000000095000012697e0800"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async) write$tun(r2, &(0x7f00000001c0)=ANY=[@ANYBLOB="00008035bbbbbbbbbbbb1f000000000088a800008100000086dd65363ce7001406"], 0x56) (async) r4 = socket$inet_tcp(0x2, 0x1, 0x0) (async) r5 = socket$alg(0x26, 0x5, 0x0) close(0x3) (async) bind$alg(r5, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c8cc3556b9df", 0x10) r6 = accept4(r5, 0x0, 0x0, 0x0) sendmsg$alg(r6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x4000010) (async) sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f0000000640)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000500)={0x2c, 0x3, 0x6, 0x101, 0x0, 0x0, {0x3, 0x0, 0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040085}, 0x20000800) (async) r7 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030030000b12d25a80648c2594f91124fc60100c034002000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x3e8, 0x0, 0xfffffffffffffd25) (async) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r10, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="280100"], 0x128}, 0x0) (async) recvmsg$unix(r9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, 0x0) sendmsg$DEVLINK_CMD_TRAP_GET(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000", @ANYRES16=r8, @ANYBLOB="3fab000046d43ab2f39252"], 0x14}}, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) 1.221531149s ago: executing program 4 (id=1592): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="020300021000000000000000040000000200080008000000540000000000000005000600000000000a00000000000000fe8000000000000000000000000000aa00000000000020000200010000000000000005fd80ffffff05000500000000000a"], 0x80}, 0x1, 0x7}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000009b000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ffffff80850000007100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)) write$tun(r2, &(0x7f0000000300)={@val={0x0, 0x200}, @void, @ipv6=@generic={0xc, 0x6, "11cd84", 0x29e, 0x1, 0xff, @mcast1, @remote, {[@srh={0x2, 0x12, 0x4, 0x9, 0xd9, 0x58, 0x1, [@dev={0xfe, 0x80, '\x00', 0xb}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, @private0, @dev={0xfe, 0x80, '\x00', 0x35}, @remote, @private2, @private0={0xfc, 0x0, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}]}, @fragment={0x8, 0x0, 0x10, 0x0, 0x0, 0x8, 0x65}, @routing={0x11, 0x2, 0x0, 0x55, 0x0, [@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01']}, @dstopts={0x62, 0x18, '\x00', [@hao={0xc9, 0x10, @local}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @pad1, @enc_lim={0x4, 0x1, 0x57}, @calipso={0x7, 0x40, {0x3, 0xe, 0xd4, 0x4, [0x9, 0x7, 0x8000, 0x7fffffffffffffff, 0x6, 0x0, 0x3]}}, @calipso={0x7, 0x48, {0x1, 0x10, 0x8, 0x7, [0x1, 0x9, 0x4, 0x10000, 0xfffffffffffffffd, 0x4, 0x4, 0x81]}}, @jumbo={0xc2, 0x4, 0x5}, @jumbo={0xc2, 0x4, 0x8000}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x7}]}, @routing={0x33, 0x2, 0x0, 0x1, 0x0, [@loopback]}, @srh={0x1, 0x8, 0x4, 0x4, 0x9, 0x30, 0x3, [@remote, @mcast1, @ipv4={'\x00', '\xff\xff', @loopback}, @remote]}], "6784e40392624d87b302e6ff335fd2e0b3fd4b97e53c3688a1d53386cd0f7f35b5383b85b2b46e162bf24bcad462268b27d703eb0ed6a3d05f015a71c5123706a4d70424613226cb2d67c0195b53308a48b37e0a62837a558d0e439eacee0cb097cbb9249dcd935eb7ffba745658d25530e508235a5d89fd5e1bb3b35554ea75a73d673c6adedaa7e668fac07c9eb277504dceaafbd4afe7b3fcc5c29d850d4caa9558d65d3f07261bbe09c55c758656659cf4daae1b"}}}, 0x2ca) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000b40)=ANY=[@ANYBLOB="140000003800010325bd700035effd9006"], 0x14}}, 0x0) 792.723637ms ago: executing program 3 (id=1595): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r1 = accept4$x25(r0, &(0x7f0000000080)={0x9, @remote}, &(0x7f0000000200)=0x12, 0x800) r2 = socket$inet6(0xa, 0x1, 0x0) r3 = socket$inet_sctp(0x2, 0x5, 0x84) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp_SCTP_STATUS(r3, 0x84, 0xe, &(0x7f00000002c0)={r5, 0x4, 0x4, 0x3, 0x3, 0x95, 0xf, 0x3, {0x0, @in6={{0xa, 0x4e23, 0xe, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x47}}, 0x401, 0x21c, 0x1, 0xfffffffe, 0x6}}, &(0x7f0000000380)=0xb0) setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0xfffff382, @dev={0xfe, 0x80, '\x00', 0x26}}, 0x1c) setsockopt$X25_QBITINCL(r1, 0x106, 0x1, &(0x7f0000001380)=0x1, 0x4) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xe, 0x4, &(0x7f0000000b00)=ANY=[@ANYBLOB="660a00000000000061119d0000000000850000006300000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x50, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x6, 0x0}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x50}}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r8, &(0x7f0000000040)={0x1f, 0x0, @any, 0xfffa}, 0xe) listen(r8, 0x1) connect$bt_l2cap(r8, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7fa}, 0xe) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000171102a00000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYRES64=r7], 0x110}}, 0x0) 615.170029ms ago: executing program 1 (id=1596): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000000)=0x9876, 0x4) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000002880)=[{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000180)="fc4406008e199ae0898c7a8988823619badd4fe626289574f86d0809dc46543a7397ceafd65272d076683d2908aba612c0421a489cbc57359748ade403033388d7b866e35806784dfd62ea58f65ccb3cf9c6bc", 0x53}, {&(0x7f00000048c0)="4aa6ebbaadac821a088be79aff597e399b67d0e0d8b16af93d4078939730787afd7ca85bd5aa74fab362b0585f095ee8c513e864ee7783500a577bfbf648389284cb6744ba7d2e73d9d618702e712ecd6a199286326ff22d59544afc715f8eccf9b851691d3b14dac31434bfec34", 0x6e}], 0x2, 0x0, 0x0, 0x800}], 0x1, 0x4815) recvmmsg(r1, &(0x7f0000000a00)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000980)=""/87, 0x57}], 0x1}, 0xffffff0b}, {{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000028c0)=""/4096, 0x1000}], 0x1}, 0xf}], 0x2, 0x2101, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f00000002c0)=ANY=[@ANYBLOB="050000000000000071117700000000008510000002000000850000005600000095000000000000009500a50500000000eefd02f7e4c7ef6bfd6b7e160d5a59898098d03978903a3ecb0443b5069f63b76ffe38996114079c34e953ab2fc1f800c7ff9cdad0b490700b4586082326cabc459587bf937e83c29ff4e4a47e30f1b31c886030af93d6bfa6aa21216810d61d6e970aa4c96e0f77e00ff165"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) 600.362082ms ago: executing program 4 (id=1597): syz_emit_ethernet(0xffffffffffffff20, &(0x7f0000000080)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0xff, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4}}}}}}}, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000001840)="efe15a38f4dc7768963f2f6e9e0356de1ae15bb72719b131ee10a0e67746ae48ce5428ee179c094c78a3d0b5456acc9f2465228811897903ca6c999bec34104324fdb92bf0e8cd0ecd65d638abee25855a79e2e2853fd83f7811f7cf0affe1a26b42786810003876523a59eb9fd0437826192a57ffe929b2f505c2ec952411dc4c26639f74e4573380acf154368d8961976367caecd4de495ee241ab89b425ccb07891877e7ce3ad78d8c961a59b4d4f214a2e095f2f3da9982917b0b20c0a720e94094df439edef30ee223e63c8ed155ff8f99d1e6e47c9577982517680e5d427051e1fa5d251c650b95743bcb82465a6d427452b6292f8469a6e1e2c67f847f591cd78c98c7816e7c23392052464a8318fa9fb9623940d72abc16b58fcb7794947e1f682e96041f4250086f542764253f3af6ae9d3ef017b8ffd6e79ce766bef79f7c7c6c9b8c9d3370efc9905884827bc38f11b47206d7fe4ca081bf168853eaec82710dd3bb393f52ee4eaf3a7ffdaacdbd97ef49f7a841fedb202be81e715", 0x181}], 0x1) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0) getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x1, 0x0, &(0x7f0000000180)) 538.311429ms ago: executing program 4 (id=1598): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000180)=0x99a, 0x4) connect$inet(r0, &(0x7f0000000480)={0x2, 0xffff, @multicast2}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40021}, [@IFLA_MTU={0x8, 0x4, 0x600}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x8000047, 0x10048010) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x5, &(0x7f0000000080)=0xf, 0x4) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x1d, @multicast1, 0x0, 0xfffffffd, 'dh\x00', 0xa, 0x5, 0x1000004d}, 0x2c) 492.247488ms ago: executing program 1 (id=1599): r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x3, &(0x7f0000000540)=@raw=[@btf_id={0x18, 0x5, 0x3, 0x0, 0x1}, @exit], &(0x7f0000000200)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r0, 0x800442d3, &(0x7f0000000000)={0xb0d4, 0xa7, 0x40, @local, 'wlan1\x00'}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010e7010000000000000000000000000a20000000000a03000000000000000000070000000c00044000000000000000021c000000090a010400000000000000000700000008000a4000000003"], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000840)=ANY=[@ANYBLOB="b80000005500040027bd7000ffdbdf2507000000", @ANYRES32=0x0, @ANYBLOB="20fc0000", @ANYRES32=0x0, @ANYBLOB="01000000ac1e00010000000000000000000000000000000020000100", @ANYRES32=0x0, @ANYBLOB="00030400fe8000000000000000000000000000aa86dd000020000100", @ANYRES32=0x0, @ANYBLOB="010102006401010200000000000000000000000086dd000020000100", @ANYRES32=0x0, @ANYBLOB="00010000e000000100000000000000000000000086dd000020000100", @ANYRES32=0x0, @ANYBLOB="000103000000000000000000000000000000000010000000"], 0xb8}, 0x1, 0x0, 0x0, 0x48014}, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000600)=ANY=[@ANYRES32=r1], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[], 0xb8}}, 0x44804) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x11}, 0x80) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00', @ANYBLOB="010000000000000000004400000008000300", @ANYRES32], 0x4c}}, 0x4000804) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r10, 0x8946, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000002140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x28, r8, 0x5, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_RANN_INTERVAL={0x6, 0x10, 0x5}]}]}, 0x28}}, 0x40000) sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0) 410.402709ms ago: executing program 4 (id=1600): socket$inet_icmp_raw(0x2, 0x3, 0x1) (async) r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0x0) (async) r1 = socket$unix(0x1, 0x1, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async) close(0x4) (async) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000003f01f00660000007f00000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000001e811343ba8af2e0ad51014ac215ef7900000000000000"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000b00), &(0x7f0000000580), 0x7, r2}, 0x38) (async) bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000580)={r2, &(0x7f0000001600), &(0x7f0000001680)=""/227}, 0x20) 374.109875ms ago: executing program 1 (id=1601): r0 = socket(0x2a, 0x2, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x24, 0x24, 0x4, 0x0, 0x4, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x3, 0xe}}}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) (async) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 284.553256ms ago: executing program 4 (id=1602): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) (async) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) (async) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) (async) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000180)={r3, 0x54b}, 0x8) (async) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @loopback}], 0x10) 252.184524ms ago: executing program 1 (id=1603): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_GET_TARGET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r0) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r0) sendmsg$NL802154_CMD_NEW_INTERFACE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)={0x14, r1, 0x1, 0x0, 0x0, {0xf}}, 0x14}, 0x1, 0x0, 0x0, 0x4004040}, 0x0) r2 = socket(0x10, 0x3, 0x0) write(r2, &(0x7f00000000c0)="240000001e005f0214fffffffffffff807000000b800000000000000080008000d000000", 0x24) 151.631792ms ago: executing program 1 (id=1604): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x0, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e00000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xe, 0x16, &(0x7f0000001ec0)=ANY=[@ANYBLOB="61129900000000006113500000000000bf2000000000000007000000087000003d0301000000000095000000000000006926000000000000bf67000000000000150a00000fff07003506000043fe0000170600000ee60000bf0500000000000063620000000000006507000000000000460700004c0000000f75000000000000bf5400000000000007040000f0fff8ffad420100000000009500000000000000050000000000000095000000000000001c0a7900009d3c2792432a4fa650c512aee994a56462712cb064ecce5e7a9ce0a575a4f7952cb768637e60bd5d2e4b5992de991371274fdf535e001022e25659a7c85615c1b88bc894123c090014e8fb87efecdcb73858479526222b22ff81971ef49b2cb0dcebea6d90e9c1677fbefd35893d883a2c559b7af8db8b2d89fcc8af461b2a74af360eace66cec40d927006bd666c8122217c27902b3933106d0cc5bf6fec345ae9606c3c1a3000c94df67ae600900ffa2f49ec035883e27b1a9e9dff3e8bfc7d1be00f1a0820102b19000000000000000009095601e090012086dee84efd375f0642ed261765d3b9efdfbed9b430bcf04060000bdff1c8bcfc00300000000000000ab5d5f299354997c8bef9ca55841a57eddff9220c67c9e17bee524c3dc74c0271124cf9e4e2d23f7062351edf77c7129eb89085967722da6cb884d1afe82f7f722e38397996271700241094d272dd8b754b2dd36d486e7ffd1bdc198deb495cac0995ca3ef6c1affb693ae366b0f11db6ee4830d87a347d448b0737e852306b4713e5ce6cac6a27e29f164b9f16d6f045271b8e9f172c3db24558d77b8bf18be45c50b3fc005fa7b5e45a209d48d6dc2389d7f34cb9c02cf517c8ee8a9b6159ce895101c2ccff2bde95aa860ed9b8b6d6b8fcab7663d9bd8415e6f90fdb007b8f3e0ffe3a638c4fd88d20d235173720c1df1147c9f5013c82fc98604bd70cd56609a6b73943748a900e1d8cf81bcb1d2620bee688eb0a284040000005cc3ba8bf0b5e0fc018463d03a73fa85429725545128b0e9b550a13d0dd35092250b7d00ff03d5314fa8d37932055bb6d30d0000cad2375a34c7f15c3096f31e6aa6887864f62760ae35214552982bba84d92b1261251330dde4cf97b7cc6b2349e4f7a56003f7303d210fccd2efe6cda2595aacc36db66ff83af576b56dfbd40b15d569244d7d6e1182c4fa829c3f86acd17082bfed73ab9ef37705f9d2734801899e248e1a7155e28f000000000000000fce52263e3953a6f8560f852602ca905b58a9e2dbf16dd0322d0bb3ceb1b01752230bcbbf731701b2b1768aabb9a002090c09ab606e91ad9d88e7205464594add8691b62d55127cd891b8abe4358697e1b5f038773c0aa220cdce78b9346adbd72b293e66ef1a04905aaf6bd31e8d40d425d21232956ee45935d7adb2bf9fb37ff145472c58dbc8db58d0cde99df77d86ed71070000000000006d5cf959fb84c9f8ec46ec9af313d13d1bd85d57f598c00eb7bb8b6b4ff5875a50e2ea3287cf0f838bffdbf985fdce1fb66979b51cc6d6d6661354f33986f7acee499e25e3b70db6f15d7f2bfc0000000000000000ff7f00009eeb78c3d2e83f5e0eaf5cec82f45884cb0394271826ac2d5cc0afc4e784b515c659901c5c6a8573436be7b0f64c6176ef37db239a1ee9839436e951aef4196798d518a4820a241cec1b3e4923dae4c87d460900000000000000de7b13645fc6921a759e2c23153f432a3e5167628a94aacd0f40543049d8ef9787b56006227f143ce5554837675b93eeced66fe71bbe2c055660d23af1c9a83b78d0fde1f9dd526858a320563807a1ef41829913ce0b280010dca0cb3a98a8986e8e656dcaa6ae4ee6717a29e50450688763f1b17c156b860ba0d5a121d00ceac30ef5e104c43d76074c3884cb8fa504ebc94f7c83e90b6cad8d2a02df007bd585f4472cfb004cd9f09995000000000021000002cfceb7feffffffffffffffb1a6c40ac666744ca6c8fbba8452b686fd9b6250edd7d86ebc35898637dd88540e40d5799c11ee9883be26229eeee3941494fcd4389af9b755843126338c346b4d50a5b8684ad74bad46f4ffd86292d72a933fcb7304aef4b4a4bf6e054fea3549e08c0dd2334f485da9382887c16306176f73f029e2f9f8145360cfd5ffd66ae82d51e683ff364981b358a5f48af10059a0716951942eed021e41ba076d486cd095ffcefc3e8b8ead226c5a640b06fc13311826d024248f14b62a7fb0f9b95c9e23e7d29aca69e77db40dd00c0b20e43e300b1a46e243e2a8321dbb1270a22d9a2368de08d625566f253f0760abb44c11583fa5b914ab298ade422e4c0ddc7b17dd2aa8ac94d93d6b590000000000000000000000009b90eb1db265c18521667d305886e9c47ad357a76be0c9ce899bdd80a51a2017190a590d092bc500ea71b338098d1007517c1d6e785d5e0975ca2c2edf221b30377e61fce8bf47e7b93da593d154caca75b1ef1273aa501807005593ba45d219d7c656be0fb900000000004093461ceec5fce099368e07060c21cabb846f2447fc72be9925b2f568b15e5d22c8fabbfd3edac460c70a5619a043ada38fea3b104f9c1a473b7820faecfbb40b5e0d3681013c0cb2b8acc1ceb5f790210a3be07b2727c4e5a5d20468b3ed35f9a71519904c6dd76dee5738dcdac1f4358bb65c1aca8eb0a65aacbaaca92cc7cc553b1c5181d81c15ff4eaea3bcbfc4e0d06bd8d2e2d941924f860f2aba2253b9038e6923b026b7ece3e9fcdf6aa14a65bd6cd7e78457dac1fb3cdc421d6059e17d44e378189035c2fe489e5b7a87c23ec952e2affbc7a4c707312b17a5f428527cb42a8cbd072490eae617e6ea32ee7d3055bfc9b1128553cb963d3873115296a8bd2efb7368ea2727b294d6eceee49ad9093738a3b1bbfa163a917380953fdc3a443a6585925ee14a817390a655c1988632a414b304d688116d79693efd80b293ddc89bb27529c34f4f8ee3ddbaf1c13a4e15186353efd0ced475794ff5f9b0580f2fb996928f0ca6d1a9f4bda1fe9c1bc2e657448c00ca6afb2e5b1c336d657c87f2634db46e2e8e82366a2de4dd41ca0a26ab49d5d357e5a8af73d9504af230513acadd2f0d9d99c4b6e4ebf68582cf8dc4dac990b216a6a216b0cae87a2339fda14e546b224857f758cb64ca2dcdf32b5420ad9f33dbaeb36b7466c5129508d57329f57ac682757e398c4d2a6f93fb1dfc2c840e06bd6c0d7ceedc3721b19c7c9fc1645cf32d79807c4d3e0898ae2a829df5c03834bc2558aeed652399a9cf9e5c859d3c5c5341b329fea445d2e040562a813c35ed1c1afab50aeb12eea9456adf21953947413c03af836bc339355250daeaca253f809493c75c9dcdbae3a76753d593623348e82b1e9c5480fd099b6322b6c6158ebe8ecba0ab364ce4a58e244b76d16b81905878c4caaad1f54cc11df97a50356638016a7e50a92ee55af3c64ae2b95653373d3471c0f26119e18426fae7739a9031618635a257cf58b1e9b8264b6543d6c1c372b66d9a5f96198ae01beeb398744ac4b6f26b568cd7b792039ac4e10f9307b1a8dc268a5d2af3dbce55fdac6d1a158a2243c679261aa080acdf0d55753d3163664df7e4129f12f850c694dc140cf9380687da9914be848a01bc7f5278eb3c3210664b62743887b822814c58a3304b392c7e2a6e64576248af87c0f995af921be86e8102d8343c0de8cda3512f84c894ed6c0206e41443c456467c42ff9ddad36e882cc5287394aedd8d413a061a2894f2ef5fc3072fc8a0c5c2a9f94954278c3d67a0b0fa6e002ce0840e3405d166f037a6e678ce1af6ed9c6e7023f8663d294f4bee1effc148e096d2eb91903c482548c0c5b135a31ae6903a9cb9a40a89155ce15dbe3e373a7ac4c7b4d391bdac5268b2d419f13aeb86f68725a4633eb883417bc23243a302ccc919e0b141ae8aeb7457264f8cad663255db96efda704cef9428ffeb16acd3295a36b1e514ecf65944d5c754e02410075714612e7841e6c7e1e2366bd6ccf335ac9dd35332ee78aaa2ff6950c81fd53db93dcebe8b9c42aeefaf63150d649bd1542014ac64daaec18e82854454967e37a6dccea142f2504a6aba4dd44594c230101a4574d56a1ff4f5b7dd246f7d607ff6f8bebf4fd7e709122f3129bec4dd5b4129829d15d1d3b1fb82e341a325f7863c5035bc6a35a6568b35327a8364d98bdf516e27b57976af232128856692b491469c525eb2a48d4794459dae9213bd0088206f364f8c2c727e3e1d1a3ca9f1b40fea92bfea26189d3bf91e92c1e8795334cc268e0b31cd354701eff8adfa247b848b0ae203f78380b818c0afbe01efec884ff0a6cecfb726886bbdaf78ed3ebc40556b434d0fd81799d96cf302e1115c8cda0b4c7f27c8b4ad1a5808f6b908816ca7483f94fbb8391e6533833470c9c3352d70ae03bc8479e64caf16d5fabe77519aa196fcfb4e480620ef153a09e1dd59490ffab33976fba5b3126dc509e4cbc94bd59f745319efc4523e1f0387968be039a920a0abc8aef753f82ca796055bf28affa706df1312a898162454ff9010ee5fa95d56fa3e8ab283481c20d0fa2b3149a54c268d2b77ad6ce63f97e10bf3baa14dc7a4492587ae1e26237787231d000000000000000000000000003ef8cbcd3ffe8d35974cbb469c41e8ad0b58c5376c4fa943d02a4bd12dab3cab9ef4e62cb10820de0d87ddd79f820879e4ad8868f81cf931760d5c6b9c7337e8efcaa4e63eed8e3eb668f104cf1fa53fb300acb4bd61371d6f12165e9814d2517cba3403530d06737da5cb6ca5996af9a16cca9853430842bdf0995c53681e4a2b0bd1fdaeb0e7839669aed97a6f6f25f7de9ba0ea23384b85957faf49d62dba00af3c7e3c817e13e63c487fc167f2aff6e5a250937bb43b0a8e9d12ff551e6cc2d304aec2a5d843ea327c0a3379594726b92b1919367f3b1711087f160503b3b37170579ce2a664b21d86aca4cf19c1f36d264b0b7ba3de1e020601418d981c6f596e48d5cebe4ff0fb8046e87a5c4d95c07935"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1, 0x10, &(0x7f0000000000), 0x39, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xcd17b6ffc675aac0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)={@map, r0, 0x5, 0x0, 0x0, @void, @value}, 0x10) (async) r1 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_SET(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x3c, 0x3e9, 0x716, 0x70bd27, 0x25dfdbfc, {0x0, 0x8, 0x2, 0x0, 0x0, 0x7aa6, 0x4, 0x8, 0x0, 0x7, 0x9}}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) (async) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={@fallback=r1, 0x14, 0x1, 0x1, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x0, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) (async) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f0000003b80)) 36.474143ms ago: executing program 1 (id=1605): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x8ef, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r1 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f0000000540)=ANY=[@ANYRES32=r0]) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000100)=0x4, &(0x7f0000000200)=0x4) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000140)={'wpan0\x00'}) sendmsg$NL802154_CMD_SET_MAX_FRAME_RETRIES(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x14, r3, 0x200, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x8001}, 0x44) r5 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) setsockopt$bt_BT_SNDMTU(r5, 0x112, 0xc, &(0x7f0000000240)=0x7ff, 0x2) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000280)={0x0, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, @link_local}, {0x0, 0x0, 0x0, @link_local}, {0x0, 0x0, 0x0, @local}]}) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000040)=0x7, 0x4) 0s ago: executing program 0 (id=1514): r0 = socket(0x11, 0xa, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000180), r0) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x18}, 0x18) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000002c0)={@empty, 0x0}, &(0x7f00000003c0)=0x14) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x10, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7d}, {}, {}, [@jmp={0x5, 0x1, 0x0, 0x0, 0x9, 0x2, 0x8}]}, &(0x7f0000000540)='syzkaller\x00', 0x2b, 0xfe, &(0x7f0000000580)=""/254, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x4, 0x5}, 0x8, 0x10, &(0x7f00000006c0)={0x1, 0x8, 0x10, 0xe}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000000700)=[0x1], &(0x7f0000000740)=[{0x4, 0x5, 0x10, 0x8}, {0x3, 0x1, 0x9, 0x4}, {0x2, 0x5, 0x3, 0x3}], 0x10, 0x9, @void, @value}, 0x94) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000840)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x5e2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r6, 0xffffffffffffffff}, 0x4) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r7, &(0x7f00000001c0), 0x0}, 0x20) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_ext={0x1c, 0x17, &(0x7f00000000c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x8001}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000001c0)='GPL\x00', 0x6, 0x86, &(0x7f0000000200)=""/134, 0x41100, 0x11, '\x00', r2, 0x0, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0x3, 0xd, 0x6, 0x9}, 0x10, 0x22f80, r4, 0x0, &(0x7f00000008c0)=[r5, r0, r0, r7], 0x0, 0x10, 0x4, @void, @value}, 0x94) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.19' (ED25519) to the list of known hosts. [ 86.571620][ T5814] cgroup: Unknown subsys name 'net' [ 86.739263][ T5814] cgroup: Unknown subsys name 'cpuset' [ 86.748167][ T5814] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 88.445107][ T5814] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 91.907916][ T24] cfg80211: failed to load regulatory.db [ 92.227465][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 92.236480][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.244445][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.253076][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 92.261418][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 92.330369][ T5148] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 92.339070][ T5148] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 92.347207][ T5148] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 92.356472][ T5148] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 92.364375][ T5148] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 92.421150][ T5148] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 92.436031][ T5148] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 92.444104][ T5148] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 92.452777][ T5148] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 92.460617][ T5148] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 92.656888][ T5833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 92.665391][ T5833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 92.673175][ T5833] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 92.681460][ T5833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 92.689414][ T5833] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 92.865990][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 92.874107][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 92.882002][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 92.892235][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 92.900295][ T5833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 92.932514][ T3556] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.947283][ T3556] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.079117][ T973] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.079847][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.094936][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.102820][ T973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.182454][ T3556] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.186710][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 93.209617][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.217954][ T3556] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.218382][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.333098][ T3556] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.349622][ T3556] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.374611][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.396175][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.464929][ T3556] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.488049][ T3556] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.524365][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.533348][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.644655][ T973] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.669804][ T973] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.835130][ T5866] bond0: entered promiscuous mode [ 93.849044][ T5866] bond0: entered allmulticast mode [ 93.857794][ T5866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.958784][ T5877] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 94.069399][ T5884] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9'. [ 94.100771][ T5884] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9'. [ 94.142157][ T5884] Zero length message leads to an empty skb [ 94.223899][ T5887] x_tables: unsorted entry at hook 3 [ 94.367739][ T5900] netlink: 24 bytes leftover after parsing attributes in process `syz.2.14'. [ 94.386200][ T5148] Bluetooth: hci1: command tx timeout [ 94.391954][ T5148] Bluetooth: hci0: command tx timeout [ 94.449624][ T5906] netlink: 'syz.1.15': attribute type 7 has an invalid length. [ 94.514706][ T5900] netlink: 'syz.2.14': attribute type 1 has an invalid length. [ 94.559774][ T5148] Bluetooth: hci2: command tx timeout [ 94.576563][ T5900] netlink: 'syz.2.14': attribute type 2 has an invalid length. [ 94.595953][ T5900] netlink: 16 bytes leftover after parsing attributes in process `syz.2.14'. [ 94.785746][ T5148] Bluetooth: hci3: command tx timeout [ 94.945820][ T5148] Bluetooth: hci4: command tx timeout [ 95.201636][ T5943] netlink: 284 bytes leftover after parsing attributes in process `syz.0.24'. [ 95.343716][ T5954] sctp: [Deprecated]: syz.1.28 (pid 5954) Use of int in max_burst socket option deprecated. [ 95.343716][ T5954] Use struct sctp_assoc_value instead [ 95.411901][ T5956] netlink: 12 bytes leftover after parsing attributes in process `syz.2.26'. [ 95.568282][ T5961] netlink: 8 bytes leftover after parsing attributes in process `syz.0.30'. [ 95.568282][ T5962] netlink: 8 bytes leftover after parsing attributes in process `syz.0.30'. [ 95.739831][ T5970] x_tables: unsorted underflow at hook 1 [ 95.840742][ T5977] netlink: 'syz.0.36': attribute type 1 has an invalid length. [ 95.944497][ T5981] bond0: (slave ip6gretap0): Enslaving as a backup interface with an up link [ 95.958243][ T49] bond0: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 95.959592][ T5977] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.086677][ T2985] bond0: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 96.148100][ T5981] veth1: entered promiscuous mode [ 96.159262][ T5981] bond0: (slave veth1): Enslaving as a backup interface with a down link [ 96.396588][ T5997] IPVS: set_ctl: invalid protocol: 0 224.0.0.2:0 [ 96.466761][ T5148] Bluetooth: hci1: command tx timeout [ 96.467049][ T5833] Bluetooth: hci0: command tx timeout [ 96.625406][ T5833] Bluetooth: hci2: command tx timeout [ 96.865672][ T5833] Bluetooth: hci3: command tx timeout [ 96.884836][ T6027] netlink: 'syz.3.48': attribute type 2 has an invalid length. [ 96.923545][ T9] hid-generic 0005:0B57:0A0B.0001: item fetching failed at offset 1/4 [ 96.933404][ T6033] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 96.956303][ T9] hid-generic 0005:0B57:0A0B.0001: probe with driver hid-generic failed with error -22 [ 97.043099][ T5833] Bluetooth: hci4: command tx timeout [ 97.052946][ T6034] netlink: 'syz.3.48': attribute type 1 has an invalid length. [ 97.387688][ T6053] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.407286][ T6052] Bluetooth: MGMT ver 1.23 [ 97.439863][ T6053] No such timeout policy "syz0" [ 97.461701][ T6052] netlink: 12 bytes leftover after parsing attributes in process `syz.0.56'. [ 97.479266][ T6061] netlink: 148 bytes leftover after parsing attributes in process `syz.3.57'. [ 98.546181][ T5148] Bluetooth: hci1: command tx timeout [ 98.548411][ T5833] Bluetooth: hci0: command tx timeout [ 98.705405][ T5833] Bluetooth: hci2: command tx timeout [ 98.945847][ T5833] Bluetooth: hci3: command tx timeout [ 99.105418][ T5833] Bluetooth: hci4: command tx timeout [ 100.625542][ T5833] Bluetooth: hci0: command tx timeout [ 100.625611][ T5148] Bluetooth: hci1: command tx timeout [ 100.785509][ T5148] Bluetooth: hci2: command tx timeout [ 101.025488][ T5148] Bluetooth: hci3: command tx timeout [ 101.185462][ T5148] Bluetooth: hci4: command tx timeout [ 132.869389][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.875910][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 147.309219][ T6107] syz.4.68 uses obsolete (PF_INET,SOCK_PACKET) [ 147.613691][ T6127] netlink: 'syz.3.73': attribute type 1 has an invalid length. [ 147.767497][ T6134] __nla_validate_parse: 34 callbacks suppressed [ 147.767518][ T6134] netlink: 8 bytes leftover after parsing attributes in process `syz.2.74'. [ 147.815898][ T6136] warning: `syz.0.76' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 148.128372][ T6153] netlink: 'syz.1.79': attribute type 28 has an invalid length. [ 148.162676][ T6153] netlink: 'syz.1.79': attribute type 3 has an invalid length. [ 148.206549][ T6153] netlink: 132 bytes leftover after parsing attributes in process `syz.1.79'. [ 148.344542][ T6162] netlink: 8 bytes leftover after parsing attributes in process `syz.0.81'. [ 149.055057][ T6186] 8021q: VLANs not supported on ip6_vti0 [ 149.661040][ T6223] unknown channel width for channel at 909000KHz? [ 150.035477][ T6239] netlink: 12 bytes leftover after parsing attributes in process `syz.2.101'. [ 150.407184][ T6253] netlink: 4 bytes leftover after parsing attributes in process `syz.3.104'. [ 151.300677][ T6276] netlink: 12 bytes leftover after parsing attributes in process `syz.3.111'. [ 151.413556][ T6276] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 151.493391][ T6284] netlink: 'syz.4.112': attribute type 11 has an invalid length. [ 151.523489][ T6284] netlink: 20 bytes leftover after parsing attributes in process `syz.4.112'. [ 151.803316][ T6295] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 151.819707][ T6295] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:65535 [ 152.012534][ T6306] netlink: 24 bytes leftover after parsing attributes in process `syz.4.116'. [ 152.047115][ T6307] netlink: 12 bytes leftover after parsing attributes in process `syz.1.118'. [ 152.110637][ T6309] netlink: 'syz.2.119': attribute type 1 has an invalid length. [ 152.157950][ T6307] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.206765][ T6312] vlan0: entered promiscuous mode [ 152.217817][ T6312] bond0: entered promiscuous mode [ 152.232681][ T6312] vlan0: entered allmulticast mode [ 152.238280][ T6312] bond0: entered allmulticast mode [ 152.612812][ T6326] netlink: 'syz.4.122': attribute type 1 has an invalid length. [ 152.641130][ T6326] netlink: 244 bytes leftover after parsing attributes in process `syz.4.122'. [ 152.909484][ T6334] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode [ 153.567436][ T6356] netlink: 'syz.4.128': attribute type 1 has an invalid length. [ 153.936516][ T6369] netlink: 144 bytes leftover after parsing attributes in process `syz.2.132'. [ 153.949640][ T6371] netlink: 'syz.4.133': attribute type 58 has an invalid length. [ 153.978774][ T6371] netlink: 20 bytes leftover after parsing attributes in process `syz.4.133'. [ 154.251615][ T6386] netlink: 260 bytes leftover after parsing attributes in process `syz.2.135'. [ 154.307038][ T6383] netlink: 4 bytes leftover after parsing attributes in process `syz.2.135'. [ 154.426159][ T6383] netlink: 12 bytes leftover after parsing attributes in process `syz.2.135'. [ 154.778514][ T6404] netlink: 8 bytes leftover after parsing attributes in process `syz.2.141'. [ 154.841438][ T6404] netlink: 12 bytes leftover after parsing attributes in process `syz.2.141'. [ 154.903138][ T6404] netlink: 'syz.2.141': attribute type 15 has an invalid length. [ 155.018858][ T6413] Bluetooth: MGMT ver 1.23 [ 155.253548][ T6419] netlink: 96 bytes leftover after parsing attributes in process `syz.1.146'. [ 155.272896][ T6419] 8021q: VLANs not supported on ip_vti0 [ 155.388544][ T6423] tc_dump_action: action bad kind [ 155.415798][ T6423] netlink: 4 bytes leftover after parsing attributes in process `syz.2.147'. [ 156.114556][ T6444] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 156.137580][ T6444] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 156.219692][ T6233] Set syz1 is full, maxelem 65536 reached [ 156.363226][ T6449] veth1: entered promiscuous mode [ 156.662654][ T6469] syz_tun: entered allmulticast mode [ 156.680774][ T6471] netlink: 'syz.1.161': attribute type 1 has an invalid length. [ 156.802543][ T6471] 8021q: adding VLAN 0 to HW filter on device bond2 [ 156.968175][ T6462] syz_tun: left allmulticast mode [ 157.102393][ T6489] netlink: 696 bytes leftover after parsing attributes in process `syz.2.164'. [ 157.240614][ T6496] netlink: 'syz.3.166': attribute type 1 has an invalid length. [ 157.283893][ T6496] netlink: 'syz.3.166': attribute type 2 has an invalid length. [ 158.249578][ T6542] bridge0: entered promiscuous mode [ 158.266575][ T6542] bridge0: entered allmulticast mode [ 158.292254][ T6548] sch_fq: defrate 0 ignored. [ 158.632450][ T6571] netlink: 'syz.4.187': attribute type 10 has an invalid length. [ 158.743558][ T6576] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 158.862828][ T6589] syzkaller0: entered promiscuous mode [ 158.885724][ T6589] syzkaller0: entered allmulticast mode [ 158.905412][ T6588] tipc: Started in network mode [ 158.910377][ T6588] tipc: Node identity 9a0f091eacd5, cluster identity 4711 [ 158.924147][ T6588] tipc: Enabled bearer , priority 0 [ 158.942501][ T6590] tipc: Resetting bearer [ 158.962299][ T6594] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 158.994308][ T6590] tipc: Disabling bearer [ 159.032241][ T6588] tipc: Enabling of bearer rejected, failed to enable media [ 159.046658][ T6588] tipc: Enabling of bearer rejected, failed to enable media [ 159.067012][ T6588] tipc: Enabling of bearer rejected, failed to enable media [ 159.093969][ T6588] tipc: Enabling of bearer rejected, failed to enable media [ 159.141663][ T6588] tipc: Enabling of bearer rejected, failed to enable media [ 159.176539][ T6601] __nla_validate_parse: 132 callbacks suppressed [ 159.176556][ T6601] netlink: 156 bytes leftover after parsing attributes in process `syz.1.196'. [ 159.205695][ T6588] tipc: Enabling of bearer rejected, failed to enable media [ 159.218030][ T6588] tipc: Enabling of bearer rejected, failed to enable media [ 159.243184][ T6601] netlink: 'syz.1.196': attribute type 1 has an invalid length. [ 159.254979][ T6588] tipc: Enabling of bearer rejected, failed to enable media [ 159.268694][ T6605] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 159.359038][ T6601] 8021q: adding VLAN 0 to HW filter on device bond3 [ 159.400000][ T6588] tipc: Enabling of bearer rejected, failed to enable media [ 159.414203][ T6588] tipc: Enabling of bearer rejected, failed to enable media [ 159.439746][ T6609] bond3: (slave geneve0): making interface the new active one [ 159.451617][ T6609] bond3: (slave geneve0): Enslaving as an active interface with an up link [ 159.632142][ T6615] veth1: entered promiscuous mode [ 159.651240][ T6615] bond3: (slave veth1): Enslaving as an active interface with a down link [ 159.692688][ T6588] tipc: Enabling of bearer rejected, failed to enable media [ 159.727671][ T6617] netlink: 'syz.3.199': attribute type 1 has an invalid length. [ 159.738367][ T6617] netlink: 224 bytes leftover after parsing attributes in process `syz.3.199'. [ 159.760966][ T6601] vlan1: entered allmulticast mode [ 159.766208][ T6601] bond3: entered allmulticast mode [ 159.771483][ T6601] geneve0: entered allmulticast mode [ 159.778478][ T6601] bond3: (slave vlan1): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 160.005930][ T6637] netlink: 8 bytes leftover after parsing attributes in process `syz.2.204'. [ 160.078979][ T6637] tipc: Started in network mode [ 160.085457][ T6637] tipc: Node identity a6c617fb90be, cluster identity 4711 [ 160.125572][ T6637] tipc: Enabled bearer , priority 0 [ 160.183177][ T6647] netlink: 8 bytes leftover after parsing attributes in process `syz.0.206'. [ 160.225023][ T6647] netlink: 36 bytes leftover after parsing attributes in process `syz.0.206'. [ 160.237156][ T6641] syzkaller0: entered promiscuous mode [ 160.245385][ T6641] syzkaller0: entered allmulticast mode [ 160.253877][ T6641] tipc: Resetting bearer [ 160.293349][ T6634] tipc: Resetting bearer [ 160.483695][ T6660] netlink: 8 bytes leftover after parsing attributes in process `syz.1.209'. [ 160.527655][ T6638] SET target dimension over the limit! [ 161.138378][ T978] tipc: Node number set to 913840123 [ 161.359407][ T6634] tipc: Disabling bearer [ 161.581960][ T6675] netlink: 'syz.0.211': attribute type 8 has an invalid length. [ 161.607411][ T6675] netlink: 8 bytes leftover after parsing attributes in process `syz.0.211'. [ 161.660184][ T6680] netlink: 9 bytes leftover after parsing attributes in process `syz.3.213'. [ 161.696273][ T6680] gretap0: entered promiscuous mode [ 161.716993][ T6680] netlink: 5 bytes leftover after parsing attributes in process `syz.3.213'. [ 161.727905][ T6680] 0{X: renamed from gretap0 [ 161.742186][ T6680] 0{X: left promiscuous mode [ 161.757870][ T6680] 0{X: entered allmulticast mode [ 161.783315][ T6680] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 161.892492][ T6690] smc: net device bond0 applied user defined pnetid SYZ2 [ 162.050275][ T6696] netlink: 'syz.4.218': attribute type 4 has an invalid length. [ 162.276856][ T6706] netlink: 8 bytes leftover after parsing attributes in process `syz.4.224'. [ 162.308447][ T6709] netlink: 'syz.2.227': attribute type 24 has an invalid length. [ 162.348586][ T6706] IPv6: sit1: Disabled Multicast RS [ 162.355885][ T6706] sit1: entered allmulticast mode [ 162.356973][ T6709] netlink: 'syz.2.227': attribute type 11 has an invalid length. [ 163.634157][ T6778] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 163.748644][ T6778] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 163.821770][ T6788] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 164.278140][ T6808] __nla_validate_parse: 5 callbacks suppressed [ 164.278159][ T6808] netlink: 28 bytes leftover after parsing attributes in process `syz.1.251'. [ 164.349684][ T6808] netlink: 36 bytes leftover after parsing attributes in process `syz.1.251'. [ 164.586780][ T6815] x_tables: duplicate underflow at hook 2 [ 164.861024][ T6832] netlink: 12 bytes leftover after parsing attributes in process `syz.1.258'. [ 164.940930][ T6845] netlink: 'syz.4.261': attribute type 2 has an invalid length. [ 165.086401][ T6849] netlink: 12 bytes leftover after parsing attributes in process `syz.3.262'. [ 165.360582][ T6857] veth1: entered allmulticast mode [ 165.494338][ T6859] netlink: 24 bytes leftover after parsing attributes in process `syz.4.267'. [ 165.579362][ T6872] netlink: 12 bytes leftover after parsing attributes in process `syz.3.270'. [ 165.591342][ T6872] netlink: 60 bytes leftover after parsing attributes in process `syz.3.270'. [ 165.602825][ T6872] netlink: 12 bytes leftover after parsing attributes in process `syz.3.270'. [ 165.645712][ T6872] netlink: 60 bytes leftover after parsing attributes in process `syz.3.270'. [ 165.664931][ T6872] netlink: 104 bytes leftover after parsing attributes in process `syz.3.270'. [ 165.675447][ T6868] Driver unsupported XDP return value 0 on prog (id 114) dev N/A, expect packet loss! [ 165.913362][ T2150] IPVS: starting estimator thread 0... [ 165.923318][ T6896] sctp: [Deprecated]: syz.1.273 (pid 6896) Use of int in max_burst socket option. [ 165.923318][ T6896] Use struct sctp_assoc_value instead [ 166.035454][ T6902] IPVS: using max 27 ests per chain, 64800 per kthread [ 166.315295][ T6939] netlink: 'syz.0.279': attribute type 21 has an invalid length. [ 166.627611][ T6955] syzkaller1: entered promiscuous mode [ 166.641382][ T6955] syzkaller1: entered allmulticast mode [ 166.664439][ T6962] netlink: 'syz.2.286': attribute type 1 has an invalid length. [ 166.685084][ T6965] netlink: 'syz.0.284': attribute type 2 has an invalid length. [ 166.902681][ T6975] netlink: 'syz.1.287': attribute type 5 has an invalid length. [ 167.158009][ T6975] syzkaller0: entered promiscuous mode [ 167.185527][ T6975] syzkaller0: entered allmulticast mode [ 194.309478][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 216.865520][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 216.873853][ T5836] Bluetooth: hci2: command 0x0406 tx timeout [ 216.873951][ T6993] Bluetooth: hci1: command 0x0406 tx timeout [ 218.302831][ T7014] __nla_validate_parse: 8 callbacks suppressed [ 218.302852][ T7014] netlink: 8 bytes leftover after parsing attributes in process `syz.1.302'. [ 218.385135][ T7020] netlink: 4 bytes leftover after parsing attributes in process `syz.0.304'. [ 218.430895][ T7020] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.304'. [ 219.111238][ T7046] netlink: 8 bytes leftover after parsing attributes in process `syz.1.311'. [ 219.120610][ T7046] netlink: 'syz.1.311': attribute type 5 has an invalid length. [ 219.141837][ T7048] netlink: 'syz.2.312': attribute type 1 has an invalid length. [ 219.146259][ T7046] netlink: 20 bytes leftover after parsing attributes in process `syz.1.311'. [ 219.235511][ T7044] can: request_module (can-proto-0) failed. [ 219.257068][ T7046] geneve1: entered promiscuous mode [ 219.262408][ T7046] geneve1: entered allmulticast mode [ 219.552769][ T7074] netlink: 184 bytes leftover after parsing attributes in process `syz.4.316'. [ 219.595873][ T7074] openvswitch: netlink: Port 10289156 exceeds max allowable 65535 [ 219.857309][ T7088] netlink: 4 bytes leftover after parsing attributes in process `syz.2.322'. [ 219.882903][ T7088] netlink: 40 bytes leftover after parsing attributes in process `syz.2.322'. [ 219.908184][ T7094] netlink: 12 bytes leftover after parsing attributes in process `syz.0.323'. [ 221.596247][ T7147] netlink: 8 bytes leftover after parsing attributes in process `syz.1.337'. [ 221.728996][ T7152] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode [ 222.159431][ T7149] mac80211_hwsim hwsim6 wlan1: left allmulticast mode [ 223.024287][ T7213] netlink: 'syz.2.352': attribute type 1 has an invalid length. [ 223.049054][ T7213] netlink: 'syz.2.352': attribute type 1 has an invalid length. [ 223.256260][ T7224] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 223.300019][ T7226] xt_hashlimit: size too large, truncated to 1048576 [ 223.315780][ T7224] netlink: 'syz.1.355': attribute type 18 has an invalid length. [ 223.408227][ T7234] __nla_validate_parse: 5 callbacks suppressed [ 223.408245][ T7234] netlink: 28 bytes leftover after parsing attributes in process `syz.4.359'. [ 223.481961][ T7228] C: renamed from lo [ 223.544186][ T7228] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 223.782770][ T7247] netlink: 'syz.1.364': attribute type 1 has an invalid length. [ 223.820289][ T7252] netlink: 8 bytes leftover after parsing attributes in process `syz.3.366'. [ 223.838336][ T7253] netlink: 36 bytes leftover after parsing attributes in process `syz.1.364'. [ 223.882325][ T7256] sctp: [Deprecated]: syz.2.367 (pid 7256) Use of int in maxseg socket option. [ 223.882325][ T7256] Use struct sctp_assoc_value instead [ 223.919526][ T7247] 8021q: adding VLAN 0 to HW filter on device bond4 [ 223.936270][ T7252] netlink: 80 bytes leftover after parsing attributes in process `syz.3.366'. [ 223.963778][ T7252] netlink: 80 bytes leftover after parsing attributes in process `syz.3.366'. [ 224.518988][ T7282] netlink: 80 bytes leftover after parsing attributes in process `syz.0.374'. [ 224.625383][ T7289] netlink: 8 bytes leftover after parsing attributes in process `syz.1.376'. [ 224.758619][ T7298] netlink: 8 bytes leftover after parsing attributes in process `syz.0.378'. [ 224.934797][ T7288] No such timeout policy "syz0" [ 225.059065][ T7314] xt_l2tp: v2 sid > 0xffff: 262144 [ 225.588844][ T7331] netlink: 168 bytes leftover after parsing attributes in process `syz.1.387'. [ 225.602234][ T7330] netlink: 168 bytes leftover after parsing attributes in process `syz.1.387'. [ 226.323695][ T7357] ieee802154 phy1 wpan1: encryption failed: -22 [ 226.330643][ T7331] ieee802154 phy1 wpan1: encryption failed: -22 [ 226.423804][ T7368] x_tables: duplicate underflow at hook 2 [ 227.021020][ T7392] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 227.626314][ T7426] openvswitch: netlink: nsh attribute has 2338 unknown bytes. [ 227.634313][ T7426] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 227.793477][ T7435] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 228.026557][ T7444] syzkaller1: tun_chr_ioctl cmd 1074025673 [ 228.051970][ T7442] syzkaller1: tun_chr_ioctl cmd 1074025675 [ 228.081492][ T7442] syzkaller1: persist disabled [ 228.099189][ T7440] syzkaller1: tun_chr_ioctl cmd 1074025675 [ 228.112366][ T7440] syzkaller1: persist disabled [ 228.434638][ T7466] x_tables: ip_tables: osf match: only valid for protocol 6 [ 228.454328][ T7466] x_tables: duplicate underflow at hook 1 [ 228.658641][ T7475] __nla_validate_parse: 5 callbacks suppressed [ 228.658659][ T7475] netlink: 12 bytes leftover after parsing attributes in process `syz.4.427'. [ 228.869866][ T7486] netlink: 4 bytes leftover after parsing attributes in process `syz.2.431'. [ 229.011952][ T7151] IPVS: starting estimator thread 0... [ 229.049809][ T7502] netlink: 'syz.4.435': attribute type 2 has an invalid length. [ 229.125338][ T7499] IPVS: using max 26 ests per chain, 62400 per kthread [ 229.191133][ T7509] delete_channel: no stack [ 229.239042][ T7511] netlink: 8 bytes leftover after parsing attributes in process `syz.3.438'. [ 229.258401][ T7511] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 229.274900][ T7511] netlink: 'syz.3.438': attribute type 7 has an invalid length. [ 229.355792][ T7511] : entered promiscuous mode [ 229.450647][ T7521] tipc: Enabling of bearer rejected, failed to enable media [ 230.489515][ T7569] netlink: 4 bytes leftover after parsing attributes in process `syz.0.457'. [ 230.500965][ T7570] netlink: 4 bytes leftover after parsing attributes in process `syz.0.457'. [ 231.008439][ T7587] netlink: 8 bytes leftover after parsing attributes in process `syz.0.458'. [ 231.039508][ T7587] netlink: 224 bytes leftover after parsing attributes in process `syz.0.458'. [ 231.085400][ T7587] netlink: 8 bytes leftover after parsing attributes in process `syz.0.458'. [ 231.130925][ T7581] netlink: 8 bytes leftover after parsing attributes in process `syz.0.458'. [ 231.157117][ T7581] netlink: 224 bytes leftover after parsing attributes in process `syz.0.458'. [ 231.232170][ T7595] syzkaller1: entered promiscuous mode [ 231.241189][ T7595] syzkaller1: entered allmulticast mode [ 231.987694][ T5148] Bluetooth: hci4: command 0x0405 tx timeout [ 232.278532][ T7666] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 232.443912][ T7672] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 232.484776][ T7671] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 232.688542][ T7690] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 232.738232][ T7692] netlink: 'syz.2.490': attribute type 1 has an invalid length. [ 232.770716][ T7692] netlink: 'syz.2.490': attribute type 2 has an invalid length. [ 233.572848][ T7726] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 233.767986][ T7735] __nla_validate_parse: 6 callbacks suppressed [ 233.768005][ T7735] netlink: 12 bytes leftover after parsing attributes in process `syz.2.502'. [ 233.832631][ T7737] xt_hashlimit: size too large, truncated to 1048576 [ 233.907248][ T7738] C: renamed from lo [ 233.952078][ T7738] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 234.001504][ T7740] netlink: 'syz.3.504': attribute type 1 has an invalid length. [ 234.122103][ T7748] bond1: (slave vcan0): The slave device specified does not support setting the MAC address [ 234.133465][ T7748] bond1: (slave vcan0): Setting fail_over_mac to active for active-backup mode [ 234.152318][ T7748] bond1: (slave vcan0): making interface the new active one [ 234.165546][ T7748] bond1: (slave vcan0): Enslaving as an active interface with an up link [ 234.183162][ T7755] netlink: 40 bytes leftover after parsing attributes in process `syz.4.507'. [ 234.260654][ T7740] 8021q: adding VLAN 0 to HW filter on device bond1 [ 234.290223][ T7752] netlink: 16 bytes leftover after parsing attributes in process `syz.4.507'. [ 234.343347][ T7752] netlink: 16 bytes leftover after parsing attributes in process `syz.4.507'. [ 234.422805][ T7765] netlink: 12 bytes leftover after parsing attributes in process `syz.3.511'. [ 234.467441][ T7768] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 234.477769][ T7765] netlink: 48 bytes leftover after parsing attributes in process `syz.3.511'. [ 234.520307][ T7770] netlink: 12 bytes leftover after parsing attributes in process `syz.3.511'. [ 234.544728][ T7770] netlink: 48 bytes leftover after parsing attributes in process `syz.3.511'. [ 234.745741][ T7783] netlink: 'syz.1.515': attribute type 39 has an invalid length. [ 234.912367][ T7791] netlink: 24 bytes leftover after parsing attributes in process `syz.3.516'. [ 234.944365][ T7791] tipc: Started in network mode [ 234.956352][ T7791] tipc: Node identity e61cd2691f91, cluster identity 4711 [ 234.975520][ T7791] tipc: Enabled bearer , priority 0 [ 235.172301][ T7806] netlink: 12 bytes leftover after parsing attributes in process `syz.2.520'. [ 235.202165][ T7791] syzkaller0: entered promiscuous mode [ 235.221144][ T7806] netlink: 'syz.2.520': attribute type 1 has an invalid length. [ 235.235946][ T7791] syzkaller0: entered allmulticast mode [ 235.242041][ T7791] tipc: Resetting bearer [ 235.393715][ T6746] tipc: Resetting bearer [ 235.432525][ T7788] tipc: Resetting bearer [ 235.995919][ T7151] tipc: Node number set to 4186821225 [ 236.407841][ T7788] tipc: Disabling bearer [ 236.442368][ T7830] netlink: 'syz.2.525': attribute type 29 has an invalid length. [ 237.551628][ T7891] pimreg: entered allmulticast mode [ 237.632865][ T7897] xt_ecn: cannot match TCP bits for non-tcp packets [ 237.678187][ T7898] geneve0: entered promiscuous mode [ 237.683466][ T7898] geneve0: entered allmulticast mode [ 237.728486][ T7901] trusted_key: syz.3.550 sent an empty control message without MSG_MORE. [ 238.066639][ T7913] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 238.356881][ T7933] xt_policy: output policy not valid in PREROUTING and INPUT [ 238.894294][ T7965] __nla_validate_parse: 16 callbacks suppressed [ 238.894314][ T7965] netlink: 256 bytes leftover after parsing attributes in process `syz.0.568'. [ 238.992115][ T7970] netlink: 36 bytes leftover after parsing attributes in process `syz.0.568'. [ 240.074569][ T7986] netlink: 4 bytes leftover after parsing attributes in process `syz.4.573'. [ 240.309710][ T8003] netlink: 24 bytes leftover after parsing attributes in process `syz.0.578'. [ 240.352046][ T7986] can: request_module (can-proto-5) failed. [ 240.970668][ T8042] netlink: 8 bytes leftover after parsing attributes in process `syz.2.588'. [ 240.992563][ T8047] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 241.015760][ T8042] netlink: 8 bytes leftover after parsing attributes in process `syz.2.588'. [ 241.025593][ T8042] netlink: 8 bytes leftover after parsing attributes in process `syz.2.588'. [ 241.054676][ T8042] netlink: 8 bytes leftover after parsing attributes in process `syz.2.588'. [ 241.075025][ T8042] netlink: 8 bytes leftover after parsing attributes in process `syz.2.588'. [ 241.099512][ T8054] netlink: 12 bytes leftover after parsing attributes in process `syz.3.591'. [ 241.143462][ T8054] geneve0: entered promiscuous mode [ 241.600113][ T5148] block nbd0: Receive control failed (result -32) [ 241.928371][ T8101] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 242.373379][ T8119] netlink: 'syz.1.613': attribute type 21 has an invalid length. [ 242.426227][ T8122] netlink: 'syz.2.615': attribute type 10 has an invalid length. [ 242.923229][ T8153] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 243.117115][ T8166] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 243.165866][ T8168] openvswitch: netlink: Key type 30 is not supported [ 243.737301][ T8183] vlan0: left promiscuous mode [ 243.753779][ T8183] bond0: left promiscuous mode [ 243.775537][ T8183] vlan0: left allmulticast mode [ 243.802916][ T8183] bond0: left allmulticast mode [ 243.929421][ T8183] veth1: left promiscuous mode [ 243.953171][ T8183] geneve1: left promiscuous mode [ 243.966869][ T8183] geneve1: left allmulticast mode [ 244.249107][ T8224] __nla_validate_parse: 75 callbacks suppressed [ 244.249127][ T8224] netlink: 204 bytes leftover after parsing attributes in process `syz.1.648'. [ 244.264736][ T8225] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 244.364673][ T8232] netlink: 68 bytes leftover after parsing attributes in process `syz.3.651'. [ 244.437946][ T8225] bond0: entered promiscuous mode [ 244.459871][ T8225] bond0: entered allmulticast mode [ 244.480072][ T8225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.617255][ T8225] bond0 (unregistering): Released all slaves [ 244.676825][ T6746] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 244.883035][ T8251] netlink: 'syz.1.655': attribute type 2 has an invalid length. [ 244.915026][ T30] audit: type=1800 audit(1748775262.796:2): pid=8226 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.646" name="cgroup.controllers" dev="tmpfs" ino=689 res=0 errno=0 [ 244.987824][ T8258] netlink: 8 bytes leftover after parsing attributes in process `syz.4.657'. [ 245.035576][ T8252] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 245.126132][ T8252] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 245.246674][ T8276] netlink: 4 bytes leftover after parsing attributes in process `syz.0.658'. [ 245.303291][ T8274] x_tables: duplicate entry at hook 1 [ 245.343653][ T8274] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 245.479840][ T8281] netlink: 'syz.2.662': attribute type 32 has an invalid length. [ 245.488252][ T8281] netlink: 8 bytes leftover after parsing attributes in process `syz.2.662'. [ 245.497927][ T8281] (unnamed net_device) (uninitialized): option coupled_control: invalid value (128) [ 245.586627][ T8287] netlink: 'syz.4.665': attribute type 1 has an invalid length. [ 245.596243][ T8287] netlink: 224 bytes leftover after parsing attributes in process `syz.4.665'. [ 245.758962][ T8295] af_packet: tpacket_rcv: packet too big, clamped from 42 to 4294967286. macoff=82 [ 246.243839][ T8326] x_tables: duplicate underflow at hook 2 [ 246.272232][ T8332] netlink: 'syz.4.676': attribute type 1 has an invalid length. [ 246.294848][ T8332] netlink: 228 bytes leftover after parsing attributes in process `syz.4.676'. [ 246.315202][ T8332] netlink: 8 bytes leftover after parsing attributes in process `syz.4.676'. [ 247.065156][ T8375] netlink: 12 bytes leftover after parsing attributes in process `syz.0.683'. [ 247.105863][ T8379] netlink: 28 bytes leftover after parsing attributes in process `syz.2.686'. [ 247.386322][ T8390] ieee802154 phy1 wpan1: encryption failed: -22 [ 248.380594][ T8446] netlink: 'syz.0.698': attribute type 13 has an invalid length. [ 248.385465][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 248.907407][ T8463] tap0: tun_chr_ioctl cmd 1074025677 [ 248.926608][ T8463] tap0: linktype set to 65534 [ 248.982926][ T8463] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 249.194507][ T8471] openvswitch: netlink: Message has 24 unknown bytes. [ 249.252106][ T8476] ICMPv6: NA: 00:00:00:00:00:00 advertised our address fe80::aa on syz_tun! [ 249.504598][ T8490] netlink: 'syz.0.713': attribute type 32 has an invalid length. [ 249.530019][ T8486] __nla_validate_parse: 3 callbacks suppressed [ 249.530038][ T8486] netlink: 252 bytes leftover after parsing attributes in process `syz.3.712'. [ 249.534906][ T8490] netlink: 8 bytes leftover after parsing attributes in process `syz.0.713'. [ 250.061921][ T8507] netlink: 'syz.1.714': attribute type 9 has an invalid length. [ 250.105509][ T8500] netlink: 'syz.1.714': attribute type 9 has an invalid length. [ 250.115011][ T8510] netlink: 4 bytes leftover after parsing attributes in process `syz.1.714'. [ 250.549404][ T8530] netlink: 56 bytes leftover after parsing attributes in process `syz.3.721'. [ 250.574559][ T8525] syzkaller1: entered promiscuous mode [ 250.580875][ T8525] syzkaller1: entered allmulticast mode [ 250.904278][ T8551] netlink: 12 bytes leftover after parsing attributes in process `syz.0.726'. [ 250.923727][ T8551] geneve0: entered promiscuous mode [ 251.001549][ T8557] netlink: 8 bytes leftover after parsing attributes in process `syz.2.728'. [ 251.023091][ T8557] netlink: 8 bytes leftover after parsing attributes in process `syz.2.728'. [ 251.660332][ T8587] netlink: 8 bytes leftover after parsing attributes in process `syz.4.739'. [ 251.672315][ T8588] netlink: 8 bytes leftover after parsing attributes in process `syz.4.739'. [ 251.759424][ T8595] netlink: 32 bytes leftover after parsing attributes in process `syz.0.741'. [ 251.811443][ T8595] netlink: 'syz.0.741': attribute type 12 has an invalid length. [ 251.852672][ T8599] netlink: 'syz.0.741': attribute type 12 has an invalid length. [ 251.880541][ T8595] mac80211_hwsim hwsim4 : renamed from wlan1 [ 252.408756][ T8630] netlink: 'syz.3.750': attribute type 1 has an invalid length. [ 252.828064][ T8645] .: renamed from bond0 [ 253.143700][ T30] audit: type=1107 audit(1748775271.026:3): pid=8655 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='ً5%UA٠0ltݕ/ 6򊨊' [ 253.198487][ T8662] dvmrp1: entered allmulticast mode [ 253.419740][ T8672] netlink: 'syz.3.764': attribute type 11 has an invalid length. [ 253.937274][ T8701] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 254.272907][ T8716] netlink: 'syz.3.774': attribute type 1 has an invalid length. [ 254.441158][ T6910] . (unregistering): Released all slaves [ 254.555940][ T6910] tipc: Left network mode [ 254.908938][ T8739] __nla_validate_parse: 16 callbacks suppressed [ 254.908956][ T8739] netlink: 80 bytes leftover after parsing attributes in process `syz.1.782'. [ 255.312081][ T8759] netlink: 'syz.1.785': attribute type 1 has an invalid length. [ 255.412602][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 255.421804][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 255.436763][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 255.457992][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 255.468398][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 255.737539][ T6910] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 255.745669][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 255.756332][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.788242][ T6910] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 255.841499][ T6910] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 255.850422][ T6910] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 255.899877][ T8778] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 256.146505][ T8790] netlink: 144 bytes leftover after parsing attributes in process `syz.3.792'. [ 256.519243][ T8802] netlink: 20 bytes leftover after parsing attributes in process `syz.4.797'. [ 256.540847][ T8802] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 257.049316][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 257.058140][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 257.066647][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 257.074810][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 257.085474][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 257.109463][ T8823] netlink: 8 bytes leftover after parsing attributes in process `syz.0.801'. [ 257.419539][ T8843] openvswitch: netlink: Message has -1 unknown bytes. [ 257.443360][ T8834] netlink: 'syz.4.805': attribute type 1 has an invalid length. [ 257.462402][ T6910] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 257.476046][ T8834] netlink: 184 bytes leftover after parsing attributes in process `syz.4.805'. [ 257.490121][ T6910] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 257.498601][ T8834] netlink: 40 bytes leftover after parsing attributes in process `syz.4.805'. [ 257.678459][ T6910] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 257.695663][ T6910] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 257.986360][ T8864] netlink: 28 bytes leftover after parsing attributes in process `syz.3.814'. [ 258.801751][ T8893] netlink: 8 bytes leftover after parsing attributes in process `syz.3.822'. [ 259.344837][ T8926] netlink: 12 bytes leftover after parsing attributes in process `syz.0.827'. [ 259.488010][ T8928] veth3: entered promiscuous mode [ 259.653141][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 259.666596][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 259.686834][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 259.699095][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 259.707563][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 259.796178][ T8946] netlink: 'syz.1.834': attribute type 16 has an invalid length. [ 259.803973][ T8946] netlink: 'syz.1.834': attribute type 17 has an invalid length. [ 259.963369][ T8953] netlink: 'syz.0.836': attribute type 18 has an invalid length. [ 260.069103][ T8960] netlink: 'syz.1.838': attribute type 1 has an invalid length. [ 260.144622][ T8960] 8021q: adding VLAN 0 to HW filter on device bond6 [ 260.200035][ T8965] veth0: entered promiscuous mode [ 260.210868][ T8964] netlink: 4 bytes leftover after parsing attributes in process `syz.0.840'. [ 260.229887][ T6746] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 260.256173][ T6746] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.289963][ T8964] veth0 (unregistering): left promiscuous mode [ 260.417674][ T8964] bond0: (slave veth1): Releasing backup interface [ 260.502503][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 260.531058][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.842165][ T8986] netlink: 'syz.1.846': attribute type 12 has an invalid length. [ 260.874084][ T8992] netlink: 12 bytes leftover after parsing attributes in process `syz.0.848'. [ 261.118744][ T9008] netlink: 4 bytes leftover after parsing attributes in process `syz.4.852'. [ 261.188817][ T9015] netlink: 'syz.3.853': attribute type 1 has an invalid length. [ 261.246016][ T9019] netlink: 12 bytes leftover after parsing attributes in process `syz.1.850'. [ 261.476977][ T9015] 8021q: adding VLAN 0 to HW filter on device bond2 [ 262.096666][ T9032] netlink: 100 bytes leftover after parsing attributes in process `syz.3.856'. [ 262.713932][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 262.728993][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 262.741432][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 262.751771][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 262.759929][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 262.807615][ T9069] netlink: 116 bytes leftover after parsing attributes in process `syz.3.865'. [ 262.842271][ T9069] netlink: 28 bytes leftover after parsing attributes in process `syz.3.865'. [ 262.876566][ T9069] netlink: 28 bytes leftover after parsing attributes in process `syz.3.865'. [ 263.106523][ T6746] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 263.134327][ T6746] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 263.244860][ T6746] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 263.273693][ T6746] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 263.465412][ T9095] netlink: 16 bytes leftover after parsing attributes in process `syz.3.874'. [ 263.520992][ T9098] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 263.649650][ T9102] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.875'. [ 264.758302][ T9115] netlink: 'syz.3.881': attribute type 32 has an invalid length. [ 264.790638][ T9116] netlink: 'syz.1.880': attribute type 1 has an invalid length. [ 264.799158][ T9115] (unnamed net_device) (uninitialized): option coupled_control: invalid value (64) [ 264.882612][ T9122] IPVS: stopping backup sync thread 9123 ... [ 264.889425][ T9123] IPVS: sync thread started: state = BACKUP, mcast_ifn = ip6gretap0, syncid = 3, id = 0 [ 265.409907][ T5148] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 265.418538][ T5148] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 265.426963][ T5148] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 265.441684][ T5148] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 265.450324][ T5148] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 265.474313][ T9145] __nla_validate_parse: 6 callbacks suppressed [ 265.474331][ T9145] netlink: 300 bytes leftover after parsing attributes in process `syz.1.890'. [ 265.504731][ T9148] ieee802154 phy1 wpan1: encryption failed: -22 [ 265.585339][ T5148] Bluetooth: hci0: command tx timeout [ 265.635015][ T3556] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 265.643676][ T3556] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 265.708368][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 265.726012][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 265.736307][ T30] audit: type=1107 audit(1748775283.616:4): pid=9158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 265.848312][ T9163] netlink: 'syz.1.896': attribute type 10 has an invalid length. [ 265.852228][ T9166] xt_hashlimit: max too large, truncated to 1048576 [ 267.095052][ T9186] SET target dimension over the limit! [ 267.175255][ T9190] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 267.197996][ T9190] netlink: 'syz.3.906': attribute type 1 has an invalid length. [ 267.215582][ T9190] netlink: 244 bytes leftover after parsing attributes in process `syz.3.906'. [ 267.238247][ T9192] mac80211_hwsim hwsim13 wlan1: entered allmulticast mode [ 267.345719][ T9195] mac80211_hwsim hwsim13 wlan1 (unregistering): left allmulticast mode [ 267.357461][ T9198] netlink: 12 bytes leftover after parsing attributes in process `syz.4.910'. [ 267.400275][ T9201] Cannot find del_set index 3 as target [ 267.486132][ T5148] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 267.495017][ T5148] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 267.504910][ T5148] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 267.513247][ T5148] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 267.523731][ T5148] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 267.562086][ T9209] xt_nfacct: accounting object `syz1' does not exists [ 267.837677][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 267.867359][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 267.928718][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 267.966164][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 268.049306][ T9227] netlink: 16 bytes leftover after parsing attributes in process `syz.3.916'. [ 268.137769][ T9227] : left promiscuous mode [ 268.331455][ T9238] netlink: 48 bytes leftover after parsing attributes in process `syz.4.918'. [ 268.341217][ T978] IPVS: starting estimator thread 0... [ 268.382519][ T9240] IPVS: set_ctl: invalid protocol: 108 127.0.0.1:20001 [ 268.446677][ T9241] IPVS: using max 26 ests per chain, 62400 per kthread [ 268.453032][ T9245] tipc: Enabled bearer , priority 0 [ 268.577676][ T9255] netlink: 8 bytes leftover after parsing attributes in process `syz.4.924'. [ 268.587500][ T9245] syzkaller0: entered promiscuous mode [ 268.593007][ T9245] syzkaller0: entered allmulticast mode [ 268.599691][ T9245] tipc: Resetting bearer [ 268.689155][ T9262] netlink: 260 bytes leftover after parsing attributes in process `syz.4.924'. [ 268.713848][ T9262] netlink: 104 bytes leftover after parsing attributes in process `syz.4.924'. [ 268.715951][ T9264] netlink: 8 bytes leftover after parsing attributes in process `syz.0.923'. [ 268.738092][ T9262] netlink: 32 bytes leftover after parsing attributes in process `syz.4.924'. [ 268.776125][ T9244] tipc: Resetting bearer [ 269.800787][ T9244] tipc: Disabling bearer [ 269.811236][ T9258] sit0: entered promiscuous mode [ 269.817504][ T9258] netlink: 'syz.1.925': attribute type 1 has an invalid length. [ 269.872984][ T5148] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 269.886556][ T5148] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 269.904280][ T5148] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 269.914694][ T5148] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 269.922594][ T5148] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 270.025730][ T9273] netlink: 'syz.3.927': attribute type 1 has an invalid length. [ 270.465461][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 270.529755][ T9299] __nla_validate_parse: 2 callbacks suppressed [ 270.529782][ T9299] netlink: 72 bytes leftover after parsing attributes in process `syz.4.934'. [ 270.535882][ T9305] netlink: 8 bytes leftover after parsing attributes in process `syz.3.935'. [ 270.545277][ T9299] netlink: 72 bytes leftover after parsing attributes in process `syz.4.934'. [ 270.710524][ T9312] netlink: 64 bytes leftover after parsing attributes in process `syz.3.938'. [ 270.741180][ T9310] IPVS: Unknown mcast interface: vcan0 [ 270.770628][ T9314] netlink: 'syz.4.939': attribute type 2 has an invalid length. [ 270.804307][ T3556] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 270.807898][ T9314] netlink: 16 bytes leftover after parsing attributes in process `syz.4.939'. [ 270.839470][ T3556] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 270.880649][ T9322] netlink: 'syz.0.941': attribute type 11 has an invalid length. [ 270.890914][ T9322] netlink: 224 bytes leftover after parsing attributes in process `syz.0.941'. [ 270.922718][ T3556] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 270.936824][ T3556] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 271.116102][ T9338] netlink: 108 bytes leftover after parsing attributes in process `syz.0.944'. [ 272.776868][ T9370] netlink: 12 bytes leftover after parsing attributes in process `syz.0.954'. [ 272.791049][ T9373] 8021q: VLANs not supported on ip6tnl0 [ 272.801974][ T9367] netlink: 8 bytes leftover after parsing attributes in process `syz.3.956'. [ 272.817129][ T9373] netlink: 28 bytes leftover after parsing attributes in process `syz.4.957'. [ 272.820555][ T9370] IPv6: NLM_F_REPLACE set, but no existing node found! [ 272.827470][ T9373] netlink: 'syz.4.957': attribute type 7 has an invalid length. [ 272.863240][ T9373] netlink: 'syz.4.957': attribute type 8 has an invalid length. [ 272.898448][ T9373] syz_tun: entered promiscuous mode [ 272.939429][ T9373] syz_tun: left promiscuous mode [ 273.335737][ T5148] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 273.344780][ T5148] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 273.357993][ T5148] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 273.371703][ T5148] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 273.387788][ T5148] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 273.778229][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 273.796244][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 273.858266][ T9427] tipc: Started in network mode [ 273.863622][ T6912] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 273.872849][ T6912] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 273.880854][ T9427] tipc: Node identity de2d34dd38e8, cluster identity 4711 [ 273.891408][ T9427] tipc: Enabled bearer , priority 0 [ 273.938652][ T9435] +: renamed from syzkaller0 [ 273.966000][ T9435] tipc: Disabling bearer [ 275.424095][ T9459] openvswitch: netlink: Flow key attr not present in new flow. [ 275.438578][ T9455] ipt_REJECT: TCP_RESET invalid for non-tcp [ 275.694197][ T9475] __nla_validate_parse: 9 callbacks suppressed [ 275.694216][ T9475] netlink: 8 bytes leftover after parsing attributes in process `syz.1.984'. [ 275.711119][ T9475] netlink: 16 bytes leftover after parsing attributes in process `syz.1.984'. [ 275.736851][ T9475] netlink: 8 bytes leftover after parsing attributes in process `syz.1.984'. [ 275.775436][ T9475] netlink: 16 bytes leftover after parsing attributes in process `syz.1.984'. [ 276.198372][ T9505] netem: incorrect gi model size [ 276.201842][ T9504] netlink: 'syz.3.991': attribute type 2 has an invalid length. [ 276.251829][ T9504] netlink: 244 bytes leftover after parsing attributes in process `syz.3.991'. [ 276.264740][ T5148] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 276.282862][ T5148] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 276.290972][ T5148] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 276.305499][ T9512] x_tables: unsorted entry at hook 3 [ 276.311850][ T5148] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 276.320200][ T5148] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 276.542756][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 276.552359][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 276.613586][ T3556] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 276.628534][ T3556] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 276.796323][ T9542] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1001'. [ 278.310371][ T9560] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1008'. [ 278.346074][ T9560] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1008'. [ 278.381802][ T9564] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1011'. [ 278.410249][ T9564] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1011'. [ 278.763612][ T9580] x_tables: duplicate underflow at hook 3 [ 278.816850][ T5148] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 278.826622][ T5148] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 278.835422][ T5148] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 278.845550][ T5148] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 278.853461][ T5148] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 278.997363][ T9592] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 279.153158][ T6912] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 279.171369][ T6912] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 279.216167][ T6912] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 279.240114][ T6912] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 279.632614][ T9625] ip6gre2: entered allmulticast mode [ 281.107374][ T9642] __nla_validate_parse: 3 callbacks suppressed [ 281.107391][ T9642] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1032'. [ 281.146111][ T9637] 8021q: adding VLAN 0 to HW filter on device bond2 [ 281.154557][ T9637] bridge0: port 1(bond2) entered blocking state [ 281.180914][ T9637] bridge0: port 1(bond2) entered disabled state [ 281.192254][ T9637] bond2: entered allmulticast mode [ 281.200180][ T9637] bond2: entered promiscuous mode [ 281.316552][ T9650] x_tables: duplicate underflow at hook 1 [ 281.655864][ T5148] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 281.665031][ T5148] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 281.674635][ T5148] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 281.683033][ T5148] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 281.691724][ T5148] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 281.839530][ T9676] netlink: zone id is out of range [ 281.846995][ T9676] netlink: zone id is out of range [ 281.852561][ T9676] netlink: zone id is out of range [ 281.858090][ T9676] netlink: zone id is out of range [ 281.863492][ T9676] netlink: zone id is out of range [ 281.885139][ T9676] netlink: zone id is out of range [ 281.901720][ T9676] netlink: zone id is out of range [ 281.935116][ T9676] netlink: zone id is out of range [ 281.969226][ T9684] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 281.983814][ T9684] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1046'. [ 281.996296][ T9684] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1046'. [ 281.997153][ T9676] netlink: zone id is out of range [ 282.011336][ T9676] netlink: zone id is out of range [ 282.078591][ T9686] tipc: Enabled bearer , priority 0 [ 282.108516][ T9686] mac80211_hwsim hwsim9 syzkaller0: entered promiscuous mode [ 282.126102][ T9686] mac80211_hwsim hwsim9 syzkaller0: entered allmulticast mode [ 282.135359][ T6912] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 282.158497][ T6912] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 282.182949][ T9686] tipc: Resetting bearer [ 282.234004][ T6910] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 282.242303][ T6910] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 282.295149][ T9700] netlink: 'syz.4.1052': attribute type 1 has an invalid length. [ 282.303440][ T9697] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1051'. [ 282.311516][ T9700] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1052'. [ 282.324042][ T9701] netlink: 'syz.4.1052': attribute type 1 has an invalid length. [ 282.333046][ T9701] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1052'. [ 282.354615][ T9698] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1050'. [ 282.594800][ T9714] netlink: 'syz.4.1056': attribute type 1 has an invalid length. [ 282.605765][ T9714] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1056'. [ 282.719432][ T9720] netlink: 'syz.0.1059': attribute type 1 has an invalid length. [ 282.727754][ T9720] netlink: 'syz.0.1059': attribute type 4 has an invalid length. [ 282.735953][ T9720] netlink: 9491 bytes leftover after parsing attributes in process `syz.0.1059'. [ 282.806517][ T9724] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 64993 [ 282.815559][ T9730] netlink: 'syz.4.1061': attribute type 11 has an invalid length. [ 282.824450][ T9730] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1061'. [ 283.175602][ T7151] tipc: Node number set to 920258846 [ 283.745816][ T5148] Bluetooth: hci1: command tx timeout [ 284.174110][ T9826] IPVS: length: 102 != 24 [ 284.194308][ T9825] netlink: 'syz.4.1089': attribute type 1 has an invalid length. [ 284.194320][ T9831] netlink: 'syz.4.1089': attribute type 1 has an invalid length. [ 284.240082][ T9831] 8021q: adding VLAN 0 to HW filter on device bond1 [ 284.402537][ T9841] netlink: 'syz.4.1092': attribute type 20 has an invalid length. [ 284.460282][ T9846] sch_tbf: burst 2 is lower than device lo mtu (65499) ! [ 286.189494][ T9970] xt_HMARK: spi-set and port-set can't be combined [ 286.426535][ T9976] __nla_validate_parse: 13 callbacks suppressed [ 286.426555][ T9976] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1126'. [ 286.569173][ T9976] bond7: entered promiscuous mode [ 286.574674][ T9976] bond7: entered allmulticast mode [ 286.580788][ T9976] 8021q: adding VLAN 0 to HW filter on device bond7 [ 286.641736][ T9992] xt_CONNSECMARK: invalid mode: 0 [ 286.747905][ T9976] bond7 (unregistering): Released all slaves [ 286.818566][ T978] IPVS: starting estimator thread 0... [ 286.825981][ T9999] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1131'. [ 286.915412][T10000] IPVS: using max 25 ests per chain, 60000 per kthread [ 287.041394][T10008] netlink: 'syz.1.1138': attribute type 1 has an invalid length. [ 287.049884][T10008] netlink: 'syz.1.1138': attribute type 2 has an invalid length. [ 287.058659][T10008] netlink: 1172 bytes leftover after parsing attributes in process `syz.1.1138'. [ 287.088335][T10013] syzkaller1: entered promiscuous mode [ 287.092012][T10014] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1137'. [ 287.094041][T10013] syzkaller1: entered allmulticast mode [ 287.125335][T10016] netlink: 300 bytes leftover after parsing attributes in process `syz.4.1136'. [ 287.142765][T10014] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1137'. [ 287.375757][T10033] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1142'. [ 287.384823][T10033] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1142'. [ 287.394247][T10033] netlink: 38 bytes leftover after parsing attributes in process `syz.4.1142'. [ 287.528670][T10041] bond3: (slave geneve0): Releasing active interface [ 287.550737][T10041] bond3: (slave geneve0): the permanent HWaddr of slave - 2e:ea:20:cb:d1:ab - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 287.571114][T10041] geneve0: left allmulticast mode [ 287.580510][T10041] bond3: (slave veth1): Releasing active interface [ 287.886084][T10056] ieee802154 phy1 wpan1: encryption failed: -22 [ 288.082334][T10063] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1152'. [ 289.235085][T10130] netlink: 'syz.0.1176': attribute type 1 has an invalid length. [ 289.338193][T10135] netlink: 'syz.4.1178': attribute type 1 has an invalid length. [ 289.348433][T10130] 8021q: adding VLAN 0 to HW filter on device bond3 [ 289.822165][T10164] syz_tun: entered allmulticast mode [ 289.918767][T10166] delete_channel: no stack [ 289.960808][T10163] syz_tun: left allmulticast mode [ 290.068036][T10174] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 290.079288][T10178] netlink: 'syz.4.1191': attribute type 1 has an invalid length. [ 290.716253][T10215] netlink: 'syz.1.1200': attribute type 21 has an invalid length. [ 290.754390][T10219] netlink: 'syz.1.1200': attribute type 21 has an invalid length. [ 290.951138][T10222] xt_TCPMSS: Only works on TCP SYN packets [ 292.041327][T10274] __nla_validate_parse: 13 callbacks suppressed [ 292.041346][T10274] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1218'. [ 292.167512][T10281] netlink: 'syz.3.1220': attribute type 8 has an invalid length. [ 292.704247][T10300] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 292.731784][T10303] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1228'. [ 292.741488][T10303] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1228'. [ 292.793984][T10305] xt_hashlimit: size too large, truncated to 1048576 [ 293.259747][T10334] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1236'. [ 293.517482][T10345] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1239'. [ 293.618588][T10351] netlink: 596 bytes leftover after parsing attributes in process `syz.4.1240'. [ 293.659225][T10354] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1241'. [ 294.044532][T10378] sctp: [Deprecated]: syz.3.1246 (pid 10378) Use of int in max_burst socket option. [ 294.044532][T10378] Use struct sctp_assoc_value instead [ 294.098236][T10379] net_ratelimit: 9 callbacks suppressed [ 294.098256][T10379] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 294.128961][T10379] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1247'. [ 294.138959][T10379] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1247'. [ 294.615909][T10405] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1257'. [ 295.405805][T10455] netlink: 'syz.4.1272': attribute type 13 has an invalid length. [ 295.414068][T10454] geneve2: entered promiscuous mode [ 295.517872][T10459] netlink: 'syz.1.1274': attribute type 1 has an invalid length. [ 295.763371][T10477] netlink: 'syz.4.1281': attribute type 3 has an invalid length. [ 295.806953][T10477] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 295.808151][T10481] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 296.004174][T10492] x_tables: duplicate underflow at hook 2 [ 296.091281][T10496] 8021q: adding VLAN 0 to HW filter on device bond4 [ 296.117460][T10496] veth5: entered promiscuous mode [ 296.126460][T10496] bond4: (slave veth5): Enslaving as an active interface with an up link [ 296.151136][T10496] vlan0: entered allmulticast mode [ 296.156412][T10496] bond4: entered allmulticast mode [ 296.161565][T10496] veth5: entered allmulticast mode [ 296.478531][T10515] block nbd3: not configured, cannot reconfigure [ 296.736247][T10530] netlink: 'syz.1.1296': attribute type 4 has an invalid length. [ 296.810211][T10534] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 296.824611][T10534] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 296.864595][T10536] openvswitch: netlink: Unexpected mask (mask=1040, allowed=10048) [ 296.946191][ T13] wlan0: Trigger new scan to find an IBSS to join [ 296.958848][T10543] netlink: 'syz.1.1301': attribute type 1 has an invalid length. [ 297.299567][T10568] __nla_validate_parse: 10 callbacks suppressed [ 297.299589][T10568] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1308'. [ 297.859918][T10585] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1311'. [ 297.914698][T10586] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1311'. [ 297.964353][T10588] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 298.135630][T10597] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1315'. [ 298.170954][T10592] netlink: 'syz.3.1316': attribute type 1 has an invalid length. [ 298.284677][T10607] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1317'. [ 298.293969][T10607] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1317'. [ 298.300225][T10592] 8021q: adding VLAN 0 to HW filter on device bond5 [ 298.314081][ T30] audit: type=1107 audit(1748775316.196:5): pid=10601 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='~CM )Z [ 298.314081][ T30] IȦQ$C ݯ$f.Dڈq{5G;HlU>\.J{ [ 298.314081][ T30] u4 t|3a!V:@i#x ]tp_Cȧ藵 *2yhO,ۏD=sTJ- dJ]',MFX_:t*[S3ܐʾ ' [ 298.408099][T10593] bond5: (slave veth7): Enslaving as an active interface with a down link [ 298.880958][T10641] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1329'. [ 298.897842][T10641] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1329'. [ 298.914930][T10641] 0{X: entered promiscuous mode [ 298.928884][T10641] 0{X: left promiscuous mode [ 299.347540][T10670] mac80211_hwsim hwsim9 syzkaller0: left promiscuous mode [ 299.355033][T10670] mac80211_hwsim hwsim9 syzkaller0: left allmulticast mode [ 299.365650][T10670] tipc: Resetting bearer [ 299.376124][T10670] tipc: Resetting bearer [ 299.522004][T10677] SET target dimension over the limit! [ 299.552050][T10677] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1342'. [ 299.664567][T10685] ip6gre3: entered allmulticast mode [ 299.728778][T10687] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1341'. [ 299.758033][T10686] netlink: 'syz.4.1343': attribute type 4 has an invalid length. [ 299.776743][T10687] vcan0: entered promiscuous mode [ 299.787920][T10691] netlink: 'syz.3.1344': attribute type 13 has an invalid length. [ 299.812420][T10693] netlink: 'syz.3.1344': attribute type 13 has an invalid length. [ 300.287177][T10723] sctp: [Deprecated]: syz.4.1355 (pid 10723) Use of struct sctp_assoc_value in delayed_ack socket option. [ 300.287177][T10723] Use struct sctp_sack_info instead [ 300.493956][T10736] x_tables: duplicate underflow at hook 2 [ 300.873161][T10760] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 300.902401][T10760] CPU: 1 UID: 0 PID: 10760 Comm: syz.1.1365 Not tainted 6.15.0-syzkaller-07802-g558428921edd #0 PREEMPT(full) [ 300.902433][T10760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 300.902453][T10760] Call Trace: [ 300.902462][T10760] [ 300.902471][T10760] dump_stack_lvl+0x189/0x250 [ 300.902523][T10760] ? lockdep_hardirqs_on+0x9c/0x150 [ 300.902558][T10760] ? __pfx_dump_stack_lvl+0x10/0x10 [ 300.902592][T10760] ? __pfx__printk+0x10/0x10 [ 300.902625][T10760] ? kernfs_path_from_node+0x2b/0x260 [ 300.902651][T10760] ? kernfs_path_from_node+0x216/0x260 [ 300.902676][T10760] sysfs_warn_dup+0x8e/0xa0 [ 300.902709][T10760] sysfs_do_create_link_sd+0xc0/0x110 [ 300.902746][T10760] device_add_class_symlinks+0x1cf/0x240 [ 300.902776][T10760] device_add+0x475/0xb50 [ 300.902805][T10760] wiphy_register+0x199a/0x26b0 [ 300.902858][T10760] ? __pfx_wiphy_register+0x10/0x10 [ 300.902888][T10760] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 300.902930][T10760] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 300.902971][T10760] ieee80211_register_hw+0x33e1/0x4120 [ 300.903015][T10760] ? ieee80211_register_hw+0x1491/0x4120 [ 300.903048][T10760] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 300.903076][T10760] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 300.903110][T10760] ? __hrtimer_setup+0x187/0x210 [ 300.903138][T10760] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 300.903167][T10760] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 300.903226][T10760] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 300.903247][T10760] ? trace_kmalloc+0x1f/0xd0 [ 300.903274][T10760] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 300.903306][T10760] ? kstrndup+0xbf/0x160 [ 300.903342][T10760] hwsim_new_radio_nl+0xea4/0x1b10 [ 300.903369][T10760] ? __pfx___nla_validate_parse+0x10/0x10 [ 300.903418][T10760] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 300.903456][T10760] ? __nla_parse+0x40/0x60 [ 300.903492][T10760] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 300.903530][T10760] genl_family_rcv_msg_doit+0x215/0x300 [ 300.903576][T10760] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 300.903619][T10760] ? bpf_lsm_capable+0x9/0x20 [ 300.903649][T10760] ? security_capable+0x7e/0x2e0 [ 300.903683][T10760] genl_rcv_msg+0x60e/0x790 [ 300.903718][T10760] ? __pfx_genl_rcv_msg+0x10/0x10 [ 300.903743][T10760] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 300.903795][T10760] netlink_rcv_skb+0x205/0x470 [ 300.903828][T10760] ? __pfx_genl_rcv_msg+0x10/0x10 [ 300.903873][T10760] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 300.903928][T10760] ? down_read+0x1ad/0x2e0 [ 300.903961][T10760] genl_rcv+0x28/0x40 [ 300.903984][T10760] netlink_unicast+0x758/0x8d0 [ 300.904028][T10760] netlink_sendmsg+0x805/0xb30 [ 300.904060][T10760] ? __pfx_netlink_sendmsg+0x10/0x10 [ 300.904085][T10760] ? aa_sock_msg_perm+0x94/0x160 [ 300.904115][T10760] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 300.904139][T10760] ? __pfx_netlink_sendmsg+0x10/0x10 [ 300.904161][T10760] __sock_sendmsg+0x21c/0x270 [ 300.904193][T10760] ____sys_sendmsg+0x505/0x830 [ 300.904222][T10760] ? __pfx_____sys_sendmsg+0x10/0x10 [ 300.904255][T10760] ? import_iovec+0x74/0xa0 [ 300.904282][T10760] ___sys_sendmsg+0x21f/0x2a0 [ 300.904307][T10760] ? __pfx____sys_sendmsg+0x10/0x10 [ 300.904375][T10760] ? __fget_files+0x2a/0x420 [ 300.904406][T10760] ? __fget_files+0x3a0/0x420 [ 300.904452][T10760] __x64_sys_sendmsg+0x19b/0x260 [ 300.904478][T10760] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 300.904513][T10760] ? rcu_is_watching+0x15/0xb0 [ 300.904556][T10760] ? do_syscall_64+0xbe/0x3b0 [ 300.904589][T10760] do_syscall_64+0xfa/0x3b0 [ 300.904615][T10760] ? lockdep_hardirqs_on+0x9c/0x150 [ 300.904640][T10760] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.904661][T10760] ? clear_bhb_loop+0x60/0xb0 [ 300.904687][T10760] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.904708][T10760] RIP: 0033:0x7f637358e969 [ 300.904734][T10760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 300.904752][T10760] RSP: 002b:00007f63743c7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 300.904779][T10760] RAX: ffffffffffffffda RBX: 00007f63737b5fa0 RCX: 00007f637358e969 [ 300.904795][T10760] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 300.904808][T10760] RBP: 00007f6373610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 300.904821][T10760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 300.904833][T10760] R13: 0000000000000000 R14: 00007f63737b5fa0 R15: 00007ffc25260a98 [ 300.904869][T10760] [ 301.360693][T10765] netlink: 'syz.4.1366': attribute type 1 has an invalid length. [ 301.368778][T10765] netlink: 'syz.4.1366': attribute type 1 has an invalid length. [ 301.919803][ T13] wlan0: Trigger new scan to find an IBSS to join [ 302.076557][T10798] syz.0.1374 (10798) used greatest stack depth: 17992 bytes left [ 302.420293][T10828] __nla_validate_parse: 8 callbacks suppressed [ 302.420316][T10828] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1385'. [ 302.539184][T10837] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1388'. [ 302.564176][T10839] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1389'. [ 302.609714][T10839] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1389'. [ 302.864895][ T3556] tipc: Subscription rejected, illegal request [ 302.871860][ T6910] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 303.017790][T10868] IPVS: set_ctl: invalid protocol: 33 172.30.0.4:20002 [ 303.090237][T10871] pimreg: entered allmulticast mode [ 303.169143][T10873] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 303.201957][T10875] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1399'. [ 303.211699][T10875] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1399'. [ 303.251926][ T30] audit: type=1107 audit(1748775321.136:6): pid=10874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='LOb5PX/5XLkNWe F:W2:(Q?&FdB!wԼdMt~xą:C#kOP71)`8JqٱXh8ZnWIcanEJgk.Gᖗ~HxXνXEx;"hJ ~#}5;]//JPOBӠfx] ß`\Jۻ\4,0]MLMi$X^z7=LXMj~1Go8{$/EVi9LglKrບ\ /'uj:ԓ wqƂԞ[Erf؀h)AﮃC4tozDp apRƶL[mwD^s?ȩM;:$ARAe5NRwBѪ'=)Ѻ3Sb+.sHֳ3Hю<]`E]\<&^5Vqm=՟ajUVV|'0, priority 10 [ 306.372481][T11057] syzkaller0: entered promiscuous mode [ 306.386257][T11057] syzkaller0: entered allmulticast mode [ 307.385449][ T7151] tipc: Node number set to 3871683805 [ 307.915481][ T5833] Bluetooth: hci4: command 0x0405 tx timeout [ 310.005635][T11128] netlink: 'syz.0.1481': attribute type 12 has an invalid length. [ 310.027549][T11128] netlink: 'syz.0.1481': attribute type 4 has an invalid length. [ 310.056784][T11128] netlink: 'syz.0.1481': attribute type 4 has an invalid length. [ 310.105600][T11137] __nla_validate_parse: 4 callbacks suppressed [ 310.105620][T11137] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1485'. [ 310.116965][T11137] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1485'. [ 310.300261][T11150] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1489'. [ 310.311209][T11152] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1489'. [ 310.342677][T11150] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1489'. [ 310.342677][T11152] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1489'. [ 310.342712][T11152] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1489'. [ 310.377969][T11150] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1489'. [ 310.391955][T11153] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1487'. [ 310.404650][T11153] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1487'. [ 310.463505][T11160] nbd: illegal input index 61504 [ 310.721833][T11176] vcan0: entered promiscuous mode [ 310.766766][T11182] x_tables: duplicate underflow at hook 1 [ 310.829956][T11184] pim6reg: entered allmulticast mode [ 310.942823][T11193] batadv0: entered allmulticast mode [ 311.414368][T11217] netlink: 'syz.1.1510': attribute type 11 has an invalid length. [ 311.478401][T11219] xt_policy: too many policy elements [ 311.525644][ T13] bond2: left allmulticast mode [ 311.530567][ T13] bond2: left promiscuous mode [ 311.546581][ T13] bridge0: port 1(bond2) entered disabled state [ 311.631560][T11233] netlink: 'syz.4.1517': attribute type 1 has an invalid length. [ 311.656650][T11237] netlink: 'syz.3.1515': attribute type 7 has an invalid length. [ 311.664526][T11237] netlink: 'syz.3.1515': attribute type 8 has an invalid length. [ 311.683282][T11237] netlink: 'syz.3.1515': attribute type 1 has an invalid length. [ 311.691801][ T13] bond0 (unregistering): (slave ip6gretap0): Removing an active aggregator [ 311.714534][ T13] bond0 (unregistering): (slave ip6gretap0): Releasing backup interface [ 311.743565][ T13] tipc: Disabling bearer [ 312.037386][ T13] bond0 (unregistering): Released all slaves [ 312.080400][ T13] bond1 (unregistering): Released all slaves [ 312.266426][ T13] bond2 (unregistering): Released all slaves [ 312.342589][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 312.360814][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 312.373531][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 312.390889][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 312.410885][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 312.424220][ T13] bond3 (unregistering): Released all slaves [ 312.443374][ T2150] infiniband srz1: ib_query_port failed (-19) [ 312.620730][ T13] tipc: Left network mode [ 312.753453][T11260] ipt_REJECT: ECHOREPLY no longer supported. [ 312.773086][ T6912] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 312.781941][ T6912] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 312.924892][ T3556] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 312.940527][ T3556] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 313.144470][T11273] (unnamed net_device) (uninitialized): down delay (33554432) is not a multiple of miimon (640), value rounded to 33553920 ms [ 313.234363][ T13] IPVS: stop unused estimator thread 0... [ 314.356490][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 314.367962][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 314.379235][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 314.398492][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 314.409543][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 314.458834][T11326] netlink: 'syz.3.1544': attribute type 3 has an invalid length. [ 314.600879][T11331] xt_TPROXY: Can be used only with -p tcp or -p udp [ 314.615254][T11331] xt_TPROXY: Can be used only with -p tcp or -p udp [ 314.810711][ T6910] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 314.837151][ T6910] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 314.902729][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 314.918658][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.016882][T11351] syzkaller0: entered promiscuous mode [ 315.031525][T11351] syzkaller0: entered allmulticast mode [ 315.307427][T11375] netlink: 'syz.4.1558': attribute type 1 has an invalid length. [ 315.318800][T11373] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 315.469620][T11375] 8021q: adding VLAN 0 to HW filter on device bond2 [ 315.499409][T11377] bond2: (slave veth3): Enslaving as an active interface with a down link [ 315.806465][T11392] __nla_validate_parse: 15 callbacks suppressed [ 315.806485][T11392] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1563'. [ 315.921018][T11394] tipc: Enabling of bearer rejected, failed to enable media [ 316.047181][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 316.067692][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 316.080505][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 316.089679][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 316.099205][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 316.232970][ T6912] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 316.241469][ T6912] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 316.274782][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 316.283259][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 317.190801][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.273045][T11430] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1574'. [ 317.395384][T11432] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1575'. [ 317.404488][T11434] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1576'. [ 317.404488][T11432] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1575'. [ 317.423519][T11434] netlink: 'syz.4.1576': attribute type 1 has an invalid length. [ 317.431544][T11437] netlink: 'syz.4.1576': attribute type 1 has an invalid length. [ 317.460634][T11439] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1575'. [ 317.472710][T11437] veth5: entered promiscuous mode [ 317.535441][T11434] erspan0: entered allmulticast mode [ 317.641741][T11446] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 317.651069][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 317.659840][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 317.661722][T11450] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1581'. [ 317.678980][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 317.687956][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 317.695977][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 317.852982][ T6746] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 317.865959][ T6746] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 317.907957][ T6746] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 317.916267][ T6746] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 317.956453][T11461] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1584'. [ 317.966368][T11461] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1584'. [ 319.155413][T11487] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1591'. [ 319.629487][ T5148] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 319.641070][ T5148] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 319.650403][ T5148] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 319.676592][ T5148] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 319.686558][ T5148] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 319.805593][T11514] tipc: Resetting bearer [ 319.826160][T11514] IPVS: set_ctl: invalid protocol: 29 224.0.0.1:0 [ 319.984621][ T6910] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 319.995310][ T6910] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 320.043543][ T6910] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 320.057757][ T6910] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 320.386130][T11502] [ 320.388508][T11502] ========================= [ 320.393019][T11502] WARNING: held lock freed! [ 320.397525][T11502] 6.15.0-syzkaller-07802-g558428921edd #0 Not tainted [ 320.404281][T11502] ------------------------- [ 320.408778][T11502] syz.3.1595/11502 is freeing memory ffff88806344e000-ffff88806344e7ff, with a lock still held there! [ 320.419713][T11502] ffff88806344e258 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: bt_accept_dequeue+0xfc/0x590 [ 320.430696][T11502] 2 locks held by syz.3.1595/11502: [ 320.435889][T11502] #0: ffff888061e19a08 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 320.446098][T11502] #1: ffff88806344e258 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: bt_accept_dequeue+0xfc/0x590 [ 320.457594][T11502] [ 320.457594][T11502] stack backtrace: [ 320.463494][T11502] CPU: 0 UID: 0 PID: 11502 Comm: syz.3.1595 Not tainted 6.15.0-syzkaller-07802-g558428921edd #0 PREEMPT(full) [ 320.463516][T11502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 320.463533][T11502] Call Trace: [ 320.463540][T11502] [ 320.463548][T11502] dump_stack_lvl+0x189/0x250 [ 320.463577][T11502] ? __pfx_dump_stack_lvl+0x10/0x10 [ 320.463603][T11502] ? __pfx__printk+0x10/0x10 [ 320.463625][T11502] debug_check_no_locks_freed+0x18b/0x1c0 [ 320.463650][T11502] ? __sk_destruct+0x4e1/0x660 [ 320.463665][T11502] kfree+0xfd/0x440 [ 320.463690][T11502] __sk_destruct+0x4e1/0x660 [ 320.463707][T11502] bt_accept_dequeue+0x3ce/0x590 [ 320.463733][T11502] l2cap_sock_cleanup_listen+0x2f/0x3e0 [ 320.463753][T11502] l2cap_sock_release+0x5d/0x1d0 [ 320.463770][T11502] sock_close+0xc3/0x240 [ 320.463789][T11502] ? __pfx_sock_close+0x10/0x10 [ 320.463807][T11502] __fput+0x44c/0xa70 [ 320.463829][T11502] task_work_run+0x1d1/0x260 [ 320.463850][T11502] ? __pfx_task_work_run+0x10/0x10 [ 320.463871][T11502] ? exit_to_user_mode_loop+0x40/0x110 [ 320.463894][T11502] exit_to_user_mode_loop+0xec/0x110 [ 320.463915][T11502] do_syscall_64+0x2bd/0x3b0 [ 320.463937][T11502] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.463953][T11502] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 320.463969][T11502] ? clear_bhb_loop+0x60/0xb0 [ 320.463987][T11502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.464003][T11502] RIP: 0033:0x7f6b8138e969 [ 320.464019][T11502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.464033][T11502] RSP: 002b:00007ffdbed1fe88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 320.464049][T11502] RAX: 0000000000000000 RBX: 00007f6b815b7ba0 RCX: 00007f6b8138e969 [ 320.464060][T11502] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 320.464075][T11502] RBP: 00007f6b815b7ba0 R08: 0000000000000178 R09: 00000015bed2017f [ 320.464086][T11502] R10: 00007f6b815b7ac0 R11: 0000000000000246 R12: 000000000004e35c [ 320.464097][T11502] R13: 00007f6b815b6080 R14: ffffffffffffffff R15: 00007ffdbed1ffa0 [ 320.464116][T11502] [ 320.705280][T11502] ================================================================== [ 320.713399][T11502] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x23d/0x290 [ 320.721250][T11502] Read of size 4 at addr ffff88806344e1c4 by task syz.3.1595/11502 [ 320.729162][T11502] [ 320.731502][T11502] CPU: 1 UID: 0 PID: 11502 Comm: syz.3.1595 Not tainted 6.15.0-syzkaller-07802-g558428921edd #0 PREEMPT(full) [ 320.731529][T11502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 320.731542][T11502] Call Trace: [ 320.731549][T11502] [ 320.731558][T11502] dump_stack_lvl+0x189/0x250 [ 320.731592][T11502] ? __virt_addr_valid+0x1c8/0x5c0 [ 320.731611][T11502] ? rcu_is_watching+0x15/0xb0 [ 320.731641][T11502] ? __pfx_dump_stack_lvl+0x10/0x10 [ 320.731671][T11502] ? rcu_is_watching+0x15/0xb0 [ 320.731699][T11502] ? lock_release+0x4b/0x3e0 [ 320.731727][T11502] ? __virt_addr_valid+0x1c8/0x5c0 [ 320.731746][T11502] ? __virt_addr_valid+0x4a5/0x5c0 [ 320.731766][T11502] print_report+0xd2/0x2b0 [ 320.731798][T11502] ? do_raw_spin_lock+0x23d/0x290 [ 320.731817][T11502] kasan_report+0x118/0x150 [ 320.731848][T11502] ? do_raw_spin_lock+0x23d/0x290 [ 320.731872][T11502] do_raw_spin_lock+0x23d/0x290 [ 320.731892][T11502] ? lock_acquire+0x5f/0x360 [ 320.731917][T11502] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 320.731937][T11502] ? __sk_destruct+0x4e1/0x660 [ 320.731958][T11502] ? release_sock+0x2f/0x1f0 [ 320.731986][T11502] release_sock+0x2f/0x1f0 [ 320.732014][T11502] bt_accept_dequeue+0x512/0x590 [ 320.732048][T11502] l2cap_sock_cleanup_listen+0x2f/0x3e0 [ 320.732072][T11502] l2cap_sock_release+0x5d/0x1d0 [ 320.732093][T11502] sock_close+0xc3/0x240 [ 320.732117][T11502] ? __pfx_sock_close+0x10/0x10 [ 320.732139][T11502] __fput+0x44c/0xa70 [ 320.732165][T11502] task_work_run+0x1d1/0x260 [ 320.732191][T11502] ? __pfx_task_work_run+0x10/0x10 [ 320.732217][T11502] ? exit_to_user_mode_loop+0x40/0x110 [ 320.732245][T11502] exit_to_user_mode_loop+0xec/0x110 [ 320.732271][T11502] do_syscall_64+0x2bd/0x3b0 [ 320.732297][T11502] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.732317][T11502] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 320.732338][T11502] ? clear_bhb_loop+0x60/0xb0 [ 320.732361][T11502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.732380][T11502] RIP: 0033:0x7f6b8138e969 [ 320.732399][T11502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.732416][T11502] RSP: 002b:00007ffdbed1fe88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 320.732438][T11502] RAX: 0000000000000000 RBX: 00007f6b815b7ba0 RCX: 00007f6b8138e969 [ 320.732452][T11502] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 320.732464][T11502] RBP: 00007f6b815b7ba0 R08: 0000000000000178 R09: 00000015bed2017f [ 320.732478][T11502] R10: 00007f6b815b7ac0 R11: 0000000000000246 R12: 000000000004e35c [ 320.732491][T11502] R13: 00007f6b815b6080 R14: ffffffffffffffff R15: 00007ffdbed1ffa0 [ 320.732516][T11502] [ 320.732523][T11502] [ 321.000729][T11502] Allocated by task 5833: [ 321.005054][T11502] kasan_save_track+0x3e/0x80 [ 321.009740][T11502] __kasan_kmalloc+0x93/0xb0 [ 321.014345][T11502] __kmalloc_noprof+0x27a/0x4f0 [ 321.019218][T11502] sk_prot_alloc+0xe7/0x220 [ 321.023732][T11502] sk_alloc+0x3a/0x370 [ 321.027798][T11502] bt_sock_alloc+0x3b/0x310 [ 321.032307][T11502] l2cap_sock_new_connection_cb+0xe2/0x2b0 [ 321.038119][T11502] l2cap_connect_cfm+0x37a/0x1040 [ 321.043148][T11502] hci_remote_features_evt+0x581/0x8e0 [ 321.048610][T11502] hci_event_packet+0x7e3/0x1200 [ 321.053547][T11502] hci_rx_work+0x46a/0xe80 [ 321.057968][T11502] process_scheduled_works+0xae1/0x17b0 [ 321.063520][T11502] worker_thread+0x8a0/0xda0 [ 321.068117][T11502] kthread+0x70e/0x8a0 [ 321.072183][T11502] ret_from_fork+0x3fc/0x770 [ 321.076780][T11502] ret_from_fork_asm+0x1a/0x30 [ 321.081561][T11502] [ 321.083882][T11502] Freed by task 11502: [ 321.087944][T11502] kasan_save_track+0x3e/0x80 [ 321.092641][T11502] kasan_save_free_info+0x46/0x50 [ 321.097690][T11502] __kasan_slab_free+0x62/0x70 [ 321.102465][T11502] kfree+0x18e/0x440 [ 321.106362][T11502] __sk_destruct+0x4e1/0x660 [ 321.110947][T11502] bt_accept_dequeue+0x3ce/0x590 [ 321.115895][T11502] l2cap_sock_cleanup_listen+0x2f/0x3e0 [ 321.121442][T11502] l2cap_sock_release+0x5d/0x1d0 [ 321.126393][T11502] sock_close+0xc3/0x240 [ 321.130647][T11502] __fput+0x44c/0xa70 [ 321.134627][T11502] task_work_run+0x1d1/0x260 [ 321.139217][T11502] exit_to_user_mode_loop+0xec/0x110 [ 321.144509][T11502] do_syscall_64+0x2bd/0x3b0 [ 321.149104][T11502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.154996][T11502] [ 321.157316][T11502] The buggy address belongs to the object at ffff88806344e000 [ 321.157316][T11502] which belongs to the cache kmalloc-2k of size 2048 [ 321.171384][T11502] The buggy address is located 452 bytes inside of [ 321.171384][T11502] freed 2048-byte region [ffff88806344e000, ffff88806344e800) [ 321.185270][T11502] [ 321.187593][T11502] The buggy address belongs to the physical page: [ 321.194256][T11502] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x63448 [ 321.203014][T11502] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 321.211510][T11502] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 321.219506][T11502] page_type: f5(slab) [ 321.223490][T11502] raw: 00fff00000000040 ffff88801a442000 0000000000000000 dead000000000001 [ 321.232100][T11502] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 321.240691][T11502] head: 00fff00000000040 ffff88801a442000 0000000000000000 dead000000000001 [ 321.249363][T11502] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 321.258034][T11502] head: 00fff00000000003 ffffea00018d1201 00000000ffffffff 00000000ffffffff [ 321.266707][T11502] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 321.275368][T11502] page dumped because: kasan: bad access detected [ 321.281786][T11502] page_owner tracks the page as allocated [ 321.287496][T11502] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5837, tgid 5837 (syz-executor), ts 92828300973, free_ts 29022101870 [ 321.308960][T11502] post_alloc_hook+0x240/0x2a0 [ 321.313743][T11502] get_page_from_freelist+0x21e0/0x22c0 [ 321.319315][T11502] __alloc_frozen_pages_noprof+0x181/0x370 [ 321.325123][T11502] alloc_pages_mpol+0x232/0x4a0 [ 321.329978][T11502] allocate_slab+0x8a/0x3b0 [ 321.334482][T11502] ___slab_alloc+0xbfc/0x1480 [ 321.339163][T11502] __kmalloc_cache_noprof+0x296/0x3d0 [ 321.344542][T11502] rxrpc_alloc_connection+0x7b/0x590 [ 321.349829][T11502] rxrpc_prealloc_service_connection+0x26/0x2e0 [ 321.356086][T11502] rxrpc_service_prealloc_one+0x2f5/0xe00 [ 321.361821][T11502] afs_charge_preallocation+0x394/0x4e0 [ 321.367392][T11502] afs_open_socket+0x302/0x3a0 [ 321.372164][T11502] afs_net_init+0x67d/0x880 [ 321.376681][T11502] ops_init+0x35c/0x5c0 [ 321.380848][T11502] setup_net+0x219/0x4b0 [ 321.385101][T11502] copy_net_ns+0x32e/0x590 [ 321.389530][T11502] page last free pid 1 tgid 1 stack trace: [ 321.395336][T11502] __free_frozen_pages+0xc6e/0xe50 [ 321.400463][T11502] free_contig_range+0x1bd/0x4a0 [ 321.405401][T11502] destroy_args+0x7e/0x5d0 [ 321.409830][T11502] debug_vm_pgtable+0x412/0x450 [ 321.414686][T11502] do_one_initcall+0x233/0x820 [ 321.419449][T11502] do_initcall_level+0x137/0x1f0 [ 321.424394][T11502] do_initcalls+0x69/0xd0 [ 321.428730][T11502] kernel_init_freeable+0x3d9/0x570 [ 321.433937][T11502] kernel_init+0x1d/0x1d0 [ 321.438275][T11502] ret_from_fork+0x3fc/0x770 [ 321.442886][T11502] ret_from_fork_asm+0x1a/0x30 [ 321.447677][T11502] [ 321.449998][T11502] Memory state around the buggy address: [ 321.455625][T11502] ffff88806344e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 321.463684][T11502] ffff88806344e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 321.471745][T11502] >ffff88806344e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 321.479800][T11502] ^ [ 321.485951][T11502] ffff88806344e200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 321.494007][T11502] ffff88806344e280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 321.502061][T11502] ================================================================== [ 321.510239][T11502] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 321.517456][T11502] CPU: 1 UID: 0 PID: 11502 Comm: syz.3.1595 Not tainted 6.15.0-syzkaller-07802-g558428921edd #0 PREEMPT(full) [ 321.529206][T11502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 321.539282][T11502] Call Trace: [ 321.542562][T11502] [ 321.545495][T11502] dump_stack_lvl+0x99/0x250 [ 321.550102][T11502] ? __asan_memcpy+0x40/0x70 [ 321.554721][T11502] ? __pfx_dump_stack_lvl+0x10/0x10 [ 321.559931][T11502] ? __pfx__printk+0x10/0x10 [ 321.564531][T11502] panic+0x2db/0x790 [ 321.568441][T11502] ? __pfx_panic+0x10/0x10 [ 321.572866][T11502] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 321.578762][T11502] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 321.584664][T11502] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 321.590995][T11502] ? print_memory_metadata+0x314/0x400 [ 321.596462][T11502] ? do_raw_spin_lock+0x23d/0x290 [ 321.601487][T11502] check_panic_on_warn+0x89/0xb0 [ 321.606431][T11502] ? do_raw_spin_lock+0x23d/0x290 [ 321.611460][T11502] end_report+0x78/0x160 [ 321.615714][T11502] kasan_report+0x129/0x150 [ 321.620259][T11502] ? do_raw_spin_lock+0x23d/0x290 [ 321.625293][T11502] do_raw_spin_lock+0x23d/0x290 [ 321.630149][T11502] ? lock_acquire+0x5f/0x360 [ 321.634757][T11502] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 321.640138][T11502] ? __sk_destruct+0x4e1/0x660 [ 321.644911][T11502] ? release_sock+0x2f/0x1f0 [ 321.649508][T11502] release_sock+0x2f/0x1f0 [ 321.653938][T11502] bt_accept_dequeue+0x512/0x590 [ 321.658893][T11502] l2cap_sock_cleanup_listen+0x2f/0x3e0 [ 321.664449][T11502] l2cap_sock_release+0x5d/0x1d0 [ 321.669390][T11502] sock_close+0xc3/0x240 [ 321.673642][T11502] ? __pfx_sock_close+0x10/0x10 [ 321.678499][T11502] __fput+0x44c/0xa70 [ 321.682486][T11502] task_work_run+0x1d1/0x260 [ 321.687087][T11502] ? __pfx_task_work_run+0x10/0x10 [ 321.692204][T11502] ? exit_to_user_mode_loop+0x40/0x110 [ 321.697670][T11502] exit_to_user_mode_loop+0xec/0x110 [ 321.702958][T11502] do_syscall_64+0x2bd/0x3b0 [ 321.707554][T11502] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.713622][T11502] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 321.719783][T11502] ? clear_bhb_loop+0x60/0xb0 [ 321.724463][T11502] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.730355][T11502] RIP: 0033:0x7f6b8138e969 [ 321.734768][T11502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 321.754377][T11502] RSP: 002b:00007ffdbed1fe88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 321.762796][T11502] RAX: 0000000000000000 RBX: 00007f6b815b7ba0 RCX: 00007f6b8138e969 [ 321.770767][T11502] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 321.778750][T11502] RBP: 00007f6b815b7ba0 R08: 0000000000000178 R09: 00000015bed2017f [ 321.786719][T11502] R10: 00007f6b815b7ac0 R11: 0000000000000246 R12: 000000000004e35c [ 321.794708][T11502] R13: 00007f6b815b6080 R14: ffffffffffffffff R15: 00007ffdbed1ffa0 [ 321.802690][T11502] [ 321.806047][T11502] Kernel Offset: disabled [ 321.810364][T11502] Rebooting in 86400 seconds..