last executing test programs: 34.422473056s ago: executing program 1 (id=2): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB], 0x14}}, 0x0) r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0x8, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) readv(r2, &(0x7f0000000a80)=[{0x0}, {&(0x7f00000001c0)=""/50, 0x32}], 0x2) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r3) sendmsg$IEEE802154_LLSEC_ADD_DEV(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x3c, r4, 0x852dd6c070cd7e4d, 0x0, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0xfffff2b1}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x2}]}, 0x3c}, 0x4, 0x700000000000000, 0x0, 0x40010}, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), r5) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="1802000000c4c4000000000000000000850000003e00000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa, @void, @value}, 0x90) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r3, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010026bd70837935be7c134f00"/28], 0x20}, 0x1, 0x0, 0x0, 0x44000}, 0x4008) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000080)={'wpan1\x00', 0x0}) r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000200)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000002100000008000300", @ANYRES32=r8, @ANYBLOB="24002d800800020003000000050001000000000005000400"], 0x40}}, 0x0) sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r6, 0x8, 0x70bd2d, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000001}, 0x4000) r10 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r10, &(0x7f00000001c0)={0xa, 0x10010000004e20, 0x0, @empty}, 0x1c) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05050000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900030073797a32000000000900010073797a3000000000340000001c0a010100000000000000000100000008000940000000000900020073797a323a0000000900010073797a30"], 0xa8}}, 0x0) r12 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r12, 0x10f, 0x87, &(0x7f0000000000)={0x43, 0x14, 0x2}, 0x10) r13 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r13, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) close(0x3) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaa79ff030486dd601b8b97004d88c19e9ace00000000000000002100000002ff02000000000000000000000000000104004e200008b0"], 0x0) recvmmsg(r10, &(0x7f0000000540)=[{{0x0, 0x0, 0x0}}], 0x1, 0x42, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 33.761604649s ago: executing program 1 (id=6): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x2200, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000180)={'vlan0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x36}}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) socket$l2tp(0x2, 0x2, 0x73) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="0200"], 0x10) socket$l2tp(0x2, 0x2, 0x73) 33.476631313s ago: executing program 1 (id=7): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000fc0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cd0aa7b73340cc2160a1fe3c184b751c51160fbce841f8a97be6148ba532e6ea09c346dfebd31a08b32808b80200000000009dd27080e71113610e10d859e8327ef03fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9ab759b4eeb8cb000067d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c972780870014605c83d7d11c3c975d5aec84222fff0d7216fdb0d3a0ec4bfae563112f4b391aafe234870072858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8e12baf5c768a40538be5f76e9c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5be5f6eb2eea0d0df414b315f65112412392191fa83ee830548ef8e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb030621204d3ded6f260af62d91faae95196d5e3ff010000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a30280bc586e79a5dd8076c248e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5ffff000000000000c24411d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d54aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be66c2242f8184733b80ba28e8ffffff7f00000000bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab60200000000000000000000000000000000000000706f78f0a2ea9667fb5b951808545a46830970c2dfae01adbda7d29bf1f7abdaf52e0de6f9d7150808ed086642e64ebf98762b34338b80e41b704c3eefaf0bb5f7d895de17a10b0a0ea15ccc0d7a830b6eb33b6b21675511d693ef5e3c44bbf71cabc5175d879e7499f8baae2a1a09cf38da73297764fbc0e723e1cc3abb12e3076982ed32c94a2ce3e6f37c47e983da4ca5c96187db5a2a2e1742bc93a65d7187126126b3a80f17dd2f7dbbe82d104ede9ba6925afc2ee6cb94f56f1363cad635abf8f983292c49c0ebf5005154c7b58a3a2a2e5a00d2f953a86d2fd92b8661264f781e3fb02d05a28f3f17b64d0258853d45cb5ebde10cd3d82eeed2f1ed925b7cf400304932c5ed0a362b235ce37e1f17700f7d1fecf8be8a2c5d25a9c60657560d05441387ff158a018d19a286c56d0886eb59d509ee89cc2df52881d005b2e5c27563ba54e4153c132d0366a9660000000000000009c1aaec93ec0f925921fb2e9eb202a29bef28224dbabe723de5c584bc398a8792e493048c87f60a51a391e959212181d4bf32ed89c96d421c8171698c49403558fd13c649f90b0911d57eeb298b590581eba1ce383b539ab80fd15445987b1bb4eb512545e1ab65fef310e10b1ee362b51c72f82edf2f502ddf52567775e34a56d1be892f1e62b08950d517fa6fb1b0ef2edf1b67f8644786116b037d4a36fdd30b000063e58c856ec44cbbc2d370553f832af9480215e09aaa3843fe360b1c293a14627f2cfbe278f31d0abc0f5aaa10926dbbfe8a4b131c13a73d4e6d065c2c0fed3ab8442520ce0e0ad7d2d177377ab197ace3ef8b1c24ceb0bdee84bd6e6317633938dd19dc42de7f8f860eca6d9c74525fcd3497526df4c13e3ba5f0d75365a4542ae9440d2fede416d618cdaaf7e038879c5d177b3876fda4121e15a00adb976064a93e8d000000000000903350932d3eef7fdada20c19807066e2c72d0d816eb9fa50be213bf6bbb7ccb9f2e8a153e6ced68f192ebed6e86af0f2cec7335fa8039fd6eb025440bc2a34d071f0a0e6774308a2c5986aa9200a1306ffa5a71ca69e89a6980612b35fc858f37c2c398515a910a35e22ab0573c10b85df4c2972a2fb8b9c080fbb41a753791df727fdeadc5cf218a6eda31312256191c620cce34d1e3bf40a4a207ab1575b399eb8155781bfc7cb5920b49c039935a888d77041814f60fbbcafa487ee96b368e8769da90b44190e569fe8b1d155d0765baaca5c5548b5a78bb43e5d9e47a1d5809bb178184b5672d08e29aecf1f572ac1e6cab7e820751beed5f79de29a67a579150bfb31232d296b9d2977ed027ca90af7088d6466f1501d96a32bfa3cf9ab0dcd626ac9341833e92685af6917ae05473ae4768341426e244159b3c3e002b6f8ee80cbe6e26c816ab92658d956d849cd3a21ebf4b143d338035cd91f087633aa668e0644b05dc5a7937cd5fb62bd08242a858aeeda8c0cbb4fc2478a8155b859e88493f322702277939832bd4a1d8109f98c5a187564c9eb80acc63ac57459593c81ce8998e38ea231b81ebaa6b242ebdf382d70232f1d8e516a8eaf39d09ea40198cf1b72eb5ce5327d3a3861470be47a9a9dbf569e6f6f474fd1448adfd70c4f4a4487edaf193a00a808389a110a4286905ba81309735f6ac5d2ba7ab2be01fa25c11dbb3170258e9d9fed944fd85c03336a49f7016517a1988bc84ee301e167d3cf88c46c4eba6e2bfd099acd2eec5c624679aa7ebab76061a9ca792bffe3d6df4dbe70b5cab6299a51e63826fd0bda4846d06e322ebd745e73da718ba0c93e7567df9ed7ea8d2fdbde44e65a4cd01748b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x8, 0x0, 0xff6c, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000400)=@mangle={'mangle\x00', 0x44, 0x6, 0x390, 0x98, 0x130, 0x130, 0x1c8, 0x0, 0x2f8, 0x2f8, 0x2f8, 0x2f8, 0x2f8, 0x6, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'veth0_to_bridge\x00', 'macvtap0\x00'}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00', 0x0, {0x3}}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28}}, {{@ip={@loopback, @rand_addr, 0x0, 0x0, 'bond_slave_0\x00', 'ip6tnl0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00', 0x0, {0xf4}}}, {{@ip={@private, @private, 0x0, 0x0, 'macvtap0\x00', 'bridge_slave_0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@local, @rand_addr, 0x0, 0x0, 'ip6erspan0\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3f0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x56, 0x0, &(0x7f0000000100)="b9ff030f6044238cb89e14f088a81bff886411004048633321fbac14142ce934a0a662079f4b4d2f87e56dca6aab845013f208001a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000001c40)="beb61ec2ca90080239f2a54e2368fa761313c3a024a98109ba1e2e7b780d03c54b7a83d56fce397842e724674507d531762055fca371ea775f418df7bee236c9b9968146efb3232ae3413b617445e98bb644a892b9337f1a9135d9f30457a8ffb21aef4a95a155fab70a40b086056b0f63331a66b3457c", 0x2}, 0x2c) 32.748667431s ago: executing program 1 (id=10): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0xfffffffffffffe01, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000004c0)={0x2c, r2, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000c0}, 0x2000006) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_TARGET_NAME={0x10, 0x1, 'CONNSECMARK\x00'}, @NFTA_TARGET_INFO={0x5, 0x3, "ef"}, @NFTA_TARGET_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_COMPAT={0x1c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_FLAGS={0x8}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x6006}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x86dd}]}]}], {0x14}}, 0xa8}}, 0x0) 19.008345123s ago: executing program 1 (id=10): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0xfffffffffffffe01, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000004c0)={0x2c, r2, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000c0}, 0x2000006) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_TARGET_NAME={0x10, 0x1, 'CONNSECMARK\x00'}, @NFTA_TARGET_INFO={0x5, 0x3, "ef"}, @NFTA_TARGET_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_COMPAT={0x1c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_FLAGS={0x8}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x6006}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x86dd}]}]}], {0x14}}, 0xa8}}, 0x0) 3.634641821s ago: executing program 1 (id=10): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0xfffffffffffffe01, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000004c0)={0x2c, r2, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000c0}, 0x2000006) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_TARGET_NAME={0x10, 0x1, 'CONNSECMARK\x00'}, @NFTA_TARGET_INFO={0x5, 0x3, "ef"}, @NFTA_TARGET_REV={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_COMPAT={0x1c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_FLAGS={0x8}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x6006}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x86dd}]}]}], {0x14}}, 0xa8}}, 0x0) 3.592647641s ago: executing program 2 (id=249): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000300)={{0x6, @rose}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) sendto$netrom(r0, 0x0, 0x27, 0x0, &(0x7f0000000240)={{0x6, @rose}, [@bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) 3.310162293s ago: executing program 0 (id=251): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r3, @ANYBLOB="00000016010000001800120008000100736974000c0002000800030036"], 0x38}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=ANY=[@ANYBLOB="48000000100039042cbd7000eaffffff000003e4", @ANYRES32=r3, @ANYBLOB="83000400084004002800128008000300736974001c00028006f60d00f9ff0000080003"], 0x48}, 0x1, 0x0, 0x0, 0x8080}, 0x4000040) 3.140629957s ago: executing program 2 (id=254): socket(0x2, 0x80805, 0x0) socket$kcm(0x10, 0x400000002, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x11, 0x3, 0x10) r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10) socket(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r2, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000034000000000000000000000aa140006"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80) 3.075716501s ago: executing program 0 (id=255): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000940)={0x0, 0x900, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="5402000017000100000000000040523ee83c00000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a000000fe8800000000000000000000000000010000000000000000000000000000000000000000ff020000000000000000000000000001000000003200000002000000fe8000000000000000000000000000000000000004"], 0x254}}, 0x0) 2.876656592s ago: executing program 2 (id=257): socket(0x11, 0x800000003, 0x0) (async) r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r2, &(0x7f00000005c0), 0x10) ioctl$SIOCGSTAMP(r2, 0x8906, 0x0) recvmmsg(r2, &(0x7f0000004640)=[{{0x0, 0x0, 0x0}, 0xbaca}], 0x1, 0x10002, 0x0) (async) recvmmsg(r2, &(0x7f0000004640)=[{{0x0, 0x0, 0x0}, 0xbaca}], 0x1, 0x10002, 0x0) sendmsg$can_bcm(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4c, 0x2, [@TCA_HHF_RESET_TIMEOUT={0x8}, @TCA_HHF_HH_FLOWS_LIMIT={0x8}, @TCA_HHF_NON_HH_WEIGHT={0x8}, @TCA_HHF_EVICT_TIMEOUT={0xfffffffffffffebc}, @TCA_HHF_RESET_TIMEOUT, @TCA_HHF_ADMIT_BYTES={0x8}, @TCA_HHF_EVICT_TIMEOUT={0x8}, @TCA_HHF_RESET_TIMEOUT={0x8}, @TCA_HHF_ADMIT_BYTES={0x8}]}}]}, 0x78}}, 0x0) r4 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_msfilter(r4, 0x0, 0x24, 0x0, 0x10) (async) setsockopt$inet_msfilter(r4, 0x0, 0x24, 0x0, 0x10) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r5, &(0x7f0000000240)={0x0, 0xfffffffffffffe1a, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0) (async) sendmsg$NBD_CMD_CONNECT(r5, &(0x7f0000000240)={0x0, 0xfffffffffffffe1a, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0) 2.797460428s ago: executing program 0 (id=258): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000840)={'batadv_slave_0\x00'}) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_SET_CONFIG(r4, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x108, 0x0, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x348}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xffffff01}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}, @IPVS_CMD_ATTR_DAEMON={0x60, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'gretap0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x5}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x9}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x1}]}, @IPVS_CMD_ATTR_DEST={0x38, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x4}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x81}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x34376d9e}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@remote}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x7ff}]}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x32}}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0xa}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x18}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x6}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x1}, 0x50) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x68, 0x30, 0xb, 0x0, 0x0, {}, [{0x54, 0x1, [@m_skbmod={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x20}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="f865675e6492b72841b327a04d2c000400000000000000000000003d", @ANYRES32=r2, @ANYBLOB="00410000000000000c002b8008000100", @ANYRES32, @ANYBLOB], 0x2c}}, 0x0) 2.673244171s ago: executing program 2 (id=261): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000cc0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4) bind$llc(r3, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x54}, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000000), 0xffffff6a) sendfile(r3, r4, 0x0, 0xffffffff000) syz_emit_ethernet(0x3a, &(0x7f0000000180)={@multicast, @remote, @val={@void, {0x8100, 0x5, 0x1, 0x4}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @private}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) setsockopt$CAN_RAW_RECV_OWN_MSGS(r4, 0x65, 0x4, &(0x7f0000000200)=0x1, 0x4) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x24440, 0x0) close(r5) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r6, &(0x7f0000000240)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f0000000540), 0x3c) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events.local\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0) setsockopt$inet6_tcp_int(r6, 0x11a, 0x3, &(0x7f0000000100)=0x1, 0x4) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x31) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7050000080000a8c5000000a5000000180100002020640500000000000400007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70400000000000085000000a700000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r9, 0x0, 0x0, 0xfffffffffffffdf3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) write$cgroup_subtree(r0, &(0x7f0000000180)=ANY=[], 0x36) 2.29310012s ago: executing program 4 (id=264): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000200), 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000080)={[{0x2b, 'cpu'}]}, 0x5) openat$cgroup_int(r0, &(0x7f0000000180)='cpu.weight\x00', 0x2, 0x0) (async) r3 = openat$cgroup_int(r0, &(0x7f0000000180)='cpu.weight\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f00000001c0)={[{0x2d, 'cpu'}]}, 0x5) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x14, &(0x7f0000000240)=@raw=[@tail_call, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @btf_id={0x18, 0x9}], &(0x7f0000000040)='GPL\x00', 0x400, 0x9d, &(0x7f0000000300)=""/157, 0x40f00, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0)={0x3, 0x2, 0x6b290106, 0x9}, 0x10, 0x0, 0x0, 0xa, &(0x7f0000000140)=[0xffffffffffffffff, r2, 0xffffffffffffffff, 0x1, 0x1], &(0x7f00000003c0)=[{0x5, 0x3, 0x7, 0x4}, {0x2, 0x1, 0x7, 0x5}, {0x0, 0x2, 0x8, 0xa}, {0x1, 0x5, 0x10, 0xc}, {0x1, 0x2, 0x9, 0xc}, {0x1, 0x3, 0xb, 0xb}, {0x3, 0x3, 0x4, 0xa}, {0x5, 0x5, 0xb}, {0x2, 0x3, 0xc, 0x3}, {0x5, 0x3, 0x8, 0x2}], 0x10, 0xff, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={r4, 0xe0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000540)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, &(0x7f0000000580)=[0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x98, &(0x7f0000000600)=[{}], 0x8, 0x10, &(0x7f0000000640), &(0x7f0000000680), 0x8, 0x40, 0x8, 0x8, &(0x7f00000006c0)}}, 0x10) write$cgroup_int(r3, 0x0, 0x0) (async) write$cgroup_int(r3, 0x0, 0x0) 2.290734674s ago: executing program 0 (id=265): r0 = socket(0x28, 0x5, 0x0) r1 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r1, 0x0) (async) connect$vsock_stream(r0, &(0x7f0000000080), 0x10) (async) sendmmsg(r0, &(0x7f0000000100)=[{{0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x8080) (async) r2 = accept4$unix(r1, 0x0, 0x0, 0x800) recvfrom$unix(r2, &(0x7f0000000140)=""/266, 0x10a, 0x2, 0x0, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) mmap$xdp(&(0x7f00009eb000/0x2000)=nil, 0x2000, 0x0, 0x80010, r3, 0x180000000) syz_open_procfs$namespace(0x0, &(0x7f0000000380)='ns/net\x00') r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="15000000100000000200"/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="15000000000000000000000000000000000100000000000000000000135136a4e2f30f80c525bb63466d483701e70500feba19083b621a2ef6f0acf3bbb06de3a056852fe8ee5d7d915351d445390fb95d6f23de8001e481ec28810d9a7c394c10bb664c0e57b77b43495ffe0657036c12d0898d017352d8f9d6036c76f592885f1e9dbb3a34596e888dcb72c3e55030ec9b61f3848eb86a463d2b077de9f58471cfc41a144de5f8fd647a50168a20d32b00000000"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r4, &(0x7f0000000080), &(0x7f0000000180), 0x1}, 0x20) (async) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2, 0x3032, r3, 0x0) 1.940403353s ago: executing program 4 (id=267): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2e, 0x9c, 0xa}, [@call={0x25}], {0x95, 0x0, 0xd00}}, &(0x7f0000000040)='syzkaller\x00', 0x2, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x8000000, 0x10, 0x0, 0xfffffffffffffed8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x23) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x328, 0x0, 0xffffffff, 0xffffffff, 0x148, 0xffffffff, 0x258, 0xffffffff, 0xffffffff, 0x258, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, [0xff000000], [0xff000000], 'veth0_to_hsr\x00', 'veth1_vlan\x00', {0xff}}, 0x0, 0xe0, 0x148, 0x60030000, {0x0, 0xff000000}, [@common=@unspec=@statistic={{0x38}, {0x3, 0x0, 0x0, 0x6}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0xc, 0x9, 0x60, 0x0, 'netbios-ns\x00', 'syz1\x00', {0x42e0}}}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00', {0xfffffffffffffffc}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x388) 1.764923117s ago: executing program 4 (id=268): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="020500020e000000000000000000000005b85b00000000000a00000000000000000000000000000000000000000000000000000000e4ffff0100010000000000000000000000000005000500000000000a0000000000000001d5303a942fff0100000000000000000000000000010000"], 0x70}}, 0x0) sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000006c0)=ANY=[], 0x14}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0xa4, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x78, 0x4, 0x0, 0x1, [{0x74, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x64, 0x2, 0x0, 0x1, [@NFTA_INNER_EXPR={0x14, 0x5, 0x0, 0x1, @immediate={{0xe}, @void}}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x34, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x56}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0xb9}, @NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0x16}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xcc}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0xa) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.704851372s ago: executing program 3 (id=269): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000940)={0x0, 0xa00, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="5402000017000100000000000040523ee83c00000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a000000fe8800000000000000000000000000010000000000000000000000000000000000000000ff020000000000000000000000000001000000003200000002000000fe8000000000000000000000000000000000000004"], 0x254}}, 0x0) 1.520672938s ago: executing program 0 (id=270): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='rpc_call_rpcerror\x00', r1, 0x0, 0xf69}, 0x18) socketpair$unix(0x1, 0x5, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xf3a, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x4a081, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r2, &(0x7f0000000040)=ANY=[@ANYRESHEX, @ANYRES64=r2], 0xfdef) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)=@isdn={0x22, 0x80, 0x4b, 0x9, 0x6}, 0x80, 0x0}, 0x4000001) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="14000000252f010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 1.520368908s ago: executing program 4 (id=271): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r3, @ANYBLOB="00000016010000001800120008000100736974000c0002000800030036"], 0x38}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6gre0\x00', 0x0}) bind$packet(r4, &(0x7f0000000140)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @broadcast}, 0x14) sendmmsg$sock(r4, &(0x7f0000002280)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r6, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000340)={0x58, r7, 0x8d61ddcfedb48df, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x2c, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x28, 0x3, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'sit0\x00'}]}]}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}]}]}, 0x58}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=ANY=[@ANYBLOB="48000000100039042cbd7000eaffffff000003e4", @ANYRES32=r3, @ANYBLOB="83000400084004002800128008000100736974001c00028006f60d00f9ff0000080003"], 0x48}, 0x1, 0x0, 0x0, 0x8080}, 0x4000040) 1.466423405s ago: executing program 3 (id=272): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001200)={0x30, 0x1405, 0x1, 0x70bd27, 0x25dfdbfb, "", [{{0x8}, {0x8}}, {{0x8}, {0x8, 0x3, 0x1}}]}, 0x30}}, 0x0) (fail_nth: 7) 1.095621548s ago: executing program 3 (id=273): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18) close(r2) getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x40107}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_COST={0x8, 0x3, 0x4}]}}}, @IFLA_LINK={0x8, 0x5, r3}]}, 0x4c}}, 0x4044880) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0) ioctl(r1, 0x1, &(0x7f00000003c0)="a088faf90a0f98455c0c0daf812ed1e8cf16cd472b4264e3c634eae2036c19eedf3d765fb5270d706322f94fafa6de41ef6902f367f7f1b05c78e3852117d285f5b0579d6e99f2e6e458b509f1942d03d32f087d4d47299c85e0e2dc1a1e47684dbdecb7b866ee74f2453f8398f563318867b89471f112df4993251b3c2d7afbcd7eb927da7ed2e0d142684d94e6e86acd7accec03c87cd46a3d71c911b2bc7687591bc241") 632.763663ms ago: executing program 3 (id=274): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0xfffc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth1_macvtap\x00'}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xf}}}, 0x90}, 0x1, 0x0, 0x0, 0xc0081427e0ba6f8b}, 0x2) 632.498758ms ago: executing program 4 (id=275): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001200)={0x30, 0x1405, 0x1, 0x70bd27, 0x25dfdbfb, "", [{{0x8}, {0x8}}, {{0x8}, {0x8, 0x3, 0x1}}]}, 0x30}}, 0x0) 600.9531ms ago: executing program 2 (id=276): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, 0x0, 0x21, 0x11203}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_SNOOPING={0x5}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x16, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x97}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call, @exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0xa, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 523.383659ms ago: executing program 4 (id=277): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000000200)=@raw=[@call, @exit], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffff8a, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0x0, 0x1}, 0x20) bind$l2tp6(r2, &(0x7f0000000040)={0xa, 0x0, 0xc38, @private1, 0x6}, 0x20) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x4001, 0x0, @loopback}, 0x1c) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000240)={@initdev, @local, 0x0}, &(0x7f0000000280)=0xc) sendmsg$nl_xfrm(r3, &(0x7f0000000680)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000400)=@flushpolicy={0x278, 0x1d, 0x0, 0x70bd25, 0x25dfdbfc, "", [@etimer_thresh={0x8, 0xc, 0x4}, @algo_comp={0xa8, 0x3, {{'deflate\x00'}, 0x300, "6b97b73e3624d45110fa160bafb85c7e0b74f544ad0c21888b85d8b31d00a781cd6cd078d260003c33e4dd95b7fd405c3eecad57c366d11a2677181462cfa99076956ceb1d066e8087a6735e27fe8c5a333a39ef6e968d8273569871a16ac431"}}, @lifetime_val={0x24, 0x9, {0x7, 0x1, 0x0, 0x100000000}}, @migrate={0xe8, 0x11, [{@in6=@private0, @in=@local, @in=@remote, @in6=@private0, 0x3c, 0x2, 0x0, 0x0, 0x2, 0x8}, {@in6=@private2, @in=@broadcast, @in6=@dev={0xfe, 0x80, '\x00', 0x2c}, @in6=@loopback, 0x6c, 0x0, 0x0, 0x3504, 0xa}, {@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@local, @in6=@mcast1, @in=@multicast2, 0xff, 0x0, 0x0, 0x3503, 0xa, 0x2}]}, @policy={0xac, 0x7, {{@in=@private=0xa010101, @in=@local, 0x4e20, 0x9, 0x4e22, 0xc, 0xa, 0x20, 0xa0, 0x33, r4, 0xee01}, {0xfe9, 0xd, 0x0, 0x7, 0xffffffffffffffff, 0xddf, 0x4, 0x8}, {0x4, 0x2, 0xffffffff, 0x1}, 0x9, 0x6e6bbc, 0x1, 0x1, 0x2, 0x2}}]}, 0x278}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) getsockopt$inet6_buf(r1, 0x29, 0x10, 0x0, &(0x7f00000000c0)) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)="d80000001c0081064e81f782db44b9040a1d08040e000000000002a1180002000600142603600e1208000f0000810401a8001605200001400200680803600cfab94dcf5c0461c1d67f6f94007134cf61e08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f808db58b45296feb215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x40000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000000200)=@raw=[@call, @exit], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffff8a, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async) socket$kcm(0x10, 0x2, 0x0) (async) socket$inet6_tcp(0xa, 0x1, 0x0) (async) socket$l2tp6(0xa, 0x2, 0x73) (async) bind$l2tp6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0x0, 0x1}, 0x20) (async) bind$l2tp6(r2, &(0x7f0000000040)={0xa, 0x0, 0xc38, @private1, 0x6}, 0x20) (async) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x4001, 0x0, @loopback}, 0x1c) (async) pipe(&(0x7f0000000140)) (async) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000240)={@initdev, @local}, &(0x7f0000000280)=0xc) (async) sendmsg$nl_xfrm(r3, &(0x7f0000000680)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000400)=@flushpolicy={0x278, 0x1d, 0x0, 0x70bd25, 0x25dfdbfc, "", [@etimer_thresh={0x8, 0xc, 0x4}, @algo_comp={0xa8, 0x3, {{'deflate\x00'}, 0x300, "6b97b73e3624d45110fa160bafb85c7e0b74f544ad0c21888b85d8b31d00a781cd6cd078d260003c33e4dd95b7fd405c3eecad57c366d11a2677181462cfa99076956ceb1d066e8087a6735e27fe8c5a333a39ef6e968d8273569871a16ac431"}}, @lifetime_val={0x24, 0x9, {0x7, 0x1, 0x0, 0x100000000}}, @migrate={0xe8, 0x11, [{@in6=@private0, @in=@local, @in=@remote, @in6=@private0, 0x3c, 0x2, 0x0, 0x0, 0x2, 0x8}, {@in6=@private2, @in=@broadcast, @in6=@dev={0xfe, 0x80, '\x00', 0x2c}, @in6=@loopback, 0x6c, 0x0, 0x0, 0x3504, 0xa}, {@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@local, @in6=@mcast1, @in=@multicast2, 0xff, 0x0, 0x0, 0x3503, 0xa, 0x2}]}, @policy={0xac, 0x7, {{@in=@private=0xa010101, @in=@local, 0x4e20, 0x9, 0x4e22, 0xc, 0xa, 0x20, 0xa0, 0x33, r4, 0xee01}, {0xfe9, 0xd, 0x0, 0x7, 0xffffffffffffffff, 0xddf, 0x4, 0x8}, {0x4, 0x2, 0xffffffff, 0x1}, 0x9, 0x6e6bbc, 0x1, 0x1, 0x2, 0x2}}]}, 0x278}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) (async) getsockopt$inet6_buf(r1, 0x29, 0x10, 0x0, &(0x7f00000000c0)) (async) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)="d80000001c0081064e81f782db44b9040a1d08040e000000000002a1180002000600142603600e1208000f0000810401a8001605200001400200680803600cfab94dcf5c0461c1d67f6f94007134cf61e08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f808db58b45296feb215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x40000) (async) 477.243637ms ago: executing program 3 (id=278): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="5402000017000100000000000040523ee83c00000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200", @ANYRES32], 0x254}}, 0x0) (fail_nth: 5) 583.863µs ago: executing program 0 (id=279): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)={0x20, r2, 0x1, 0x0, 0xfffffffd, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8}]}]}, 0x20}}, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r1) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'geneve1\x00', 0x0}) sendto$packet(r4, &(0x7f00000003c0)="0b031200e0ff64000200475400f6a13bb1000000086086dd48037220bc230500e98dfe52b69ddbd9e6f55a6c11ee2179b9414ad56140ba6ee662327e7591696902692f48e860c7bed154dc75d95e5fc6c85011939787a965334d0d3b979986751d179777e5f307b333397196c19c52d87be56128b16d85a50d2496edcc4cd25947069e4b9bc45e59589a3624142c1d88e64ecbf5d3a2876b0f9ba4d8e9dbbe105e9d569eca7d527bae29790bf1255219796a0383b875af53f628def27b28f3d180b16cf3bf", 0xc5, 0x0, &(0x7f0000000000)={0x11, 0x8100, r5, 0x1, 0x0, 0x6, @remote}, 0x14) sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x54, r3, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x5c}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x6c}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x42000}, 0xc0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x41071, 0xffffffffffffffff, 0x0) r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) connect$802154_dgram(r6, &(0x7f0000000080)={0x24, @none={0x0, 0x2}}, 0x14) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x2a, 0x2, 0x0) getsockname$packet(r8, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r10 = socket$can_raw(0x1d, 0x3, 0x1) sendmsg$can_raw(r10, &(0x7f00000003c0)={&(0x7f0000000080)={0x1d, r9}, 0x10, &(0x7f0000000100)={&(0x7f00000000c0)=@can={{0x4, 0x1, 0x1}, 0x4, 0x0, 0x0, 0x0, "1b1bc9ab08a13b51"}, 0x10}, 0x1, 0x0, 0x0, 0x4004810}, 0x40d0) sendmsg$nl_route_sched(r7, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@newtclass={0x2c, 0x28, 0x400, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, r9, {0xffff, 0x9}, {0xb, 0xc}, {0x0, 0x5}}, [@TCA_RATE={0x6, 0x5, {0x8, 0xf2}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040000}, 0x20000000) sendmsg$nl_xfrm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="5402000017000100000000000040523ee83c00000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200", @ANYRES32], 0x254}}, 0x0) r11 = socket$isdn_base(0x22, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000200)={'wlan1\x00'}) 260.326µs ago: executing program 2 (id=280): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0xa2) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=@delqdisc={0x190, 0x25, 0x400, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x8, 0x5}, {0x1, 0x4}, {0x5, 0x1}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0xe7b9}, @TCA_EGRESS_BLOCK={0x8}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8001}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x9}, @TCA_STAB={0xb0, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0x5, 0xfb9e, 0x7, 0x1, 0x885b, 0xd, 0x7}}, {0x12, 0x2, [0x8000, 0x4, 0x1, 0xff, 0x3b81, 0x7, 0x1000]}}, {{0x1c, 0x1, {0x5, 0x6, 0x0, 0x0, 0x2, 0x200, 0xec, 0x5}}, {0xe, 0x2, [0xfc01, 0x6, 0x0, 0x7, 0x100]}}, {{0x1c, 0x1, {0x4, 0xc7, 0x8000, 0x100, 0x0, 0x2, 0x4, 0x3}}, {0xa, 0x2, [0xb7a, 0x2, 0x5]}}, {{0x1c, 0x1, {0x4, 0x8, 0x400, 0x3, 0x2, 0x0, 0x9, 0x3}}, {0xa, 0x2, [0x4, 0x4, 0x4]}}]}, @qdisc_kind_options=@q_cbq={{0x8}, {0x94, 0x2, [@TCA_CBS_PARMS={0x18, 0x1, {0x7, '\x00', 0x0, 0x20, 0x7, 0x1}}, @TCA_CBS_PARMS={0x18, 0x1, {0xc, '\x00', 0x4, 0xe, 0x372, 0x6}}, @TCA_CBS_PARMS={0x18, 0x1, {0x8, '\x00', 0x7, 0xcda, 0x3, 0xce}}, @TCA_CBS_PARMS={0x18, 0x1, {0x6, '\x00', 0xffffffff, 0x4, 0x9, 0x5}}, @TCA_CBS_PARMS={0x18, 0x1, {0x3, '\x00', 0x1, 0x8, 0x7, 0x10001}}, @TCA_CBS_PARMS={0x18, 0x1, {0xdc, '\x00', 0x6, 0x6, 0x9, 0x9}}]}}]}, 0x190}, 0x1, 0x0, 0x0, 0x400}, 0x800) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001c2df6f270000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r3}, 0x10) r5 = socket$nl_rdma(0x10, 0x3, 0x14) getsockopt$netlink(r5, 0x10e, 0xa, &(0x7f0000000200)=""/70, &(0x7f0000000280)=0x46) r6 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={r6, r4, 0x0, 0xf, &(0x7f0000000300)='netlink_extack\x00'}, 0x30) write$cgroup_pid(r0, &(0x7f0000000000)=r6, 0x12) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 0s ago: executing program 3 (id=281): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) (async) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r2, 0x400448ca, 0x0) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) (async) r3 = socket$inet(0xa, 0x801, 0x84) connect$inet(r3, &(0x7f0000004cc0)={0x2, 0x0, @private=0xa010101}, 0x10) (async) listen(r3, 0xffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000061100000000000001d400500000000004704000001ed00000f030000000000001d44000000000000620a5cfe000000007203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e4b2b9275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf138f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87acbeb48949b63b045313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65039cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r5 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 32) sendmsg$nl_route(r5, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000009c0)=@bridge_getlink={0x28, 0x12, 0x101, 0x0, 0xffffffe0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x4000}, [@IFLA_CARRIER_CHANGES={0x8, 0x23, 0x3}]}, 0x28}}, 0xc090) (async) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) (async) recvfrom$unix(r0, &(0x7f0000000580)=""/4096, 0x1000, 0x1041, &(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e) (async) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r4, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x44, 0x0, 0x400, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xf83d}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1716}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16df}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]]}, 0x44}, 0x1, 0x0, 0x0, 0x4041}, 0x200008c0) sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010027bd7000000000001400000018000180140002006e657464657673696d3000000000000005000c000300000008001600ffffffff080003000d00000008000f00050000000800040019dc0000050019"], 0x5c}}, 0x0) r7 = accept4(r3, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r7, 0x84, 0x83, &(0x7f0000000140)=@assoc_value, &(0x7f0000000040)=0x8) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.15.196' (ED25519) to the list of known hosts. [ 73.577055][ T5822] cgroup: Unknown subsys name 'net' [ 73.709419][ T5822] cgroup: Unknown subsys name 'cpuset' [ 73.718585][ T5822] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 75.238768][ T5822] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 77.595185][ T5143] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.625175][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.633796][ T5840] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.648095][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.657326][ T5848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.665845][ T5848] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.673846][ T5848] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 77.681837][ T5848] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.690240][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.699019][ T5848] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.706913][ T5848] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 77.710916][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.716080][ T5848] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.728854][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.736943][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.738109][ T5848] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 77.751987][ T5849] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 77.752908][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 77.759437][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.767716][ T5848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.775537][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.780652][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.787089][ T5849] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.802495][ T5850] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 77.811930][ T5834] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 77.821112][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.830362][ T5834] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 77.835398][ T5842] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 77.837793][ T5834] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 77.844830][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.280354][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 78.405111][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 78.414859][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 78.477414][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 78.557631][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.565548][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.573205][ T5836] bridge_slave_0: entered allmulticast mode [ 78.580552][ T5836] bridge_slave_0: entered promiscuous mode [ 78.594946][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.602228][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.609582][ T5836] bridge_slave_1: entered allmulticast mode [ 78.616836][ T5836] bridge_slave_1: entered promiscuous mode [ 78.655287][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 78.706643][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.718669][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.782747][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.790157][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.801919][ T5841] bridge_slave_0: entered allmulticast mode [ 78.809385][ T5841] bridge_slave_0: entered promiscuous mode [ 78.817247][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.824325][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.831693][ T5841] bridge_slave_1: entered allmulticast mode [ 78.838602][ T5841] bridge_slave_1: entered promiscuous mode [ 78.845268][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.852936][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.860272][ T5832] bridge_slave_0: entered allmulticast mode [ 78.867135][ T5832] bridge_slave_0: entered promiscuous mode [ 78.902867][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.913867][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.921242][ T5832] bridge_slave_1: entered allmulticast mode [ 78.929235][ T5832] bridge_slave_1: entered promiscuous mode [ 78.950776][ T5836] team0: Port device team_slave_0 added [ 78.974779][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.982348][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.990086][ T5839] bridge_slave_0: entered allmulticast mode [ 78.997918][ T5839] bridge_slave_0: entered promiscuous mode [ 79.024066][ T5836] team0: Port device team_slave_1 added [ 79.032108][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.050572][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.060385][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.068668][ T5839] bridge_slave_1: entered allmulticast mode [ 79.075399][ T5839] bridge_slave_1: entered promiscuous mode [ 79.082281][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.089694][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.097054][ T5837] bridge_slave_0: entered allmulticast mode [ 79.103773][ T5837] bridge_slave_0: entered promiscuous mode [ 79.131025][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.143822][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.163965][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.172796][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.182887][ T5837] bridge_slave_1: entered allmulticast mode [ 79.190248][ T5837] bridge_slave_1: entered promiscuous mode [ 79.208436][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.215436][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.241969][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.264250][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.304964][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.312883][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.339513][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.370034][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.381375][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.394637][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.413422][ T5841] team0: Port device team_slave_0 added [ 79.421720][ T5832] team0: Port device team_slave_0 added [ 79.431600][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.478520][ T5837] team0: Port device team_slave_0 added [ 79.490512][ T5841] team0: Port device team_slave_1 added [ 79.497774][ T5832] team0: Port device team_slave_1 added [ 79.539822][ T5837] team0: Port device team_slave_1 added [ 79.565313][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.572526][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.598779][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.612880][ T5839] team0: Port device team_slave_0 added [ 79.621616][ T5839] team0: Port device team_slave_1 added [ 79.631804][ T5836] hsr_slave_0: entered promiscuous mode [ 79.639552][ T5836] hsr_slave_1: entered promiscuous mode [ 79.673489][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.681401][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.707557][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.753686][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.760888][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.788270][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.801040][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.808089][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.834116][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.858877][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.869629][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.896278][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.908628][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.915628][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.942948][ T5840] Bluetooth: hci4: command tx timeout [ 79.942954][ T5143] Bluetooth: hci1: command tx timeout [ 79.943339][ T5143] Bluetooth: hci2: command tx timeout [ 79.948940][ T5840] Bluetooth: hci3: command tx timeout [ 79.954477][ T53] Bluetooth: hci0: command tx timeout [ 79.960276][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.996181][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.003174][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.029512][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.084010][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.093512][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.120304][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.145980][ T5832] hsr_slave_0: entered promiscuous mode [ 80.152306][ T5832] hsr_slave_1: entered promiscuous mode [ 80.158789][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.166952][ T5832] Cannot create hsr debugfs directory [ 80.193779][ T5839] hsr_slave_0: entered promiscuous mode [ 80.200313][ T5839] hsr_slave_1: entered promiscuous mode [ 80.206686][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.214279][ T5839] Cannot create hsr debugfs directory [ 80.224080][ T5841] hsr_slave_0: entered promiscuous mode [ 80.231504][ T5841] hsr_slave_1: entered promiscuous mode [ 80.238184][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.246258][ T5841] Cannot create hsr debugfs directory [ 80.341089][ T5837] hsr_slave_0: entered promiscuous mode [ 80.347879][ T5837] hsr_slave_1: entered promiscuous mode [ 80.354235][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.362312][ T5837] Cannot create hsr debugfs directory [ 80.664624][ T5836] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.677089][ T5836] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.700526][ T5836] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.719874][ T5836] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.762702][ T5832] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 80.786137][ T5832] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 80.808254][ T5832] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 80.820837][ T5832] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 80.852453][ T5841] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.865390][ T5841] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.898145][ T5841] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.909372][ T5841] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 81.011532][ T5839] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 81.030559][ T5839] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 81.042939][ T5839] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 81.053939][ T5839] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 81.120162][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.128049][ T5837] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 81.139622][ T5837] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 81.152965][ T5837] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 81.164196][ T5837] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 81.190345][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.211246][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.268617][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.275952][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.307092][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.316603][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.323767][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.359770][ T1150] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.367033][ T1150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.390773][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.403164][ T29] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.410796][ T29] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.443637][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.497871][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.505064][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.554989][ T3544] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.562295][ T3544] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.638566][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.734934][ T5841] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 81.751959][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.770204][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.797638][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.804794][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.820013][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.827237][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.854989][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.891870][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.940465][ T3544] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.947670][ T3544] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.972605][ T3544] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.980000][ T3544] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.000410][ T5839] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 82.007055][ T53] Bluetooth: hci0: command tx timeout [ 82.016340][ T5842] Bluetooth: hci1: command tx timeout [ 82.021975][ T5842] Bluetooth: hci2: command tx timeout [ 82.028593][ T5143] Bluetooth: hci3: command tx timeout [ 82.028678][ T5840] Bluetooth: hci4: command tx timeout [ 82.172878][ T5836] veth0_vlan: entered promiscuous mode [ 82.213947][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.249945][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.278956][ T5836] veth1_vlan: entered promiscuous mode [ 82.386246][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.400207][ T5836] veth0_macvtap: entered promiscuous mode [ 82.469111][ T5836] veth1_macvtap: entered promiscuous mode [ 82.503283][ T5841] veth0_vlan: entered promiscuous mode [ 82.539440][ T5832] veth0_vlan: entered promiscuous mode [ 82.553441][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.580105][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.591809][ T5841] veth1_vlan: entered promiscuous mode [ 82.608962][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.643468][ T5832] veth1_vlan: entered promiscuous mode [ 82.670470][ T5836] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.680553][ T5836] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.691034][ T5836] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.700194][ T5836] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.717845][ T5841] veth0_macvtap: entered promiscuous mode [ 82.774754][ T5841] veth1_macvtap: entered promiscuous mode [ 82.858805][ T5837] veth0_vlan: entered promiscuous mode [ 82.868134][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.880405][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.892665][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.909598][ T5832] veth0_macvtap: entered promiscuous mode [ 82.932074][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.943675][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.956386][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.986223][ T5832] veth1_macvtap: entered promiscuous mode [ 83.003863][ T5841] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.006552][ T29] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.023686][ T29] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.027150][ T5841] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.040037][ T5841] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.049211][ T5841] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.061519][ T5837] veth1_vlan: entered promiscuous mode [ 83.144350][ T29] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.152315][ T5839] veth0_vlan: entered promiscuous mode [ 83.162730][ T5839] veth1_vlan: entered promiscuous mode [ 83.168680][ T29] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.177997][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.195287][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.207981][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.218568][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.230446][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.293842][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.305842][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.315711][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.328434][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.340646][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.361894][ T5839] veth0_macvtap: entered promiscuous mode [ 83.376881][ T5837] veth0_macvtap: entered promiscuous mode [ 83.393064][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 83.401939][ T5832] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.419092][ T5832] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.432932][ T5832] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.442138][ T5832] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.459498][ T5837] veth1_macvtap: entered promiscuous mode [ 83.473234][ T5839] veth1_macvtap: entered promiscuous mode [ 83.504493][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.536153][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.567206][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.580553][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.590520][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.601042][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.611387][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.622208][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.634131][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.647006][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.657782][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.667755][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.678294][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.689319][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.699849][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.710810][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.734944][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.757501][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.770403][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.782260][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.792545][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.803733][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.814271][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.824916][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.836962][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.865379][ T5837] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.875093][ T5921] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 83.878159][ T5837] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.895676][ T5837] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.904734][ T5837] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.929609][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.930451][ T5919] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2'. [ 83.940528][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.961590][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.973952][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.984191][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.994926][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.004989][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.017019][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.029537][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.039766][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.049482][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.065686][ T3544] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.088686][ T3544] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.090152][ T5840] Bluetooth: hci2: command tx timeout [ 84.096663][ T5842] Bluetooth: hci4: command tx timeout [ 84.104934][ T5840] Bluetooth: hci0: command tx timeout [ 84.107820][ T53] Bluetooth: hci1: command tx timeout [ 84.119958][ T5840] Bluetooth: hci3: command tx timeout [ 84.137862][ T5839] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.151447][ T5839] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.161880][ T5839] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.172039][ T5839] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.301667][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.309777][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.517426][ T5925] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 84.555575][ T3544] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.563639][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.573667][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.596269][ T3544] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.754093][ T5925] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 84.768979][ T5925] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 84.779865][ T5925] bond0 (unregistering): Released all slaves [ 84.832435][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.845594][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.875709][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.885169][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.089968][ T5935] netlink: 'syz.3.8': attribute type 9 has an invalid length. [ 85.107269][ T5935] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.8'. [ 85.169755][ T5938] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9'. [ 85.284085][ T5942] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5'. [ 85.299286][ T1150] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.431742][ T1150] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.675625][ T1150] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.817449][ T5965] sctp: [Deprecated]: syz.3.15 (pid 5965) Use of int in maxseg socket option. [ 85.817449][ T5965] Use struct sctp_assoc_value instead [ 85.858539][ T5962] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13'. [ 85.961469][ T1150] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.168640][ T5834] Bluetooth: hci1: command tx timeout [ 86.174133][ T5834] Bluetooth: hci0: command tx timeout [ 86.186196][ T5840] Bluetooth: hci2: command tx timeout [ 86.186228][ T53] Bluetooth: hci3: command tx timeout [ 86.368728][ T53] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 86.387329][ T53] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 86.397321][ T53] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 86.418040][ T53] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 86.426955][ T53] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 86.434446][ T53] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.554210][ T5990] netlink: 24 bytes leftover after parsing attributes in process `syz.3.21'. [ 86.673863][ T1150] bridge_slave_1: left allmulticast mode [ 86.691304][ T1150] bridge_slave_1: left promiscuous mode [ 86.709939][ T1150] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.773485][ T1150] bridge_slave_0: left allmulticast mode [ 86.794804][ T1150] bridge_slave_0: left promiscuous mode [ 86.804082][ T1150] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.057757][ T973] cfg80211: failed to load regulatory.db [ 87.257060][ T6007] netlink: 4 bytes leftover after parsing attributes in process `syz.2.25'. [ 87.295688][ T1150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 87.314216][ T1150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 87.327709][ T1150] bond0 (unregistering): Released all slaves [ 87.426829][ T6005] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 87.564924][ T6013] FAULT_INJECTION: forcing a failure. [ 87.564924][ T6013] name failslab, interval 1, probability 0, space 0, times 1 [ 87.600214][ T6013] CPU: 0 UID: 0 PID: 6013 Comm: syz.0.27 Not tainted 6.13.0-rc7-syzkaller-00118-gd640627663bf #0 [ 87.610896][ T6013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 87.621008][ T6013] Call Trace: [ 87.624422][ T6013] [ 87.627395][ T6013] dump_stack_lvl+0x241/0x360 [ 87.632149][ T6013] ? __pfx_dump_stack_lvl+0x10/0x10 [ 87.637399][ T6013] ? __pfx__printk+0x10/0x10 [ 87.642047][ T6013] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 87.648080][ T6013] ? __pfx___might_resched+0x10/0x10 [ 87.653420][ T6013] should_fail_ex+0x3b0/0x4e0 [ 87.658178][ T6013] should_failslab+0xac/0x100 [ 87.662923][ T6013] kmem_cache_alloc_node_noprof+0x77/0x380 [ 87.668780][ T6013] ? __alloc_skb+0x1c3/0x440 [ 87.673415][ T6013] __alloc_skb+0x1c3/0x440 [ 87.677969][ T6013] ? __pfx___alloc_skb+0x10/0x10 [ 87.682956][ T6013] ? netlink_autobind+0xd6/0x2f0 [ 87.687941][ T6013] ? netlink_autobind+0x2b0/0x2f0 [ 87.693020][ T6013] netlink_sendmsg+0x638/0xcb0 [ 87.697851][ T6013] ? __pfx_netlink_sendmsg+0x10/0x10 [ 87.703192][ T6013] ? aa_sock_msg_perm+0x91/0x160 [ 87.708183][ T6013] ? __pfx_netlink_sendmsg+0x10/0x10 [ 87.713514][ T6013] __sock_sendmsg+0x221/0x270 [ 87.718255][ T6013] ____sys_sendmsg+0x52a/0x7e0 [ 87.723079][ T6013] ? __pfx_____sys_sendmsg+0x10/0x10 [ 87.728443][ T6013] ? __fget_files+0x2a/0x410 [ 87.733090][ T6013] ? __fget_files+0x2a/0x410 [ 87.737745][ T6013] __sys_sendmsg+0x269/0x350 [ 87.742388][ T6013] ? __pfx_lock_release+0x10/0x10 [ 87.747482][ T6013] ? __pfx___sys_sendmsg+0x10/0x10 [ 87.752661][ T6013] ? __pfx_vfs_write+0x10/0x10 [ 87.757503][ T6013] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 87.763893][ T6013] ? do_syscall_64+0x100/0x230 [ 87.768816][ T6013] ? do_syscall_64+0xb6/0x230 [ 87.773558][ T6013] do_syscall_64+0xf3/0x230 [ 87.778120][ T6013] ? clear_bhb_loop+0x35/0x90 [ 87.782851][ T6013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.788817][ T6013] RIP: 0033:0x7f2fc7985d29 [ 87.793286][ T6013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.812945][ T6013] RSP: 002b:00007f2fc88a4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 87.821418][ T6013] RAX: ffffffffffffffda RBX: 00007f2fc7b75fa0 RCX: 00007f2fc7985d29 [ 87.829457][ T6013] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 87.837482][ T6013] RBP: 00007f2fc88a4090 R08: 0000000000000000 R09: 0000000000000000 [ 87.845506][ T6013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 87.853529][ T6013] R13: 0000000000000000 R14: 00007f2fc7b75fa0 R15: 00007ffe703e6528 [ 87.861569][ T6013] [ 88.117712][ T5974] chnl_net:caif_netlink_parms(): no params data found [ 88.434234][ T6040] netlink: 8 bytes leftover after parsing attributes in process `syz.2.33'. [ 88.495960][ T5842] Bluetooth: hci4: command tx timeout [ 88.850191][ T5974] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.866379][ T5974] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.873727][ T5974] bridge_slave_0: entered allmulticast mode [ 88.891754][ T5974] bridge_slave_0: entered promiscuous mode [ 88.894330][ T6059] Bluetooth: MGMT ver 1.23 [ 88.921340][ T5974] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.943442][ T5974] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.956188][ T5974] bridge_slave_1: entered allmulticast mode [ 88.975949][ T5974] bridge_slave_1: entered promiscuous mode [ 89.203158][ T5974] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.208678][ T6068] netlink: 16 bytes leftover after parsing attributes in process `syz.2.38'. [ 89.266594][ T1150] hsr_slave_0: left promiscuous mode [ 89.285193][ T1150] hsr_slave_1: left promiscuous mode [ 89.304500][ T1150] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 89.314197][ T1150] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 89.323516][ T1150] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 89.332967][ T1150] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 89.359807][ T1150] veth1_macvtap: left promiscuous mode [ 89.366596][ T1150] veth0_macvtap: left promiscuous mode [ 89.372335][ T1150] veth1_vlan: left promiscuous mode [ 89.378551][ T1150] veth0_vlan: left promiscuous mode [ 89.902192][ T6086] netlink: 300 bytes leftover after parsing attributes in process `syz.2.44'. [ 90.013692][ T1150] team0 (unregistering): Port device team_slave_1 removed [ 90.054110][ T1150] team0 (unregistering): Port device team_slave_0 removed [ 90.412152][ T5974] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.566353][ T5842] Bluetooth: hci4: command tx timeout [ 90.591336][ T5974] team0: Port device team_slave_0 added [ 90.619194][ T5974] team0: Port device team_slave_1 added [ 90.869639][ T6103] netlink: 8 bytes leftover after parsing attributes in process `syz.0.49'. [ 90.888442][ T6103] netlink: 'syz.0.49': attribute type 3 has an invalid length. [ 90.925732][ T6093] netlink: 24 bytes leftover after parsing attributes in process `syz.2.48'. [ 90.932154][ T5974] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.944138][ T5974] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.966050][ T5842] Bluetooth: hci0: command tx timeout [ 91.040537][ T5974] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.106973][ T6103] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.116275][ T6103] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.125024][ T6103] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.134140][ T6103] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 91.199057][ T5974] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.275838][ T5974] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.322864][ T5974] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.493535][ T6122] FAULT_INJECTION: forcing a failure. [ 91.493535][ T6122] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 91.512545][ T6124] tipc: Trying to set illegal importance in message [ 91.523552][ T6122] CPU: 1 UID: 0 PID: 6122 Comm: syz.4.52 Not tainted 6.13.0-rc7-syzkaller-00118-gd640627663bf #0 [ 91.534217][ T6122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 91.544492][ T6122] Call Trace: [ 91.547813][ T6122] [ 91.550781][ T6122] dump_stack_lvl+0x241/0x360 [ 91.555515][ T6122] ? __pfx_dump_stack_lvl+0x10/0x10 [ 91.560768][ T6122] ? __pfx__printk+0x10/0x10 [ 91.565411][ T6122] ? __pfx_lock_release+0x10/0x10 [ 91.570489][ T6122] should_fail_ex+0x3b0/0x4e0 [ 91.575232][ T6122] _copy_from_iter+0x1e9/0x1c20 [ 91.580139][ T6122] ? __virt_addr_valid+0x183/0x530 [ 91.585304][ T6122] ? __alloc_skb+0x28f/0x440 [ 91.589938][ T6122] ? __pfx__copy_from_iter+0x10/0x10 [ 91.595279][ T6122] ? __virt_addr_valid+0x183/0x530 [ 91.600442][ T6122] ? __virt_addr_valid+0x183/0x530 [ 91.605615][ T6122] ? __virt_addr_valid+0x45f/0x530 [ 91.610774][ T6122] ? __phys_addr_symbol+0x2f/0x70 [ 91.615856][ T6122] ? __check_object_size+0x47a/0x730 [ 91.621202][ T6122] netlink_sendmsg+0x73d/0xcb0 [ 91.626031][ T6122] ? __pfx_netlink_sendmsg+0x10/0x10 [ 91.631385][ T6122] ? aa_sock_msg_perm+0x91/0x160 [ 91.636361][ T6122] ? __pfx_netlink_sendmsg+0x10/0x10 [ 91.641672][ T6122] __sock_sendmsg+0x221/0x270 [ 91.646639][ T6122] ____sys_sendmsg+0x52a/0x7e0 [ 91.651429][ T6122] ? __pfx_____sys_sendmsg+0x10/0x10 [ 91.656727][ T6122] ? __fget_files+0x2a/0x410 [ 91.661338][ T6122] ? __fget_files+0x2a/0x410 [ 91.665954][ T6122] __sys_sendmsg+0x269/0x350 [ 91.670558][ T6122] ? __pfx_lock_release+0x10/0x10 [ 91.675610][ T6122] ? __pfx___sys_sendmsg+0x10/0x10 [ 91.680838][ T6122] ? __pfx_vfs_write+0x10/0x10 [ 91.685637][ T6122] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 91.691999][ T6122] ? do_syscall_64+0x100/0x230 [ 91.696965][ T6122] ? do_syscall_64+0xb6/0x230 [ 91.701677][ T6122] do_syscall_64+0xf3/0x230 [ 91.706231][ T6122] ? clear_bhb_loop+0x35/0x90 [ 91.710926][ T6122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.716851][ T6122] RIP: 0033:0x7f39c2b85d29 [ 91.721294][ T6122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.740929][ T6122] RSP: 002b:00007f39c39f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 91.749371][ T6122] RAX: ffffffffffffffda RBX: 00007f39c2d75fa0 RCX: 00007f39c2b85d29 [ 91.757364][ T6122] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 91.765804][ T6122] RBP: 00007f39c39f6090 R08: 0000000000000000 R09: 0000000000000000 [ 91.774011][ T6122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.782109][ T6122] R13: 0000000000000000 R14: 00007f39c2d75fa0 R15: 00007ffc87f31ad8 [ 91.790121][ T6122] [ 92.010268][ T5974] hsr_slave_0: entered promiscuous mode [ 92.030326][ T5974] hsr_slave_1: entered promiscuous mode [ 92.051237][ T6135] warning: `syz.0.57' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 92.281739][ T6146] syz.2.59 uses obsolete (PF_INET,SOCK_PACKET) [ 92.341363][ T6148] dccp_invalid_packet: P.Data Offset(0) too small [ 92.468823][ T6145] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 92.497236][ T6145] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.560983][ T6158] netlink: 'syz.4.63': attribute type 1 has an invalid length. [ 92.595537][ T6155] netlink: 8 bytes leftover after parsing attributes in process `syz.2.59'. [ 92.612224][ T6155] netlink: 8 bytes leftover after parsing attributes in process `syz.2.59'. [ 92.626954][ T6155] netlink: 4 bytes leftover after parsing attributes in process `syz.2.59'. [ 92.638347][ T6162] netlink: 48 bytes leftover after parsing attributes in process `syz.4.63'. [ 92.647484][ T5842] Bluetooth: hci4: command tx timeout [ 92.728232][ T6162] netlink: 4 bytes leftover after parsing attributes in process `syz.4.63'. [ 92.748632][ T6145] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 92.768746][ T6145] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.784999][ T6168] netlink: 160 bytes leftover after parsing attributes in process `syz.3.65'. [ 92.893044][ T6170] netlink: 'syz.3.66': attribute type 3 has an invalid length. [ 92.982657][ T6162] hsr_slave_0 (unregistering): left promiscuous mode [ 93.042355][ T6145] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 93.086302][ T6145] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.169882][ T6170] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.178940][ T6170] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.187799][ T6170] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.196603][ T6170] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.379203][ T6145] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 93.390245][ T6145] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.628043][ T6145] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.646423][ T6145] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.748796][ T6196] netlink: 'syz.2.73': attribute type 9 has an invalid length. [ 93.865457][ T6145] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 93.901523][ T6145] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.937901][ T6198] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 94.049127][ T6145] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 94.091835][ T6145] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.131159][ T6145] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 94.185882][ T6145] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.440675][ T6227] __nla_validate_parse: 3 callbacks suppressed [ 94.440698][ T6227] netlink: 300 bytes leftover after parsing attributes in process `syz.0.76'. [ 94.500605][ T6230] tc_dump_action: action bad kind [ 94.682051][ T6240] netlink: 8 bytes leftover after parsing attributes in process `syz.0.80'. [ 94.702776][ T6240] netlink: 'syz.0.80': attribute type 3 has an invalid length. [ 94.728441][ T5842] Bluetooth: hci4: command tx timeout [ 94.809846][ T5974] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.912655][ T5974] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.952155][ T5974] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.992333][ T5974] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 95.271371][ T6258] dvmrp0: entered allmulticast mode [ 95.397959][ T6262] netlink: 'syz.3.88': attribute type 2 has an invalid length. [ 95.427278][ T6262] netlink: 12 bytes leftover after parsing attributes in process `syz.3.88'. [ 95.470047][ T5974] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.503584][ T5974] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.568856][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.576048][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.633290][ T6269] netlink: 'syz.4.90': attribute type 1 has an invalid length. [ 95.671115][ T3544] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.678303][ T3544] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.844604][ T6277] netlink: 8 bytes leftover after parsing attributes in process `syz.0.93'. [ 95.893958][ T6277] netlink: 'syz.0.93': attribute type 3 has an invalid length. [ 95.962321][ T6283] openvswitch: netlink: nsh attr 2 has unexpected len 0 expected 16 [ 96.016090][ T6283] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 96.394488][ T5974] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.437017][ T6308] openvswitch: netlink: nsh attribute has unmatched MD type 0. [ 96.489723][ T6307] netlink: 12 bytes leftover after parsing attributes in process `syz.4.99'. [ 96.505600][ T6308] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 96.534641][ T5974] veth0_vlan: entered promiscuous mode [ 96.572833][ T6312] vlan2: entered promiscuous mode [ 96.633066][ T6316] netlink: 24 bytes leftover after parsing attributes in process `syz.2.103'. [ 96.669689][ T5974] veth1_vlan: entered promiscuous mode [ 96.774056][ T5974] veth0_macvtap: entered promiscuous mode [ 96.815586][ T5974] veth1_macvtap: entered promiscuous mode [ 96.897562][ T5974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.944404][ T5974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.988090][ T5974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.021442][ T5974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.040748][ T6329] netlink: 300 bytes leftover after parsing attributes in process `syz.0.107'. [ 97.077605][ T5974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.132893][ T5974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.163114][ T5974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.195935][ T5974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.254443][ T5974] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.295255][ T5974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.333517][ T5974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.376975][ T5974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.391247][ T6347] netlink: 8 bytes leftover after parsing attributes in process `syz.4.111'. [ 97.414148][ T5974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.424749][ T6347] netlink: 'syz.4.111': attribute type 3 has an invalid length. [ 97.435980][ T5974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.455866][ T5974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.474079][ T5974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.502035][ T5974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.533488][ T5974] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.564209][ T6354] netlink: 8 bytes leftover after parsing attributes in process `syz.0.112'. [ 97.594107][ T6347] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.603462][ T6347] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.612462][ T6347] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.621309][ T6347] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.684854][ T5974] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.723013][ T5974] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.755949][ T5974] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.764730][ T5974] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.997576][ T6369] No such timeout policy "syz0" [ 98.201557][ T3544] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.241733][ T3544] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.375670][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.384567][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.856141][ T6398] netlink: 120 bytes leftover after parsing attributes in process `syz.0.120'. [ 98.900624][ T6402] Zero length message leads to an empty skb [ 99.219620][ T1150] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.502558][ T6421] __nla_validate_parse: 2 callbacks suppressed [ 99.502581][ T6421] netlink: 8 bytes leftover after parsing attributes in process `syz.3.125'. [ 99.569928][ T6421] netlink: 'syz.3.125': attribute type 3 has an invalid length. [ 99.736827][ T1150] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.936194][ T6431] netlink: 20 bytes leftover after parsing attributes in process `syz.4.127'. [ 100.029455][ T1150] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.091337][ T53] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 100.112020][ T53] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 100.124444][ T53] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 100.132812][ T53] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 100.141444][ T53] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 100.152790][ T53] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 100.338190][ T1150] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.500371][ T6434] pimreg: entered allmulticast mode [ 101.053411][ T6469] netlink: 4 bytes leftover after parsing attributes in process `syz.4.134'. [ 101.129287][ T1150] bridge_slave_1: left allmulticast mode [ 101.143238][ T6473] netlink: 32 bytes leftover after parsing attributes in process `syz.2.133'. [ 101.152329][ T1150] bridge_slave_1: left promiscuous mode [ 101.185522][ T1150] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.257809][ T1150] bridge_slave_0: left allmulticast mode [ 101.263540][ T1150] bridge_slave_0: left promiscuous mode [ 101.277755][ T1150] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.677145][ T6495] netlink: 24 bytes leftover after parsing attributes in process `syz.3.137'. [ 102.248600][ T5842] Bluetooth: hci4: command tx timeout [ 102.273404][ T1150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 102.294059][ T1150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 102.314615][ T1150] bond0 (unregistering): Released all slaves [ 102.560440][ T6397] Set syz1 is full, maxelem 65536 reached [ 102.658391][ T6485] netlink: 20 bytes leftover after parsing attributes in process `syz.2.133'. [ 102.887308][ T6506] syz.3.139[6506] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 102.887428][ T6506] syz.3.139[6506] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 102.918927][ T6509] netlink: 8 bytes leftover after parsing attributes in process `syz.2.141'. [ 102.940258][ T6510] netlink: 8 bytes leftover after parsing attributes in process `syz.3.139'. [ 102.981577][ T6506] syz.3.139[6506] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 102.982072][ T6509] netlink: 'syz.2.141': attribute type 3 has an invalid length. [ 103.007617][ T6506] netlink: 8 bytes leftover after parsing attributes in process `syz.3.139'. [ 103.071254][ T6436] chnl_net:caif_netlink_parms(): no params data found [ 103.085476][ T6509] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 103.094457][ T6509] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 103.103280][ T6509] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 103.112189][ T6509] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 103.526988][ T1150] hsr_slave_0: left promiscuous mode [ 103.548535][ T1150] hsr_slave_1: left promiscuous mode [ 103.556524][ T1150] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 103.563989][ T1150] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 103.590815][ T1150] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 103.598924][ T1150] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 103.631763][ T1150] veth1_macvtap: left promiscuous mode [ 103.637514][ T1150] veth0_macvtap: left promiscuous mode [ 103.643248][ T1150] veth1_vlan: left promiscuous mode [ 103.653340][ T1150] veth0_vlan: left promiscuous mode [ 104.230059][ T1150] team0 (unregistering): Port device team_slave_1 removed [ 104.267826][ T1150] team0 (unregistering): Port device team_slave_0 removed [ 104.341527][ T5842] Bluetooth: hci4: command tx timeout [ 104.641380][ T6530] netlink: 8 bytes leftover after parsing attributes in process `syz.0.146'. [ 105.000465][ T6559] netlink: 24 bytes leftover after parsing attributes in process `syz.0.150'. [ 105.046647][ T6436] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.064131][ T6436] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.088709][ T6436] bridge_slave_0: entered allmulticast mode [ 105.106649][ T6436] bridge_slave_0: entered promiscuous mode [ 105.140010][ T6436] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.189586][ T6436] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.222780][ T6436] bridge_slave_1: entered allmulticast mode [ 105.302465][ T6436] bridge_slave_1: entered promiscuous mode [ 105.376781][ T6581] netlink: 8 bytes leftover after parsing attributes in process `syz.2.155'. [ 105.385730][ T6581] netlink: 'syz.2.155': attribute type 3 has an invalid length. [ 105.517697][ T6587] netlink: 'syz.0.156': attribute type 1 has an invalid length. [ 105.528236][ T6586] netlink: 8 bytes leftover after parsing attributes in process `syz.4.157'. [ 105.542938][ T6436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.577352][ T6436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.637799][ T6587] workqueue: Failed to create a rescuer kthread for wq "bond0": -EINTR [ 105.659277][ T6588] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6erspan0 [ 105.835330][ T6599] netlink: 'syz.2.160': attribute type 2 has an invalid length. [ 105.865160][ T6436] team0: Port device team_slave_0 added [ 105.891391][ T6599] can: request_module (can-proto-0) failed. [ 105.914261][ T6436] team0: Port device team_slave_1 added [ 106.043268][ T6605] netlink: 8 bytes leftover after parsing attributes in process `syz.0.161'. [ 106.142888][ T6436] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.153977][ T6436] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.207240][ T6436] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.231240][ T6436] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.255433][ T6436] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.311536][ T6436] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.348983][ T6610] netlink: 20 bytes leftover after parsing attributes in process `syz.3.164'. [ 106.417550][ T5842] Bluetooth: hci4: command tx timeout [ 106.443123][ T6623] netlink: 4 bytes leftover after parsing attributes in process `syz.0.166'. [ 106.452307][ T6623] netlink: 4 bytes leftover after parsing attributes in process `syz.0.166'. [ 106.577922][ T6436] hsr_slave_0: entered promiscuous mode [ 106.584507][ T6629] netlink: 24 bytes leftover after parsing attributes in process `syz.3.168'. [ 106.612031][ T6436] hsr_slave_1: entered promiscuous mode [ 106.862737][ T6636] netlink: 24 bytes leftover after parsing attributes in process `syz.3.171'. [ 107.391224][ T6658] netlink: 'syz.4.176': attribute type 64 has an invalid length. [ 108.113006][ T6678] netlink: 'syz.2.182': attribute type 4 has an invalid length. [ 108.441842][ T6688] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.450537][ T6688] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.489771][ T5842] Bluetooth: hci4: command tx timeout [ 108.649926][ T6436] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 108.717148][ T6436] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 108.902266][ T6436] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 109.020331][ T6436] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 109.421156][ T6436] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.440696][ T6436] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.465340][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.472528][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.567650][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.574923][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.638779][ T6750] FAULT_INJECTION: forcing a failure. [ 109.638779][ T6750] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.648587][ T6436] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 109.690952][ T6436] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 109.728223][ T6752] netlink: 'syz.2.199': attribute type 4 has an invalid length. [ 109.774876][ T6750] CPU: 1 UID: 0 PID: 6750 Comm: syz.0.197 Not tainted 6.13.0-rc7-syzkaller-00118-gd640627663bf #0 [ 109.785556][ T6750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 109.795663][ T6750] Call Trace: [ 109.798988][ T6750] [ 109.801967][ T6750] dump_stack_lvl+0x241/0x360 [ 109.806713][ T6750] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.812002][ T6750] ? __pfx__printk+0x10/0x10 [ 109.816650][ T6750] ? __pfx_lock_release+0x10/0x10 [ 109.821732][ T6750] should_fail_ex+0x3b0/0x4e0 [ 109.826470][ T6750] _copy_from_iter+0x1e9/0x1c20 [ 109.831376][ T6750] ? __virt_addr_valid+0x183/0x530 [ 109.836536][ T6750] ? __alloc_skb+0x28f/0x440 [ 109.841145][ T6750] ? __pfx__copy_from_iter+0x10/0x10 [ 109.846452][ T6750] ? __virt_addr_valid+0x183/0x530 [ 109.851612][ T6750] ? __virt_addr_valid+0x183/0x530 [ 109.856829][ T6750] ? __virt_addr_valid+0x45f/0x530 [ 109.861958][ T6750] ? __phys_addr_symbol+0x2f/0x70 [ 109.867000][ T6750] ? __check_object_size+0x47a/0x730 [ 109.872309][ T6750] netlink_sendmsg+0x73d/0xcb0 [ 109.877104][ T6750] ? __pfx_netlink_sendmsg+0x10/0x10 [ 109.882415][ T6750] ? aa_sock_msg_perm+0x91/0x160 [ 109.887372][ T6750] ? __pfx_netlink_sendmsg+0x10/0x10 [ 109.892679][ T6750] __sock_sendmsg+0x221/0x270 [ 109.897381][ T6750] ____sys_sendmsg+0x52a/0x7e0 [ 109.902193][ T6750] ? __pfx_____sys_sendmsg+0x10/0x10 [ 109.907495][ T6750] ? __fget_files+0x2a/0x410 [ 109.912109][ T6750] ? __fget_files+0x2a/0x410 [ 109.916727][ T6750] __sys_sendmsg+0x269/0x350 [ 109.921333][ T6750] ? __pfx_lock_release+0x10/0x10 [ 109.926391][ T6750] ? __pfx___sys_sendmsg+0x10/0x10 [ 109.931543][ T6750] ? __pfx_vfs_write+0x10/0x10 [ 109.936339][ T6750] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 109.942683][ T6750] ? do_syscall_64+0x100/0x230 [ 109.947471][ T6750] ? do_syscall_64+0xb6/0x230 [ 109.952175][ T6750] do_syscall_64+0xf3/0x230 [ 109.956723][ T6750] ? clear_bhb_loop+0x35/0x90 [ 109.961432][ T6750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.967352][ T6750] RIP: 0033:0x7f2fc7985d29 [ 109.971782][ T6750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.991407][ T6750] RSP: 002b:00007f2fc88a4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 109.999837][ T6750] RAX: ffffffffffffffda RBX: 00007f2fc7b75fa0 RCX: 00007f2fc7985d29 [ 110.007823][ T6750] RDX: 0000000000000000 RSI: 0000000020000940 RDI: 0000000000000003 [ 110.015808][ T6750] RBP: 00007f2fc88a4090 R08: 0000000000000000 R09: 0000000000000000 [ 110.023799][ T6750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 110.031786][ T6750] R13: 0000000000000000 R14: 00007f2fc7b75fa0 R15: 00007ffe703e6528 [ 110.039787][ T6750] [ 110.151579][ T6764] __nla_validate_parse: 6 callbacks suppressed [ 110.151603][ T6764] netlink: 8 bytes leftover after parsing attributes in process `syz.3.202'. [ 110.278371][ T6769] netlink: 12 bytes leftover after parsing attributes in process `syz.3.207'. [ 110.359480][ T6772] netlink: 12 bytes leftover after parsing attributes in process `syz.0.203'. [ 110.417348][ T6777] netlink: 4 bytes leftover after parsing attributes in process `syz.3.208'. [ 110.417623][ T6775] netlink: 24 bytes leftover after parsing attributes in process `syz.4.205'. [ 110.550391][ T6436] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.556958][ T6781] netlink: 8 bytes leftover after parsing attributes in process `syz.3.210'. [ 110.689654][ T6436] veth0_vlan: entered promiscuous mode [ 110.756208][ T6436] veth1_vlan: entered promiscuous mode [ 110.876392][ T6796] netlink: 'syz.3.213': attribute type 1 has an invalid length. [ 110.893259][ T6436] veth0_macvtap: entered promiscuous mode [ 111.031606][ T6436] veth1_macvtap: entered promiscuous mode [ 111.092255][ T6808] netlink: 'syz.4.214': attribute type 4 has an invalid length. [ 111.117138][ T6803] netlink: 'syz.3.213': attribute type 3 has an invalid length. [ 111.119394][ T6436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.138215][ T6803] netlink: 224 bytes leftover after parsing attributes in process `syz.3.213'. [ 111.157389][ T6436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.171910][ T6811] netlink: 36 bytes leftover after parsing attributes in process `syz.3.213'. [ 111.174248][ T6436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.203963][ T6436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.235286][ T6813] FAULT_INJECTION: forcing a failure. [ 111.235286][ T6813] name failslab, interval 1, probability 0, space 0, times 0 [ 111.243462][ T6436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.249675][ T6813] CPU: 0 UID: 0 PID: 6813 Comm: syz.4.215 Not tainted 6.13.0-rc7-syzkaller-00118-gd640627663bf #0 [ 111.269537][ T6813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 111.279610][ T6813] Call Trace: [ 111.282901][ T6813] [ 111.285849][ T6813] dump_stack_lvl+0x241/0x360 [ 111.290551][ T6813] ? __pfx_dump_stack_lvl+0x10/0x10 [ 111.295774][ T6813] ? __pfx__printk+0x10/0x10 [ 111.300400][ T6813] should_fail_ex+0x3b0/0x4e0 [ 111.305103][ T6813] should_failslab+0xac/0x100 [ 111.309801][ T6813] ? skb_clone+0x20c/0x390 [ 111.314231][ T6813] kmem_cache_alloc_noprof+0x70/0x380 [ 111.319626][ T6813] skb_clone+0x20c/0x390 [ 111.323888][ T6813] __netlink_deliver_tap+0x3cc/0x7f0 [ 111.329207][ T6813] ? netlink_deliver_tap+0x2e/0x1b0 [ 111.334422][ T6813] netlink_deliver_tap+0x19d/0x1b0 [ 111.339548][ T6813] netlink_unicast+0x7c4/0x990 [ 111.344333][ T6813] ? __pfx_netlink_unicast+0x10/0x10 [ 111.349646][ T6813] ? __virt_addr_valid+0x45f/0x530 [ 111.354810][ T6813] ? __phys_addr_symbol+0x2f/0x70 [ 111.359866][ T6813] ? __check_object_size+0x47a/0x730 [ 111.365205][ T6813] netlink_sendmsg+0x8e4/0xcb0 [ 111.370113][ T6813] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.375431][ T6813] ? aa_sock_msg_perm+0x91/0x160 [ 111.380418][ T6813] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.385726][ T6813] __sock_sendmsg+0x221/0x270 [ 111.390437][ T6813] ____sys_sendmsg+0x52a/0x7e0 [ 111.395227][ T6813] ? __pfx_____sys_sendmsg+0x10/0x10 [ 111.400549][ T6813] ? __fget_files+0x2a/0x410 [ 111.405164][ T6813] ? __fget_files+0x2a/0x410 [ 111.409803][ T6813] __sys_sendmsg+0x269/0x350 [ 111.414423][ T6813] ? __pfx_lock_release+0x10/0x10 [ 111.419487][ T6813] ? __pfx___sys_sendmsg+0x10/0x10 [ 111.424628][ T6813] ? __pfx_vfs_write+0x10/0x10 [ 111.429430][ T6813] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 111.435805][ T6813] ? do_syscall_64+0x100/0x230 [ 111.440634][ T6813] ? do_syscall_64+0xb6/0x230 [ 111.445343][ T6813] do_syscall_64+0xf3/0x230 [ 111.449960][ T6813] ? clear_bhb_loop+0x35/0x90 [ 111.454669][ T6813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.460594][ T6813] RIP: 0033:0x7f39c2b85d29 [ 111.465024][ T6813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.484816][ T6813] RSP: 002b:00007f39c39f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 111.493247][ T6813] RAX: ffffffffffffffda RBX: 00007f39c2d75fa0 RCX: 00007f39c2b85d29 [ 111.501235][ T6813] RDX: 0000000000000000 RSI: 0000000020000940 RDI: 0000000000000003 [ 111.509302][ T6813] RBP: 00007f39c39f6090 R08: 0000000000000000 R09: 0000000000000000 [ 111.517303][ T6813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.525343][ T6813] R13: 0000000000000000 R14: 00007f39c2d75fa0 R15: 00007ffc87f31ad8 [ 111.533356][ T6813] [ 111.539801][ T6436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.557366][ T6436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.558091][ T6813] netlink: 12 bytes leftover after parsing attributes in process `syz.4.215'. [ 111.583950][ T6436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.595238][ T6436] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.654078][ T6815] netlink: 8 bytes leftover after parsing attributes in process `syz.0.216'. [ 111.677094][ T6436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.723718][ T6436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.790304][ T6436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.814834][ T6436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.836667][ T6436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.885984][ T6436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.896065][ T6436] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.906658][ T6436] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.917769][ T6436] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.976856][ T6828] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 112.000312][ T6436] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.011124][ T6828] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 112.025976][ T6436] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.035426][ T6436] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.054256][ T6828] netlink: 'syz.2.221': attribute type 3 has an invalid length. [ 112.075027][ T6436] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.418101][ T29] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.452020][ T29] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.521607][ T6498] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.548468][ T6498] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.843467][ T6861] FAULT_INJECTION: forcing a failure. [ 112.843467][ T6861] name failslab, interval 1, probability 0, space 0, times 0 [ 112.901304][ T6861] CPU: 1 UID: 0 PID: 6861 Comm: syz.2.229 Not tainted 6.13.0-rc7-syzkaller-00118-gd640627663bf #0 [ 112.911993][ T6861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 112.922100][ T6861] Call Trace: [ 112.925461][ T6861] [ 112.928437][ T6861] dump_stack_lvl+0x241/0x360 [ 112.933179][ T6861] ? __pfx_dump_stack_lvl+0x10/0x10 [ 112.938439][ T6861] ? __pfx__printk+0x10/0x10 [ 112.943123][ T6861] ? do_trace_netlink_extack+0x8b/0x1f0 [ 112.948833][ T6861] ? __nla_validate_parse+0x27eb/0x3090 [ 112.954467][ T6861] should_fail_ex+0x3b0/0x4e0 [ 112.959210][ T6861] should_failslab+0xac/0x100 [ 112.963954][ T6861] ? xfrm_state_alloc+0x22/0x2e0 [ 112.968957][ T6861] kmem_cache_alloc_noprof+0x70/0x380 [ 112.974400][ T6861] ? aa_get_newest_label+0xff/0x6f0 [ 112.979662][ T6861] xfrm_state_alloc+0x22/0x2e0 [ 112.984505][ T6861] xfrm_add_acquire+0x103/0xd00 [ 112.989420][ T6861] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 112.995471][ T6861] ? __pfx_xfrm_add_acquire+0x10/0x10 [ 113.000914][ T6861] ? __nla_parse+0x40/0x60 [ 113.005389][ T6861] xfrm_user_rcv_msg+0x890/0xb90 [ 113.010395][ T6861] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 113.015941][ T6861] ? __mutex_trylock_common+0x183/0x2e0 [ 113.021555][ T6861] ? __pfx___might_resched+0x10/0x10 [ 113.026902][ T6861] ? __pfx___mutex_trylock_common+0x10/0x10 [ 113.032870][ T6861] netlink_rcv_skb+0x1e3/0x430 [ 113.037702][ T6861] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 113.043233][ T6861] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 113.048615][ T6861] xfrm_netlink_rcv+0x79/0x90 [ 113.053369][ T6861] netlink_unicast+0x7f6/0x990 [ 113.058195][ T6861] ? __pfx_netlink_unicast+0x10/0x10 [ 113.063552][ T6861] ? __virt_addr_valid+0x45f/0x530 [ 113.068731][ T6861] ? __phys_addr_symbol+0x2f/0x70 [ 113.073824][ T6861] ? __check_object_size+0x47a/0x730 [ 113.079222][ T6861] netlink_sendmsg+0x8e4/0xcb0 [ 113.084060][ T6861] ? __pfx_netlink_sendmsg+0x10/0x10 [ 113.089425][ T6861] ? aa_sock_msg_perm+0x91/0x160 [ 113.094421][ T6861] ? __pfx_netlink_sendmsg+0x10/0x10 [ 113.099769][ T6861] __sock_sendmsg+0x221/0x270 [ 113.104506][ T6861] ____sys_sendmsg+0x52a/0x7e0 [ 113.109329][ T6861] ? __pfx_____sys_sendmsg+0x10/0x10 [ 113.114658][ T6861] ? __fget_files+0x2a/0x410 [ 113.119301][ T6861] ? __fget_files+0x2a/0x410 [ 113.123949][ T6861] __sys_sendmsg+0x269/0x350 [ 113.128586][ T6861] ? __pfx_lock_release+0x10/0x10 [ 113.133695][ T6861] ? __pfx___sys_sendmsg+0x10/0x10 [ 113.138884][ T6861] ? __pfx_vfs_write+0x10/0x10 [ 113.143732][ T6861] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 113.150213][ T6861] ? do_syscall_64+0x100/0x230 [ 113.155050][ T6861] ? do_syscall_64+0xb6/0x230 [ 113.159807][ T6861] do_syscall_64+0xf3/0x230 [ 113.164366][ T6861] ? clear_bhb_loop+0x35/0x90 [ 113.169095][ T6861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.175050][ T6861] RIP: 0033:0x7f8e66985d29 [ 113.179514][ T6861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.199213][ T6861] RSP: 002b:00007f8e647f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 113.207719][ T6861] RAX: ffffffffffffffda RBX: 00007f8e66b75fa0 RCX: 00007f8e66985d29 [ 113.216003][ T6861] RDX: 0000000000000000 RSI: 0000000020000940 RDI: 0000000000000003 [ 113.224048][ T6861] RBP: 00007f8e647f6090 R08: 0000000000000000 R09: 0000000000000000 [ 113.232106][ T6861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 113.240170][ T6861] R13: 0000000000000000 R14: 00007f8e66b75fa0 R15: 00007fffbc5b53a8 [ 113.248242][ T6861] [ 113.263129][ T6871] FAULT_INJECTION: forcing a failure. [ 113.263129][ T6871] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 113.276484][ T6871] CPU: 0 UID: 0 PID: 6871 Comm: syz.3.233 Not tainted 6.13.0-rc7-syzkaller-00118-gd640627663bf #0 [ 113.287140][ T6871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 113.297244][ T6871] Call Trace: [ 113.300571][ T6871] [ 113.303538][ T6871] dump_stack_lvl+0x241/0x360 [ 113.308272][ T6871] ? __pfx_dump_stack_lvl+0x10/0x10 [ 113.313519][ T6871] ? __pfx__printk+0x10/0x10 [ 113.318158][ T6871] ? __pfx_lock_release+0x10/0x10 [ 113.323239][ T6871] should_fail_ex+0x3b0/0x4e0 [ 113.327977][ T6871] _copy_from_iter+0x1e9/0x1c20 [ 113.332879][ T6871] ? __virt_addr_valid+0x183/0x530 [ 113.338056][ T6871] ? __alloc_skb+0x28f/0x440 [ 113.342696][ T6871] ? __pfx__copy_from_iter+0x10/0x10 [ 113.348045][ T6871] ? __virt_addr_valid+0x183/0x530 [ 113.353218][ T6871] ? __virt_addr_valid+0x183/0x530 [ 113.358378][ T6871] ? __virt_addr_valid+0x45f/0x530 [ 113.363580][ T6871] ? __phys_addr_symbol+0x2f/0x70 [ 113.368649][ T6871] ? __check_object_size+0x47a/0x730 [ 113.373996][ T6871] netlink_sendmsg+0x73d/0xcb0 [ 113.378831][ T6871] ? __pfx_netlink_sendmsg+0x10/0x10 [ 113.384445][ T6871] ? aa_sock_msg_perm+0x91/0x160 [ 113.389442][ T6871] ? __pfx_netlink_sendmsg+0x10/0x10 [ 113.394774][ T6871] __sock_sendmsg+0x221/0x270 [ 113.399511][ T6871] ____sys_sendmsg+0x52a/0x7e0 [ 113.404342][ T6871] ? __pfx_____sys_sendmsg+0x10/0x10 [ 113.409676][ T6871] ? __fget_files+0x2a/0x410 [ 113.414437][ T6871] ? __fget_files+0x2a/0x410 [ 113.419109][ T6871] __sys_sendmsg+0x269/0x350 [ 113.423760][ T6871] ? __pfx_lock_release+0x10/0x10 [ 113.428859][ T6871] ? __pfx___sys_sendmsg+0x10/0x10 [ 113.434040][ T6871] ? __pfx_vfs_write+0x10/0x10 [ 113.438886][ T6871] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 113.445274][ T6871] ? do_syscall_64+0x100/0x230 [ 113.450115][ T6871] ? do_syscall_64+0xb6/0x230 [ 113.454859][ T6871] do_syscall_64+0xf3/0x230 [ 113.459423][ T6871] ? clear_bhb_loop+0x35/0x90 [ 113.464154][ T6871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.470109][ T6871] RIP: 0033:0x7fd73c385d29 [ 113.474575][ T6871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.494387][ T6871] RSP: 002b:00007fd73d1b8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 113.502859][ T6871] RAX: ffffffffffffffda RBX: 00007fd73c575fa0 RCX: 00007fd73c385d29 [ 113.510943][ T6871] RDX: 0000000000000000 RSI: 0000000020001280 RDI: 0000000000000003 [ 113.518972][ T6871] RBP: 00007fd73d1b8090 R08: 0000000000000000 R09: 0000000000000000 [ 113.526997][ T6871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 113.535007][ T6871] R13: 0000000000000000 R14: 00007fd73c575fa0 R15: 00007ffd6d162a38 [ 113.543103][ T6871] [ 113.599875][ T6880] raw_sendmsg: syz.4.236 forgot to set AF_INET. Fix it! [ 113.688421][ T6874] netlink: 'syz.2.235': attribute type 12 has an invalid length. [ 113.728850][ T6874] netlink: 'syz.2.235': attribute type 29 has an invalid length. [ 113.762416][ T6874] netlink: 'syz.2.235': attribute type 2 has an invalid length. [ 113.800269][ T6878] pimreg: entered allmulticast mode [ 114.460408][ T29] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.969446][ T29] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.983048][ T53] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 114.992455][ T53] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 115.001702][ T53] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 115.020418][ T53] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 115.049887][ T53] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 115.059766][ T53] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 115.219237][ T6943] __nla_validate_parse: 10 callbacks suppressed [ 115.219257][ T6943] netlink: 4 bytes leftover after parsing attributes in process `syz.4.260'. [ 115.258413][ T29] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.442794][ T29] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.485438][ T6949] netlink: 28 bytes leftover after parsing attributes in process `syz.0.258'. [ 115.496301][ T6949] netlink: 28 bytes leftover after parsing attributes in process `syz.0.258'. [ 115.507054][ T6960] netlink: 12 bytes leftover after parsing attributes in process `syz.3.262'. [ 115.993926][ T6928] chnl_net:caif_netlink_parms(): no params data found [ 116.013213][ T6967] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.048032][ T29] bridge_slave_1: left allmulticast mode [ 116.064013][ T29] bridge_slave_1: left promiscuous mode [ 116.080553][ T29] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.149844][ T29] bridge_slave_0: left allmulticast mode [ 116.175186][ T29] bridge_slave_0: left promiscuous mode [ 116.197079][ T29] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.332321][ T6980] netlink: 12 bytes leftover after parsing attributes in process `syz.3.269'. [ 116.550694][ T6986] FAULT_INJECTION: forcing a failure. [ 116.550694][ T6986] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 116.571376][ T6986] CPU: 1 UID: 0 PID: 6986 Comm: syz.3.272 Not tainted 6.13.0-rc7-syzkaller-00118-gd640627663bf #0 [ 116.582043][ T6986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 116.592233][ T6986] Call Trace: [ 116.595544][ T6986] [ 116.598591][ T6986] dump_stack_lvl+0x241/0x360 [ 116.603312][ T6986] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.608543][ T6986] ? __pfx__printk+0x10/0x10 [ 116.613209][ T6986] ? snprintf+0xda/0x120 [ 116.617496][ T6986] should_fail_ex+0x3b0/0x4e0 [ 116.622215][ T6986] _copy_to_user+0x31/0xb0 [ 116.626669][ T6986] simple_read_from_buffer+0xca/0x150 [ 116.632065][ T6986] proc_fail_nth_read+0x1e9/0x250 [ 116.637111][ T6986] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 116.642673][ T6986] ? rw_verify_area+0x55e/0x6f0 [ 116.647540][ T6986] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 116.653113][ T6986] vfs_read+0x1fc/0xb70 [ 116.657288][ T6986] ? __pfx___mutex_lock+0x10/0x10 [ 116.662340][ T6986] ? __pfx_vfs_read+0x10/0x10 [ 116.667036][ T6986] ? __fget_files+0x2a/0x410 [ 116.671651][ T6986] ? __fget_files+0x395/0x410 [ 116.676397][ T6986] ? __fget_files+0x2a/0x410 [ 116.681016][ T6986] ksys_read+0x18f/0x2b0 [ 116.685274][ T6986] ? __pfx_ksys_read+0x10/0x10 [ 116.690081][ T6986] ? do_syscall_64+0x100/0x230 [ 116.694874][ T6986] ? do_syscall_64+0xb6/0x230 [ 116.699574][ T6986] do_syscall_64+0xf3/0x230 [ 116.704102][ T6986] ? clear_bhb_loop+0x35/0x90 [ 116.708845][ T6986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.714798][ T6986] RIP: 0033:0x7fd73c38473c [ 116.719317][ T6986] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 116.738965][ T6986] RSP: 002b:00007fd73d1b8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 116.748006][ T6986] RAX: ffffffffffffffda RBX: 00007fd73c575fa0 RCX: 00007fd73c38473c [ 116.755989][ T6986] RDX: 000000000000000f RSI: 00007fd73d1b80a0 RDI: 0000000000000004 [ 116.763971][ T6986] RBP: 00007fd73d1b8090 R08: 0000000000000000 R09: 0000000000000000 [ 116.771960][ T6986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 116.779946][ T6986] R13: 0000000000000000 R14: 00007fd73c575fa0 R15: 00007ffd6d162a38 [ 116.787952][ T6986] [ 116.882761][ T6989] netlink: 24 bytes leftover after parsing attributes in process `syz.4.271'. [ 117.118240][ T29] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 117.126893][ T53] Bluetooth: hci4: command tx timeout [ 117.138678][ T29] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 117.149817][ T29] bond0 (unregistering): Released all slaves [ 117.509006][ T7007] FAULT_INJECTION: forcing a failure. [ 117.509006][ T7007] name failslab, interval 1, probability 0, space 0, times 0 [ 117.522945][ T7007] CPU: 0 UID: 0 PID: 7007 Comm: syz.3.278 Not tainted 6.13.0-rc7-syzkaller-00118-gd640627663bf #0 [ 117.533600][ T7007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 117.543712][ T7007] Call Trace: [ 117.547028][ T7007] [ 117.549992][ T7007] dump_stack_lvl+0x241/0x360 [ 117.554717][ T7007] ? __pfx_dump_stack_lvl+0x10/0x10 [ 117.559967][ T7007] ? __pfx__printk+0x10/0x10 [ 117.564740][ T7007] should_fail_ex+0x3b0/0x4e0 [ 117.569488][ T7007] should_failslab+0xac/0x100 [ 117.574236][ T7007] ? skb_clone+0x20c/0x390 [ 117.578703][ T7007] kmem_cache_alloc_noprof+0x70/0x380 [ 117.584140][ T7007] skb_clone+0x20c/0x390 [ 117.588441][ T7007] __netlink_deliver_tap+0x3cc/0x7f0 [ 117.593787][ T7007] ? netlink_deliver_tap+0x2e/0x1b0 [ 117.599034][ T7007] netlink_deliver_tap+0x19d/0x1b0 [ 117.604201][ T7007] netlink_unicast+0x7c4/0x990 [ 117.609030][ T7007] ? __pfx_netlink_unicast+0x10/0x10 [ 117.614454][ T7007] ? __virt_addr_valid+0x45f/0x530 [ 117.619617][ T7007] ? __phys_addr_symbol+0x2f/0x70 [ 117.624743][ T7007] ? __check_object_size+0x47a/0x730 [ 117.630096][ T7007] netlink_sendmsg+0x8e4/0xcb0 [ 117.634928][ T7007] ? __pfx_netlink_sendmsg+0x10/0x10 [ 117.640270][ T7007] ? aa_sock_msg_perm+0x91/0x160 [ 117.645276][ T7007] ? __pfx_netlink_sendmsg+0x10/0x10 [ 117.650609][ T7007] __sock_sendmsg+0x221/0x270 [ 117.655343][ T7007] ____sys_sendmsg+0x52a/0x7e0 [ 117.660177][ T7007] ? __pfx_____sys_sendmsg+0x10/0x10 [ 117.665518][ T7007] ? __fget_files+0x2a/0x410 [ 117.670165][ T7007] ? __fget_files+0x2a/0x410 [ 117.674822][ T7007] __sys_sendmsg+0x269/0x350 [ 117.679552][ T7007] ? __pfx_lock_release+0x10/0x10 [ 117.684630][ T7007] ? __pfx___sys_sendmsg+0x10/0x10 [ 117.689811][ T7007] ? __pfx_vfs_write+0x10/0x10 [ 117.694658][ T7007] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 117.701040][ T7007] ? do_syscall_64+0x100/0x230 [ 117.705867][ T7007] ? do_syscall_64+0xb6/0x230 [ 117.710603][ T7007] do_syscall_64+0xf3/0x230 [ 117.715252][ T7007] ? clear_bhb_loop+0x35/0x90 [ 117.719974][ T7007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.725920][ T7007] RIP: 0033:0x7fd73c385d29 [ 117.730379][ T7007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.750036][ T7007] RSP: 002b:00007fd73d1b8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 117.758680][ T7007] RAX: ffffffffffffffda RBX: 00007fd73c575fa0 RCX: 00007fd73c385d29 [ 117.766702][ T7007] RDX: 0000000000000000 RSI: 0000000020000940 RDI: 0000000000000003 [ 117.774730][ T7007] RBP: 00007fd73d1b8090 R08: 0000000000000000 R09: 0000000000000000 [ 117.782752][ T7007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.790855][ T7007] R13: 0000000000000000 R14: 00007fd73c575fa0 R15: 00007ffd6d162a38 [ 117.798903][ T7007] [ 117.808944][ T7007] netlink: 300 bytes leftover after parsing attributes in process `syz.3.278'. [ 118.054380][ T7025] ================================================================== [ 118.062523][ T7025] BUG: KASAN: slab-use-after-free in sk_filter_trim_cap+0x270/0xa80 [ 118.070572][ T7025] Read of size 8 at addr ffff88805c46d178 by task syz.3.281/7025 [ 118.078338][ T7025] [ 118.080697][ T7025] CPU: 0 UID: 0 PID: 7025 Comm: syz.3.281 Not tainted 6.13.0-rc7-syzkaller-00118-gd640627663bf #0 [ 118.091315][ T7025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 118.101409][ T7025] Call Trace: [ 118.104718][ T7025] [ 118.107939][ T7025] dump_stack_lvl+0x241/0x360 [ 118.112670][ T7025] ? __pfx_dump_stack_lvl+0x10/0x10 [ 118.117914][ T7025] ? __pfx__printk+0x10/0x10 [ 118.122543][ T7025] ? _printk+0xd5/0x120 [ 118.126734][ T7025] ? __virt_addr_valid+0x183/0x530 [ 118.131868][ T7025] ? __virt_addr_valid+0x183/0x530 [ 118.137089][ T7025] print_report+0x169/0x550 [ 118.141641][ T7025] ? __virt_addr_valid+0x183/0x530 [ 118.147237][ T7025] ? __virt_addr_valid+0x183/0x530 [ 118.152436][ T7025] ? __virt_addr_valid+0x45f/0x530 [ 118.157589][ T7025] ? __phys_addr+0xba/0x170 [ 118.162124][ T7025] ? sk_filter_trim_cap+0x270/0xa80 [ 118.167355][ T7025] kasan_report+0x143/0x180 [ 118.171894][ T7025] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 118.177302][ T7025] ? sk_filter_trim_cap+0x270/0xa80 [ 118.182519][ T7025] ? sk_filter_trim_cap+0x1b3/0xa80 [ 118.187733][ T7025] sk_filter_trim_cap+0x270/0xa80 [ 118.192774][ T7025] ? __pfx___alloc_skb+0x10/0x10 [ 118.197725][ T7025] ? __alloc_skb+0x28f/0x440 [ 118.202337][ T7025] ? __pfx_sk_filter_trim_cap+0x10/0x10 [ 118.207986][ T7025] ? read_tsc+0x9/0x20 [ 118.212065][ T7025] ? ktime_get_with_offset+0x249/0x290 [ 118.217549][ T7025] ? skb_push+0x97/0x100 [ 118.221834][ T7025] sock_queue_rcv_skb_reason+0x28/0xf0 [ 118.227330][ T7025] mgmt_cmd_status+0x28d/0x4d0 [ 118.232203][ T7025] cmd_complete_rsp+0x114/0x180 [ 118.237097][ T7025] mgmt_pending_foreach+0xd1/0x130 [ 118.242252][ T7025] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 118.247739][ T7025] __mgmt_power_off+0x183/0x430 [ 118.252620][ T7025] ? __pfx___mgmt_power_off+0x10/0x10 [ 118.258187][ T7025] ? __mutex_trylock_common+0x183/0x2e0 [ 118.263836][ T7025] ? __pfx___might_resched+0x10/0x10 [ 118.269133][ T7025] ? __pfx___mutex_trylock_common+0x10/0x10 [ 118.275422][ T7025] ? rcu_is_watching+0x15/0xb0 [ 118.280236][ T7025] ? trace_contention_end+0x3c/0x120 [ 118.285551][ T7025] ? __mutex_lock+0x37f/0xee0 [ 118.290257][ T7025] ? mark_lock+0x9a/0x360 [ 118.294703][ T7025] ? hci_dev_close_sync+0x5c8/0x11c0 [ 118.300004][ T7025] ? __pfx___mutex_lock+0x10/0x10 [ 118.305143][ T7025] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 118.311244][ T7025] ? lockdep_hardirqs_on+0x99/0x150 [ 118.316601][ T7025] ? _raw_spin_unlock_irq+0x2e/0x50 [ 118.321820][ T7025] ? drain_workqueue+0x2d3/0x3a0 [ 118.326773][ T7025] ? hci_discovery_set_state+0x57/0x180 [ 118.332335][ T7025] hci_dev_close_sync+0x6c4/0x11c0 [ 118.337467][ T7025] hci_dev_close+0x112/0x210 [ 118.342071][ T7025] sock_do_ioctl+0x158/0x460 [ 118.346679][ T7025] ? __pfx_sock_do_ioctl+0x10/0x10 [ 118.351812][ T7025] sock_ioctl+0x626/0x8e0 [ 118.356168][ T7025] ? __pfx_sock_ioctl+0x10/0x10 [ 118.361030][ T7025] ? __fget_files+0x2a/0x410 [ 118.365647][ T7025] ? __fget_files+0x2a/0x410 [ 118.370253][ T7025] ? __pfx_sock_ioctl+0x10/0x10 [ 118.375120][ T7025] __se_sys_ioctl+0xf5/0x170 [ 118.379720][ T7025] do_syscall_64+0xf3/0x230 [ 118.384243][ T7025] ? clear_bhb_loop+0x35/0x90 [ 118.388927][ T7025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.394834][ T7025] RIP: 0033:0x7fd73c385d29 [ 118.399295][ T7025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.418930][ T7025] RSP: 002b:00007fd73d197038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 118.427390][ T7025] RAX: ffffffffffffffda RBX: 00007fd73c576080 RCX: 00007fd73c385d29 [ 118.435380][ T7025] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000006 [ 118.443361][ T7025] RBP: 00007fd73c401b08 R08: 0000000000000000 R09: 0000000000000000 [ 118.451407][ T7025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.459487][ T7025] R13: 0000000000000000 R14: 00007fd73c576080 R15: 00007ffd6d162a38 [ 118.467482][ T7025] [ 118.470513][ T7025] [ 118.472840][ T7025] Allocated by task 6059: [ 118.477172][ T7025] kasan_save_track+0x3f/0x80 [ 118.481866][ T7025] __kasan_kmalloc+0x98/0xb0 [ 118.486475][ T7025] __kmalloc_noprof+0x285/0x4c0 [ 118.491342][ T7025] sk_prot_alloc+0xe0/0x210 [ 118.495873][ T7025] sk_alloc+0x38/0x370 [ 118.499959][ T7025] bt_sock_alloc+0x3c/0x340 [ 118.504479][ T7025] hci_sock_create+0xa1/0x190 [ 118.509202][ T7025] bt_sock_create+0x161/0x230 [ 118.513925][ T7025] __sock_create+0x4c0/0xa30 [ 118.518629][ T7025] __sys_socket+0x150/0x3c0 [ 118.523160][ T7025] __x64_sys_socket+0x7a/0x90 [ 118.527874][ T7025] do_syscall_64+0xf3/0x230 [ 118.532411][ T7025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.538344][ T7025] [ 118.540818][ T7025] Freed by task 7024: [ 118.544840][ T7025] kasan_save_track+0x3f/0x80 [ 118.549553][ T7025] kasan_save_free_info+0x40/0x50 [ 118.554607][ T7025] __kasan_slab_free+0x59/0x70 [ 118.559394][ T7025] kfree+0x196/0x430 [ 118.563322][ T7025] __sk_destruct+0x479/0x5f0 [ 118.567951][ T7025] mgmt_pending_remove+0x13e/0x1a0 [ 118.573080][ T7025] mgmt_pending_foreach+0xd1/0x130 [ 118.578209][ T7025] mgmt_index_removed+0x133/0x390 [ 118.583293][ T7025] hci_sock_bind+0xcce/0x1150 [ 118.587993][ T7025] __sys_bind+0x1e4/0x290 [ 118.592335][ T7025] __x64_sys_bind+0x7a/0x90 [ 118.597026][ T7025] do_syscall_64+0xf3/0x230 [ 118.601581][ T7025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.607510][ T7025] [ 118.609956][ T7025] The buggy address belongs to the object at ffff88805c46d000 [ 118.609956][ T7025] which belongs to the cache kmalloc-2k of size 2048 [ 118.624563][ T7025] The buggy address is located 376 bytes inside of [ 118.624563][ T7025] freed 2048-byte region [ffff88805c46d000, ffff88805c46d800) [ 118.638571][ T7025] [ 118.640949][ T7025] The buggy address belongs to the physical page: [ 118.647607][ T7025] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5c468 [ 118.656407][ T7025] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 118.664980][ T7025] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 118.672719][ T7025] page_type: f5(slab) [ 118.676714][ T7025] raw: 00fff00000000040 ffff88801ac42000 dead000000000100 dead000000000122 [ 118.685327][ T7025] raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 118.693919][ T7025] head: 00fff00000000040 ffff88801ac42000 dead000000000100 dead000000000122 [ 118.702711][ T7025] head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 118.711481][ T7025] head: 00fff00000000003 ffffea0001711a01 ffffffffffffffff 0000000000000000 [ 118.720185][ T7025] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 118.728863][ T7025] page dumped because: kasan: bad access detected [ 118.735293][ T7025] page_owner tracks the page as allocated [ 118.741101][ T7025] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5839, tgid 5839 (syz-executor), ts 79429145537, free_ts 25406643566 [ 118.762327][ T7025] post_alloc_hook+0x1f3/0x230 [ 118.767148][ T7025] get_page_from_freelist+0x365c/0x37a0 [ 118.772734][ T7025] __alloc_pages_noprof+0x292/0x710 [ 118.777941][ T7025] alloc_pages_mpol_noprof+0x3e1/0x780 [ 118.783408][ T7025] alloc_slab_page+0x6a/0x110 [ 118.788184][ T7025] allocate_slab+0x5a/0x2b0 [ 118.792690][ T7025] ___slab_alloc+0xc27/0x14a0 [ 118.797383][ T7025] __slab_alloc+0x58/0xa0 [ 118.801723][ T7025] __kmalloc_node_track_caller_noprof+0x2e9/0x4c0 [ 118.808148][ T7025] kmalloc_reserve+0x111/0x2a0 [ 118.812917][ T7025] pskb_expand_head+0x1f0/0x1380 [ 118.817867][ T7025] netlink_trim+0x183/0x220 [ 118.822374][ T7025] netlink_broadcast_filtered+0x76/0x12a0 [ 118.828108][ T7025] nlmsg_notify+0xfb/0x1c0 [ 118.832534][ T7025] rtnetlink_event+0x21d/0x260 [ 118.837307][ T7025] notifier_call_chain+0x1a5/0x3f0 [ 118.842424][ T7025] page last free pid 1 tgid 1 stack trace: [ 118.848229][ T7025] free_unref_page+0xd3f/0x1010 [ 118.853102][ T7025] free_contig_range+0x14c/0x430 [ 118.858049][ T7025] destroy_args+0x92/0x910 [ 118.862488][ T7025] debug_vm_pgtable+0x4be/0x550 [ 118.867438][ T7025] do_one_initcall+0x248/0x870 [ 118.872213][ T7025] do_initcall_level+0x157/0x210 [ 118.877166][ T7025] do_initcalls+0x3f/0x80 [ 118.881621][ T7025] kernel_init_freeable+0x435/0x5d0 [ 118.886833][ T7025] kernel_init+0x1d/0x2b0 [ 118.891174][ T7025] ret_from_fork+0x4b/0x80 [ 118.895594][ T7025] ret_from_fork_asm+0x1a/0x30 [ 118.900360][ T7025] [ 118.902685][ T7025] Memory state around the buggy address: [ 118.908319][ T7025] ffff88805c46d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 118.916383][ T7025] ffff88805c46d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 118.924446][ T7025] >ffff88805c46d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 118.932508][ T7025] ^ [ 118.940501][ T7025] ffff88805c46d180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 118.948566][ T7025] ffff88805c46d200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 118.956625][ T7025] ================================================================== [ 118.969062][ T7025] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 118.976297][ T7025] CPU: 1 UID: 0 PID: 7025 Comm: syz.3.281 Not tainted 6.13.0-rc7-syzkaller-00118-gd640627663bf #0 [ 118.986915][ T7025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 118.997010][ T7025] Call Trace: [ 119.000316][ T7025] [ 119.003270][ T7025] dump_stack_lvl+0x241/0x360 [ 119.007991][ T7025] ? __pfx_dump_stack_lvl+0x10/0x10 [ 119.013210][ T7025] ? __pfx__printk+0x10/0x10 [ 119.017813][ T7025] ? preempt_schedule+0xe1/0xf0 [ 119.022679][ T7025] ? vscnprintf+0x5d/0x90 [ 119.027018][ T7025] panic+0x349/0x880 [ 119.030928][ T7025] ? check_panic_on_warn+0x21/0xb0 [ 119.036053][ T7025] ? __pfx_panic+0x10/0x10 [ 119.040485][ T7025] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 119.046475][ T7025] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 119.052818][ T7025] ? print_report+0x502/0x550 [ 119.057507][ T7025] check_panic_on_warn+0x86/0xb0 [ 119.062454][ T7025] ? sk_filter_trim_cap+0x270/0xa80 [ 119.067660][ T7025] end_report+0x77/0x160 [ 119.071912][ T7025] kasan_report+0x154/0x180 [ 119.076430][ T7025] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 119.081816][ T7025] ? sk_filter_trim_cap+0x270/0xa80 [ 119.087028][ T7025] ? sk_filter_trim_cap+0x1b3/0xa80 [ 119.092233][ T7025] sk_filter_trim_cap+0x270/0xa80 [ 119.097270][ T7025] ? __pfx___alloc_skb+0x10/0x10 [ 119.102217][ T7025] ? __alloc_skb+0x28f/0x440 [ 119.106815][ T7025] ? __pfx_sk_filter_trim_cap+0x10/0x10 [ 119.112368][ T7025] ? read_tsc+0x9/0x20 [ 119.116441][ T7025] ? ktime_get_with_offset+0x249/0x290 [ 119.121904][ T7025] ? skb_push+0x97/0x100 [ 119.126167][ T7025] sock_queue_rcv_skb_reason+0x28/0xf0 [ 119.131647][ T7025] mgmt_cmd_status+0x28d/0x4d0 [ 119.136429][ T7025] cmd_complete_rsp+0x114/0x180 [ 119.141307][ T7025] mgmt_pending_foreach+0xd1/0x130 [ 119.146435][ T7025] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 119.151820][ T7025] __mgmt_power_off+0x183/0x430 [ 119.156682][ T7025] ? __pfx___mgmt_power_off+0x10/0x10 [ 119.162079][ T7025] ? __mutex_trylock_common+0x183/0x2e0 [ 119.167642][ T7025] ? __pfx___might_resched+0x10/0x10 [ 119.173033][ T7025] ? __pfx___mutex_trylock_common+0x10/0x10 [ 119.178944][ T7025] ? rcu_is_watching+0x15/0xb0 [ 119.183723][ T7025] ? trace_contention_end+0x3c/0x120 [ 119.189023][ T7025] ? __mutex_lock+0x37f/0xee0 [ 119.193718][ T7025] ? mark_lock+0x9a/0x360 [ 119.198060][ T7025] ? hci_dev_close_sync+0x5c8/0x11c0 [ 119.203356][ T7025] ? __pfx___mutex_lock+0x10/0x10 [ 119.208567][ T7025] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 119.214651][ T7025] ? lockdep_hardirqs_on+0x99/0x150 [ 119.219953][ T7025] ? _raw_spin_unlock_irq+0x2e/0x50 [ 119.225193][ T7025] ? drain_workqueue+0x2d3/0x3a0 [ 119.230148][ T7025] ? hci_discovery_set_state+0x57/0x180 [ 119.235707][ T7025] hci_dev_close_sync+0x6c4/0x11c0 [ 119.240923][ T7025] hci_dev_close+0x112/0x210 [ 119.245528][ T7025] sock_do_ioctl+0x158/0x460 [ 119.250141][ T7025] ? __pfx_sock_do_ioctl+0x10/0x10 [ 119.255276][ T7025] sock_ioctl+0x626/0x8e0 [ 119.259625][ T7025] ? __pfx_sock_ioctl+0x10/0x10 [ 119.264491][ T7025] ? __fget_files+0x2a/0x410 [ 119.269096][ T7025] ? __fget_files+0x2a/0x410 [ 119.273699][ T7025] ? __pfx_sock_ioctl+0x10/0x10 [ 119.278596][ T7025] __se_sys_ioctl+0xf5/0x170 [ 119.283301][ T7025] do_syscall_64+0xf3/0x230 [ 119.287829][ T7025] ? clear_bhb_loop+0x35/0x90 [ 119.292524][ T7025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.298431][ T7025] RIP: 0033:0x7fd73c385d29 [ 119.302851][ T7025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.322462][ T7025] RSP: 002b:00007fd73d197038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 119.330978][ T7025] RAX: ffffffffffffffda RBX: 00007fd73c576080 RCX: 00007fd73c385d29 [ 119.338962][ T7025] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000006 [ 119.347375][ T7025] RBP: 00007fd73c401b08 R08: 0000000000000000 R09: 0000000000000000 [ 119.355363][ T7025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.363342][ T7025] R13: 0000000000000000 R14: 00007fd73c576080 R15: 00007ffd6d162a38 [ 119.371373][ T7025] [ 119.374817][ T7025] Kernel Offset: disabled [ 119.379163][ T7025] Rebooting in 86400 seconds..