last executing test programs: 3.948310871s ago: executing program 0 (id=1090): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000000)={@map, 0xffffffffffffffff, 0x0, 0x0, 0x4, @prog_fd}, 0x20) 3.781030128s ago: executing program 0 (id=1092): syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'tunl0\x00', &(0x7f0000000140)=@ethtool_cmd={0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x3c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @disassoc={{{}, {0x3}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, @void}}]}, 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000080)='westwood\x00', 0x9) connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x44, r7, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_UDP_SPORT={0x6}, @L2TP_ATTR_UDP_DPORT={0x6}]}, 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002040)={0x0, 0x43c}}, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r11, @ANYBLOB="0a0034000202020202020000040067000400cc00040008010600660000000000"], 0x3c}}, 0x0) syz_emit_ethernet(0x4f, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaa9e360ca3b11378e9c04a1117789eaaaaaaaaaaaaaa0086dd60cabf0000193afffe8000000000000000000000000000bbff0200000000000000000000000000000301a78ce540065980"], 0x0) write$binfmt_script(r8, &(0x7f0000000100), 0xfffffd9d) r12 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000880)={'macvlan1\x00', 0x0}) sendto$packet(r12, 0x0, 0x64, 0x0, &(0x7f00000001c0)={0x11, 0x1, r13, 0x1, 0x0, 0x6, @remote}, 0x14) sendmsg$NL80211_CMD_DEL_PMKSA(r8, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="44000000d52f1640e032945295759fb7ecc3052670e75bda915536f9ac493f793446afa557281b5a94f0d093ab8fd4fd71f49402f923bedc3f0c592fef987179a2740b2294f22c92bbaa13718ce44160c47983194c85d6ecee48e98298a6fe522c559364c9cbb3d1a32812554c5d3d939a66fa6298ce960dea24b85d9b284f0b839719e508e2c2aef2b84dbe30a8a85247ebe249a775b431ab25bf894f2916e866f7e94d5aa13c4e9e9c2d588c9f55f0e5e87fd6446ac6a77d", @ANYRES16=r10, @ANYBLOB="000125bd7000fbdbdf253500000008000300", @ANYRES32=r11, @ANYBLOB="0c009900000400002b0000000a000600ffffffffffff00000600fd00ffff00000500200100000000"], 0x44}, 0x1, 0x0, 0x0, 0x20000011}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000400)=ANY=[@ANYBLOB="61122800000000006113140000000000bf1000000000000015000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000140300000ee600f06702000014000000160300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef130f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c78cd3e7dbeca38e49a9d5221f1f45f0a25890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25"], &(0x7f0000000100)='GPL\x00'}, 0x48) sendfile(r5, r8, 0x0, 0x8000002b) 2.55553936s ago: executing program 0 (id=1104): socket$igmp(0x2, 0x3, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000002c0)={0x40, r1, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x7, 0x13, [{0x18}, {0x0, 0x1}, {}]}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x1f9}]}, 0x40}}, 0x0) 2.453567087s ago: executing program 3 (id=1105): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmmsg$inet6(r1, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private2, 0x1e9b}, 0x1c, 0x0}}], 0x1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) connect$llc(r3, 0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, 0x0, 0x40084) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0500000000005a642f61945800000000b40d", @ANYRES32=r5, @ANYBLOB="0800050002000000"], 0x24}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)={0x70, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x39, 0xe, {{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x0, @void, @val={0x1, 0x6, [{0xc, 0x1}, {0xb}, {0x36, 0x1}, {0x6, 0x1}, {0x6c}, {0x6, 0x1}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0x0, 0xfd, 0x20}}, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xa4a2}]}, 0x70}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xc}]]}, 0x30}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r11 = socket$caif_seqpacket(0x25, 0x5, 0x0) getpid() sendmsg$unix(r10, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@rights={{0x14, 0x1, 0x1, [r9]}}, @rights={{0x14, 0x1, 0x1, [r11]}}], 0x30}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000540)=@data_frame={@msdu=@type01={{0x0, 0x2, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x7ff8}, @broadcast, @from_mac=@broadcast, @device_b, {0x5, 0x4}, "", @value={0x0, 0x1, 0x0, 0x0, 0x49}, @value=@ver_80211n={0x0, 0x3, 0x3, 0x0, 0x0, 0x1, 0x1}}, @a_msdu=[{@device_b, @device_a, 0x3d, "74045964923de18f7eea94ff55add03f6d5e3ba60774ad178fc2b8c6177e0df67ecf3f3475a38b9368c95d466544b089abe5c9640ca5316767bc0a09d5"}, {@device_b, @device_b, 0x54, "3b4edecae625e46bc1251ed7a3d952796157205d16bc4ce267372f2ea60078a15eede8383a5f200f352e6199b1ec8ecdcc59ec1e6aabfb205853550f4abd600fe975b4ce792b01888bfd4c0d32e54a1d5f5a7bd7"}, {@device_a, @broadcast, 0x65, "4ed248387f26bd77ee8f452b19b65ed06d0fb5a25ee9f3583e7c3d279d923c412da16e9c9938cd6286b391f31012a3baf9c15542d3855c194075e46ffd6d9b9d7f884fabaad4226e73418bac5874f168c403acfbec0a19c6363744cf93024ca8d37d592201"}, {@broadcast, @device_b}]}, 0x152) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x0, 0x0, @void}, 0x1e) socket$pppl2tp(0x18, 0x1, 0x1) socket$tipc(0x1e, 0x5, 0x0) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {0x22ec}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x0, 0x0, @default, @val={0x1, 0x2, [{}, {}]}, @void}, 0x22) r12 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$SIOCRSSL2CALL(r12, 0x89e2, &(0x7f0000000000)=@bcast) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DREG={0x8}, @NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_KEY={0x8}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0) 2.281051642s ago: executing program 2 (id=1108): socket$packet(0x11, 0x3, 0x300) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000000)={@map, 0xffffffffffffffff, 0x0, 0x0, 0x4, @prog_fd}, 0x20) 2.240024256s ago: executing program 0 (id=1109): syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'tunl0\x00', &(0x7f0000000140)=@ethtool_cmd={0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x3c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @disassoc={{{}, {0x3}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, @void}}]}, 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000080)='westwood\x00', 0x9) connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x44, r7, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_UDP_SPORT={0x6}, @L2TP_ATTR_UDP_DPORT={0x6}]}, 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002040)={0x0, 0x43c}}, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r11, @ANYBLOB="0a0034000202020202020000040067000400cc00040008010600660000000000"], 0x3c}}, 0x0) syz_emit_ethernet(0x4f, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaa9e360ca3b11378e9c04a1117789eaaaaaaaaaaaaaa0086dd60cabf0000193afffe8000000000000000000000000000bbff0200000000000000000000000000000301a78ce540065980"], 0x0) write$binfmt_script(r8, &(0x7f0000000100), 0xfffffd9d) r12 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000880)={'macvlan1\x00', 0x0}) sendto$packet(r12, 0x0, 0x64, 0x0, &(0x7f00000001c0)={0x11, 0x1, r13, 0x1, 0x0, 0x6, @remote}, 0x14) sendmsg$NL80211_CMD_DEL_PMKSA(r8, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="44000000d52f1640e032945295759fb7ecc3052670e75bda915536f9ac493f793446afa557281b5a94f0d093ab8fd4fd71f49402f923bedc3f0c592fef987179a2740b2294f22c92bbaa13718ce44160c47983194c85d6ecee48e98298a6fe522c559364c9cbb3d1a32812554c5d3d939a66fa6298ce960dea24b85d9b284f0b839719e508e2c2aef2b84dbe30a8a85247ebe249a775b431ab25bf894f2916e866f7e94d5aa13c4e9e9c2d588c9f55f0e5e87fd6446ac6a77d", @ANYRES16=r10, @ANYBLOB="000125bd7000fbdbdf253500000008000300", @ANYRES32=r11, @ANYBLOB="0c009900000400002b0000000a000600ffffffffffff00000600fd00ffff00000500200100000000"], 0x44}, 0x1, 0x0, 0x0, 0x20000011}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000400)=ANY=[@ANYBLOB="61122800000000006113140000000000bf1000000000000015000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000140300000ee600f06702000014000000160300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef130f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c78cd3e7dbeca38e49a9d5221f1f45f0a25890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25"], &(0x7f0000000100)='GPL\x00'}, 0x48) sendfile(r5, r8, 0x0, 0x8000002b) 2.101183165s ago: executing program 2 (id=1111): syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff) socket$inet6_udplite(0xa, 0x2, 0x88) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00'}, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000440)=ANY=[@ANYBLOB="4401000010000100000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb00000000000000010000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="64010102000000000000000000000000000000006c000000ac1414bb0000000000000000000000000000000000100000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000c89012d00972d91e100000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000020000010000000000000000006465666c617465000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c00080008000800000000004086c65989a41054ced4f32276902376dc43c9b24be66bd9b475418e8bcc6d25032b6d77c674ea6a66b53440694712be4b9bcb174de25f465b630bcca8799bf1f5a0e661737895c2c87b9a3b123fb65363b2352eccd09ecc64fbe92b3c22a9feff601026ea390bf3633f0cfae709b0ee650c1e49af457ef90cba9b58d317e6733091eee75d3bfb90e4a165aca0b664712e47f6b02eb389685d54d73a3b71c41c0f0bbf81"], 0x144}}, 0x4810) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655"], &(0x7f0000000340)='syzkaller\x00'}, 0x90) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="28000000111001000000000000000000d98ad0dcdd563cfc0000000000000000000a003300efc1e5ea560bded694393d9a72f2c1f858"], 0x28}}, 0x0) socket$inet6(0xa, 0x2, 0x0) socket$inet6(0xa, 0x0, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r4, &(0x7f0000000000)={0x1f, @fixed}, 0x8) setsockopt$bt_BT_SNDMTU(r4, 0x112, 0xb, 0x0, 0x0) r5 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, 0x0, 0x0) bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r5, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r5, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000410007010000000000000000017c00635c368c5e8abd7e81bd98f716f1dbf0a48109"], 0x1c}}, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MPATH(r7, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x12800040}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="000129bd7000fedbdf25150000000a00060008021100000000000a001a0008021100000100000a0006000802110000000000"], 0x38}, 0x1, 0x0, 0x0, 0x24008050}, 0x10000) ioctl(r6, 0x8b2a, &(0x7f0000000040)) 2.09041482s ago: executing program 1 (id=1112): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000002c0)={0x40, r2, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x6, 0x13, [{0x18}, {0x0, 0x1}]}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x1f9}]}, 0x40}}, 0x0) 2.00715871s ago: executing program 1 (id=1114): connect$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5400c00e120001032cbd700000000000000000004e234e240be50000feffffff00000000000000009e3ff2c1a91200"/56, @ANYRES32=0x0, @ANYBLOB="000000000000000000100000040000000800030011"], 0x54}}, 0x0) 1.901344362s ago: executing program 4 (id=1115): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000000)={@map, 0xffffffffffffffff, 0x0, 0x0, 0x4, @prog_fd}, 0x20) 1.881344132s ago: executing program 1 (id=1116): syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'tunl0\x00', &(0x7f0000000140)=@ethtool_cmd={0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x3c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @disassoc={{{}, {0x3}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, @void}}]}, 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000080)='westwood\x00', 0x9) connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x44, r7, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_UDP_SPORT={0x6}, @L2TP_ATTR_UDP_DPORT={0x6}]}, 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002040)={0x0, 0x43c}}, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r11, @ANYBLOB="0a0034000202020202020000040067000400cc00040008010600660000000000"], 0x3c}}, 0x0) syz_emit_ethernet(0x4f, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaa9e360ca3b11378e9c04a1117789eaaaaaaaaaaaaaa0086dd60cabf0000193afffe8000000000000000000000000000bbff0200000000000000000000000000000301a78ce540065980"], 0x0) write$binfmt_script(r8, &(0x7f0000000100), 0xfffffd9d) r12 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000880)={'macvlan1\x00', 0x0}) sendto$packet(r12, 0x0, 0x64, 0x0, &(0x7f00000001c0)={0x11, 0x1, r13, 0x1, 0x0, 0x6, @remote}, 0x14) sendmsg$NL80211_CMD_DEL_PMKSA(r8, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="44000000d52f1640e032945295759fb7ecc3052670e75bda915536f9ac493f793446afa557281b5a94f0d093ab8fd4fd71f49402f923bedc3f0c592fef987179a2740b2294f22c92bbaa13718ce44160c47983194c85d6ecee48e98298a6fe522c559364c9cbb3d1a32812554c5d3d939a66fa6298ce960dea24b85d9b284f0b839719e508e2c2aef2b84dbe30a8a85247ebe249a775b431ab25bf894f2916e866f7e94d5aa13c4e9e9c2d588c9f55f0e5e87fd6446ac6a77d", @ANYRES16=r10, @ANYBLOB="000125bd7000fbdbdf253500000008000300", @ANYRES32=r11, @ANYBLOB="0c009900000400002b0000000a000600ffffffffffff00000600fd00ffff00000500200100000000"], 0x44}, 0x1, 0x0, 0x0, 0x20000011}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000400)=ANY=[@ANYBLOB="61122800000000006113140000000000bf1000000000000015000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000140300000ee600f06702000014000000160300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef130f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c78cd3e7dbeca38e49a9d5221f1f45f0a25890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25"], &(0x7f0000000100)='GPL\x00'}, 0x48) sendfile(r5, r8, 0x0, 0x8000002b) 1.769881014s ago: executing program 4 (id=1117): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x14, 0x0, 0x4}, 0x14}}, 0x0) close(r1) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="8fedcb5d07081196f37538e486dd6372ce22667f2c00dbf6e97158b33d4fec877f1b6d76745b686158bbcfe8875afdef00010000000029"], 0xfdef) 1.525219476s ago: executing program 3 (id=1118): sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b14, &(0x7f0000000000)={'virt_wifi0\x00', @random="0100"}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$l2tp(0x2, 0x2, 0x73) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@local, @in6=@mcast2}}, {{@in=@local}, 0x0, @in=@broadcast}}, &(0x7f00000000c0)=0xfffffffffffffd60) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000300)={{{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x5, 0x200, 0x4e23, 0x0, 0x0, 0x80, 0xa0, 0x2c}, {0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7cd}, {0x7ff, 0x0, 0x0, 0x7f}, 0xa8000000, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in6=@local, 0x4d6, 0x6c}, 0x2, @in=@private=0xa010100, 0x3505, 0x1, 0x1, 0x4, 0x3, 0x7, 0x4}}, 0xe8) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = socket$inet(0x2, 0x80001, 0x84) socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000080)={r3, 0x0, 0x71000000}, &(0x7f0000000100)=0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r4, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0) mmap(&(0x7f00004e7000/0x2000)=nil, 0x2000, 0x0, 0x10, r4, 0x0) mmap(&(0x7f00009f1000/0x3000)=nil, 0x200000, 0x0, 0x12, r4, 0x0) ioctl$SIOCRSSL2CALL(r4, 0x89e2, &(0x7f0000000140)=@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x4, &(0x7f0000000040)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x6b}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x45, 0x0, 0x0, 0x70, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.423556699s ago: executing program 4 (id=1119): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000002c0)={0x40, 0x0, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x7, 0x13, [{0x18}, {0x0, 0x1}, {}]}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x1f9}]}, 0x40}}, 0x0) 1.366949303s ago: executing program 3 (id=1120): syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff) socket$inet6_udplite(0xa, 0x2, 0x88) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00'}, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655"], &(0x7f0000000340)='syzkaller\x00'}, 0x90) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="28000000111001000000000000000000d98ad0dcdd563cfc0000000000000000000a003300efc1e5ea560bded694393d9a72f2c1f858"], 0x28}}, 0x0) socket$inet6(0xa, 0x2, 0x0) socket$inet6(0xa, 0x0, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r4, &(0x7f0000000000)={0x1f, @fixed}, 0x8) setsockopt$bt_BT_SNDMTU(r4, 0x112, 0xb, 0x0, 0x0) r5 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, 0x0, 0x0) bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r5, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r5, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000410007010000000000000000017c00635c368c5e8abd7e81bd98f716f1dbf0a48109"], 0x1c}}, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MPATH(r6, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x12800040}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000129bd7000fedbdf25150000000a00060008021100000000000a001a0008021100000100000a0006000802110000000000"], 0x38}, 0x1, 0x0, 0x0, 0x24008050}, 0x10000) 1.261212332s ago: executing program 4 (id=1121): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000003e7100000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000009c0)={r2, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600}, 0x50) 1.161490161s ago: executing program 2 (id=1122): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000002c0)={0x3c, r2, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x1f9}]}, 0x3c}}, 0x0) 1.118176225s ago: executing program 0 (id=1123): r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote}, 0x1c) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r1, &(0x7f0000001040)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000ec0)="0036d551863e1902129da79f5986e05288f50e5398660c1a29b0f45c0cc36902e0251c8d34197b357b32b161f9ad72d55a0eab976aae24ed805271b43f0ce2fea5e764494873e0d82a172b3bb54f59b458fd35039c7d81e9ab07f2fb4dad4dace0f5119b54c74a12e4569e47b69a95f92c6380af2bd003fa56f06a23bbd1c78e7756bf4fcaff0c2337b60e0c762561c605428e9682e7c55c8e6c229ec1d7650e6a0f069de73afad349f50f11e9ee4f0a030e0671a3f9ef7e26cf4bcdf8c13c6f7da9b138c9401f2632b7b36ddfdd0006f5c59eae5a366dc2679e430ce556bb5fa1df39adb6a5e94625781f6aacfe0a9adfed8414480361453a151fc0d3b7ef3567ab9ad6ad7c", 0x106}, {&(0x7f0000000940)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336", 0x1c}, {&(0x7f0000000380)="b7e4c84c12f2ec398a7c6a1f6be9de130578cdbffd74752b2f6133071864bac0717147af20e6e13af7b7100d1a6736a8e03334b7cdd90757248589134b71c162fc7e17fbcffa8487caa0469ea6ad8ab919c383554859e254c4046f5a0a494810a015491393eff01813fc6069c86f", 0x6e}, {&(0x7f0000000400)="034415e3adefcb7057afc8876bfae181ebcfabad4aed31158fafa269802ea23350b4ccb57825bfa551317292bfde0afbd422fb950790671dacccd6e01d31ec52594c4dacd14ded6fee80769eebee46e58d09407b5a", 0x55}, {&(0x7f0000000180)="4804ea2edea9044529d8c3e1", 0xc}], 0x5}}], 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendmsg$inet(r1, &(0x7f0000000a80)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000000)="12f9b8a7e9bf124b9cd26fe253fd6955410910d14dadf8f14d4bb8a29ed5c2e627720e6383ce63042e35092e6e7012feea5b88a942deb041f6999bb5", 0x3c}, {&(0x7f00000019c0)="d63e0b72c66861c573b83bdb54beed2abeafb45f961f59b337d1e48c4227b442bab53e3ff5f471876469059695185720fd7ef8ac1f5f30b82f03bd85df7d39d5c238f5ba9547c0d340f2ea5f078f5eb1e509c26f765fc69611b20a44fb158c3b034462f86699c185f16cf6c8264e519568e4231c2fdba658d333b671b73ee70fa16d332c3bb7b71bb0b3b7ba497ae0faccb8318b6fe28c16a888387ccf3c8a563f86ac4e7365e1f588021ec5de06b35a44655c9e0bb86bcf095120e073c517b6476dbb3472de7d8bff7d7aed20e6d63d8cf756bb92402c0cd61bd970eef76cc88a7bc1316646e30ee17d8c035373f97b020f75a807a6d7f41fd4bea8b744b002b789286868f31bf056063f471638f05c602e27bb1cf34a17a4894f6d995bffc2b22dadfe73d45a5c2fc09c81440229f2f85babedc36e8beff75dd28a7d2bfb6664bde73d8d7ee878c3b8fcd4e7ff7d87cfe87bf95c88f0815a379bccdbec475dfe8a99c274ebcf7d665b8827ba25676e9065fa2e39c249139aab2ae6e72bc48eb0b5f984812845b133877e85444afd7b504406f45f9bf2ca20a003c0d9d33d23c64346a64a83fbf4bd4891fabdb61e412438bf35c8dc87e47e112defc811e92bd649cef82b3b9dcbf6a0c1eeff16eb1803f38f28969e7836c2b025aef782b207beadc23bdd497204190776cf562de31ab2117f083e87dba2d1240e49c943aaff6b6577294e82851c20a2d749c395424c821e3ece65ce4c1e90cd2538fca576035519d6107a2e3fe7e9136ba36b03b040cbc3fffaac6bc6a8a7e8633b5607e8516506bf2ebc2772ba25018c41fb902ae6c2ed66291c3ebfde125e6ef6e116fa54c5da5b4261be4d64399513ef8ac917060cb2e92fe1ce9f074f4be8ca4f6f682123cfa4f022ab49ae7d9f41c0fe3e4cc20da86119e3b2e074b4f10c5e027e20bfb346ff9c3b1f6f32bc0a000a4f3885222c89b3bd06101a0da6c88c8c104af12286873125ce8a62795174da533d19a75110fa65fed3d29471fead12782de6268d86361fcadf4dba29e9796a6e29d77d7fc0f039311e6a601b8c5183450be18423a15e5ff36d207c63a5efe9ec507c9eee64c70482e1b9528f6d41834b0edb4c89ba3d53b1ade35a4b9c0bba461ed3e302faacd46850a63b1502c2835a9ad7cb3bbc8df465418f79a72533ecb6ae5082ea60daaec6d4941b928fe3aa4386ab92e170eb56cf1d372e15e551a6852ed1735a83ed967735acd5f2ed8903ad4b898cca34bab15d043c2bcfc7eccc2dcd7862607dcfbd685eae9a410b4f29bfecfaa5b17ff4e6ef97cc2ba32cb0c5f35e8005f0a82e3f5c242ca0c96a58d6dcf7969583adc54b28a8d58e80692ef047b277b8828781b56be8179efc247c5bc17f02a857060a7ee7261883c7f87d3257c32a6177d28d2a7e66d218dac9ed3a444267fb43c3069784b51a5e1e631e4c41fb2923a85c609328cff505fa74d2deb1fe39a8753833c030be7f84482f2f2f8262faf34f7c4966e95025191cfbc1bab2c8d1daa2b0bde8b2b2c3aa541d7891da877ef27d4c3b9633ed1c324bcb347db5f9584fee50d804fd495ab03c34662c6dd8c8f81500aeb9bc9e6956bee20b8aa22ba5d5c97459fd10a57594bf05582c6eb0fcca588d33b55ec8cae4d2b72a272234b6cac8663cfe798fd168c0429791255017e1679ee61d022d57aa3d029ba7a60a58d4cbcb0371a11a7290da5f7e4761a60e9ca13697f52df648ddddcb51f93fb71a99dc512b71d81732c51b9b663d5affccc4b50068236299078d37b804dc35d5e4e915bdd129669ed505d5e5c9f7897cc78927cc76c49d95cf2705e6f0ab5c8ced4ca9308e8662b2326e566f4f261ccba68bb96f9d32940253f083f542a75d6988887a859b1446370a4e03966530e38a45509a92e9ef061c13df37a6a1be9cbb0ba293dcac2e04536980d73bb521cd329847b4b6545ae5b79bea1e7db7b23b492451b3535460679ff8b5f2ca9d51a9760ea7cf7548c14eb6e08a968188b2c6467b3786e58299f6ee42720a06a3e0d572b7a12ba31503d30eab63f7a3eddb17d1e2f95152f4b63b3a5b6d908ea820d6787db357b8617ba74def647d63622b93eb32d9d05be7f4f9692117a4c9977ec6b7197a16ac0e94d086b173d16bc5252955a47d44aae758bb2ec4aab9e77ef83ab5dad49244fc2d4e933f9f6f2dbba6ee20114a37ed189e6d73244f9033d6385ed4456fd32be6fa6f79512f93d3ca10a61f74fd92c3ed8558ac851be80128996b87cbff5b07b01a7a184fe518f0d0a9724a858913a1296ea4217b314355f3e2bac6deb4fef470d5fefa5963f5aa1a671f07db0d7fe7768519653ce4194dad3a14353c73cdfcb93db08cb815b0b484501a7a50b1578d5dfb74126035a70f13623a4538f984c27cb58613208d3e3e8358da2ec2a5f103a7124c2ebee7985ecf5ab3dfc9f7f9000cb054a5901a509b194b4b7b4d4627b0b671201ce1ae6ad690d1dc8fb58a67041045bdc34ef4cecff1bab37c82e2e152aa8823a1ee72b669fceb7540360c1c2bc8e98512d902ac558f24029389a69f96b59d48c12319feee751d4cfdbdb280cee24695b550021be22c15ef796d21c0ff9dbe11a13f6ccaf910241072e42afefbe74f1e603abcd4eddd5d6e5071e0bd2c3017b8501d24cae2e85a2639d4ad568a65c6037349801734014f6fa71388e58d7bd2883068b0d244d03633c593947c1d190a876c55bfda5bf50aa39dbeb7f96911ff75bbdbbbac16e467db5fcbeb43417c641887f198dc49ceb01e46e7ccd530f08009ef93f7c9f360518b7276765c465e8ccae818dc6550100ba3d8317c4b4d6073504d5a83e5eeedc2c15a221dbb7072052701a77830f289571758c63c70e99e0633003659fb72b0c72d6b1dad85f7567d96ce05e615a34414bc5839885f11e10324e18069915575659d8046e05e01115deb3726a17d611a08087ed68e0e68c3dcafb7ccf4cbb261f3cd09f383cecf936d44c31511d8901e3979b5f028d4e553a27ee30af4a452e5171249240324b95a7faaf7f08d528688d67a37840b9a6e28d23928c2dab4ee6c5f23b416e6b3cb87ea4cd95ffb839d547656a7c325586aa272b70c883ec002f560926e9d19bea9838c18c4a0f4ac7cc056b260e9df8c6daf208693b835edcf2c8877fcfbe6c14606ee7a625388a2e35b7f596680f65dd2cb77f206cd312a138a2540e04cff79048b110008620b376a3e073d110b7aaa196be61788374f884455c39c50524afeec9e241a548d74987fca8bf5ef110fb02c0aa3ab55b69e44e5fef8f4865033886bc235a9b4fcd005aaa0c0e1eac76e9115723279cce690780d32f697be093d921eae80a0feab9bc4bd6c146f4febd5d67857b60f3335cb7bd57b947ab0c10c549ccfd9b557e5b7493376e8aa9cefc499da57a240ce10ee7cc7a3d5d437ea04d97db4bd878a2addbce0045bd891d6d7e5508a988b8b452af593c165e93ad1c2203fb9c1d2f1c95c2b9e6063b1034f5a46eec03cdc36e96ad694d7e690860d3f69f134b394cf14d069ef1e9b2f8a84e1733c188e1fe31226cc721a8e45ecfbfc1377dd53e447c6a78d1f1e2ec2ff9745688a0400ccdcc40f211bd1196709fc4fbb277e836e0920139856f4730a841c287bee6da714ad4c5667f8d056fd6c656d550eb9d48bc3321bee55f0a2d125029b81e9df12830337e1bef26c611b040882de041a9a332045178301644a4f5efb79273125e180d658a60d74849a808dfd70cc2cf5ee851519", 0xa76}], 0x2, &(0x7f00000002c0)}, 0x20000057) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$inet(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000300)="a16e1d8529fcfa40481fd36e62439fb3abc99a9135df7b1c7d3f335c3f3f15faa42ab4f42b3fbc317462742021c86ae87b9c64aa799c584392b5049407c166e457d5fee3edbc0d182f4f94047c7dbccdf1af9727fc8179018a6aabeb71f924325010f33d9f0f283d7ada", 0x6a}, {&(0x7f00000004c0)="354d3cb256f7a3e143fd94526af38bb5bcdb558127e9874d374f8b08e3c1762e5527a3e6b1b96be012f91cc56f6e71860266793471ff9bb35b96a56c25edbf1c0e452df85370de7a678fdac3e0de9014cf1d23aeaa1a9adeacfe8cb2630687eaf34a5295388f57f0f314b8e0ea55805372ba0f534d6144c3f8cbdaac2bcc4e55c7ddc61fcc03b1ae4c638230a6255c534706fa3f16e10b9e1a14c374fdbf78dae23838abcb99c1ca9fadb6fb50ebcf560294efcb3479efc47d4466178ac0cf45014dcf6427b03d2a7fdce59d685ca474952f77bf4845f21cb22b94a460fd2ce9a8f12ab35d187d9725c6f5e85c3b60ff621ed62f5b5a428a", 0xf8}, {&(0x7f00000005c0)="e6c52a9838", 0x5}, {&(0x7f0000000980)="42952684389be3ccacaee7584a698ac88af3a30f8bccc8accb23e7f46897069fba219a1a30bd9cabfb74d80f8683f17abd649693515befca06df716e9a55114aec110f5b6ac933a4d8762cff78f0c001957ea5c3f2f328df7d8a8849626e5fa473bd79eb9c81931c5dbec04c38b0fbbab00713474f4bd214003b9389ce1e65b221908195650d757602ee8b9962e2c7cfca56d5f25fa4a318317b50d3e410ae73743c55aa3eb3cd1dd53a242e14c31c752ca93c77f559738ac20a0838fe6faff4d7c69639803037334c0ff4f5b14d27e4a3cf26fe2f2176467043b54cd20cc7055d8a8b43", 0xe4}, {&(0x7f0000001800)="75524846d0ef4c8fa96f8b86a046bdb310a8a6cc6bdcb31c90abb087ea4b10290c12129399d1e2427992650e14bbca9da49e16ca9fcaed9021060f3d451a226ad84d6c24f4f789522d93d53964f59072c91bd91815e8e2148024f0409d5cdf714c2f6f4b780e6eba84bae35237886d14845b881249b158ba1e25fddc989239bfeb0880eaac3b66db34c55c09cdb0d04f0702e449a687a28649e66bd731002abdf1316bb5f1e599048bd2ce4e6007c0207f607391745e75cf33082b1d0ffbae291573d9e615bda53369", 0xc9}, {0x0}], 0x6}, 0x0) 1.034987495s ago: executing program 4 (id=1124): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0xe, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x3, 0xffffffffffffffe0}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4f}, 0x90) r0 = socket$inet_sctp(0x2, 0x5, 0x84) listen(r0, 0xbabc) socket(0x28, 0x5, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r1, &(0x7f0000000040)={0x1f, @none}, 0x8) listen(r1, 0x0) socket$xdp(0x2c, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2036}, 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) 948.266773ms ago: executing program 2 (id=1125): socket$alg(0x26, 0x5, 0x0) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb4, 0x7f}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0, 0xffffffffffffffff}, &(0x7f0000000280), &(0x7f0000000340)}, 0x20) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000952fd1d6f55d17118e32e67da95828e156df7b1c76444f87e13160d8b0b20eeb4c9ce36539b43f21957c55bc4475b62017ad10cf769a318190df1128f7363cec66a63661bded17e700"/97], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r2}, 0x90) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r5, 0x0, 0x40000004, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x24, &(0x7f0000000a00)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x151}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0x1}, @jmp={0x5, 0x1, 0x8, 0x7, 0x1, 0xfffffffffffffffc, 0x8}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @generic={0x3, 0x9, 0x5, 0xa4, 0x2}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r5}}, @map_val={0x18, 0x9, 0x2, 0x0, r4}, @exit], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='GPL\x00', 0x6}, 0x90) r6 = socket$nl_crypto(0x10, 0x3, 0x15) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$rxrpc(0x21, 0x2, 0xa) r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r9, @ANYBLOB="ff830500000700ffffff", @ANYRES32=r8], 0x4}}, 0x0) sendmsg$BATADV_CMD_SET_MESH(r7, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, 0x0, 0x4, 0x70bd2e, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xd8}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x7fff}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40001) sendmsg$netlink(r6, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000600)={0xe0, 0x10, 0x50b, 0x0, 0x0, "", [@generic="6f6d8864d22a3f2ffaa46c88bc", @typed={0xbd, 0x0, 0x0, 0x0, @binary="2b0e13e735a3184f1b3d6da2f1acfac0ee50d2b184b27db1f302de337c0004060000000000bf852c89867f6691b01b2d44e4ff285f2829882fbd9423debbb86f9dba4a2dba4dbe076c02262600c43443efd6f5091dfbd56183a567de243ab0d67683f7bb11c9cab3b3eed8a8bef4ff1631aa78acefca03c1a66db4424a8ba100022db228bb7b5eb5100100000000000000a0912086d9e4606d2e4cc898739222c5d3a83c00341c5ae846a60cf93ab48d68e8e9467d1ccadc42"}]}, 0xe0}], 0x1}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x0, 0x8, 0x9}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0x14, 0x7, 0x9, 0x7fff, 0x1258, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x3}, 0x48) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000840)={0x1b, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x6}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000000001ff0000000000f4b505056bfdfae8c4349ee2284ceec827f70a5aac1284d87228d0600e36c91df3cfb3c5760f815b6bb16d42dd57640c19ea9bf40cb0f8d789b9cc0af913262e5a62eb32627ca373e18f006f8ede68"], &(0x7f0000000680)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffff6e}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000680)={0x3, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x4, 0x0, &(0x7f00000002c0)=[{0xfffffffd, 0x3}, {}, {0x4, 0x4, 0xc, 0x2}, {0x1, 0x5, 0x2, 0x6}], 0x10, 0x8}, 0x90) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, 0x0, 0x0) 632.738594ms ago: executing program 1 (id=1126): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000305000000004c00000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800900010062"], 0x44}}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 541.09328ms ago: executing program 2 (id=1127): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000000)={@map, 0xffffffffffffffff, 0x0, 0x0, 0x4, @prog_fd}, 0x20) 388.285472ms ago: executing program 2 (id=1128): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmmsg$inet6(r1, &(0x7f0000000040)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private2, 0x1e9b}, 0x1c, 0x0}}], 0x1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) connect$llc(r3, 0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, 0x0, 0x40084) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0500000000005a642f61945800000000b40d", @ANYRES32=r5, @ANYBLOB="0800050002000000"], 0x24}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)={0x70, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x39, 0xe, {{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x0, @void, @val={0x1, 0x6, [{0xc, 0x1}, {0xb}, {0x36, 0x1}, {0x6, 0x1}, {0x6c}, {0x6, 0x1}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0x0, 0xfd, 0x20}}, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xa4a2}]}, 0x70}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xc}]]}, 0x30}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r11 = socket$caif_seqpacket(0x25, 0x5, 0x0) getpid() sendmsg$unix(r10, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@rights={{0x14, 0x1, 0x1, [r9]}}, @rights={{0x14, 0x1, 0x1, [r11]}}], 0x30}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000540)=@data_frame={@msdu=@type01={{0x0, 0x2, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x7ff8}, @broadcast, @from_mac=@broadcast, @device_b, {0x5, 0x4}, "", @value={0x0, 0x1, 0x0, 0x0, 0x49}, @value=@ver_80211n={0x0, 0x3, 0x3, 0x0, 0x0, 0x1, 0x1}}, @a_msdu=[{@device_b, @device_a, 0x3d, "74045964923de18f7eea94ff55add03f6d5e3ba60774ad178fc2b8c6177e0df67ecf3f3475a38b9368c95d466544b089abe5c9640ca5316767bc0a09d5"}, {@device_b, @device_b, 0x54, "3b4edecae625e46bc1251ed7a3d952796157205d16bc4ce267372f2ea60078a15eede8383a5f200f352e6199b1ec8ecdcc59ec1e6aabfb205853550f4abd600fe975b4ce792b01888bfd4c0d32e54a1d5f5a7bd7"}, {@device_a, @broadcast, 0x65, "4ed248387f26bd77ee8f452b19b65ed06d0fb5a25ee9f3583e7c3d279d923c412da16e9c9938cd6286b391f31012a3baf9c15542d3855c194075e46ffd6d9b9d7f884fabaad4226e73418bac5874f168c403acfbec0a19c6363744cf93024ca8d37d592201"}, {@broadcast, @device_b}]}, 0x152) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x0, 0x0, @void}, 0x1e) socket$pppl2tp(0x18, 0x1, 0x1) socket$tipc(0x1e, 0x5, 0x0) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {0x22ec}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x0, 0x0, @default, @val={0x1, 0x2, [{}, {}]}, @void}, 0x22) r12 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$SIOCRSSL2CALL(r12, 0x89e2, &(0x7f0000000000)=@bcast) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DREG={0x8}, @NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_KEY={0x8}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0) 387.52178ms ago: executing program 3 (id=1129): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x14, 0x0, 0x4}, 0x14}}, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="8fedcb5d07081196f37538e486dd6372ce22667f2c00dbf6e97158b33d4fec877f1b6d76745b686158bbcfe8875afdef00010000000029"], 0xfdef) 297.824077ms ago: executing program 1 (id=1130): bpf$PROG_LOAD(0x5, 0x0, 0x0) (async, rerun: 32) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) (rerun: 32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) (async) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r4}]}, 0x20}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000300)=ANY=[@ANYBLOB="200000001000370400"/20, @ANYRES32=r4, @ANYBLOB="920100000000000086dcf9bd77d7300de18e198093d9266be87ce315148fe3beba9bdc647ee15a67905417b3d407f49cb853f945b7b2c9422bd72a9168926a6210be2a0def5eec0bf2864360c668770a296bc8fd021ee46ffc31ea8af2ee6ce81477e3ae8e4f70e169c4b87fc5c2addfb3bfe8913057b9f5d79852e98d993b908667b8c0fdba83e2be62672d47bf38380a7ffdb8320d0039f5"], 0x20}}, 0x0) 152.957889ms ago: executing program 3 (id=1131): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000002c0)={0x40, 0x0, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x7, 0x13, [{0x18}, {0x0, 0x1}, {}]}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x1f9}]}, 0x40}}, 0x0) 51.998945ms ago: executing program 1 (id=1132): syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff) socket$inet6_udplite(0xa, 0x2, 0x88) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00'}, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000440)=ANY=[@ANYBLOB="4401000010000100000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb00000000000000010000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="64010102000000000000000000000000000000006c000000ac1414bb0000000000000000000000000000000000100000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000c89012d00972d91e100000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000020000010000000000000000006465666c617465000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c00080008000800000000004086c65989a41054ced4f32276902376dc43c9b24be66bd9b475418e8bcc6d25032b6d77c674ea6a66b53440694712be4b9bcb174de25f465b630bcca8799bf1f5a0e661737895c2c87b9a3b123fb65363b2352eccd09ecc64fbe92b3c22a9feff601026ea390bf3633f0cfae709b0ee650c1e49af457ef90cba9b58d317e6733091eee75d3bfb90e4a165aca0b664712e47f6b02eb389685d54d73a3b71c41c0f0bbf81"], 0x144}}, 0x4810) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655"], &(0x7f0000000340)='syzkaller\x00'}, 0x90) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="28000000111001000000000000000000d98ad0dcdd563cfc0000000000000000000a003300efc1e5ea560bded694393d9a72f2c1f858"], 0x28}}, 0x0) socket$inet6(0xa, 0x2, 0x0) socket$inet6(0xa, 0x0, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r4, &(0x7f0000000000)={0x1f, @fixed}, 0x8) setsockopt$bt_BT_SNDMTU(r4, 0x112, 0xb, 0x0, 0x0) r5 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, 0x0, 0x0) bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r5, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r5, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000410007010000000000000000017c00635c368c5e8abd7e81bd98f716f1dbf0a48109"], 0x1c}}, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MPATH(r7, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x12800040}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="000129bd7000fedbdf25150000000a00060008021100000000000a001a0008021100000100000a0006000802110000000000"], 0x38}, 0x1, 0x0, 0x0, 0x24008050}, 0x10000) ioctl(r6, 0x8b2a, &(0x7f0000000040)) 51.402832ms ago: executing program 3 (id=1133): syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'tunl0\x00', &(0x7f0000000140)=@ethtool_cmd={0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x3c, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @disassoc={{{}, {0x3}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, @void}}]}, 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x70, 0x30, 0x0, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_tunnel_key={0x58, 0x1, 0x0, 0x0, {{0xf}, {0x28, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xd, @multicast1}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000080)='westwood\x00', 0x9) connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x44, r7, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_UDP_SPORT={0x6}, @L2TP_ATTR_UDP_DPORT={0x6}]}, 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002040)={0x0, 0x43c}}, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=r11, @ANYBLOB="0a0034000202020202020000040067000400cc00040008010600660000000000"], 0x3c}}, 0x0) syz_emit_ethernet(0x4f, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaa9e360ca3b11378e9c04a1117789eaaaaaaaaaaaaaa0086dd60cabf0000193afffe8000000000000000000000000000bbff0200000000000000000000000000000301a78ce540065980"], 0x0) write$binfmt_script(r8, &(0x7f0000000100), 0xfffffd9d) r12 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000880)={'macvlan1\x00', 0x0}) sendto$packet(r12, 0x0, 0x64, 0x0, &(0x7f00000001c0)={0x11, 0x1, r13, 0x1, 0x0, 0x6, @remote}, 0x14) sendmsg$NL80211_CMD_DEL_PMKSA(r8, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="44000000d52f1640e032945295759fb7ecc3052670e75bda915536f9ac493f793446afa557281b5a94f0d093ab8fd4fd71f49402f923bedc3f0c592fef987179a2740b2294f22c92bbaa13718ce44160c47983194c85d6ecee48e98298a6fe522c559364c9cbb3d1a32812554c5d3d939a66fa6298ce960dea24b85d9b284f0b839719e508e2c2aef2b84dbe30a8a85247ebe249a775b431ab25bf894f2916e866f7e94d5aa13c4e9e9c2d588c9f55f0e5e87fd6446ac6a77d", @ANYRES16=r10, @ANYBLOB="000125bd7000fbdbdf253500000008000300", @ANYRES32=r11, @ANYBLOB="0c009900000400002b0000000a000600ffffffffffff00000600fd00ffff00000500200100000000"], 0x44}, 0x1, 0x0, 0x0, 0x20000011}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000400)=ANY=[@ANYBLOB="61122800000000006113140000000000bf1000000000000015000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000140300000ee600f06702000014000000160300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef130f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c78cd3e7dbeca38e49a9d5221f1f45f0a25890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25"], &(0x7f0000000100)='GPL\x00'}, 0x48) sendfile(r5, r8, 0x0, 0x8000002b) 51.075146ms ago: executing program 4 (id=1134): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) r0 = socket$inet6_sctp(0xa, 0x0, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x2}, 0x8) setsockopt$inet_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000003c0)=@gcm_128={{}, "3b29d9648e80e905", "86a21e3e39368b237f0e3864667d0bd8", "1b598634", "6eaef0fc24de6e61"}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x38}, [@ldst={0x6, 0x0, 0x2}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76, 0x0, 0xffffffffffffffff, 0xffffff33}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socketpair(0x1f, 0x5, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, 0x0) splice(r1, 0x0, r4, 0x0, 0x7, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r4, 0x400c6615, &(0x7f00000000c0)={0x0, @adiantum, 0x0, @desc2}) close(r3) ioctl$int_in(r4, 0x541b, 0x0) writev(r2, &(0x7f0000000100)=[{&(0x7f0000000140)='Y', 0x1}, {&(0x7f00000002c0)="68f541365c6e24f4b7d5c9aa2f9b2c4c52595b25d20630fd08f13268f411acb0c11d69ec1130bed0dd819226c2af8da6dbb3f755b9069c1e0c2cb4a0b2ad06ca0b253b8a72e00ef9944bc9580d631ea0189b570ce789ad89024b28ce02b77a283928600689df24d1ba7c9416b5fa2de38be3e22f5f5fbcd16d452622373bcc9990af422c2e6de6b1feefd1013a54b25b54818eed58480eb329add61bb10f5fa995ddc6d7f6dad5a2c3cbf08bb6ef83184b333e671556508fab9215c5cdf70523505f4d8fe481c95ae9474f0b56410c8b1d119adeaee914773690addd9bdb059fa8c7075b40715349e11c7fcd0830000000", 0xf1}, {&(0x7f00000003c0)="ff94c27bc1f1b6d3354c224bba1b7d981623361e264febad94e6dd45ab3802e4cd2fa54fbd6fa9c29f441969875b5b6dff52d252d3749b3a8645929eb47f0e8b4e8427eaadd73307a786aa36c167052f7d39fd70d3a3660a05502026f48ddc6b4a5e17bb9b2a2783052fbf9347b36d4b6410dfb7a44e3665d1fc020a91ff66b757178cafcd14b8a6a1fa9ece56c6d81b3948a31ab92262270638dec275f6da9689450b588511019848665657f6140bb0cffd61cdb296460e0500000000000000b1d0b1", 0xc3}], 0x3) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0) syz_emit_ethernet(0x89, &(0x7f00000004c0)={@local, @link_local={0x3}, @void, {@ipv4={0x800, @tcp={{0xc, 0x4, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@rr={0x44, 0xf, 0x8, [@multicast2, @remote, @multicast2]}, @ssrr={0x89, 0x7, 0xd7, [@private]}, @timestamp={0x44, 0x4}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}, {"39ece5d331669183d9734559fde2fb5ae5c58fe916d0d09b8974c324d7ae1bca252c458e7c525443819172fe8733f1fac3ab0a4c4e55be"}}}}}}, 0x0) r5 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_mreqsrc(r5, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f00000000c0)=0x28) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETTABLE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[], 0x58}}, 0x2000c0c4) syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c) 0s ago: executing program 0 (id=1135): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000002c0)={0x40, r2, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x5, 0x13, [{}]}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x1f9}]}, 0x40}}, 0x0) kernel console output (not intermixed with test programs): to avoid problems! [ 88.975703][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.987319][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.999554][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.011522][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.027581][ T5096] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.079616][ T5096] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.101757][ T5096] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.127776][ T5096] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.160386][ T5096] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.184907][ T5095] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.210399][ T5095] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.227906][ T5095] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.237193][ T5095] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.240433][ T5192] sctp: failed to load transform for md5: -4 [ 89.268882][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.285941][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.480244][ T2846] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.521957][ T2846] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.543055][ T5202] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8'. [ 89.801900][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.810818][ T5211] netlink: 104 bytes leftover after parsing attributes in process `syz.3.4'. [ 89.830037][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.940431][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.941405][ T5215] Bluetooth: MGMT ver 1.22 [ 89.960392][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.965802][ T5215] Bluetooth: hci3: invalid length 0, exp 2 for type 23 [ 89.997717][ T5213] FAULT_INJECTION: forcing a failure. [ 89.997717][ T5213] name failslab, interval 1, probability 0, space 0, times 1 [ 90.013212][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.030790][ T5213] CPU: 0 PID: 5213 Comm: syz.1.11 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 90.032519][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.040929][ T5213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 90.040984][ T5213] Call Trace: [ 90.040997][ T5213] [ 90.041008][ T5213] dump_stack_lvl+0x241/0x360 [ 90.041054][ T5213] ? __pfx_dump_stack_lvl+0x10/0x10 [ 90.041079][ T5213] ? __pfx__printk+0x10/0x10 [ 90.041107][ T5213] ? __pfx___might_resched+0x10/0x10 [ 90.041134][ T5213] ? __mutex_lock+0x9a5/0xd70 [ 90.041176][ T5213] should_fail_ex+0x3b0/0x4e0 [ 90.041215][ T5213] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 90.041253][ T5213] should_failslab+0x9/0x20 [ 90.041273][ T5213] __kmalloc_noprof+0xd8/0x400 [ 90.058039][ T5216] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 90.059196][ T5213] ? __asan_memcpy+0x40/0x70 [ 90.059240][ T5213] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 90.134432][ T5213] genl_rcv_msg+0x802/0xec0 [ 90.139020][ T5213] ? mark_lock+0x9a/0x350 [ 90.143471][ T5213] ? __pfx_genl_rcv_msg+0x10/0x10 [ 90.148610][ T5213] ? __pfx_lock_acquire+0x10/0x10 [ 90.153790][ T5213] ? __pfx_ctrl_getfamily+0x10/0x10 [ 90.159643][ T5213] ? __pfx___might_resched+0x10/0x10 [ 90.165115][ T5213] netlink_rcv_skb+0x1e3/0x430 [ 90.169954][ T5213] ? __pfx_genl_rcv_msg+0x10/0x10 [ 90.175061][ T5213] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 90.180503][ T5213] genl_rcv+0x28/0x40 [ 90.184578][ T5213] netlink_unicast+0x7f0/0x990 [ 90.189599][ T5213] ? __pfx_netlink_unicast+0x10/0x10 [ 90.194950][ T5213] ? __virt_addr_valid+0x183/0x520 [ 90.200149][ T5213] ? __check_object_size+0x49c/0x900 [ 90.206572][ T5213] ? bpf_lsm_netlink_send+0x9/0x10 [ 90.211779][ T5213] netlink_sendmsg+0x8e4/0xcb0 [ 90.216710][ T5213] ? __pfx_netlink_sendmsg+0x10/0x10 [ 90.222369][ T5213] ? aa_sock_msg_perm+0x91/0x160 [ 90.227471][ T5213] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 90.232920][ T5213] ? security_socket_sendmsg+0x87/0xb0 [ 90.238416][ T5213] ? __pfx_netlink_sendmsg+0x10/0x10 [ 90.243774][ T5213] __sock_sendmsg+0x221/0x270 [ 90.248705][ T5213] __sys_sendto+0x3a4/0x4f0 [ 90.253577][ T5213] ? __pfx___sys_sendto+0x10/0x10 [ 90.260251][ T5213] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 90.267857][ T5213] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 90.275486][ T5213] ? exc_page_fault+0x590/0x8c0 [ 90.281755][ T5213] __x64_sys_sendto+0xde/0x100 [ 90.286998][ T5213] do_syscall_64+0xf3/0x230 [ 90.291850][ T5213] ? clear_bhb_loop+0x35/0x90 [ 90.296671][ T5213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.302728][ T5213] RIP: 0033:0x7f5aeaf7796c [ 90.307302][ T5213] Code: 2a 5a 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5a 02 00 48 8b [ 90.328904][ T5213] RSP: 002b:00007f5aebca3ed0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 90.340015][ T5213] RAX: ffffffffffffffda RBX: 00007f5aebca3fd0 RCX: 00007f5aeaf7796c [ 90.348473][ T5213] RDX: 0000000000000024 RSI: 00007f5aebca4020 RDI: 0000000000000004 [ 90.356842][ T5213] RBP: 0000000000000000 R08: 00007f5aebca3f24 R09: 000000000000000c [ 90.366449][ T5213] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 90.374988][ T5213] R13: 00007f5aebca3f78 R14: 00007f5aebca4020 R15: 0000000000000000 [ 90.383201][ T5213] [ 90.649416][ T2449] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.696732][ T2449] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.851340][ T5229] netlink: 64 bytes leftover after parsing attributes in process `syz.3.15'. [ 91.043861][ T5239] ip6gretap0: entered promiscuous mode [ 91.088541][ T5239] macsec1: entered promiscuous mode [ 91.118027][ T5239] macsec1: entered allmulticast mode [ 91.138184][ T5243] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 91.164261][ T5239] ip6gretap0: entered allmulticast mode [ 91.215077][ T5239] ip6gretap0: left allmulticast mode [ 91.230656][ T5239] ip6gretap0: left promiscuous mode [ 91.343584][ T5248] netlink: 12 bytes leftover after parsing attributes in process `syz.0.19'. [ 91.360521][ T5245] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 91.409541][ T5248] netlink: 576 bytes leftover after parsing attributes in process `syz.0.19'. [ 91.598322][ T5252] syz.1.21 uses obsolete (PF_INET,SOCK_PACKET) [ 91.715206][ T5252] Bluetooth: MGMT ver 1.22 [ 91.721796][ T5258] netlink: 76 bytes leftover after parsing attributes in process `syz.4.25'. [ 91.866604][ T5258] Êü: entered promiscuous mode [ 92.091009][ T5267] netlink: 28 bytes leftover after parsing attributes in process `syz.4.28'. [ 92.106057][ T5267] netlink: 28 bytes leftover after parsing attributes in process `syz.4.28'. [ 92.158784][ T5267] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 92.188697][ T5267] ip6gretap0: entered promiscuous mode [ 92.201362][ T5273] netlink: 20 bytes leftover after parsing attributes in process `syz.0.31'. [ 92.204083][ T5274] Cannot find add_set index 0 as target [ 92.509351][ T25] cfg80211: failed to load regulatory.db [ 92.690711][ T5292] netlink: 4 bytes leftover after parsing attributes in process `syz.3.35'. [ 92.730550][ T5295] netlink: 'syz.1.37': attribute type 3 has an invalid length. [ 92.878164][ T5301] FAULT_INJECTION: forcing a failure. [ 92.878164][ T5301] name failslab, interval 1, probability 0, space 0, times 0 [ 92.935644][ T5301] CPU: 0 PID: 5301 Comm: syz.2.39 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 92.945921][ T5301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 92.956030][ T5301] Call Trace: [ 92.959613][ T5301] [ 92.962603][ T5301] dump_stack_lvl+0x241/0x360 [ 92.967651][ T5301] ? __pfx_dump_stack_lvl+0x10/0x10 [ 92.973118][ T5301] ? __pfx__printk+0x10/0x10 [ 92.977897][ T5301] ? netlink_insert+0x10b7/0x14b0 [ 92.983097][ T5301] should_fail_ex+0x3b0/0x4e0 [ 92.987855][ T5301] ? __alloc_skb+0x1c3/0x440 [ 92.992773][ T5301] should_failslab+0x9/0x20 [ 92.997376][ T5301] kmem_cache_alloc_node_noprof+0x71/0x320 [ 93.003266][ T5301] __alloc_skb+0x1c3/0x440 [ 93.007752][ T5301] ? __pfx___alloc_skb+0x10/0x10 [ 93.012752][ T5301] ? netlink_autobind+0xd6/0x2f0 [ 93.017761][ T5301] ? netlink_autobind+0x2b0/0x2f0 [ 93.022862][ T5301] netlink_sendmsg+0x638/0xcb0 [ 93.027696][ T5301] ? __pfx_netlink_sendmsg+0x10/0x10 [ 93.033219][ T5301] ? __import_iovec+0x536/0x820 [ 93.038244][ T5301] ? aa_sock_msg_perm+0x91/0x160 [ 93.043244][ T5301] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 93.048652][ T5301] ? security_socket_sendmsg+0x87/0xb0 [ 93.054322][ T5301] ? __pfx_netlink_sendmsg+0x10/0x10 [ 93.059630][ T5301] __sock_sendmsg+0x221/0x270 [ 93.064537][ T5301] ____sys_sendmsg+0x525/0x7d0 [ 93.069366][ T5301] ? __pfx_____sys_sendmsg+0x10/0x10 [ 93.074889][ T5301] __sys_sendmsg+0x2b0/0x3a0 [ 93.079712][ T5301] ? __pfx___sys_sendmsg+0x10/0x10 [ 93.084939][ T5301] ? vfs_write+0x7c4/0xc90 [ 93.089415][ T5301] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 93.095779][ T5301] ? do_syscall_64+0x100/0x230 [ 93.100697][ T5301] ? do_syscall_64+0xb6/0x230 [ 93.105701][ T5301] do_syscall_64+0xf3/0x230 [ 93.110246][ T5301] ? clear_bhb_loop+0x35/0x90 [ 93.115000][ T5301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.121045][ T5301] RIP: 0033:0x7fcabfb75bd9 [ 93.125735][ T5301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.146078][ T5301] RSP: 002b:00007fcac0860048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 93.155158][ T5301] RAX: ffffffffffffffda RBX: 00007fcabfd03f60 RCX: 00007fcabfb75bd9 [ 93.163185][ T5301] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 93.171214][ T5301] RBP: 00007fcac08600a0 R08: 0000000000000000 R09: 0000000000000000 [ 93.179333][ T5301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 93.187458][ T5301] R13: 000000000000000b R14: 00007fcabfd03f60 R15: 00007ffe346a8c68 [ 93.195674][ T5301] [ 93.257706][ T5296] IPVS: length: 192 != 8 [ 93.532374][ T5321] FAULT_INJECTION: forcing a failure. [ 93.532374][ T5321] name failslab, interval 1, probability 0, space 0, times 0 [ 93.577100][ T5321] CPU: 1 PID: 5321 Comm: syz.2.47 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 93.587165][ T5321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 93.597271][ T5321] Call Trace: [ 93.600612][ T5321] [ 93.603591][ T5321] dump_stack_lvl+0x241/0x360 [ 93.608514][ T5321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.613772][ T5321] ? __pfx__printk+0x10/0x10 [ 93.618417][ T5321] ? ref_tracker_alloc+0x332/0x490 [ 93.623616][ T5321] should_fail_ex+0x3b0/0x4e0 [ 93.628342][ T5321] ? skb_clone+0x20c/0x390 [ 93.632814][ T5321] should_failslab+0x9/0x20 [ 93.637512][ T5321] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 93.642963][ T5321] skb_clone+0x20c/0x390 [ 93.647273][ T5321] __netlink_deliver_tap+0x3cc/0x7c0 [ 93.652819][ T5321] ? netlink_deliver_tap+0x2e/0x1b0 [ 93.658078][ T5321] netlink_deliver_tap+0x19d/0x1b0 [ 93.663236][ T5321] netlink_unicast+0x7be/0x990 [ 93.668161][ T5321] ? __pfx_netlink_unicast+0x10/0x10 [ 93.673514][ T5321] ? __virt_addr_valid+0x183/0x520 [ 93.678781][ T5321] ? __check_object_size+0x49c/0x900 [ 93.684125][ T5321] ? bpf_lsm_netlink_send+0x9/0x10 [ 93.689453][ T5321] netlink_sendmsg+0x8e4/0xcb0 [ 93.694253][ T5321] ? __pfx_netlink_sendmsg+0x10/0x10 [ 93.699591][ T5321] ? __import_iovec+0x536/0x820 [ 93.704525][ T5321] ? aa_sock_msg_perm+0x91/0x160 [ 93.709562][ T5321] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 93.714870][ T5321] ? security_socket_sendmsg+0x87/0xb0 [ 93.720388][ T5321] ? __pfx_netlink_sendmsg+0x10/0x10 [ 93.725836][ T5321] __sock_sendmsg+0x221/0x270 [ 93.730547][ T5321] ____sys_sendmsg+0x525/0x7d0 [ 93.735343][ T5321] ? __pfx_____sys_sendmsg+0x10/0x10 [ 93.740715][ T5321] __sys_sendmsg+0x2b0/0x3a0 [ 93.745353][ T5321] ? __pfx___sys_sendmsg+0x10/0x10 [ 93.750845][ T5321] ? vfs_write+0x7c4/0xc90 [ 93.755442][ T5321] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 93.761861][ T5321] ? do_syscall_64+0x100/0x230 [ 93.767023][ T5321] ? do_syscall_64+0xb6/0x230 [ 93.771747][ T5321] do_syscall_64+0xf3/0x230 [ 93.776309][ T5321] ? clear_bhb_loop+0x35/0x90 [ 93.781037][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.787447][ T5321] RIP: 0033:0x7fcabfb75bd9 [ 93.792018][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.812424][ T5321] RSP: 002b:00007fcac0860048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 93.820860][ T5321] RAX: ffffffffffffffda RBX: 00007fcabfd03f60 RCX: 00007fcabfb75bd9 [ 93.829391][ T5321] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 93.838318][ T5321] RBP: 00007fcac08600a0 R08: 0000000000000000 R09: 0000000000000000 [ 93.846414][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 93.854517][ T5321] R13: 000000000000000b R14: 00007fcabfd03f60 R15: 00007ffe346a8c68 [ 93.862560][ T5321] [ 94.045337][ T5324] team0: Port device veth0_to_hsr added [ 94.256598][ T5334] FAULT_INJECTION: forcing a failure. [ 94.256598][ T5334] name failslab, interval 1, probability 0, space 0, times 0 [ 94.313716][ T5334] CPU: 0 PID: 5334 Comm: syz.4.53 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 94.324140][ T5334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 94.334417][ T5334] Call Trace: [ 94.337744][ T5334] [ 94.340830][ T5334] dump_stack_lvl+0x241/0x360 [ 94.345658][ T5334] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.350913][ T5334] ? __pfx__printk+0x10/0x10 [ 94.355557][ T5334] ? ref_tracker_alloc+0x332/0x490 [ 94.360776][ T5334] should_fail_ex+0x3b0/0x4e0 [ 94.365519][ T5334] ? skb_clone+0x20c/0x390 [ 94.369998][ T5334] should_failslab+0x9/0x20 [ 94.374551][ T5334] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 94.380008][ T5334] skb_clone+0x20c/0x390 [ 94.384322][ T5334] __netlink_deliver_tap+0x3cc/0x7c0 [ 94.389686][ T5334] ? netlink_deliver_tap+0x2e/0x1b0 [ 94.395045][ T5334] netlink_deliver_tap+0x19d/0x1b0 [ 94.400310][ T5334] netlink_unicast+0x7be/0x990 [ 94.405245][ T5334] ? __pfx_netlink_unicast+0x10/0x10 [ 94.410596][ T5334] ? __virt_addr_valid+0x183/0x520 [ 94.415766][ T5334] ? __check_object_size+0x49c/0x900 [ 94.421101][ T5334] ? bpf_lsm_netlink_send+0x9/0x10 [ 94.426452][ T5334] netlink_sendmsg+0x8e4/0xcb0 [ 94.431474][ T5334] ? __pfx_netlink_sendmsg+0x10/0x10 [ 94.437703][ T5334] ? __import_iovec+0x536/0x820 [ 94.442797][ T5334] ? aa_sock_msg_perm+0x91/0x160 [ 94.447805][ T5334] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 94.453428][ T5334] ? security_socket_sendmsg+0x87/0xb0 [ 94.458963][ T5334] ? __pfx_netlink_sendmsg+0x10/0x10 [ 94.464484][ T5334] __sock_sendmsg+0x221/0x270 [ 94.469578][ T5334] ____sys_sendmsg+0x525/0x7d0 [ 94.474453][ T5334] ? __pfx_____sys_sendmsg+0x10/0x10 [ 94.480445][ T5334] __sys_sendmsg+0x2b0/0x3a0 [ 94.485123][ T5334] ? __pfx___sys_sendmsg+0x10/0x10 [ 94.490388][ T5334] ? vfs_write+0x7c4/0xc90 [ 94.495145][ T5334] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 94.501652][ T5334] ? do_syscall_64+0x100/0x230 [ 94.506651][ T5334] ? do_syscall_64+0xb6/0x230 [ 94.511465][ T5334] do_syscall_64+0xf3/0x230 [ 94.516029][ T5334] ? clear_bhb_loop+0x35/0x90 [ 94.520765][ T5334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.526892][ T5334] RIP: 0033:0x7f9d31d75bd9 [ 94.531357][ T5334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.551131][ T5334] RSP: 002b:00007f9d32aba048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 94.559614][ T5334] RAX: ffffffffffffffda RBX: 00007f9d31f03f60 RCX: 00007f9d31d75bd9 [ 94.568764][ T5334] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 94.577140][ T5334] RBP: 00007f9d32aba0a0 R08: 0000000000000000 R09: 0000000000000000 [ 94.585374][ T5334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 94.593659][ T5334] R13: 000000000000000b R14: 00007f9d31f03f60 R15: 00007fff96838d88 [ 94.601712][ T5334] [ 94.741323][ T5350] Cannot find add_set index 0 as target [ 94.864647][ T5352] __nla_validate_parse: 5 callbacks suppressed [ 94.864668][ T5352] netlink: 4 bytes leftover after parsing attributes in process `syz.0.59'. [ 95.134719][ T5364] netlink: 7 bytes leftover after parsing attributes in process `syz.1.64'. [ 95.290880][ T5371] netlink: 20 bytes leftover after parsing attributes in process `syz.4.67'. [ 95.346443][ T5365] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 96.294713][ T5101] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 96.324586][ T5101] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 96.367559][ T5101] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 96.391993][ T5101] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 96.401769][ T5101] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 96.420129][ T5101] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 96.598912][ T5407] netlink: 'syz.1.78': attribute type 13 has an invalid length. [ 96.695911][ T5413] netlink: 20 bytes leftover after parsing attributes in process `syz.2.79'. [ 96.879616][ T763] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.115030][ T763] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.181077][ T5424] vlan2: entered promiscuous mode [ 97.201681][ T5424] dummy0: entered promiscuous mode [ 97.220351][ T5424] vlan2: entered allmulticast mode [ 97.231970][ T5424] dummy0: entered allmulticast mode [ 97.272802][ T5424] dummy0: left allmulticast mode [ 97.286477][ T5424] dummy0: left promiscuous mode [ 97.371055][ T763] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.608683][ T763] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.628933][ T5407] syz.1.78 (5407) used greatest stack depth: 19384 bytes left [ 98.163967][ T5401] chnl_net:caif_netlink_parms(): no params data found [ 98.304369][ T763] bridge_slave_1: left allmulticast mode [ 98.314933][ T763] bridge_slave_1: left promiscuous mode [ 98.328282][ T763] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.391118][ T763] bridge_slave_0: left allmulticast mode [ 98.405938][ T763] bridge_slave_0: left promiscuous mode [ 98.414700][ T763] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.496100][ T5101] Bluetooth: hci3: command tx timeout [ 99.122371][ T5485] netlink: 8 bytes leftover after parsing attributes in process `syz.1.100'. [ 99.433304][ T763] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 99.473252][ T5492] netlink: 'syz.2.101': attribute type 11 has an invalid length. [ 99.505842][ T5492] netlink: 224 bytes leftover after parsing attributes in process `syz.2.101'. [ 99.506446][ T763] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 99.554132][ T763] bond0 (unregistering): Released all slaves [ 99.729546][ T5482] netlink: 'syz.0.97': attribute type 13 has an invalid length. [ 100.316613][ T5524] netlink: 44 bytes leftover after parsing attributes in process `syz.0.107'. [ 100.393149][ T5530] netlink: 48 bytes leftover after parsing attributes in process `syz.4.112'. [ 100.463407][ T5401] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.506981][ T5401] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.514480][ T5401] bridge_slave_0: entered allmulticast mode [ 100.540384][ T5401] bridge_slave_0: entered promiscuous mode [ 100.575584][ T5101] Bluetooth: hci3: command tx timeout [ 100.612957][ T5546] netlink: 8 bytes leftover after parsing attributes in process `syz.4.112'. [ 100.660309][ T5542] x_tables: eb_tables: AUDIT.0 target: invalid size 8 (kernel) != (user) 0 [ 100.757622][ T5401] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.785995][ T5401] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.793341][ T5401] bridge_slave_1: entered allmulticast mode [ 100.828640][ T5401] bridge_slave_1: entered promiscuous mode [ 101.064565][ T763] hsr_slave_0: left promiscuous mode [ 101.079913][ T5567] xt_hashlimit: overflow, try lower: 0/0 [ 101.087196][ T763] hsr_slave_1: left promiscuous mode [ 101.104157][ T763] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 101.132582][ T763] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 101.168671][ T763] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 101.195383][ T763] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 101.291100][ T5569] netlink: 104 bytes leftover after parsing attributes in process `syz.0.121'. [ 101.295953][ T763] veth1_macvtap: left promiscuous mode [ 101.322646][ T763] veth0_macvtap: left promiscuous mode [ 101.340963][ T763] veth1_vlan: left promiscuous mode [ 101.356956][ T763] veth0_vlan: left promiscuous mode [ 102.267259][ T763] team0 (unregistering): Port device team_slave_1 removed [ 102.312131][ T763] team0 (unregistering): Port device team_slave_0 removed [ 102.661014][ T5101] Bluetooth: hci3: command tx timeout [ 102.910088][ T5401] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.952801][ T5401] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.169511][ T5401] team0: Port device team_slave_0 added [ 103.200300][ T5401] team0: Port device team_slave_1 added [ 103.393814][ T5401] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.423319][ T5401] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.511149][ T5401] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.531828][ T5625] netlink: 24 bytes leftover after parsing attributes in process `syz.2.142'. [ 103.627966][ T5401] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.635077][ T5401] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.693363][ T5401] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.819395][ T5401] hsr_slave_0: entered promiscuous mode [ 103.840072][ T5401] hsr_slave_1: entered promiscuous mode [ 103.857344][ T5401] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 103.864987][ T5401] Cannot create hsr debugfs directory [ 104.509874][ T5667] netlink: 8 bytes leftover after parsing attributes in process `syz.4.153'. [ 104.735695][ T53] Bluetooth: hci3: command tx timeout [ 104.883464][ T5687] netlink: 'syz.4.158': attribute type 1 has an invalid length. [ 104.892928][ T5687] netlink: 9352 bytes leftover after parsing attributes in process `syz.4.158'. [ 104.904595][ T5687] netlink: 'syz.4.158': attribute type 1 has an invalid length. [ 104.931063][ T5687] netlink: 'syz.4.158': attribute type 2 has an invalid length. [ 104.954950][ T5687] netlink: 4 bytes leftover after parsing attributes in process `syz.4.158'. [ 105.056743][ T5694] netlink: 'syz.0.159': attribute type 1 has an invalid length. [ 105.085719][ T5694] netlink: 'syz.0.159': attribute type 2 has an invalid length. [ 105.254532][ T5401] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 105.288934][ T5698] netlink: 8 bytes leftover after parsing attributes in process `syz.4.161'. [ 105.344343][ T5698] mac80211_hwsim hwsim9 wlan0: entered promiscuous mode [ 105.379122][ T5709] netlink: 'syz.0.164': attribute type 1 has an invalid length. [ 105.435930][ T5709] netlink: 224 bytes leftover after parsing attributes in process `syz.0.164'. [ 105.457120][ T5698] macvlan2: entered allmulticast mode [ 105.519194][ T5698] mac80211_hwsim hwsim9 wlan0: entered allmulticast mode [ 105.533461][ T5401] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 105.785890][ T5401] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 105.865010][ T5401] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 105.896223][ T5722] netlink: 8 bytes leftover after parsing attributes in process `syz.2.168'. [ 106.284301][ T5720] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 106.364302][ T5401] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.463229][ T5401] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.522739][ T5157] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.530720][ T5157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.574752][ T5747] netlink: 24 bytes leftover after parsing attributes in process `syz.1.175'. [ 106.680079][ T5157] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.687383][ T5157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.754034][ T5753] netlink: 32 bytes leftover after parsing attributes in process `syz.0.176'. [ 106.765111][ T5756] netlink: 24 bytes leftover after parsing attributes in process `syz.0.176'. [ 106.800989][ T5749] trusted_key: syz.0.176 sent an empty control message without MSG_MORE. [ 106.818527][ T53] Bluetooth: hci3: command 0x0405 tx timeout [ 106.900162][ T5758] netlink: 4 bytes leftover after parsing attributes in process `syz.4.177'. [ 106.953853][ T5758] xfrm1: entered promiscuous mode [ 106.967528][ T5758] xfrm1: entered allmulticast mode [ 106.998913][ T5765] netlink: 32 bytes leftover after parsing attributes in process `syz.4.177'. [ 107.046853][ T5770] Zero length message leads to an empty skb [ 107.096825][ T5771] netlink: 12 bytes leftover after parsing attributes in process `syz.2.178'. [ 107.116849][ T5770] netlink: 12 bytes leftover after parsing attributes in process `syz.2.178'. [ 107.152839][ T5401] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 107.265884][ T5783] ipvlan0: entered promiscuous mode [ 107.324124][ T5783] ipvlan0: left promiscuous mode [ 107.393940][ T5792] netlink: 8 bytes leftover after parsing attributes in process `syz.0.183'. [ 107.811435][ T5401] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 107.990773][ T5401] veth0_vlan: entered promiscuous mode [ 108.052983][ T5401] veth1_vlan: entered promiscuous mode [ 108.219262][ T5401] veth0_macvtap: entered promiscuous mode [ 108.258010][ T5401] veth1_macvtap: entered promiscuous mode [ 108.349988][ T5401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 108.374549][ T5401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.405536][ T5401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 108.428216][ T5401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.449090][ T5401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 108.461860][ T5841] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 108.469024][ T5842] FAULT_INJECTION: forcing a failure. [ 108.469024][ T5842] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 108.478573][ T5401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.507251][ T5842] CPU: 1 PID: 5842 Comm: syz.0.193 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 108.518106][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 108.528580][ T5842] Call Trace: [ 108.531969][ T5842] [ 108.534908][ T5842] dump_stack_lvl+0x241/0x360 [ 108.539728][ T5842] ? __pfx_dump_stack_lvl+0x10/0x10 [ 108.545040][ T5842] ? __pfx__printk+0x10/0x10 [ 108.549962][ T5842] ? __pfx_lock_release+0x10/0x10 [ 108.555333][ T5842] should_fail_ex+0x3b0/0x4e0 [ 108.560260][ T5842] _copy_from_iter+0x1f6/0x1960 [ 108.565259][ T5842] ? __virt_addr_valid+0x183/0x520 [ 108.570581][ T5842] ? __pfx_lock_release+0x10/0x10 [ 108.575637][ T5842] ? __alloc_skb+0x28f/0x440 [ 108.580765][ T5842] ? __pfx__copy_from_iter+0x10/0x10 [ 108.586163][ T5842] ? __virt_addr_valid+0x183/0x520 [ 108.591378][ T5842] ? __virt_addr_valid+0x183/0x520 [ 108.596621][ T5842] ? __virt_addr_valid+0x44e/0x520 [ 108.601776][ T5842] ? __check_object_size+0x49c/0x900 [ 108.607142][ T5842] netlink_sendmsg+0x73d/0xcb0 [ 108.611949][ T5842] ? __pfx_netlink_sendmsg+0x10/0x10 [ 108.617292][ T5842] ? __import_iovec+0x536/0x820 [ 108.622202][ T5842] ? aa_sock_msg_perm+0x91/0x160 [ 108.627189][ T5842] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 108.632714][ T5842] ? security_socket_sendmsg+0x87/0xb0 [ 108.638404][ T5842] ? __pfx_netlink_sendmsg+0x10/0x10 [ 108.643780][ T5842] __sock_sendmsg+0x221/0x270 [ 108.648844][ T5842] ____sys_sendmsg+0x525/0x7d0 [ 108.654374][ T5842] ? __pfx_____sys_sendmsg+0x10/0x10 [ 108.661107][ T5842] __sys_sendmsg+0x2b0/0x3a0 [ 108.667279][ T5842] ? __pfx___sys_sendmsg+0x10/0x10 [ 108.672708][ T5842] ? vfs_write+0x7c4/0xc90 [ 108.677255][ T5842] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 108.683755][ T5842] ? do_syscall_64+0x100/0x230 [ 108.688560][ T5842] ? do_syscall_64+0xb6/0x230 [ 108.693265][ T5842] do_syscall_64+0xf3/0x230 [ 108.697826][ T5842] ? clear_bhb_loop+0x35/0x90 [ 108.702587][ T5842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.708515][ T5842] RIP: 0033:0x7fdccb975bd9 [ 108.712950][ T5842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.732583][ T5842] RSP: 002b:00007fdccc799048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 108.741054][ T5842] RAX: ffffffffffffffda RBX: 00007fdccbb03f60 RCX: 00007fdccb975bd9 [ 108.749107][ T5842] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000004 [ 108.757128][ T5842] RBP: 00007fdccc7990a0 R08: 0000000000000000 R09: 0000000000000000 [ 108.765263][ T5842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.773287][ T5842] R13: 000000000000000b R14: 00007fdccbb03f60 R15: 00007ffc9c9c0dd8 [ 108.781296][ T5842] [ 108.802279][ T5401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 108.819505][ T5401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 108.877835][ T5401] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.952471][ T5401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 108.995084][ T5401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.018270][ T5401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.041898][ T5401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.082026][ T5401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.123692][ T5401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.139940][ T5401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 109.162102][ T5401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 109.199427][ T5401] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.233576][ T5401] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.278579][ T5401] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.325134][ T5401] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.355584][ T5401] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.534569][ T5877] Bluetooth: MGMT ver 1.22 [ 109.673502][ T2846] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.702825][ T2846] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.797116][ T2447] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.805388][ T2447] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.963405][ T5881] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 110.065068][ T5881] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 110.099136][ T5901] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 110.130640][ T5881] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 110.161332][ T5901] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 110.191471][ T5901] gretap1: entered promiscuous mode [ 110.220536][ T5901] gretap1: entered allmulticast mode [ 110.381308][ T5912] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 110.424677][ T5912] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 110.467882][ T5912] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 110.483285][ T5912] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 110.494977][ T5912] netdevsim netdevsim1 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 110.506386][ T5912] netdevsim netdevsim1 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 110.536281][ T5912] netdevsim netdevsim1 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 110.566850][ T5912] netdevsim netdevsim1 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 110.580024][ T5912] geneve2: entered promiscuous mode [ 110.607538][ T5912] geneve2: entered allmulticast mode [ 110.633435][ T5923] netlink: 'syz.2.213': attribute type 10 has an invalid length. [ 110.653894][ T5923] team0: Device netdevsim0 is up. Set it down before adding it as a team port [ 110.692171][ T5926] macsec1: entered promiscuous mode [ 110.702291][ T5926] macvlan0: entered promiscuous mode [ 110.716853][ T5926] macvlan0: left promiscuous mode [ 110.957779][ T5941] __nla_validate_parse: 5 callbacks suppressed [ 110.957803][ T5941] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.218'. [ 111.133214][ T5950] netlink: 9 bytes leftover after parsing attributes in process `syz.4.222'. [ 111.438076][ T5962] batadv1: entered allmulticast mode [ 111.579212][ T5978] Driver unsupported XDP return value 0 on prog (id 59) dev N/A, expect packet loss! [ 111.936211][ T5992] netlink: 32 bytes leftover after parsing attributes in process `syz.1.235'. [ 111.990009][ T5998] netlink: 'syz.3.238': attribute type 4 has an invalid length. [ 112.156919][ T6005] IPv6: Can't replace route, no match found [ 112.311907][ T6012] netlink: 20 bytes leftover after parsing attributes in process `syz.1.244'. [ 112.431244][ T6018] xt_HMARK: spi-set and port-set can't be combined [ 112.986637][ T6047] FAULT_INJECTION: forcing a failure. [ 112.986637][ T6047] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 113.012033][ T6047] CPU: 1 PID: 6047 Comm: syz.2.254 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 113.022885][ T6047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 113.033073][ T6047] Call Trace: [ 113.036473][ T6047] [ 113.039471][ T6047] dump_stack_lvl+0x241/0x360 [ 113.044208][ T6047] ? __pfx_dump_stack_lvl+0x10/0x10 [ 113.049469][ T6047] ? __pfx__printk+0x10/0x10 [ 113.054116][ T6047] ? __pfx_lock_release+0x10/0x10 [ 113.057460][ T6048] netlink: 6 bytes leftover after parsing attributes in process `syz.1.255'. [ 113.059177][ T6047] should_fail_ex+0x3b0/0x4e0 [ 113.072903][ T6047] _copy_from_user+0x2f/0xe0 [ 113.077559][ T6047] copy_msghdr_from_user+0xae/0x680 [ 113.082834][ T6047] ? __pfx___might_resched+0x10/0x10 [ 113.088301][ T6047] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 113.094264][ T6047] ? __might_fault+0xaa/0x120 [ 113.098997][ T6047] do_recvmmsg+0x40f/0xae0 [ 113.101951][ T6048] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 113.103440][ T6047] ? __pfx_lock_release+0x10/0x10 [ 113.103479][ T6047] ? __pfx_do_recvmmsg+0x10/0x10 [ 113.128959][ T6047] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 113.134940][ T6047] ? ksys_write+0x23e/0x2c0 [ 113.139491][ T6047] ? __pfx_lock_release+0x10/0x10 [ 113.144566][ T6047] ? vfs_write+0x7c4/0xc90 [ 113.149040][ T6047] ? __mutex_unlock_slowpath+0x21d/0x750 [ 113.154927][ T6047] ? __fget_files+0x3f6/0x470 [ 113.159789][ T6047] __x64_sys_recvmmsg+0x199/0x250 [ 113.164891][ T6047] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 113.170485][ T6047] ? do_syscall_64+0x100/0x230 [ 113.175301][ T6047] ? do_syscall_64+0xb6/0x230 [ 113.180206][ T6047] do_syscall_64+0xf3/0x230 [ 113.184885][ T6047] ? clear_bhb_loop+0x35/0x90 [ 113.189617][ T6047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.196180][ T6047] RIP: 0033:0x7fcabfb75bd9 [ 113.200653][ T6047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.220581][ T6047] RSP: 002b:00007fcabf5ff048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 113.229272][ T6047] RAX: ffffffffffffffda RBX: 00007fcabfd04038 RCX: 00007fcabfb75bd9 [ 113.237377][ T6047] RDX: 0000000000000414 RSI: 0000000020000840 RDI: 0000000000000003 [ 113.245536][ T6047] RBP: 00007fcabf5ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 113.253556][ T6047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 113.261877][ T6047] R13: 000000000000006e R14: 00007fcabfd04038 R15: 00007ffe346a8c68 [ 113.269919][ T6047] [ 113.659352][ T6076] syzkaller1: entered promiscuous mode [ 113.684201][ T6076] syzkaller1: entered allmulticast mode [ 113.916359][ T6081] netlink: 'syz.4.264': attribute type 4 has an invalid length. [ 114.179135][ T6095] FAULT_INJECTION: forcing a failure. [ 114.179135][ T6095] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 114.214738][ T6095] CPU: 1 PID: 6095 Comm: syz.2.269 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 114.225161][ T6095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 114.236042][ T6095] Call Trace: [ 114.239355][ T6095] [ 114.242396][ T6095] dump_stack_lvl+0x241/0x360 [ 114.247232][ T6095] ? __pfx_dump_stack_lvl+0x10/0x10 [ 114.252674][ T6095] ? __pfx__printk+0x10/0x10 [ 114.257336][ T6095] ? __pfx_lock_release+0x10/0x10 [ 114.262597][ T6095] should_fail_ex+0x3b0/0x4e0 [ 114.267338][ T6095] _copy_from_iter+0x1f6/0x1960 [ 114.272256][ T6095] ? __virt_addr_valid+0x183/0x520 [ 114.277545][ T6095] ? __pfx_lock_release+0x10/0x10 [ 114.282618][ T6095] ? __alloc_skb+0x28f/0x440 [ 114.287426][ T6095] ? __pfx__copy_from_iter+0x10/0x10 [ 114.292755][ T6095] ? __virt_addr_valid+0x183/0x520 [ 114.298258][ T6095] ? __virt_addr_valid+0x183/0x520 [ 114.303509][ T6095] ? __virt_addr_valid+0x44e/0x520 [ 114.308760][ T6095] ? __check_object_size+0x49c/0x900 [ 114.314194][ T6095] netlink_sendmsg+0x73d/0xcb0 [ 114.319070][ T6095] ? __pfx_netlink_sendmsg+0x10/0x10 [ 114.324546][ T6095] ? __import_iovec+0x536/0x820 [ 114.329453][ T6095] ? aa_sock_msg_perm+0x91/0x160 [ 114.334705][ T6095] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 114.340028][ T6095] ? security_socket_sendmsg+0x87/0xb0 [ 114.345694][ T6095] ? __pfx_netlink_sendmsg+0x10/0x10 [ 114.351352][ T6095] __sock_sendmsg+0x221/0x270 [ 114.356052][ T6095] ____sys_sendmsg+0x525/0x7d0 [ 114.360963][ T6095] ? __pfx_____sys_sendmsg+0x10/0x10 [ 114.366367][ T6095] __sys_sendmsg+0x2b0/0x3a0 [ 114.371068][ T6095] ? __pfx___sys_sendmsg+0x10/0x10 [ 114.376283][ T6095] ? vfs_write+0x7c4/0xc90 [ 114.380974][ T6095] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 114.387477][ T6095] ? do_syscall_64+0x100/0x230 [ 114.392401][ T6095] ? do_syscall_64+0xb6/0x230 [ 114.397183][ T6095] do_syscall_64+0xf3/0x230 [ 114.401724][ T6095] ? clear_bhb_loop+0x35/0x90 [ 114.406508][ T6095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.412521][ T6095] RIP: 0033:0x7fcabfb75bd9 [ 114.417035][ T6095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.437356][ T6095] RSP: 002b:00007fcac0860048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 114.445877][ T6095] RAX: ffffffffffffffda RBX: 00007fcabfd03f60 RCX: 00007fcabfb75bd9 [ 114.453944][ T6095] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 114.462044][ T6095] RBP: 00007fcac08600a0 R08: 0000000000000000 R09: 0000000000000000 [ 114.470208][ T6095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.478401][ T6095] R13: 000000000000000b R14: 00007fcabfd03f60 R15: 00007ffe346a8c68 [ 114.486676][ T6095] [ 115.465943][ T6136] tipc: Started in network mode [ 115.471054][ T6136] tipc: Node identity 0300000003, cluster identity 4711 [ 115.506726][ T6137] netlink: 12 bytes leftover after parsing attributes in process `syz.3.281'. [ 115.516352][ T6136] tipc: Enabling of bearer rejected, failed to enable media [ 115.873181][ T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 115.883990][ T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 115.893899][ T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 115.913145][ T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 115.921660][ T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 115.929508][ T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 116.116464][ T6158] netlink: 44 bytes leftover after parsing attributes in process `syz.3.286'. [ 116.290719][ T2449] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.543628][ T2449] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.759353][ T2449] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.801302][ T6148] chnl_net:caif_netlink_parms(): no params data found [ 116.878986][ T2449] netdevsim netdevsim4 netdevsim0 (unregistering): left promiscuous mode [ 116.906614][ T2449] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.974902][ T6184] netlink: 'syz.2.292': attribute type 13 has an invalid length. [ 117.395948][ T6148] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.436908][ T6148] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.453023][ T6198] netlink: 8 bytes leftover after parsing attributes in process `syz.1.297'. [ 117.467806][ T6148] bridge_slave_0: entered allmulticast mode [ 117.491785][ T6148] bridge_slave_0: entered promiscuous mode [ 117.527401][ T6148] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.555849][ T6148] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.563509][ T6148] bridge_slave_1: entered allmulticast mode [ 117.599437][ T6148] bridge_slave_1: entered promiscuous mode [ 117.661697][ T2449] bridge_slave_1: left allmulticast mode [ 117.682021][ T2449] bridge_slave_1: left promiscuous mode [ 117.706901][ T2449] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.819989][ T2449] bridge_slave_0: left allmulticast mode [ 117.845551][ T2449] bridge_slave_0: left promiscuous mode [ 117.851985][ T2449] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.017774][ T5101] Bluetooth: hci1: command tx timeout [ 118.290531][ T2449] ip6gretap0 (unregistering): left promiscuous mode [ 118.668264][ T6225] netlink: 8 bytes leftover after parsing attributes in process `syz.0.308'. [ 118.800623][ T2449] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 118.814006][ T2449] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 118.828197][ T2449] bond0 (unregistering): Released all slaves [ 118.899471][ T6148] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 118.948939][ T6148] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 118.967584][ T2449] Êü: left promiscuous mode [ 119.103527][ T6148] team0: Port device team_slave_0 added [ 119.114414][ T6148] team0: Port device team_slave_1 added [ 119.174226][ T6239] netlink: 84 bytes leftover after parsing attributes in process `syz.3.313'. [ 119.320412][ T6239] netlink: 8 bytes leftover after parsing attributes in process `syz.3.313'. [ 119.354738][ T6148] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 119.376915][ T6148] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 119.443899][ T6148] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 119.539279][ T2449] mac80211_hwsim hwsim9 wlan0 (unregistering): left promiscuous mode [ 119.665259][ T6148] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 119.677730][ T6148] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 119.741022][ T6148] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 119.869160][ T2449] hsr_slave_0: left promiscuous mode [ 119.885732][ T2449] hsr_slave_1: left promiscuous mode [ 119.898745][ T2449] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 119.921822][ T2449] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 119.953664][ T2449] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 119.969243][ T2449] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 120.022118][ T2449] veth1_macvtap: left promiscuous mode [ 120.042150][ T2449] veth0_macvtap: left promiscuous mode [ 120.065817][ T2449] veth1_vlan: left promiscuous mode [ 120.080323][ T2449] veth0_vlan: left promiscuous mode [ 120.096041][ T53] Bluetooth: hci1: command tx timeout [ 120.828949][ T2449] team0 (unregistering): Port device team_slave_1 removed [ 120.882255][ T2449] team0 (unregistering): Port device team_slave_0 removed [ 121.321897][ T6270] netlink: 12 bytes leftover after parsing attributes in process `syz.2.320'. [ 121.333291][ T6269] netlink: 12 bytes leftover after parsing attributes in process `syz.2.320'. [ 121.487920][ T6291] syzkaller0: entered promiscuous mode [ 121.493887][ T6291] syzkaller0: entered allmulticast mode [ 122.175929][ T53] Bluetooth: hci1: command 0x040f tx timeout [ 122.607791][ T6311] syz.0.330 (6311) used greatest stack depth: 18880 bytes left [ 123.574950][ T6148] hsr_slave_0: entered promiscuous mode [ 123.598254][ T6148] hsr_slave_1: entered promiscuous mode [ 123.622840][ T6148] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 123.641125][ T6148] Cannot create hsr debugfs directory [ 123.654840][ T6302] netlink: 'syz.0.330': attribute type 13 has an invalid length. [ 123.824868][ T6321] netlink: 232 bytes leftover after parsing attributes in process `syz.1.336'. [ 123.871463][ T6321] netlink: 72 bytes leftover after parsing attributes in process `syz.1.336'. [ 124.077000][ T6327] netlink: 4 bytes leftover after parsing attributes in process `syz.1.340'. [ 124.169034][ T6332] netlink: 24 bytes leftover after parsing attributes in process `syz.0.337'. [ 124.265718][ T5101] Bluetooth: hci1: command 0x040f tx timeout [ 124.576032][ T6350] netlink: 104 bytes leftover after parsing attributes in process `syz.0.347'. [ 124.892178][ T6353] netlink: 48 bytes leftover after parsing attributes in process `syz.0.348'. [ 125.361792][ T6148] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 125.452455][ T6148] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 125.481898][ T6363] syzkaller1: entered promiscuous mode [ 125.493860][ T6363] syzkaller1: entered allmulticast mode [ 125.511019][ T6148] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 125.542608][ T6148] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 125.889951][ T6378] IPv4: Oversized IP packet from 127.202.26.0 [ 125.902805][ T6381] netlink: 16 bytes leftover after parsing attributes in process `syz.3.355'. [ 126.078180][ T6390] netlink: 12 bytes leftover after parsing attributes in process `syz.0.358'. [ 126.176325][ T6390] IPVS: persistence engine module ip_vs_pe_ not found [ 126.183020][ T6148] 8021q: adding VLAN 0 to HW filter on device bond0 [ 126.204829][ T6381] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 126.252678][ T6385] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 126.283532][ T6381] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 126.313958][ T6148] 8021q: adding VLAN 0 to HW filter on device team0 [ 126.354734][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.362082][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.443178][ T5102] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.450649][ T5102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.553417][ T6406] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.365'. [ 126.599489][ T6148] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 126.776178][ T6416] netlink: 'syz.0.369': attribute type 13 has an invalid length. [ 126.879857][ T6423] ip6gretap0: entered promiscuous mode [ 126.900655][ T6423] macsec1: entered promiscuous mode [ 126.916713][ T6423] macsec1: entered allmulticast mode [ 126.933897][ T6423] ip6gretap0: entered allmulticast mode [ 126.966434][ T6423] ip6gretap0: left allmulticast mode [ 126.986213][ T6423] ip6gretap0: left promiscuous mode [ 127.186150][ T6148] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 127.276913][ T6436] FAULT_INJECTION: forcing a failure. [ 127.276913][ T6436] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 127.330987][ T6436] CPU: 0 PID: 6436 Comm: syz.3.375 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 127.342464][ T6436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 127.353089][ T6436] Call Trace: [ 127.356633][ T6436] [ 127.359603][ T6436] dump_stack_lvl+0x241/0x360 [ 127.364446][ T6436] ? __pfx_dump_stack_lvl+0x10/0x10 [ 127.369898][ T6436] ? __pfx__printk+0x10/0x10 [ 127.374546][ T6436] ? __pfx_lock_release+0x10/0x10 [ 127.380154][ T6436] should_fail_ex+0x3b0/0x4e0 [ 127.385133][ T6436] _copy_from_user+0x2f/0xe0 [ 127.389927][ T6436] copy_msghdr_from_user+0xae/0x680 [ 127.395196][ T6436] ? __pfx___might_resched+0x10/0x10 [ 127.400551][ T6436] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 127.406686][ T6436] ? __might_fault+0xaa/0x120 [ 127.411620][ T6436] do_recvmmsg+0x40f/0xae0 [ 127.416285][ T6436] ? __pfx_lock_release+0x10/0x10 [ 127.421476][ T6436] ? __pfx_do_recvmmsg+0x10/0x10 [ 127.427314][ T6436] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 127.434044][ T6436] ? ksys_write+0x23e/0x2c0 [ 127.439452][ T6436] ? __pfx_lock_release+0x10/0x10 [ 127.444919][ T6436] ? vfs_write+0x7c4/0xc90 [ 127.449412][ T6436] ? __mutex_unlock_slowpath+0x21d/0x750 [ 127.455405][ T6436] ? __fget_files+0x3f6/0x470 [ 127.460364][ T6436] __x64_sys_recvmmsg+0x199/0x250 [ 127.465805][ T6436] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 127.471546][ T6436] ? do_syscall_64+0x100/0x230 [ 127.476461][ T6436] ? do_syscall_64+0xb6/0x230 [ 127.481259][ T6436] do_syscall_64+0xf3/0x230 [ 127.485925][ T6436] ? clear_bhb_loop+0x35/0x90 [ 127.491292][ T6436] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.497946][ T6436] RIP: 0033:0x7fad1e775bd9 [ 127.502445][ T6436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.523793][ T6436] RSP: 002b:00007fad1f5bd048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 127.532723][ T6436] RAX: ffffffffffffffda RBX: 00007fad1e903f60 RCX: 00007fad1e775bd9 [ 127.541034][ T6436] RDX: 0000000000000414 RSI: 0000000020000840 RDI: 0000000000000003 [ 127.549117][ T6436] RBP: 00007fad1f5bd0a0 R08: 0000000000000000 R09: 0000000000000000 [ 127.557568][ T6436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 127.566121][ T6436] R13: 000000000000000b R14: 00007fad1e903f60 R15: 00007ffd41b5dcd8 [ 127.574881][ T6436] [ 127.596668][ T6444] netlink: 76 bytes leftover after parsing attributes in process `syz.1.377'. [ 127.621419][ T6444] Êü: entered promiscuous mode [ 127.943748][ T6455] netlink: 'syz.1.383': attribute type 13 has an invalid length. [ 127.950637][ T6456] netlink: 16 bytes leftover after parsing attributes in process `syz.2.382'. [ 128.071560][ T6456] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 128.164268][ T6466] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 128.236998][ T6468] netlink: 'syz.0.385': attribute type 7 has an invalid length. [ 128.244734][ T6468] netlink: 'syz.0.385': attribute type 39 has an invalid length. [ 128.265729][ T6456] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 128.375444][ T6148] veth0_vlan: entered promiscuous mode [ 128.391369][ T6471] netlink: 36 bytes leftover after parsing attributes in process `syz.3.386'. [ 128.420947][ T6148] veth1_vlan: entered promiscuous mode [ 128.538734][ T6148] veth0_macvtap: entered promiscuous mode [ 128.561739][ T6148] veth1_macvtap: entered promiscuous mode [ 128.628605][ T6148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.670738][ T6148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.706178][ T6148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.728614][ T6148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.765521][ T6148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.795605][ T6148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.825486][ T6148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.848742][ T6148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.867865][ T6148] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 128.934632][ T6148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 128.968117][ T6148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.020621][ T6148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.049443][ T6148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.073918][ T6148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.098396][ T6148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.121623][ T6148] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.151141][ T6148] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.156627][ T6489] netlink: 'syz.2.394': attribute type 3 has an invalid length. [ 129.192629][ T6148] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 129.197361][ T6489] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.394'. [ 129.237967][ T6493] netlink: 188 bytes leftover after parsing attributes in process `syz.0.396'. [ 129.259287][ T6493] netlink: 'syz.0.396': attribute type 1 has an invalid length. [ 129.279007][ T6148] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.300421][ T6493] netlink: 20 bytes leftover after parsing attributes in process `syz.0.396'. [ 129.312193][ T6148] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.322088][ T6148] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.334324][ T6148] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.348679][ T6497] netlink: 4 bytes leftover after parsing attributes in process `syz.3.397'. [ 129.389011][ T6489] IPVS: length: 192 != 8 [ 129.420367][ T6495] netlink: 'syz.1.395': attribute type 13 has an invalid length. [ 129.624014][ T2447] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.653518][ T2447] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.729836][ T6510] netlink: 20 bytes leftover after parsing attributes in process `syz.2.400'. [ 129.751523][ T2447] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.763328][ T6510] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 129.774157][ T2447] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.785776][ T6512] smc: net device ip6_vti0 applied user defined pnetid SYZ0 [ 129.953196][ T6516] netlink: 'syz.0.403': attribute type 8 has an invalid length. [ 130.021700][ T6520] netlink: 'syz.0.403': attribute type 8 has an invalid length. [ 130.134468][ T6524] syzkaller1: entered promiscuous mode [ 130.143261][ T6524] syzkaller1: entered allmulticast mode [ 130.205038][ T6526] FAULT_INJECTION: forcing a failure. [ 130.205038][ T6526] name failslab, interval 1, probability 0, space 0, times 0 [ 130.218267][ T6526] CPU: 0 PID: 6526 Comm: syz.0.406 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 130.228306][ T6526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 130.238598][ T6526] Call Trace: [ 130.242135][ T6526] [ 130.245135][ T6526] dump_stack_lvl+0x241/0x360 [ 130.249875][ T6526] ? __pfx_dump_stack_lvl+0x10/0x10 [ 130.255995][ T6526] ? __pfx__printk+0x10/0x10 [ 130.261555][ T6526] should_fail_ex+0x3b0/0x4e0 [ 130.267282][ T6526] ? skb_clone+0x20c/0x390 [ 130.272496][ T6526] should_failslab+0x9/0x20 [ 130.277317][ T6526] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 130.282757][ T6526] skb_clone+0x20c/0x390 [ 130.287045][ T6526] ? dev_queue_xmit_nit+0x220/0xc10 [ 130.292557][ T6526] dev_queue_xmit_nit+0x419/0xc10 [ 130.297809][ T6526] ? dev_queue_xmit_nit+0x2b/0xc10 [ 130.302984][ T6526] ? validate_xmit_skb+0x9f9/0x1120 [ 130.308343][ T6526] dev_hard_start_xmit+0x15f/0x7e0 [ 130.313520][ T6526] ? __pfx_validate_xmit_skb+0x10/0x10 [ 130.319761][ T6526] __dev_queue_xmit+0x1b63/0x3e90 [ 130.325296][ T6526] ? kasan_save_track+0x51/0x80 [ 130.330212][ T6526] ? do_syscall_64+0xf3/0x230 [ 130.335059][ T6526] ? __dev_queue_xmit+0x2da/0x3e90 [ 130.340234][ T6526] ? __pfx___dev_queue_xmit+0x10/0x10 [ 130.345870][ T6526] ? __copy_skb_header+0x437/0x5b0 [ 130.351242][ T6526] ? __asan_memcpy+0x40/0x70 [ 130.356510][ T6526] ? __copy_skb_header+0x437/0x5b0 [ 130.362133][ T6526] ? __skb_clone+0x454/0x6c0 [ 130.366827][ T6526] ? skb_clone+0x240/0x390 [ 130.371298][ T6526] __netlink_deliver_tap+0x54d/0x7c0 [ 130.376758][ T6526] ? netlink_deliver_tap+0x2e/0x1b0 [ 130.382504][ T6526] netlink_deliver_tap+0x19d/0x1b0 [ 130.387775][ T6526] netlink_unicast+0x7be/0x990 [ 130.392652][ T6526] ? __pfx_netlink_unicast+0x10/0x10 [ 130.398608][ T6526] ? __virt_addr_valid+0x183/0x520 [ 130.405300][ T6526] ? __check_object_size+0x49c/0x900 [ 130.410817][ T6526] ? bpf_lsm_netlink_send+0x9/0x10 [ 130.416347][ T6526] netlink_sendmsg+0x8e4/0xcb0 [ 130.422059][ T6526] ? __pfx_netlink_sendmsg+0x10/0x10 [ 130.427511][ T6526] ? __import_iovec+0x536/0x820 [ 130.433028][ T6526] ? aa_sock_msg_perm+0x91/0x160 [ 130.438376][ T6526] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 130.443835][ T6526] ? security_socket_sendmsg+0x87/0xb0 [ 130.449452][ T6526] ? __pfx_netlink_sendmsg+0x10/0x10 [ 130.454802][ T6526] __sock_sendmsg+0x221/0x270 [ 130.459542][ T6526] ____sys_sendmsg+0x525/0x7d0 [ 130.464547][ T6526] ? __pfx_____sys_sendmsg+0x10/0x10 [ 130.469928][ T6526] __sys_sendmsg+0x2b0/0x3a0 [ 130.474604][ T6526] ? __pfx___sys_sendmsg+0x10/0x10 [ 130.479804][ T6526] ? vfs_write+0x7c4/0xc90 [ 130.484291][ T6526] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 130.490864][ T6526] ? do_syscall_64+0x100/0x230 [ 130.495918][ T6526] ? do_syscall_64+0xb6/0x230 [ 130.500690][ T6526] do_syscall_64+0xf3/0x230 [ 130.505334][ T6526] ? clear_bhb_loop+0x35/0x90 [ 130.510077][ T6526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.516012][ T6526] RIP: 0033:0x7fdccb975bd9 [ 130.520565][ T6526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.540313][ T6526] RSP: 002b:00007fdccc799048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 130.548846][ T6526] RAX: ffffffffffffffda RBX: 00007fdccbb03f60 RCX: 00007fdccb975bd9 [ 130.557203][ T6526] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 130.565904][ T6526] RBP: 00007fdccc7990a0 R08: 0000000000000000 R09: 0000000000000000 [ 130.574171][ T6526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 130.583156][ T6526] R13: 000000000000000b R14: 00007fdccbb03f60 R15: 00007ffc9c9c0dd8 [ 130.591472][ T6526] [ 130.683019][ T6532] lo: Caught tx_queue_len zero misconfig [ 131.164904][ T6552] netlink: 148 bytes leftover after parsing attributes in process `syz.4.416'. [ 131.179625][ T6555] FAULT_INJECTION: forcing a failure. [ 131.179625][ T6555] name failslab, interval 1, probability 0, space 0, times 0 [ 131.197777][ T6555] CPU: 1 PID: 6555 Comm: syz.2.418 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 131.207954][ T6555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 131.218140][ T6555] Call Trace: [ 131.221463][ T6555] [ 131.224427][ T6555] dump_stack_lvl+0x241/0x360 [ 131.231253][ T6555] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.236667][ T6555] ? __pfx__printk+0x10/0x10 [ 131.241352][ T6555] should_fail_ex+0x3b0/0x4e0 [ 131.246797][ T6555] ? sctp_add_bind_addr+0x89/0x3a0 [ 131.252161][ T6555] should_failslab+0x9/0x20 [ 131.257170][ T6555] kmalloc_trace_noprof+0x6c/0x2c0 [ 131.262310][ T6555] sctp_add_bind_addr+0x89/0x3a0 [ 131.267430][ T6555] sctp_copy_local_addr_list+0x311/0x500 [ 131.273575][ T6555] ? sctp_copy_local_addr_list+0xab/0x500 [ 131.280884][ T6555] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 131.287788][ T6555] ? sctp_v6_is_any+0x60/0x70 [ 131.293055][ T6555] sctp_bind_addr_copy+0xad/0x3b0 [ 131.298352][ T6555] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 131.307592][ T6555] sctp_connect_new_asoc+0x2f3/0x6c0 [ 131.313854][ T6555] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 131.320535][ T6555] ? sctp_get_af_specific+0x2a/0x80 [ 131.326205][ T6555] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 131.333267][ T6555] __sctp_connect+0x66d/0xe30 [ 131.337989][ T6555] ? __local_bh_enable_ip+0x168/0x200 [ 131.343404][ T6555] ? __pfx___sctp_connect+0x10/0x10 [ 131.348712][ T6555] ? sctp_setsockopt+0x203/0x11c0 [ 131.353809][ T6555] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 131.359613][ T6555] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 131.365443][ T6555] ? security_sctp_bind_connect+0x90/0xb0 [ 131.371303][ T6555] sctp_setsockopt+0x465/0x11c0 [ 131.376262][ T6555] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 131.382228][ T6555] do_sock_setsockopt+0x3af/0x720 [ 131.387483][ T6555] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 131.393252][ T6555] ? __fget_files+0x29/0x470 [ 131.397887][ T6555] ? __fget_files+0x3f6/0x470 [ 131.402602][ T6555] __sys_setsockopt+0x1ae/0x250 [ 131.407530][ T6555] __x64_sys_setsockopt+0xb5/0xd0 [ 131.412613][ T6555] do_syscall_64+0xf3/0x230 [ 131.417141][ T6555] ? clear_bhb_loop+0x35/0x90 [ 131.421842][ T6555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.427814][ T6555] RIP: 0033:0x7fcabfb75bd9 [ 131.432298][ T6555] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.452071][ T6555] RSP: 002b:00007fcac0860048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 131.460868][ T6555] RAX: ffffffffffffffda RBX: 00007fcabfd03f60 RCX: 00007fcabfb75bd9 [ 131.469035][ T6555] RDX: 000000000000006b RSI: 0000000000000084 RDI: 0000000000000003 [ 131.477194][ T6555] RBP: 00007fcac08600a0 R08: 000000000000001c R09: 0000000000000000 [ 131.485263][ T6555] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000002 [ 131.493357][ T6555] R13: 000000000000000b R14: 00007fcabfd03f60 R15: 00007ffe346a8c68 [ 131.501361][ T6555] [ 131.525294][ T6552] netlink: 'syz.4.416': attribute type 2 has an invalid length. [ 131.567179][ T6552] __nla_validate_parse: 1 callbacks suppressed [ 131.567200][ T6552] netlink: 60 bytes leftover after parsing attributes in process `syz.4.416'. [ 131.666648][ T6559] netlink: 16 bytes leftover after parsing attributes in process `syz.2.419'. [ 131.694202][ T6559] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.738695][ T6563] netlink: 'syz.0.422': attribute type 1 has an invalid length. [ 131.777147][ T6559] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.793285][ T6567] netlink: 'syz.4.421': attribute type 13 has an invalid length. [ 131.804754][ T6559] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.902570][ T6571] netlink: 4 bytes leftover after parsing attributes in process `syz.1.424'. [ 131.926207][ T6573] netlink: 16 bytes leftover after parsing attributes in process `syz.3.425'. [ 131.972812][ T6573] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.040795][ T6573] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.076045][ T6573] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.149761][ T6579] vlan2: entered allmulticast mode [ 132.170028][ T6579] bridge0: port 3(vlan2) entered blocking state [ 132.185772][ T6579] bridge0: port 3(vlan2) entered disabled state [ 132.993561][ T6600] netlink: 4 bytes leftover after parsing attributes in process `syz.2.437'. [ 133.018143][ T6604] netlink: 16 bytes leftover after parsing attributes in process `syz.0.439'. [ 133.079723][ T6604] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 133.160101][ T6610] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 133.205737][ T6604] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 133.397631][ T6624] netlink: 8 bytes leftover after parsing attributes in process `syz.1.444'. [ 133.462274][ T1251] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.511245][ T6629] syzkaller1: entered promiscuous mode [ 133.523887][ T6629] syzkaller1: entered allmulticast mode [ 133.770377][ T6644] ip6gretap0: entered promiscuous mode [ 133.826987][ T6644] bridge0: entered promiscuous mode [ 134.208460][ T6678] netlink: 16 bytes leftover after parsing attributes in process `syz.0.465'. [ 134.229444][ T6683] netlink: 8 bytes leftover after parsing attributes in process `syz.4.463'. [ 134.257347][ T6678] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 134.364395][ T6678] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 134.393214][ T6678] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 135.015844][ T6710] netlink: 1021 bytes leftover after parsing attributes in process `syz.0.475'. [ 135.194301][ T6688] dccp_close: ABORT with 32 bytes unread [ 135.620846][ T6717] No such timeout policy "syz0" [ 136.557175][ T6728] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 136.627774][ T6731] __nla_validate_parse: 1 callbacks suppressed [ 136.627796][ T6731] netlink: 16 bytes leftover after parsing attributes in process `syz.1.485'. [ 136.742206][ T6731] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 136.766960][ T6747] netlink: 12 bytes leftover after parsing attributes in process `syz.3.490'. [ 136.820488][ T6742] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 136.848611][ T6731] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 137.746068][ T6811] netlink: 'syz.0.510': attribute type 4 has an invalid length. [ 137.754188][ T6811] netlink: 152 bytes leftover after parsing attributes in process `syz.0.510'. [ 137.785334][ T6811] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check. [ 137.842739][ T6811] xt_TCPMSS: Only works on TCP SYN packets [ 137.910980][ T6815] netlink: 'syz.2.512': attribute type 10 has an invalid length. [ 137.956446][ T6817] raw_sendmsg: syz.4.513 forgot to set AF_INET. Fix it! [ 138.101958][ T6815] team0: Port device wlan1 added [ 138.135685][ T6829] tipc: Started in network mode [ 138.140627][ T6829] tipc: Node identity , cluster identity 4711 [ 138.170703][ T6829] tipc: Failed to set node id, please configure manually [ 138.214846][ T6829] tipc: Enabling of bearer rejected, failed to enable media [ 138.350959][ T6842] netlink: 'syz.1.519': attribute type 13 has an invalid length. [ 139.254002][ T6878] netlink: 596 bytes leftover after parsing attributes in process `syz.2.529'. [ 139.382189][ T6879] netlink: 104 bytes leftover after parsing attributes in process `syz.0.528'. [ 140.192319][ T6925] netlink: 'syz.1.542': attribute type 13 has an invalid length. [ 140.319070][ T6928] veth1_macvtap: left promiscuous mode [ 140.340232][ T6928] macsec0: entered allmulticast mode [ 140.365386][ T6928] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 140.403413][ T5110] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 140.417267][ T5110] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 140.427338][ T5110] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 140.452613][ T5110] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 140.460731][ T5110] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 140.469482][ T5110] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 140.576298][ T6933] netlink: 24 bytes leftover after parsing attributes in process `syz.2.544'. [ 140.730130][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.968801][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.044171][ T6948] FAULT_INJECTION: forcing a failure. [ 141.044171][ T6948] name failslab, interval 1, probability 0, space 0, times 0 [ 141.095940][ T6948] CPU: 0 PID: 6948 Comm: syz.0.549 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 141.106196][ T6948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 141.116391][ T6948] Call Trace: [ 141.119975][ T6948] [ 141.123223][ T6948] dump_stack_lvl+0x241/0x360 [ 141.128003][ T6948] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.133272][ T6948] ? __pfx__printk+0x10/0x10 [ 141.138013][ T6948] ? ref_tracker_alloc+0x332/0x490 [ 141.143277][ T6948] should_fail_ex+0x3b0/0x4e0 [ 141.148116][ T6948] ? skb_clone+0x20c/0x390 [ 141.152609][ T6948] should_failslab+0x9/0x20 [ 141.157205][ T6948] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 141.162743][ T6948] skb_clone+0x20c/0x390 [ 141.167141][ T6948] __netlink_deliver_tap+0x3cc/0x7c0 [ 141.172549][ T6948] ? netlink_deliver_tap+0x2e/0x1b0 [ 141.177764][ T6948] netlink_deliver_tap+0x19d/0x1b0 [ 141.183036][ T6948] netlink_unicast+0x7be/0x990 [ 141.188042][ T6948] ? __pfx_netlink_unicast+0x10/0x10 [ 141.193346][ T6948] ? __virt_addr_valid+0x183/0x520 [ 141.198489][ T6948] ? __check_object_size+0x49c/0x900 [ 141.203789][ T6948] ? bpf_lsm_netlink_send+0x9/0x10 [ 141.209022][ T6948] netlink_sendmsg+0x8e4/0xcb0 [ 141.213920][ T6948] ? __pfx_netlink_sendmsg+0x10/0x10 [ 141.219401][ T6948] ? __import_iovec+0x536/0x820 [ 141.224548][ T6948] ? aa_sock_msg_perm+0x91/0x160 [ 141.229698][ T6948] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 141.234997][ T6948] ? security_socket_sendmsg+0x87/0xb0 [ 141.240473][ T6948] ? __pfx_netlink_sendmsg+0x10/0x10 [ 141.246410][ T6948] __sock_sendmsg+0x221/0x270 [ 141.252381][ T6948] ____sys_sendmsg+0x525/0x7d0 [ 141.257649][ T6948] ? __pfx_____sys_sendmsg+0x10/0x10 [ 141.263010][ T6948] __sys_sendmsg+0x2b0/0x3a0 [ 141.267667][ T6948] ? __pfx___sys_sendmsg+0x10/0x10 [ 141.272903][ T6948] ? vfs_write+0x7c4/0xc90 [ 141.277575][ T6948] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 141.284309][ T6948] ? do_syscall_64+0x100/0x230 [ 141.289368][ T6948] ? do_syscall_64+0xb6/0x230 [ 141.294094][ T6948] do_syscall_64+0xf3/0x230 [ 141.298667][ T6948] ? clear_bhb_loop+0x35/0x90 [ 141.303763][ T6948] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.309788][ T6948] RIP: 0033:0x7fdccb975bd9 [ 141.314221][ T6948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.334722][ T6948] RSP: 002b:00007fdccc799048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 141.343154][ T6948] RAX: ffffffffffffffda RBX: 00007fdccbb03f60 RCX: 00007fdccb975bd9 [ 141.351164][ T6948] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 141.359497][ T6948] RBP: 00007fdccc7990a0 R08: 0000000000000000 R09: 0000000000000000 [ 141.367598][ T6948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 141.375588][ T6948] R13: 000000000000000b R14: 00007fdccbb03f60 R15: 00007ffc9c9c0dd8 [ 141.383679][ T6948] [ 141.628710][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.711459][ T6961] netlink: 48 bytes leftover after parsing attributes in process `syz.0.552'. [ 141.838642][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.972548][ T6976] netlink: 16 bytes leftover after parsing attributes in process `syz.0.558'. [ 142.022099][ T6976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 142.093117][ T6976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 142.127485][ T12] bridge_slave_1: left allmulticast mode [ 142.133739][ T12] bridge_slave_1: left promiscuous mode [ 142.142490][ T6976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 142.158399][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.184839][ T12] bridge_slave_0: left allmulticast mode [ 142.190924][ T12] bridge_slave_0: left promiscuous mode [ 142.196979][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.498770][ T5110] Bluetooth: hci1: command tx timeout [ 142.793920][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 142.843471][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 142.904373][ T12] bond0 (unregistering): Released all slaves [ 142.975288][ T6930] chnl_net:caif_netlink_parms(): no params data found [ 143.016886][ T6986] netlink: 'syz.1.562': attribute type 13 has an invalid length. [ 143.190312][ T6997] netlink: 'syz.2.563': attribute type 13 has an invalid length. [ 143.666824][ T7013] netlink: 8 bytes leftover after parsing attributes in process `syz.3.569'. [ 143.814200][ T7020] netlink: 16 bytes leftover after parsing attributes in process `syz.0.570'. [ 143.933971][ T7026] netlink: 'syz.2.572': attribute type 8 has an invalid length. [ 143.942078][ T7026] netlink: 224 bytes leftover after parsing attributes in process `syz.2.572'. [ 144.014651][ T12] hsr_slave_0: left promiscuous mode [ 144.044681][ T12] hsr_slave_1: left promiscuous mode [ 144.055136][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 144.074236][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 144.084603][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 144.112383][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 144.144837][ T12] veth1_macvtap: left promiscuous mode [ 144.151865][ T12] veth0_macvtap: left promiscuous mode [ 144.158388][ T12] veth1_vlan: left promiscuous mode [ 144.163827][ T12] veth0_vlan: left promiscuous mode [ 144.576052][ T5110] Bluetooth: hci1: command tx timeout [ 144.793125][ T12] team0 (unregistering): Port device team_slave_1 removed [ 144.894114][ T12] team0 (unregistering): Port device team_slave_0 removed [ 145.410366][ T6930] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.420877][ T6930] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.431433][ T6930] bridge_slave_0: entered allmulticast mode [ 145.439735][ T6930] bridge_slave_0: entered promiscuous mode [ 145.458259][ T6930] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.467488][ T6930] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.474879][ T6930] bridge_slave_1: entered allmulticast mode [ 145.483934][ T6930] bridge_slave_1: entered promiscuous mode [ 145.493950][ T7023] netlink: 9 bytes leftover after parsing attributes in process `syz.3.571'. [ 145.516053][ T7023] 0·: renamed from hsr0 (while UP) [ 145.535144][ T7023] 0·: entered allmulticast mode [ 145.540977][ T7023] hsr_slave_0: entered allmulticast mode [ 145.555611][ T7023] hsr_slave_1: entered allmulticast mode [ 145.563567][ T7023] A link change request failed with some changes committed already. Interface 70· may have been left with an inconsistent configuration, please check. [ 145.592366][ T7045] netlink: 'syz.2.577': attribute type 13 has an invalid length. [ 145.769395][ T6930] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 145.819759][ T6930] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 145.985674][ T7065] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 146.031082][ T6930] team0: Port device team_slave_0 added [ 146.044456][ T6930] team0: Port device team_slave_1 added [ 146.206423][ T6930] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 146.228448][ T6930] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.265103][ T6930] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 146.298003][ T6930] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 146.318903][ T6930] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.353454][ T6930] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 146.432445][ T6930] hsr_slave_0: entered promiscuous mode [ 146.442499][ T6930] hsr_slave_1: entered promiscuous mode [ 146.450149][ T6930] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 146.458079][ T6930] Cannot create hsr debugfs directory [ 146.655740][ T5110] Bluetooth: hci1: command tx timeout [ 146.793904][ T7096] netlink: 'syz.3.592': attribute type 13 has an invalid length. [ 147.020807][ T7099] netlink: 'syz.1.593': attribute type 13 has an invalid length. [ 147.354391][ T6930] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 147.379668][ T6930] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 147.429696][ T6930] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 147.473761][ T6930] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 147.563461][ T7107] netlink: 84 bytes leftover after parsing attributes in process `syz.2.596'. [ 147.841324][ T7113] netlink: 'syz.0.598': attribute type 13 has an invalid length. [ 147.900485][ T7114] netlink: 8 bytes leftover after parsing attributes in process `syz.2.596'. [ 147.953484][ T6930] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.058897][ T6930] 8021q: adding VLAN 0 to HW filter on device team0 [ 148.095480][ T5157] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.102717][ T5157] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.167946][ T5157] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.175169][ T5157] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.461269][ T7125] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 148.735964][ T5101] Bluetooth: hci1: command tx timeout [ 148.884712][ T6930] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 149.420635][ T7154] netlink: 8 bytes leftover after parsing attributes in process `syz.0.607'. [ 149.426766][ T7158] netlink: 'syz.2.608': attribute type 13 has an invalid length. [ 149.506954][ T7162] netlink: 8 bytes leftover after parsing attributes in process `syz.3.609'. [ 149.720498][ T7169] netlink: 84 bytes leftover after parsing attributes in process `syz.3.611'. [ 149.882978][ T6930] veth0_vlan: entered promiscuous mode [ 149.915010][ T7174] netlink: 8 bytes leftover after parsing attributes in process `syz.3.611'. [ 149.937723][ T6930] veth1_vlan: entered promiscuous mode [ 149.956682][ T7173] netlink: 'syz.0.612': attribute type 13 has an invalid length. [ 150.121101][ T6930] veth0_macvtap: entered promiscuous mode [ 150.167527][ T6930] veth1_macvtap: entered promiscuous mode [ 150.256642][ T6930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.288400][ T6930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.316052][ T6930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.344855][ T6930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.347219][ T7181] netlink: 12 bytes leftover after parsing attributes in process `syz.1.613'. [ 150.367781][ T6930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.392382][ T6930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.419102][ T6930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 150.455878][ T6930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.491451][ T6930] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 150.563306][ T6930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.605542][ T6930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.637979][ T6930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.670875][ T6930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.715531][ T6930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.760434][ T6930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.808541][ T6930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 150.826127][ T5101] Bluetooth: hci1: command 0x0405 tx timeout [ 150.851863][ T6930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 150.895990][ T6930] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 150.912745][ T6930] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.927243][ T6930] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.945952][ T6930] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.955262][ T6930] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.159771][ T1093] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 151.179556][ T1093] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 151.395553][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 151.422645][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 151.578857][ T7221] netlink: 84 bytes leftover after parsing attributes in process `syz.0.625'. [ 151.812232][ T7228] netlink: 8 bytes leftover after parsing attributes in process `syz.0.625'. [ 153.053908][ T7238] syz.1.627 (7238) used greatest stack depth: 18840 bytes left [ 153.654299][ T7219] netlink: 'syz.3.623': attribute type 13 has an invalid length. [ 153.668743][ T7235] netlink: 'syz.1.627': attribute type 13 has an invalid length. [ 153.854000][ T7242] netlink: 'syz.0.629': attribute type 13 has an invalid length. [ 154.314710][ T7261] Cannot find add_set index 0 as target [ 154.484771][ T7267] netlink: 84 bytes leftover after parsing attributes in process `syz.1.638'. [ 154.536942][ T7265] netlink: 'syz.2.637': attribute type 13 has an invalid length. [ 154.618330][ T7273] netlink: 8 bytes leftover after parsing attributes in process `syz.1.638'. [ 155.297412][ T7287] netlink: 20 bytes leftover after parsing attributes in process `syz.0.642'. [ 156.877383][ T7282] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 157.213206][ T7318] netlink: 'syz.3.653': attribute type 13 has an invalid length. [ 157.247058][ T7317] netlink: 84 bytes leftover after parsing attributes in process `syz.1.654'. [ 157.399828][ T7335] netlink: 8 bytes leftover after parsing attributes in process `syz.1.654'. [ 157.650249][ T7344] netlink: 'syz.2.660': attribute type 8 has an invalid length. [ 157.773954][ T7347] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 157.956579][ T7353] tipc: Enabling of bearer rejected, failed to enable media [ 158.234852][ T7366] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 158.284110][ T7366] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 158.306021][ T7366] gretap1: entered promiscuous mode [ 158.311310][ T7366] gretap1: entered allmulticast mode [ 158.664131][ T7387] vlan3: entered promiscuous mode [ 158.671982][ T7387] bridge0: entered promiscuous mode [ 158.677886][ T7387] vlan3: entered allmulticast mode [ 158.683359][ T7387] bridge0: entered allmulticast mode [ 158.685668][ T7390] netlink: 84 bytes leftover after parsing attributes in process `syz.4.679'. [ 158.706419][ T7387] bridge0: left allmulticast mode [ 158.711613][ T7387] bridge0: left promiscuous mode [ 158.878490][ T7390] netlink: 8 bytes leftover after parsing attributes in process `syz.4.679'. [ 158.913081][ T7402] netlink: 'syz.0.681': attribute type 13 has an invalid length. [ 159.328007][ T7409] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 159.611741][ T7417] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.686'. [ 160.194195][ T7448] lo: entered promiscuous mode [ 160.229258][ T7449] netlink: 24 bytes leftover after parsing attributes in process `syz.1.699'. [ 160.301722][ T7451] netlink: 4 bytes leftover after parsing attributes in process `syz.1.699'. [ 160.352877][ T7451] netlink: 2 bytes leftover after parsing attributes in process `syz.1.699'. [ 160.397187][ T7460] netlink: 8 bytes leftover after parsing attributes in process `syz.4.704'. [ 160.482391][ T7458] netlink: 4 bytes leftover after parsing attributes in process `syz.3.703'. [ 160.508857][ T7464] netlink: 4 bytes leftover after parsing attributes in process `syz.4.706'. [ 160.571965][ T7467] netlink: 16 bytes leftover after parsing attributes in process `syz.0.707'. [ 160.590164][ T7467] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 160.644636][ T7470] netlink: 'syz.4.708': attribute type 13 has an invalid length. [ 160.693597][ T7471] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 161.399298][ T7502] openvswitch: netlink: Key type 89 is out of range max 32 [ 161.822062][ T7518] vlan2: entered promiscuous mode [ 161.833517][ T7518] bridge0: entered promiscuous mode [ 161.840428][ T7518] vlan2: entered allmulticast mode [ 161.852609][ T7518] bridge0: entered allmulticast mode [ 161.891153][ T7518] bridge0: left allmulticast mode [ 161.913224][ T7518] bridge0: left promiscuous mode [ 162.083240][ T7529] netlink: 16 bytes leftover after parsing attributes in process `syz.1.728'. [ 162.101186][ T7532] netlink: 20 bytes leftover after parsing attributes in process `syz.4.730'. [ 162.157553][ T7529] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 162.226631][ T7537] netlink: 'syz.3.733': attribute type 13 has an invalid length. [ 162.245747][ T7541] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 162.307503][ T7529] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 162.753917][ T7561] x_tables: ip6_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT/POSTROUTING [ 162.979223][ T7565] C: renamed from lo (while UP) [ 163.007274][ T7565] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 163.090758][ T7568] vlan3: entered promiscuous mode [ 163.103997][ T7568] bridge0: entered promiscuous mode [ 163.121476][ T7568] vlan3: entered allmulticast mode [ 163.130449][ T7568] bridge0: entered allmulticast mode [ 163.187200][ T7568] bridge0: left allmulticast mode [ 163.195727][ T7568] bridge0: left promiscuous mode [ 163.431101][ T7578] ipip0: entered promiscuous mode [ 163.527933][ T7585] FAULT_INJECTION: forcing a failure. [ 163.527933][ T7585] name failslab, interval 1, probability 0, space 0, times 0 [ 163.567731][ T7585] CPU: 0 PID: 7585 Comm: syz.4.750 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 163.577817][ T7585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 163.578319][ T7584] FAULT_INJECTION: forcing a failure. [ 163.578319][ T7584] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 163.588516][ T7585] Call Trace: [ 163.588602][ T7585] [ 163.588616][ T7585] dump_stack_lvl+0x241/0x360 [ 163.588653][ T7585] ? __pfx_dump_stack_lvl+0x10/0x10 [ 163.588679][ T7585] ? __pfx__printk+0x10/0x10 [ 163.588718][ T7585] should_fail_ex+0x3b0/0x4e0 [ 163.588762][ T7585] ? sctp_add_bind_addr+0x89/0x3a0 [ 163.588796][ T7585] should_failslab+0x9/0x20 [ 163.588817][ T7585] kmalloc_trace_noprof+0x6c/0x2c0 [ 163.588847][ T7585] sctp_add_bind_addr+0x89/0x3a0 [ 163.588885][ T7585] sctp_copy_local_addr_list+0x311/0x500 [ 163.588923][ T7585] ? sctp_copy_local_addr_list+0xab/0x500 [ 163.588957][ T7585] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 163.588995][ T7585] ? sctp_v4_is_any+0x35/0x60 [ 163.589036][ T7585] sctp_bind_addr_copy+0xad/0x3b0 [ 163.676276][ T7585] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 163.682796][ T7585] sctp_connect_new_asoc+0x2f3/0x6c0 [ 163.688139][ T7585] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 163.693997][ T7585] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 163.699859][ T7585] __sctp_connect+0x66d/0xe30 [ 163.704600][ T7585] ? __pfx___sctp_connect+0x10/0x10 [ 163.709851][ T7585] ? __might_fault+0xc6/0x120 [ 163.714593][ T7585] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 163.720198][ T7585] ? security_sctp_bind_connect+0x90/0xb0 [ 163.726009][ T7585] sctp_getsockopt_connectx3+0x46f/0x730 [ 163.731742][ T7585] ? __local_bh_enable_ip+0x168/0x200 [ 163.737165][ T7585] ? __pfx_sctp_getsockopt_connectx3+0x10/0x10 [ 163.743496][ T7585] ? __local_bh_enable_ip+0x168/0x200 [ 163.749098][ T7585] ? sctp_getsockopt+0x13a/0xbb0 [ 163.754084][ T7585] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 163.760045][ T7585] sctp_getsockopt+0x8de/0xbb0 [ 163.765035][ T7585] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 163.771082][ T7585] do_sock_getsockopt+0x373/0x850 [ 163.776173][ T7585] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 163.781786][ T7585] ? __fget_files+0x3f6/0x470 [ 163.786639][ T7585] __sys_getsockopt+0x271/0x330 [ 163.791644][ T7585] ? __pfx___sys_getsockopt+0x10/0x10 [ 163.797067][ T7585] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 163.803528][ T7585] ? do_syscall_64+0x100/0x230 [ 163.808355][ T7585] __x64_sys_getsockopt+0xb5/0xd0 [ 163.813531][ T7585] do_syscall_64+0xf3/0x230 [ 163.818091][ T7585] ? clear_bhb_loop+0x35/0x90 [ 163.822870][ T7585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.828890][ T7585] RIP: 0033:0x7fd34b375bd9 [ 163.833336][ T7585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.853285][ T7585] RSP: 002b:00007fd34c10a048 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 163.861752][ T7585] RAX: ffffffffffffffda RBX: 00007fd34b503f60 RCX: 00007fd34b375bd9 [ 163.869919][ T7585] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000003 [ 163.878110][ T7585] RBP: 00007fd34c10a0a0 R08: 0000000020000080 R09: 0000000000000000 [ 163.886434][ T7585] R10: 0000000020000100 R11: 0000000000000246 R12: 0000000000000002 [ 163.894561][ T7585] R13: 000000000000000b R14: 00007fd34b503f60 R15: 00007ffc0f87b5b8 [ 163.902592][ T7585] [ 163.907066][ T7584] CPU: 1 PID: 7584 Comm: syz.1.751 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 163.917629][ T7584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 163.927823][ T7584] Call Trace: [ 163.931667][ T7584] [ 163.935079][ T7584] dump_stack_lvl+0x241/0x360 [ 163.939848][ T7584] ? __pfx_dump_stack_lvl+0x10/0x10 [ 163.945113][ T7584] ? __pfx__printk+0x10/0x10 [ 163.949862][ T7584] ? __pfx_lock_release+0x10/0x10 [ 163.954950][ T7584] should_fail_ex+0x3b0/0x4e0 [ 163.959699][ T7584] _copy_from_user+0x2f/0xe0 [ 163.964435][ T7584] copy_msghdr_from_user+0xae/0x680 [ 163.969792][ T7584] ? __pfx___might_resched+0x10/0x10 [ 163.975141][ T7584] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 163.981010][ T7584] ? __might_fault+0xaa/0x120 [ 163.985741][ T7584] do_recvmmsg+0x40f/0xae0 [ 163.990207][ T7584] ? __pfx_lock_release+0x10/0x10 [ 163.995319][ T7584] ? __pfx_do_recvmmsg+0x10/0x10 [ 164.000716][ T7584] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 164.006677][ T7584] ? ksys_write+0x23e/0x2c0 [ 164.011229][ T7584] ? __pfx_lock_release+0x10/0x10 [ 164.016306][ T7584] ? vfs_write+0x7c4/0xc90 [ 164.020789][ T7584] ? __mutex_unlock_slowpath+0x21d/0x750 [ 164.026502][ T7584] ? __fget_files+0x3f6/0x470 [ 164.031356][ T7584] __x64_sys_recvmmsg+0x199/0x250 [ 164.036534][ T7584] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 164.042169][ T7584] ? do_syscall_64+0x100/0x230 [ 164.046984][ T7584] ? do_syscall_64+0xb6/0x230 [ 164.051828][ T7584] do_syscall_64+0xf3/0x230 [ 164.056459][ T7584] ? clear_bhb_loop+0x35/0x90 [ 164.061260][ T7584] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.067173][ T7584] RIP: 0033:0x7f5aeaf75bd9 [ 164.071721][ T7584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.091652][ T7584] RSP: 002b:00007f5aebcc6048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 164.100169][ T7584] RAX: ffffffffffffffda RBX: 00007f5aeb103f60 RCX: 00007f5aeaf75bd9 [ 164.108328][ T7584] RDX: 0000000000000414 RSI: 0000000020000840 RDI: 0000000000000003 [ 164.116399][ T7584] RBP: 00007f5aebcc60a0 R08: 0000000000000000 R09: 0000000000000000 [ 164.124400][ T7584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 164.132393][ T7584] R13: 000000000000004d R14: 00007f5aeb103f60 R15: 00007ffdce0d4af8 [ 164.140590][ T7584] [ 164.303591][ T7598] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 164.371726][ T7598] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 164.414433][ T7598] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 164.527592][ T7608] netlink: 'syz.2.757': attribute type 13 has an invalid length. [ 164.545696][ T7610] netlink: 'syz.0.759': attribute type 13 has an invalid length. [ 165.377972][ T7628] netlink: 'syz.3.764': attribute type 1 has an invalid length. [ 165.400178][ T7628] __nla_validate_parse: 5 callbacks suppressed [ 165.400199][ T7628] netlink: 8 bytes leftover after parsing attributes in process `syz.3.764'. [ 165.466390][ T7626] netlink: 12 bytes leftover after parsing attributes in process `syz.3.764'. [ 165.540222][ T7628] netlink: 8 bytes leftover after parsing attributes in process `syz.3.764'. [ 165.589941][ T7628] netlink: 4 bytes leftover after parsing attributes in process `syz.3.764'. [ 165.875135][ T7644] batadv_slave_1: entered promiscuous mode [ 166.202108][ T7666] netlink: 16 bytes leftover after parsing attributes in process `syz.4.773'. [ 166.292703][ T7666] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 166.328657][ T7671] netlink: 'syz.1.776': attribute type 13 has an invalid length. [ 166.361242][ T7666] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 166.390554][ T7666] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 166.518510][ T7678] netlink: 'syz.3.778': attribute type 13 has an invalid length. [ 166.689188][ T7643] batadv_slave_1: left promiscuous mode [ 167.067594][ T7691] FAULT_INJECTION: forcing a failure. [ 167.067594][ T7691] name failslab, interval 1, probability 0, space 0, times 0 [ 167.122167][ T7691] CPU: 1 PID: 7691 Comm: syz.4.782 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 167.132765][ T7691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 167.142962][ T7691] Call Trace: [ 167.146516][ T7691] [ 167.149964][ T7691] dump_stack_lvl+0x241/0x360 [ 167.156789][ T7691] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.162746][ T7691] ? __pfx__printk+0x10/0x10 [ 167.167398][ T7691] ? ref_tracker_alloc+0x332/0x490 [ 167.172912][ T7691] should_fail_ex+0x3b0/0x4e0 [ 167.177831][ T7691] ? skb_clone+0x20c/0x390 [ 167.182381][ T7691] should_failslab+0x9/0x20 [ 167.187308][ T7691] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 167.192739][ T7691] skb_clone+0x20c/0x390 [ 167.197040][ T7691] __netlink_deliver_tap+0x3cc/0x7c0 [ 167.202416][ T7691] ? netlink_deliver_tap+0x2e/0x1b0 [ 167.207687][ T7691] netlink_deliver_tap+0x19d/0x1b0 [ 167.213046][ T7691] netlink_unicast+0x7be/0x990 [ 167.217910][ T7691] ? __pfx_netlink_unicast+0x10/0x10 [ 167.223251][ T7691] ? __virt_addr_valid+0x183/0x520 [ 167.228621][ T7691] ? __check_object_size+0x49c/0x900 [ 167.234019][ T7691] ? bpf_lsm_netlink_send+0x9/0x10 [ 167.239357][ T7691] netlink_sendmsg+0x8e4/0xcb0 [ 167.244152][ T7691] ? __pfx_netlink_sendmsg+0x10/0x10 [ 167.250164][ T7691] ? __import_iovec+0x536/0x820 [ 167.255213][ T7691] ? aa_sock_msg_perm+0x91/0x160 [ 167.260362][ T7691] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 167.265664][ T7691] ? security_socket_sendmsg+0x87/0xb0 [ 167.271421][ T7691] ? __pfx_netlink_sendmsg+0x10/0x10 [ 167.276919][ T7691] __sock_sendmsg+0x221/0x270 [ 167.282077][ T7691] ____sys_sendmsg+0x525/0x7d0 [ 167.286904][ T7691] ? __pfx_____sys_sendmsg+0x10/0x10 [ 167.292608][ T7691] __sys_sendmsg+0x2b0/0x3a0 [ 167.297235][ T7691] ? __pfx___sys_sendmsg+0x10/0x10 [ 167.302367][ T7691] ? vfs_write+0x7c4/0xc90 [ 167.306834][ T7691] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 167.313207][ T7691] ? do_syscall_64+0x100/0x230 [ 167.317987][ T7691] ? do_syscall_64+0xb6/0x230 [ 167.322679][ T7691] do_syscall_64+0xf3/0x230 [ 167.327220][ T7691] ? clear_bhb_loop+0x35/0x90 [ 167.331930][ T7691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.337925][ T7691] RIP: 0033:0x7fd34b375bd9 [ 167.342438][ T7691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.362159][ T7691] RSP: 002b:00007fd34c10a048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 167.370776][ T7691] RAX: ffffffffffffffda RBX: 00007fd34b503f60 RCX: 00007fd34b375bd9 [ 167.378858][ T7691] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 167.386872][ T7691] RBP: 00007fd34c10a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 167.394860][ T7691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 167.402932][ T7691] R13: 000000000000000b R14: 00007fd34b503f60 R15: 00007ffc0f87b5b8 [ 167.410935][ T7691] [ 167.803306][ T7697] netlink: 20 bytes leftover after parsing attributes in process `syz.4.784'. [ 168.193433][ T7720] netlink: 16 bytes leftover after parsing attributes in process `syz.1.792'. [ 168.231080][ T7720] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 168.292458][ T7727] team0: entered promiscuous mode [ 168.304814][ T7727] team_slave_0: entered promiscuous mode [ 168.316183][ T7730] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 168.333396][ T7727] team_slave_1: entered promiscuous mode [ 168.351594][ T7720] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 168.366290][ T7727] dummy0: entered promiscuous mode [ 168.380065][ T7727] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 168.393294][ T7727] Cannot create hsr debugfs directory [ 168.433260][ T7736] netlink: 'syz.0.798': attribute type 13 has an invalid length. [ 168.454394][ T7735] netlink: 'syz.2.799': attribute type 13 has an invalid length. [ 168.485181][ T7738] netlink: 'syz.3.800': attribute type 13 has an invalid length. [ 169.520133][ T7760] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 169.574722][ T7760] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 169.626873][ T7760] netlink: 8 bytes leftover after parsing attributes in process `syz.1.807'. [ 169.770715][ T7769] bond0: option use_carrier: invalid value (3) [ 169.948070][ T7782] tipc: Started in network mode [ 169.970418][ T7782] tipc: Node identity 0300000003, cluster identity 4711 [ 169.988851][ T7782] tipc: Enabling of bearer rejected, failed to enable media [ 170.002129][ T7781] netlink: 16 bytes leftover after parsing attributes in process `syz.3.815'. [ 170.022467][ T7786] netlink: 'syz.4.816': attribute type 13 has an invalid length. [ 170.040617][ T7781] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 170.141502][ T7791] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 170.192029][ T7781] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 170.275775][ T7795] netlink: 'syz.0.820': attribute type 13 has an invalid length. [ 170.283773][ T7797] netlink: 'syz.1.821': attribute type 2 has an invalid length. [ 170.474509][ T7806] TCP: TCP_TX_DELAY enabled [ 171.473468][ T7837] netlink: 16 bytes leftover after parsing attributes in process `syz.4.836'. [ 171.505742][ T7837] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 171.580639][ T7843] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 171.612408][ T7837] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 171.889673][ T7855] netlink: 'syz.1.842': attribute type 2 has an invalid length. [ 172.652464][ T7872] netlink: 'syz.4.849': attribute type 13 has an invalid length. [ 173.015148][ T7879] netlink: 16 bytes leftover after parsing attributes in process `syz.3.853'. [ 173.095603][ T7879] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 173.197743][ T7879] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 173.246500][ T7879] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 174.362438][ T7925] xt_TCPMSS: Only works on TCP SYN packets [ 174.401603][ T7925] bond0: entered promiscuous mode [ 174.419722][ T7925] bond_slave_0: entered promiscuous mode [ 174.449084][ T7925] bond_slave_1: entered promiscuous mode [ 174.687912][ T7937] netlink: 16 bytes leftover after parsing attributes in process `syz.2.876'. [ 174.739508][ T7937] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 174.831671][ T7942] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 174.863307][ T7937] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 175.031864][ T7956] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 176.458491][ T8009] netlink: 16 bytes leftover after parsing attributes in process `syz.4.902'. [ 176.507569][ T8009] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 176.593609][ T8016] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 176.643250][ T8009] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 176.862060][ T8027] netlink: 4 bytes leftover after parsing attributes in process `syz.3.905'. [ 176.928263][ T8026] xt_hashlimit: max too large, truncated to 1048576 [ 177.354505][ T8039] netlink: 4 bytes leftover after parsing attributes in process `syz.3.912'. [ 177.402544][ T8041] batadv1: entered allmulticast mode [ 177.731397][ T8046] syzkaller1: entered promiscuous mode [ 177.740195][ T8046] syzkaller1: entered allmulticast mode [ 178.520977][ T8064] netlink: 16 bytes leftover after parsing attributes in process `syz.3.923'. [ 178.536057][ T8066] FAULT_INJECTION: forcing a failure. [ 178.536057][ T8066] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 178.568614][ T8064] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 178.611754][ T8066] CPU: 0 PID: 8066 Comm: syz.4.924 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 178.621909][ T8066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 178.632014][ T8066] Call Trace: [ 178.635422][ T8066] [ 178.638398][ T8066] dump_stack_lvl+0x241/0x360 [ 178.643140][ T8066] ? __pfx_dump_stack_lvl+0x10/0x10 [ 178.648399][ T8066] ? __pfx__printk+0x10/0x10 [ 178.651206][ T8069] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 178.653018][ T8066] ? __pfx_lock_release+0x10/0x10 [ 178.653062][ T8066] should_fail_ex+0x3b0/0x4e0 [ 178.653103][ T8066] _copy_from_user+0x2f/0xe0 [ 178.677218][ T8066] copy_msghdr_from_user+0xae/0x680 [ 178.682578][ T8066] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 178.688467][ T8066] __sys_sendmsg+0x23d/0x3a0 [ 178.693137][ T8066] ? __pfx___sys_sendmsg+0x10/0x10 [ 178.697348][ T8064] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 178.698371][ T8066] ? vfs_write+0x7c4/0xc90 [ 178.698455][ T8066] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 178.719222][ T8066] ? do_syscall_64+0x100/0x230 [ 178.724157][ T8066] ? do_syscall_64+0xb6/0x230 [ 178.729049][ T8066] do_syscall_64+0xf3/0x230 [ 178.733997][ T8066] ? clear_bhb_loop+0x35/0x90 [ 178.738752][ T8066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.744774][ T8066] RIP: 0033:0x7fd34b375bd9 [ 178.749341][ T8066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.769115][ T8066] RSP: 002b:00007fd34c10a048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 178.777854][ T8066] RAX: ffffffffffffffda RBX: 00007fd34b503f60 RCX: 00007fd34b375bd9 [ 178.786053][ T8066] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000004 [ 178.794392][ T8066] RBP: 00007fd34c10a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 178.802678][ T8066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 178.810803][ T8066] R13: 000000000000000b R14: 00007fd34b503f60 R15: 00007ffc0f87b5b8 [ 178.818857][ T8066] [ 179.089349][ T8072] IPVS: persistence engine module ip_vs_pe_À not found [ 179.785262][ T8092] netlink: 'syz.1.933': attribute type 2 has an invalid length. [ 180.273428][ T8102] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 180.301825][ T8102] team0: Port device virt_wifi0 added [ 180.703706][ T8118] netlink: 16 bytes leftover after parsing attributes in process `syz.4.941'. [ 180.751643][ T8118] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 180.770461][ T8122] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 180.831751][ T8118] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 180.892256][ T8118] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 181.496547][ T8143] netlink: 'syz.0.950': attribute type 3 has an invalid length. [ 181.511109][ T8143] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.950'. [ 182.133400][ T8159] netlink: 'syz.0.955': attribute type 2 has an invalid length. [ 182.554865][ T8177] netlink: 16 bytes leftover after parsing attributes in process `syz.4.961'. [ 182.588463][ T8177] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 182.664319][ T8177] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 182.690706][ T8177] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 182.770938][ T8186] netlink: 'syz.3.964': attribute type 1 has an invalid length. [ 182.786074][ T8186] netlink: 9348 bytes leftover after parsing attributes in process `syz.3.964'. [ 183.054166][ T8197] netlink: 8 bytes leftover after parsing attributes in process `syz.0.968'. [ 183.094953][ T8197] netlink: 8 bytes leftover after parsing attributes in process `syz.0.968'. [ 183.622587][ T8223] netlink: 'syz.4.978': attribute type 2 has an invalid length. [ 184.132028][ T8248] netlink: 16 bytes leftover after parsing attributes in process `syz.3.984'. [ 184.192964][ T8248] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 184.232509][ T8249] FAULT_INJECTION: forcing a failure. [ 184.232509][ T8249] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 184.264254][ T8249] CPU: 0 PID: 8249 Comm: syz.0.983 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 184.274433][ T8249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 184.274729][ T8248] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 184.284699][ T8249] Call Trace: [ 184.284720][ T8249] [ 184.284732][ T8249] dump_stack_lvl+0x241/0x360 [ 184.284767][ T8249] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.284793][ T8249] ? __pfx__printk+0x10/0x10 [ 184.284819][ T8249] ? __pfx_lock_release+0x10/0x10 [ 184.303974][ T8248] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 184.305977][ T8249] should_fail_ex+0x3b0/0x4e0 [ 184.306028][ T8249] _copy_from_user+0x2f/0xe0 [ 184.306058][ T8249] copy_msghdr_from_user+0xae/0x680 [ 184.340874][ T8258] FAULT_INJECTION: forcing a failure. [ 184.340874][ T8258] name failslab, interval 1, probability 0, space 0, times 0 [ 184.346087][ T8249] ? __pfx___might_resched+0x10/0x10 [ 184.346127][ T8249] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 184.346180][ T8249] ? __might_fault+0xaa/0x120 [ 184.346208][ T8249] do_recvmmsg+0x40f/0xae0 [ 184.380921][ T8249] ? __pfx_lock_release+0x10/0x10 [ 184.386088][ T8249] ? __pfx_do_recvmmsg+0x10/0x10 [ 184.391107][ T8249] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 184.397141][ T8249] ? ksys_write+0x23e/0x2c0 [ 184.401686][ T8249] ? __pfx_lock_release+0x10/0x10 [ 184.406754][ T8249] ? vfs_write+0x7c4/0xc90 [ 184.411293][ T8249] ? __mutex_unlock_slowpath+0x21d/0x750 [ 184.417162][ T8249] ? __fget_files+0x3f6/0x470 [ 184.421902][ T8249] __x64_sys_recvmmsg+0x199/0x250 [ 184.427132][ T8249] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 184.432977][ T8249] ? do_syscall_64+0x100/0x230 [ 184.437900][ T8249] ? do_syscall_64+0xb6/0x230 [ 184.442625][ T8249] do_syscall_64+0xf3/0x230 [ 184.447362][ T8249] ? clear_bhb_loop+0x35/0x90 [ 184.452099][ T8249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.458512][ T8249] RIP: 0033:0x7fdccb975bd9 [ 184.462973][ T8249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.483168][ T8249] RSP: 002b:00007fdccc799048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 184.491819][ T8249] RAX: ffffffffffffffda RBX: 00007fdccbb03f60 RCX: 00007fdccb975bd9 [ 184.499887][ T8249] RDX: 0000000000000700 RSI: 0000000020001440 RDI: 0000000000000007 [ 184.508001][ T8249] RBP: 00007fdccc7990a0 R08: 0000000000000000 R09: 0000000000000000 [ 184.516252][ T8249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 184.524443][ T8249] R13: 000000000000000b R14: 00007fdccbb03f60 R15: 00007ffc9c9c0dd8 [ 184.532682][ T8249] [ 184.549070][ T8258] CPU: 0 PID: 8258 Comm: syz.1.986 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 184.559536][ T8258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 184.570556][ T8258] Call Trace: [ 184.573885][ T8258] [ 184.576890][ T8258] dump_stack_lvl+0x241/0x360 [ 184.581648][ T8258] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.587107][ T8258] ? __pfx__printk+0x10/0x10 [ 184.591735][ T8258] ? ref_tracker_alloc+0x332/0x490 [ 184.596978][ T8258] should_fail_ex+0x3b0/0x4e0 [ 184.601784][ T8258] ? skb_clone+0x20c/0x390 [ 184.606315][ T8258] should_failslab+0x9/0x20 [ 184.611026][ T8258] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 184.616695][ T8258] skb_clone+0x20c/0x390 [ 184.621162][ T8258] __netlink_deliver_tap+0x3cc/0x7c0 [ 184.626773][ T8258] ? netlink_deliver_tap+0x2e/0x1b0 [ 184.632019][ T8258] netlink_deliver_tap+0x19d/0x1b0 [ 184.637242][ T8258] netlink_unicast+0x7be/0x990 [ 184.642028][ T8258] ? __pfx_netlink_unicast+0x10/0x10 [ 184.647416][ T8258] ? __virt_addr_valid+0x183/0x520 [ 184.652545][ T8258] ? __check_object_size+0x49c/0x900 [ 184.657936][ T8258] ? bpf_lsm_netlink_send+0x9/0x10 [ 184.663075][ T8258] netlink_sendmsg+0x8e4/0xcb0 [ 184.668410][ T8258] ? __pfx_netlink_sendmsg+0x10/0x10 [ 184.673783][ T8258] ? __import_iovec+0x536/0x820 [ 184.678779][ T8258] ? aa_sock_msg_perm+0x91/0x160 [ 184.683791][ T8258] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 184.689304][ T8258] ? security_socket_sendmsg+0x87/0xb0 [ 184.694966][ T8258] ? __pfx_netlink_sendmsg+0x10/0x10 [ 184.700501][ T8258] __sock_sendmsg+0x221/0x270 [ 184.705691][ T8258] ____sys_sendmsg+0x525/0x7d0 [ 184.710598][ T8258] ? __pfx_____sys_sendmsg+0x10/0x10 [ 184.716106][ T8258] __sys_sendmsg+0x2b0/0x3a0 [ 184.720726][ T8258] ? __pfx___sys_sendmsg+0x10/0x10 [ 184.725949][ T8258] ? vfs_write+0x7c4/0xc90 [ 184.730422][ T8258] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 184.736787][ T8258] ? do_syscall_64+0x100/0x230 [ 184.741666][ T8258] ? do_syscall_64+0xb6/0x230 [ 184.746371][ T8258] do_syscall_64+0xf3/0x230 [ 184.751325][ T8258] ? clear_bhb_loop+0x35/0x90 [ 184.756153][ T8258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.762428][ T8258] RIP: 0033:0x7f5aeaf75bd9 [ 184.767114][ T8258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.788079][ T8258] RSP: 002b:00007f5aebcc6048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 184.797027][ T8258] RAX: ffffffffffffffda RBX: 00007f5aeb103f60 RCX: 00007f5aeaf75bd9 [ 184.806800][ T8258] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000004 [ 184.815938][ T8258] RBP: 00007f5aebcc60a0 R08: 0000000000000000 R09: 0000000000000000 [ 184.824055][ T8258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 184.832767][ T8258] R13: 000000000000004d R14: 00007f5aeb103f60 R15: 00007ffdce0d4af8 [ 184.841094][ T8258] [ 184.993725][ T8262] netlink: 'syz.4.990': attribute type 2 has an invalid length. [ 185.574372][ T8298] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1003'. [ 185.702962][ T8302] netlink: 'syz.0.1004': attribute type 2 has an invalid length. [ 185.842592][ T8309] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1006'. [ 186.074043][ T8319] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1007'. [ 186.114907][ T8319] netlink: 116 bytes leftover after parsing attributes in process `syz.4.1007'. [ 186.134864][ T8319] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1007'. [ 186.285264][ T8327] TCP: tcp_parse_options: Illegal window scaling value 31 > 14 received [ 186.309317][ T8326] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 186.378465][ T8326] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 186.410942][ T8331] sctp: [Deprecated]: syz.2.1014 (pid 8331) Use of int in max_burst socket option. [ 186.410942][ T8331] Use struct sctp_assoc_value instead [ 186.430777][ T8326] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 187.178662][ T8377] IPv6: addrconf: prefix option has invalid lifetime [ 187.195616][ T8372] netlink: 'syz.2.1026': attribute type 2 has an invalid length. [ 187.506067][ T8394] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 187.564581][ T8399] netlink: 'syz.4.1034': attribute type 1 has an invalid length. [ 187.599150][ T8394] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 187.638131][ T8394] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 187.792972][ T8411] netlink: 'syz.4.1040': attribute type 11 has an invalid length. [ 187.907425][ T8416] __nla_validate_parse: 4 callbacks suppressed [ 187.907449][ T8416] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1042'. [ 187.968815][ T8419] netlink: 232 bytes leftover after parsing attributes in process `syz.0.1044'. [ 187.982599][ T8419] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1044'. [ 188.274551][ T8434] netlink: 'syz.1.1050': attribute type 1 has an invalid length. [ 188.300630][ T8439] FAULT_INJECTION: forcing a failure. [ 188.300630][ T8439] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 188.328729][ T8439] CPU: 1 PID: 8439 Comm: syz.4.1054 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 188.340385][ T8439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 188.350759][ T8439] Call Trace: [ 188.354966][ T8439] [ 188.357958][ T8439] dump_stack_lvl+0x241/0x360 [ 188.362781][ T8439] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.368138][ T8439] ? __pfx__printk+0x10/0x10 [ 188.373055][ T8439] ? __pfx_lock_release+0x10/0x10 [ 188.378233][ T8439] should_fail_ex+0x3b0/0x4e0 [ 188.382991][ T8439] _copy_from_iter+0x1f6/0x1960 [ 188.387896][ T8439] ? __virt_addr_valid+0x183/0x520 [ 188.393242][ T8439] ? __pfx_lock_release+0x10/0x10 [ 188.398350][ T8439] ? __alloc_skb+0x28f/0x440 [ 188.403316][ T8439] ? __pfx__copy_from_iter+0x10/0x10 [ 188.408756][ T8439] ? __virt_addr_valid+0x183/0x520 [ 188.414066][ T8439] ? __virt_addr_valid+0x183/0x520 [ 188.419329][ T8439] ? __virt_addr_valid+0x44e/0x520 [ 188.425635][ T8439] ? __check_object_size+0x49c/0x900 [ 188.431181][ T8439] netlink_sendmsg+0x73d/0xcb0 [ 188.436549][ T8439] ? __pfx_netlink_sendmsg+0x10/0x10 [ 188.441995][ T8439] ? __import_iovec+0x536/0x820 [ 188.446883][ T8439] ? aa_sock_msg_perm+0x91/0x160 [ 188.452027][ T8439] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 188.457531][ T8439] ? security_socket_sendmsg+0x87/0xb0 [ 188.463238][ T8439] ? __pfx_netlink_sendmsg+0x10/0x10 [ 188.468560][ T8439] __sock_sendmsg+0x221/0x270 [ 188.473271][ T8439] ____sys_sendmsg+0x525/0x7d0 [ 188.478064][ T8439] ? __pfx_____sys_sendmsg+0x10/0x10 [ 188.483573][ T8439] __sys_sendmsg+0x2b0/0x3a0 [ 188.488392][ T8439] ? __pfx___sys_sendmsg+0x10/0x10 [ 188.493722][ T8439] ? vfs_write+0x7c4/0xc90 [ 188.498197][ T8439] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 188.504560][ T8439] ? do_syscall_64+0x100/0x230 [ 188.509354][ T8439] ? do_syscall_64+0xb6/0x230 [ 188.514504][ T8439] do_syscall_64+0xf3/0x230 [ 188.519158][ T8439] ? clear_bhb_loop+0x35/0x90 [ 188.524123][ T8439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.530251][ T8439] RIP: 0033:0x7fd34b375bd9 [ 188.534690][ T8439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.554544][ T8439] RSP: 002b:00007fd34c10a048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 188.562994][ T8439] RAX: ffffffffffffffda RBX: 00007fd34b503f60 RCX: 00007fd34b375bd9 [ 188.571259][ T8439] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000004 [ 188.579346][ T8439] RBP: 00007fd34c10a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 188.587368][ T8439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 188.595408][ T8439] R13: 000000000000000b R14: 00007fd34b503f60 R15: 00007ffc0f87b5b8 [ 188.603793][ T8439] [ 188.731242][ T8450] netlink: 'syz.1.1056': attribute type 2 has an invalid length. [ 189.016293][ T8470] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1063'. [ 189.032374][ T8470] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 189.100009][ T8476] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 189.158245][ T8470] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 189.213419][ T8481] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1067'. [ 189.226202][ T8480] netlink: 'syz.3.1066': attribute type 1 has an invalid length. [ 189.719639][ T8514] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1073'. [ 190.010678][ T8524] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1078'. [ 190.113853][ T8528] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 190.143125][ T8528] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1079'. [ 190.549470][ T8545] netlink: 'syz.4.1083': attribute type 4 has an invalid length. [ 190.605926][ T8540] netlink: 'syz.2.1081': attribute type 1 has an invalid length. [ 190.694064][ T8550] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1087'. [ 190.762479][ T8550] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 190.853294][ T8561] netlink: 116 bytes leftover after parsing attributes in process `syz.4.1089'. [ 190.867958][ T8562] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 192.339370][ T8602] IPv6: sit1: Disabled Multicast RS [ 192.435930][ T8612] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 192.551415][ T8620] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 192.590600][ T8612] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 192.937634][ T8635] __nla_validate_parse: 2 callbacks suppressed [ 192.937660][ T8635] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1111'. [ 193.700674][ T8657] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1120'. [ 194.357256][ T8675] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1126'. [ 194.467738][ T8680] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1128'. [ 194.488732][ T8680] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 194.553385][ T8683] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 194.559460][ T8680] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 194.578657][ T8683] batadv_slave_0: entered promiscuous mode [ 194.590454][ T8680] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 194.871719][ T8699] ------------[ cut here ]------------ [ 194.877897][ T8699] WARNING: CPU: 0 PID: 8699 at include/net/mac80211.h:7001 minstrel_ht_update_caps+0x44a/0x17e0 [ 194.888562][ T8699] Modules linked in: [ 194.892538][ T8699] CPU: 0 PID: 8699 Comm: syz.0.1135 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 194.902972][ T8699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 194.913248][ T8699] RIP: 0010:minstrel_ht_update_caps+0x44a/0x17e0 [ 194.919833][ T8699] Code: da e8 1a 62 cd f9 e9 24 ff ff ff e8 d0 87 7a f6 eb 17 e8 c9 87 7a f6 eb 14 e8 c2 87 7a f6 49 c1 fd 38 eb 0c e8 b7 87 7a f6 90 <0f> 0b 90 45 31 ed 49 bf 00 00 00 00 00 fc ff df 48 8b 3c 24 4c 8b [ 194.939748][ T8699] RSP: 0018:ffffc90004636f80 EFLAGS: 00010283 [ 194.945964][ T8699] RAX: ffffffff8b1b9ed9 RBX: 000000000000000c RCX: 0000000000040000 [ 194.953991][ T8699] RDX: ffffc9000a07c000 RSI: 0000000000000dbe RDI: 0000000000000dbf [ 194.962447][ T8699] RBP: 0000000000000000 R08: ffffffff8b1b9df5 R09: 0000000000000000 [ 194.970570][ T8699] R10: ffff88802a330008 R11: ffffed1005466549 R12: 1ffff11005cdc618 [ 194.976170][ T8689] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1132'. [ 194.978718][ T8699] R13: 0b00000000000000 R14: ffff88802e6e30c0 R15: 0100000000000000 [ 194.995874][ T8699] FS: 00007fdccc7996c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 195.005006][ T8699] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 195.011729][ T8699] CR2: 0000000020001080 CR3: 00000000685d2000 CR4: 00000000003506f0 [ 195.019930][ T8699] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 195.028021][ T8699] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 195.036104][ T8699] Call Trace: [ 195.039436][ T8699] [ 195.042516][ T8699] ? __warn+0x163/0x4e0 [ 195.047003][ T8699] ? minstrel_ht_update_caps+0x44a/0x17e0 [ 195.052895][ T8699] ? report_bug+0x2b3/0x500 [ 195.057555][ T8699] ? minstrel_ht_update_caps+0x44a/0x17e0 [ 195.063347][ T8699] ? handle_bug+0x3e/0x70 [ 195.067849][ T8699] ? exc_invalid_op+0x1a/0x50 [ 195.072600][ T8699] ? asm_exc_invalid_op+0x1a/0x20 [ 195.077775][ T8699] ? minstrel_ht_update_caps+0x365/0x17e0 [ 195.083565][ T8699] ? minstrel_ht_update_caps+0x449/0x17e0 [ 195.089792][ T8699] ? minstrel_ht_update_caps+0x44a/0x17e0 [ 195.095836][ T8699] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 195.101819][ T8699] ? __pfx_minstrel_ht_rate_init+0x10/0x10 [ 195.107867][ T8699] rate_control_rate_init+0x3cf/0x5f0 [ 195.113308][ T8699] ? rate_control_rate_init+0xe3/0x5f0 [ 195.118998][ T8699] sta_apply_auth_flags+0x1b6/0x410 [ 195.124283][ T8699] sta_apply_parameters+0xe23/0x1550 [ 195.129739][ T8699] ieee80211_add_station+0x3da/0x630 [ 195.135188][ T8699] rdev_add_station+0x11b/0x2b0 [ 195.140258][ T8699] nl80211_new_station+0x1d53/0x2550 [ 195.145718][ T8699] ? __pfx_nl80211_new_station+0x10/0x10 [ 195.151483][ T8699] ? netdev_run_todo+0xf88/0x1000 [ 195.156677][ T8699] genl_rcv_msg+0xb14/0xec0 [ 195.161253][ T8699] ? mark_lock+0x9a/0x350 [ 195.165698][ T8699] ? __pfx_genl_rcv_msg+0x10/0x10 [ 195.170825][ T8699] ? __pfx_lock_acquire+0x10/0x10 [ 195.175981][ T8699] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 195.181476][ T8699] ? __pfx_nl80211_new_station+0x10/0x10 [ 195.187445][ T8699] ? __pfx_nl80211_post_doit+0x10/0x10 [ 195.193256][ T8699] ? __pfx___might_resched+0x10/0x10 [ 195.198705][ T8699] netlink_rcv_skb+0x1e3/0x430 [ 195.203567][ T8699] ? __pfx_genl_rcv_msg+0x10/0x10 [ 195.208781][ T8699] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 195.214250][ T8699] ? __netlink_deliver_tap+0x77e/0x7c0 [ 195.219881][ T8699] genl_rcv+0x28/0x40 [ 195.223940][ T8699] netlink_unicast+0x7f0/0x990 [ 195.228893][ T8699] ? __pfx_netlink_unicast+0x10/0x10 [ 195.234252][ T8699] ? __virt_addr_valid+0x183/0x520 [ 195.239725][ T8699] ? __check_object_size+0x49c/0x900 [ 195.245223][ T8699] ? bpf_lsm_netlink_send+0x9/0x10 [ 195.250490][ T8699] netlink_sendmsg+0x8e4/0xcb0 [ 195.255661][ T8699] ? __pfx_netlink_sendmsg+0x10/0x10 [ 195.261042][ T8699] ? __import_iovec+0x536/0x820 [ 195.266096][ T8699] ? aa_sock_msg_perm+0x91/0x160 [ 195.271240][ T8699] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 195.277285][ T8699] ? security_socket_sendmsg+0x87/0xb0 [ 195.282909][ T8699] ? __pfx_netlink_sendmsg+0x10/0x10 [ 195.288512][ T8699] __sock_sendmsg+0x221/0x270 [ 195.293362][ T8699] ____sys_sendmsg+0x525/0x7d0 [ 195.298549][ T8699] ? __pfx_____sys_sendmsg+0x10/0x10 [ 195.304046][ T8699] __sys_sendmsg+0x2b0/0x3a0 [ 195.308823][ T8699] ? __pfx___sys_sendmsg+0x10/0x10 [ 195.314236][ T8699] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 195.320983][ T8699] ? do_syscall_64+0x100/0x230 [ 195.325918][ T8699] ? do_syscall_64+0xb6/0x230 [ 195.331009][ T8699] do_syscall_64+0xf3/0x230 [ 195.336061][ T8699] ? clear_bhb_loop+0x35/0x90 [ 195.341043][ T8699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.347052][ T8699] RIP: 0033:0x7fdccb975bd9 [ 195.351610][ T8699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.371850][ T8699] RSP: 002b:00007fdccc799048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 195.380697][ T8699] RAX: ffffffffffffffda RBX: 00007fdccbb03f60 RCX: 00007fdccb975bd9 [ 195.388931][ T8699] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000004 [ 195.397757][ T8699] RBP: 00007fdccb9e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 195.406274][ T8699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 195.414591][ T8699] R13: 000000000000000b R14: 00007fdccbb03f60 R15: 00007ffc9c9c0dd8 [ 195.422696][ T8699] [ 195.425836][ T8699] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 195.433167][ T8699] CPU: 0 PID: 8699 Comm: syz.0.1135 Not tainted 6.10.0-rc6-syzkaller-01414-g58f9416d413a #0 [ 195.443285][ T8699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 195.453508][ T8699] Call Trace: [ 195.456829][ T8699] [ 195.459988][ T8699] dump_stack_lvl+0x241/0x360 [ 195.464812][ T8699] ? __pfx_dump_stack_lvl+0x10/0x10 [ 195.470244][ T8699] ? __pfx__printk+0x10/0x10 [ 195.474903][ T8699] ? vscnprintf+0x5d/0x90 [ 195.479306][ T8699] panic+0x349/0x860 [ 195.483276][ T8699] ? __warn+0x172/0x4e0 [ 195.487501][ T8699] ? __pfx_panic+0x10/0x10 [ 195.491996][ T8699] __warn+0x346/0x4e0 [ 195.496078][ T8699] ? minstrel_ht_update_caps+0x44a/0x17e0 [ 195.501948][ T8699] report_bug+0x2b3/0x500 [ 195.506846][ T8699] ? minstrel_ht_update_caps+0x44a/0x17e0 [ 195.512626][ T8699] handle_bug+0x3e/0x70 [ 195.517020][ T8699] exc_invalid_op+0x1a/0x50 [ 195.521584][ T8699] asm_exc_invalid_op+0x1a/0x20 [ 195.526490][ T8699] RIP: 0010:minstrel_ht_update_caps+0x44a/0x17e0 [ 195.532877][ T8699] Code: da e8 1a 62 cd f9 e9 24 ff ff ff e8 d0 87 7a f6 eb 17 e8 c9 87 7a f6 eb 14 e8 c2 87 7a f6 49 c1 fd 38 eb 0c e8 b7 87 7a f6 90 <0f> 0b 90 45 31 ed 49 bf 00 00 00 00 00 fc ff df 48 8b 3c 24 4c 8b [ 195.552793][ T8699] RSP: 0018:ffffc90004636f80 EFLAGS: 00010283 [ 195.558999][ T8699] RAX: ffffffff8b1b9ed9 RBX: 000000000000000c RCX: 0000000000040000 [ 195.567580][ T8699] RDX: ffffc9000a07c000 RSI: 0000000000000dbe RDI: 0000000000000dbf [ 195.575637][ T8699] RBP: 0000000000000000 R08: ffffffff8b1b9df5 R09: 0000000000000000 [ 195.583754][ T8699] R10: ffff88802a330008 R11: ffffed1005466549 R12: 1ffff11005cdc618 [ 195.591804][ T8699] R13: 0b00000000000000 R14: ffff88802e6e30c0 R15: 0100000000000000 [ 195.599945][ T8699] ? minstrel_ht_update_caps+0x365/0x17e0 [ 195.606004][ T8699] ? minstrel_ht_update_caps+0x449/0x17e0 [ 195.612245][ T8699] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 195.617977][ T8699] ? __pfx_minstrel_ht_rate_init+0x10/0x10 [ 195.623867][ T8699] rate_control_rate_init+0x3cf/0x5f0 [ 195.629401][ T8699] ? rate_control_rate_init+0xe3/0x5f0 [ 195.634953][ T8699] sta_apply_auth_flags+0x1b6/0x410 [ 195.640322][ T8699] sta_apply_parameters+0xe23/0x1550 [ 195.645788][ T8699] ieee80211_add_station+0x3da/0x630 [ 195.651148][ T8699] rdev_add_station+0x11b/0x2b0 [ 195.656348][ T8699] nl80211_new_station+0x1d53/0x2550 [ 195.661747][ T8699] ? __pfx_nl80211_new_station+0x10/0x10 [ 195.667536][ T8699] ? netdev_run_todo+0xf88/0x1000 [ 195.672677][ T8699] genl_rcv_msg+0xb14/0xec0 [ 195.677330][ T8699] ? mark_lock+0x9a/0x350 [ 195.681734][ T8699] ? __pfx_genl_rcv_msg+0x10/0x10 [ 195.687119][ T8699] ? __pfx_lock_acquire+0x10/0x10 [ 195.692186][ T8699] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 195.697667][ T8699] ? __pfx_nl80211_new_station+0x10/0x10 [ 195.703373][ T8699] ? __pfx_nl80211_post_doit+0x10/0x10 [ 195.709076][ T8699] ? __pfx___might_resched+0x10/0x10 [ 195.714526][ T8699] netlink_rcv_skb+0x1e3/0x430 [ 195.719373][ T8699] ? __pfx_genl_rcv_msg+0x10/0x10 [ 195.724593][ T8699] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 195.729956][ T8699] ? __netlink_deliver_tap+0x77e/0x7c0 [ 195.735611][ T8699] genl_rcv+0x28/0x40 [ 195.739656][ T8699] netlink_unicast+0x7f0/0x990 [ 195.744655][ T8699] ? __pfx_netlink_unicast+0x10/0x10 [ 195.749993][ T8699] ? __virt_addr_valid+0x183/0x520 [ 195.755270][ T8699] ? __check_object_size+0x49c/0x900 [ 195.760889][ T8699] ? bpf_lsm_netlink_send+0x9/0x10 [ 195.766170][ T8699] netlink_sendmsg+0x8e4/0xcb0 [ 195.771248][ T8699] ? __pfx_netlink_sendmsg+0x10/0x10 [ 195.776742][ T8699] ? __import_iovec+0x536/0x820 [ 195.781753][ T8699] ? aa_sock_msg_perm+0x91/0x160 [ 195.786854][ T8699] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 195.792299][ T8699] ? security_socket_sendmsg+0x87/0xb0 [ 195.797965][ T8699] ? __pfx_netlink_sendmsg+0x10/0x10 [ 195.803333][ T8699] __sock_sendmsg+0x221/0x270 [ 195.808558][ T8699] ____sys_sendmsg+0x525/0x7d0 [ 195.813391][ T8699] ? __pfx_____sys_sendmsg+0x10/0x10 [ 195.818762][ T8699] __sys_sendmsg+0x2b0/0x3a0 [ 195.823729][ T8699] ? __pfx___sys_sendmsg+0x10/0x10 [ 195.828971][ T8699] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 195.835375][ T8699] ? do_syscall_64+0x100/0x230 [ 195.840195][ T8699] ? do_syscall_64+0xb6/0x230 [ 195.844937][ T8699] do_syscall_64+0xf3/0x230 [ 195.849502][ T8699] ? clear_bhb_loop+0x35/0x90 [ 195.854260][ T8699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.860212][ T8699] RIP: 0033:0x7fdccb975bd9 [ 195.864693][ T8699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.884554][ T8699] RSP: 002b:00007fdccc799048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 195.893213][ T8699] RAX: ffffffffffffffda RBX: 00007fdccbb03f60 RCX: 00007fdccb975bd9 [ 195.901253][ T8699] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 0000000000000004 [ 195.909634][ T8699] RBP: 00007fdccb9e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 195.917656][ T8699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 195.925770][ T8699] R13: 000000000000000b R14: 00007fdccbb03f60 R15: 00007ffc9c9c0dd8 [ 195.933899][ T8699] [ 195.937333][ T8699] Kernel Offset: disabled [ 195.941925][ T8699] Rebooting in 86400 seconds..