last executing test programs: 8.201652522s ago: executing program 1 (id=2688): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x8441, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 7.623702826s ago: executing program 1 (id=2692): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720ac4ff000000007110b4000000000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$AUTOFS_IOC_EXPIRE_MULTI(r0, 0x40049366, &(0x7f0000000040)=0x4) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_GET_TARGET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x14, 0x0, 0x4, 0x70bd29}, 0x14}}, 0x40000) syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r3) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r3) sendmsg$NL802154_CMD_NEW_INTERFACE(r3, &(0x7f0000000480)={0x0, 0x11, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000eeff120000000a0004007778616e3300000008001500", @ANYRES32=0x0, @ANYBLOB="080001"], 0x30}}, 0x0) sendmsg$NL802154_CMD_NEW_INTERFACE(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x48, r4, 0x100, 0x70bd26, 0x25dfdbfb, {}, [@NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0302}}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan1\x00'}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}]}, 0x48}, 0x1, 0x0, 0x0, 0x4011}, 0x8048050) syz_genetlink_get_family_id$fou(&(0x7f0000000580), r1) 7.192469455s ago: executing program 1 (id=2695): r0 = socket(0x10, 0x3, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b70000008113b0ffbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071103600000000001d300500000000004704000001ed00000f030000000000001d44020000000000620a00fe040400007203000000000000e500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343cccc953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c9102"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=@newqdisc={0x48, 0x14, 0xf0b, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, {0xd}, {0xb, 0x2}, {0x4, 0xffe0}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0xfc, 0x240, 0x6, 0x0, 0xe37a, 0x7e}}, {0x4}}]}]}, 0x48}}, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r3, 0xffffffffffffffff}, 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x4, 0x1d, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x100}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}, {}, {0x85, 0x0, 0x0, 0xb6}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xcfad}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r5, 0x0, 0x10, 0x10, &(0x7f00000006c0)="0000000005000000", &(0x7f0000000700)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x34, r6, 0x1, 0x0, 0x10, {}, [@FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e22}, @FOU_ATTR_PEER_V4={0x8, 0x8, @multicast2}, @FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @local}]}, 0x34}}, 0x0) r7 = socket$inet(0x10, 0x3, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8}, @NFTA_PAYLOAD_SREG={0x8}, @NFTA_PAYLOAD_OFFSET={0x8}, @NFTA_PAYLOAD_CSUM_FLAGS={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'aead\x00', 0x0, 0x0, 'aegis256\x00'}, 0x58) r9 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000) sendmsg$IPCTNL_MSG_CT_DELETE(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x14, 0x2, 0x1, 0x801, 0x0, 0x0, {0x5, 0x0, 0x1}}, 0x14}}, 0xc081) sendmsg$unix(r9, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="f6", 0x1}], 0x1, &(0x7f00000012c0)=[@cred={{0x1c, 0x117}}], 0x20, 0x20008000}, 0x8c4) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r11 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r11, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0xa4, 0x24, 0xf0b, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x12, r10, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x10}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x2, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x3fffffc}]}]}]}}]}, 0xa4}}, 0x0) r12 = socket$inet6(0xa, 0x80002, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup/syz1\x00', 0x200002, 0x0) setsockopt$SO_TIMESTAMPING(r12, 0x1, 0x25, &(0x7f0000000080)=0x9e5, 0x4) sendmmsg$inet6(r12, &(0x7f0000001140)=[{{&(0x7f0000000040)={0xa, 0x4e21, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x4004000) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10000000) connect$inet(r1, &(0x7f0000000000)={0x2, 0x2, @remote}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="110000001900010000000000000000001d0109005000118049002100c9a7befe6f6d645a1a11b81b2c4b101c7510e19feecb90ee6bb49f6cc7a2c50fd57c06db1a75df432aa833928a0772ff8f5e9ed32d3b477d35b296674f1fe35663c0d236fd000000200106801b0175801000058008002200", @ANYRES32=r1, @ANYBLOB="04009800040008800800fa00", @ANYRES32=r1, @ANYBLOB="897a22072687e1d29eb84b27bdf276e019dccc0376ab6e000009005c2e2d0000"], 0x184}, 0x1, 0x0, 0x0, 0x5}, 0x8004) 6.241774271s ago: executing program 1 (id=2699): r0 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xc, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="720ac4ff00000000711081000000000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) sendmsg$WG_CMD_SET_DEVICE(r1, 0x0, 0x20000010) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006, 0x0, 0x0, 0x7f}]}, 0x10) socket$netlink(0x10, 0x3, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0x9) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendmmsg(r3, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000ac0)='<', 0x1}], 0x1}}], 0x1, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0) accept4$rose(r5, 0x0, 0x0, 0x800) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000005100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa080006000a"], 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x10) 6.239519466s ago: executing program 2 (id=2700): getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4008000) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r0, &(0x7f0000000140)={0x24, @short={0x2, 0x3, 0xaaa1}}, 0x14) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet_sctp(0x2, 0x5, 0x84) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x0, 0x8}, 0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000200)={0x0, 0xc}, 0x8) 6.054723865s ago: executing program 2 (id=2701): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[], 0x50) sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000180)={0xb8, 0x0, 0x8, 0x70bd26, 0x25dfdbfd, {}, [@handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x8}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x5}, @handle=@pci={{0x8}, {0x11}}, @handle=@pci={{0x8}, {0x11}}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0xb8}, 0x1, 0x0, 0x0, 0x20040005}, 0x20000000) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r0, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$inet6(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{}, 0x0, &(0x7f00000000c0)}, 0x20) connect$netrom(0xffffffffffffffff, 0x0, 0x0) sendto$netrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000380)={0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYRES16=r3, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502"], 0x3c}}, 0x10) sendmsg$NL80211_CMD_SET_POWER_SAVE(r1, &(0x7f0000000600)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x54, 0x0, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x90}, {0xc}}]}, 0x54}, 0x1, 0x0, 0x0, 0x95}, 0x0) 6.046870529s ago: executing program 1 (id=2702): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x8441, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 5.889673885s ago: executing program 2 (id=2703): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20) sendmmsg$inet6(r0, &(0x7f0000002180)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000740)="03", 0x1}], 0x1}}], 0x1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6f, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x5, 0xd50, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) sendmmsg$inet6(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f0000000180), 0x1}}, {{0x0, 0x900, &(0x7f0000000640)=[{&(0x7f00000009c0)='.', 0xc400}], 0x7}}], 0x44, 0x0) 5.423492812s ago: executing program 1 (id=2707): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) unshare(0x20000400) r2 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f00000012c0)={&(0x7f0000000400), 0xc, &(0x7f00000004c0)={&(0x7f0000000cc0)={0x5f0, r3, 0x4, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1000}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x3ce}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}], @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CSA_IES={0x558, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_FTM_RESPONDER={0x2c, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0x27, 0x3, "2fafee8ab3407bfe82de57ebc5aaa9afcc9a26f00a6a52dd7fc5df4a2b3d9b8d0380b4"}]}, @NL80211_ATTR_FTM_RESPONDER={0x2a8, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0x7e, 0x3, "efa8ca5133034c75c679347098ccd7cd17c3d4c685c9132464a2106e83757c8e7663e24a8a8279ed3e4b0d49a7cf13583a82f3cfeca3f13a482354cc5b52c0b085c3adf1cd94562415b10954bd60170b6b3f730930aa13445009e4fca9a795c31116ff96be40f7e2248ed91e1e2a48911184c33522b018495c73"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0xf2, 0x3, "6a2b7abf4fe12965035b8bd9ecf5b4169d4f4d5fbe5e6820c913fcc9818ff88aaf1c0c23c49aa3438e233b88124f82aeba8b7838c808ee25cc715127ec18eae2017db9c3b223e28d6976357dbb27604004309ddf5f07587e31a1ea2dd334ab8a308397a9267659903965f858dce1776ab77dc97aab70deb5166b75f62da41fd8d6d005e5ae3ee33e91cd31a76811edfa75456e09c1b23cfffbd17e463b09d10d75c741639c84b4dfeae1a5d14869ad6158fa224c207f7f98c0109e73b2b686c8ab1cd2dc7bd6c626d4c1f15d88d1d056060388fbfbc7b5a13d8170f2d63d1390d051c6d546c97926bd39b0733a23"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x8f, 0x3, "4e020dc586d1b848ace32165e796a63ac86ff3ef5c5ec58595fdde725b9561f55a6ec7430d1d61e490f3a2ff2c7f38aa349993fa4204ac947fa49973f53e1e9d3005414e930d77d5a7b0444ec36820e47becab60f7a0b57465c56184a7eb1e736180a3f627d96b512eb74bb720f7f58a91342ec95b9425841d91af8771b9de0ae3f1d4c1b7bbcefa8ba0ed"}, @NL80211_FTM_RESP_ATTR_LCI={0x9c, 0x2, "33f986d360e2c27fc80f08335a3cf048a01d0a409991e232404511cfc90735727059e84b30a5772fed4fc430dd6cc0fcbd0e1456102494483c2ae9d2763fd67dbddef32255af9d86b34b4ef189f3443a772c4cc0fed154bcff483d7c1b72f209bfad0a2b53a5174b9e59eeddc8cda734e9b6b21739f3b462a504b48216a8bb331d1565ff09c5873550d45cad0beb72951a2fa375200bb752"}]}, @NL80211_ATTR_IE_PROBE_RESP={0xa, 0x7f, [@dsss={0x3, 0x1, 0xd}, @sec_chan_ofs={0x3e, 0x1, 0x1}]}, @NL80211_ATTR_IE_PROBE_RESP={0x26c, 0x7f, [@random_vendor={0xdd, 0x96, "044353bf9c7c9884173dbc5b4dd36018d1adf857c98eab36bca18791089aca231b74c447efc6870276f8605635ba947626ca108d206c8133f3be0b202db87977a04849b734f31595f5661d3373837c423306c3938f125279dea0b5b01ddb885119a574a3ab9c71a98fb9ac6f005e0f703770413a99c34271b33408a71be418cfc84e9ea647dffd95d6c59cde3478ccd4d99e3fb81be0"}, @channel_switch={0x25, 0x3, {0x1, 0xb4, 0xc}}, @random_vendor={0xdd, 0x1a, "4c6527c2056ddb166f3b48384e99b82d1390ba80f39408b4cf53"}, @tim={0x5, 0x6c, {0x3, 0x96, 0xe, "a4dd101bdba2030b17fa306ffd48fa67eb85aa78a907b31adff540097d908bf0ce16a3001266b1dfb42ea489e6d76f777d0466753027ce19036617090f653fca20d3a518617e901abcb124527085117a8065f890a8b072a3ba4a5be8f7d066289942d7f55bb7beb28c"}}, @sec_chan_ofs={0x3e, 0x1, 0x3}, @tim={0x5, 0x6f, {0x4, 0xd2, 0x9, "e2527b725d5a8d6110157c3dc67e6bd5275287901df03a506627377ac166288cf1b9bb38fb4569367176793e54e6e04e2db999dba0b9b671a0ec339acf653f2d3e236d79068468fda9b116adb5da5c5acdcae41daf033bca57a5c053e7a01c5c800b1140830c2886fbdceb25"}}, @measure_req={0x26, 0x7f, {0x1, 0x8, 0x9, "00cbf612b36932d84bddc633c0b861554e5a088324b438c027b3ab847bcd6606fb575c10b3fb875039fbf96a48175e040bcd92f672301bc0262a943e5a2a93ccd3cd857cbfc44383552f1fdc6aa096cf65766abc10c406a0411ef5850347fbdac6a64257f99eaa8becfb488f686070f2c699dc844eee320487f526c7"}}, @ibss={0x6, 0x2, 0x7}, @prep={0x83, 0x25, {{0x0, 0x1}, 0xfe, 0x12, @broadcast, 0x95b3, @value=@broadcast, 0x84, 0x4, @device_b, 0x5}}, @prep={0x83, 0x1f, {{}, 0x2d, 0xff, @broadcast, 0x1a2d10f2, @void, 0x4, 0x7, @broadcast, 0x8}}]}], @NL80211_ATTR_CSA_C_OFF_BEACON={0x6, 0xba, [0x0]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xba}, @NL80211_ATTR_CSA_IES={0x24, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_PRESP={0xc, 0xbb, [0x8000, 0x6, 0x9, 0x4]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x14, 0xba, [0x80, 0x17, 0x4, 0x7fff, 0x33ee, 0x8, 0x8000, 0x3f]}]}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xca}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x99e}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x29}]}, 0x5f0}, 0x1, 0x0, 0x0, 0x4000450}, 0x2000d021) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r2, 0x800442d2, 0x0) socket$l2tp(0x2, 0x2, 0x73) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r5, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/243, 0xfffffdef}], 0x1) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r7}, 0x10) r8 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) bind$llc(r8, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x10) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r9, &(0x7f0000000000), 0xffffff6a) sendfile(r8, r9, 0x0, 0xffffffff000) r10 = socket$inet6(0xa, 0x802, 0x0) r11 = socket$inet6_sctp(0xa, 0x1, 0x84) listen(r11, 0xfff) accept(r11, 0xfffffffffffffffd, 0x0) connect$inet6(r10, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'syztnl2\x00', &(0x7f0000000280)={'erspan0\x00', 0x0, 0x80, 0x700, 0x401, 0x3, {{0x33, 0x4, 0x1, 0x5, 0xcc, 0x66, 0x0, 0xfe, 0x4, 0x0, @empty, @rand_addr=0x64010100, {[@timestamp={0x44, 0x10, 0xbd, 0x0, 0xd, [0x3, 0xffff, 0x4]}, @ra={0x94, 0x4, 0x1}, @timestamp={0x44, 0x20, 0x3e, 0x0, 0x9, [0x2, 0x6, 0x8001, 0x8, 0x1000, 0xa, 0xffff8000]}, @generic={0x82, 0xe, "ffb759c61a9c3560b848624f"}, @ssrr={0x89, 0xf, 0xa3, [@remote, @private=0xa010102, @loopback]}, @cipso={0x86, 0x5b, 0x2, [{0x1, 0x3, "0f"}, {0x5, 0xe, "9720e15b4c3280f5ff84f33a"}, {0x6, 0xc, "b4079cd2e52c9e99ec96"}, {0x0, 0x3, "84"}, {0x0, 0x8, "f15de678003a"}, {0x7, 0x2}, {0x1, 0x6, "09af688b"}, {0x0, 0x7, "355daa02c0"}, {0x2, 0xf, "50843526332e80342863c01eed"}, {0x7, 0xf, "5b0978bc02a270ed84a6d8f50d"}]}, @lsrr={0x83, 0xb, 0x6, [@multicast2, @dev={0xac, 0x14, 0x14, 0x44}]}]}}}}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100080}, 0xc, &(0x7f00000001c0)={&(0x7f0000000580)={0x728, r1, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x24c, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0xa4, 0x5, "1bfdfa1830dc1a663c94a719f99816e0a4afdd510cabf18d1a02fb5745a33d2c70cf661447ff019eaae355d2d2681803efab27073c6c769a41d4ace361bda0c1010b4bca46eeeb3b9316bf8caa2c59238b6e21393d8abb4c0159007fb0cf38b936874fdcb320f42b8187a1ff00c415e3887a3b1dedb01e750beae265c9bc091e8d012ee1926d82b15d387bfee170d061a2be1183439f866204b706ac7473a3bd"}, @ETHTOOL_A_BITSET_BITS={0xa8, 0x3, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'ethtool\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xe7f}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '/+(*.\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x800}]}, {0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x60000}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x11, 0x2, '/dev/net/tun\x00'}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '\\\x1a\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x10000}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x4}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '/%\x00'}]}]}, @ETHTOOL_A_BITSET_BITS={0x38, 0x3, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x800}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0x44, 0x3, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4bb}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, ']+!(-\x00'}]}]}, @ETHTOOL_A_BITSET_MASK={0x79, 0x5, "309ab807d2e1868643fdf79228802ade44162aafd07ffeae280db3d7991a347e14a40e39cdf5d134052f734dd3218e947501f0da5fd15f67a217657451beb74dec419739971018554ae3e3e1eef403668b41c6e9d808f3c1a860710ba2fa2dd4be69568d2fac0f45f8d5dda5eed7b8f9cdf56ee452"}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x250, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xe5, 0x4, "9bb098c1aea89ccdf28792b7a874ae7661d32375b60d6f24eb00123c1e9e4b80ec2d2e1a0a1d2298ad4f5c889f2be0fa7cd0cf0309228f9a7bd56d6fc8a841a22cd2c9e02c0c0abcf2bad52c57884db068f247ae6dcc1a996aaaf1e42d415a39921f053e7d0327339a6c4f59b5c45e095d852fce8f504dcf3970f1090cafcf05ddecd46717e44523eaea94dbe0d90dc15626118fa41ac0581e755e095b88296b1199e7c16fbf77ddcd667ad40d824c77434e46805e624188565b427e7a003a948dc8b5edc220fd633f99442e5342c00a38312287c9f8a0dd791bfdfc6e21e06420"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x3}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0x158, 0x3, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4f85dc38}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, ']d[}\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xd55}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '.-!\x00'}]}, {0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffff8}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'mpls\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x11, 0x2, '/dev/net/tun\x00'}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}]}, {0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_NAME={0x1a, 0x2, '\xfe-\xa6-:[]\x1e,@)/-#^\x8e[[,&/\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'ethtool\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'ethtool\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}]}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'ethtool\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'mpls\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'mpls\x00'}]}, {0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x11, 0x2, '/dev/net/tun\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'ethtool\x00'}]}]}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x10, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x7fff}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x1fc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0xf5, 0x5, "c2fa56b4ac09a8a87931cc3a2db6448bc5631cdedb71bc0201334042ac91804770cf307f472046fdf713e059168558f018546d76ed87ff71fadc418f33bc61542bebc472ca03166787347655bfacf48de4c22ee4d8b09f65ee238f082d86097b12e804701274d46eb4427ba52f1c05d9e3554c634a0ee0fe67d78b958f9785dde63f147c2296f0c85e85e63b7855fcab5a30699f44b42928ba433b9355078194ddd261ac833e96747a17958480d9f52491822f1ee76d469b677f60af45858e116ec4b1a6cc859a46cd750d4a3cdf8ea434cb6213736478d881a0cc159d112d31eb572f221dbd0c593528b6a2972d24eec9"}, @ETHTOOL_A_BITSET_VALUE={0xfc, 0x4, "9dcd9033194b820498e8f12f1a6c022ec314bbbb7d0a11e36d64eab6da4b28214b45c7e3b64878c58ef4ad1720c931b8c1a8ff2c9f2719d29811678c0bdefec3c24321fad20e21216f3f816b5209747a7688cfdcf9e9f9d6fd898ba40dd419ad1049eeaaab18977767c5d5ac993578e12d890c6e18a2ce87e5c8d356fb56c63f6f7e39b3860b0411ca710436a8b07d8fd6feebcbc67d02c0dae537e4c983be69d6f4fd1ed2d15265680eb7b453e14fe8ace922349979cd08bc767e95567dc44e0afa214a186bbfe98180b378c5e586613c98ce1278e8a68f3d7af9414c59c223f40703d2b84dfc74e3ee9b3e3fa6c3e9aefeb5ce4d4ac674"}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x728}, 0x1, 0x0, 0x0, 0x200008d0}, 0x4040) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x10900, 0x0) r13 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r13, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newtaction={0x7c, 0x30, 0x1, 0x0, 0x3, {}, [{0x68, 0x1, [@m_mpls={0x64, 0x1, 0x0, 0x0, {{0x9}, {0x38, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x6, 0x0, 0x200000}, 0x2}}, @TCA_MPLS_LABEL={0x8}, @TCA_MPLS_TTL={0x5, 0x7, 0x9}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8848}]}, {0x4, 0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x7c}}, 0x0) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3303000000000400108f93280d0cdbdae08cbed2c4c2e201800800030007000000"], 0x20}}, 0x0) 5.295081253s ago: executing program 2 (id=2709): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r1, 0x400448e4, &(0x7f00000009c0)={0x0, 0x0, "0db43f"}) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0xfffffffc, 0xff, 0x80000000}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720ac4ff000000007110b4000000000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz1\x00', 0x200002, 0x0) openat$cgroup_devices(r3, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0) socket$kcm(0x10, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r6, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x2, &(0x7f00000001c0)=@gcm_256={{0x304}, "f1fce0cbc57efff9", "d389983697bd438c02ab89eb2c968d9257f0bfba44bf2018cbabe8e8f006afd2", "a374fd10", "e87062b67e9bd4b8"}, 0x38) setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{}, "187d90836e09cf58", "75507b6ce9dfbdb9045293922f29bf147c79acfecff7f287557872b051b3fbed", "2a5aef2a", "c92beabdc675f61d"}, 0x41) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r5, r7, 0x2, 0x2, 0x0, @void, @value}, 0x10) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000140)=0x4, 0x4) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r8, @ANYRES32=r8, @ANYBLOB="02149b334f6d2bdca4000000", @ANYRES32=r7, @ANYBLOB, @ANYRES64=0x0], 0x20) r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@cgroup=r9, 0x2, 0x0, 0x0, &(0x7f0000000280)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) write(r4, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0104000000000000000002000000400004803c00018025000100696d6d6564696174650000002800028008000140000000131c000280160001004b45e90438a6e27cb37aba7c80a46fef5d5d00000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a"], 0x94}}, 0x0) 4.423936392s ago: executing program 3 (id=2714): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000140)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={0x3c, r1, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_SEC_DEVKEY={0x20, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0302}}, @NL802154_DEVKEY_ATTR_ID={0x10, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x4}]}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20008045}, 0x4880) (fail_nth: 5) 4.413566882s ago: executing program 0 (id=2715): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="540000001200010300000000001100"/56, @ANYRES32=0x0, @ANYBLOB="00000000000000008000000000000000080003"], 0x54}}, 0x0) 4.265129288s ago: executing program 2 (id=2716): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000060000000000000000008500000007000000850000000e00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) socket$inet(0x2, 0x4000000805, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="12000000070000000400000002"], 0x50) socket(0xa, 0x3, 0x3a) socket$netlink(0x10, 0x3, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640003001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c000200200000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}}, 0x0) 3.858955836s ago: executing program 0 (id=2717): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x8441, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 3.856395657s ago: executing program 2 (id=2718): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0xfffd}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELSET={0x20, 0xb, 0xa, 0x801, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x68}}, 0x0) unshare(0x400) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') readv(r1, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000080)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0) write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[@ANYBLOB='M'], 0x8) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r4) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbf8400000000000007040000f0ffffffb70200000800fff818230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000080)='GPL\x00', 0x4, 0xff8, &(0x7f0000001e00)=""/4088, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$IEEE802154_LLSEC_ADD_KEY(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x20, r5, 0x607, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x20004080}, 0x24044884) 3.731958127s ago: executing program 3 (id=2720): socket$packet(0x11, 0x2, 0x300) socket$inet6_sctp(0xa, 0x5, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000080)={0x1d, r1, 0x2}, 0x18) socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$IPSET_CMD_HEADER(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB], 0x40}, 0x1, 0x0, 0x0, 0x4}, 0x34000800) syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r0) sendmmsg$unix(r0, 0x0, 0x0, 0xc0) socket$kcm(0xa, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(0xffffffffffffffff, 0x0, 0x30004001) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$rds(0x15, 0x5, 0x0) 3.109750819s ago: executing program 0 (id=2721): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010002000000000000000000000a18010000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000002cd40009800800014000000006c80002800c000180080001400000000324"], 0x140}}, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000018c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000980)=ANY=[@ANYBLOB="8400f0da82805fbaea83570000", @ANYRES16=r2, @ANYBLOB="00042abd7000fddbdf25120000000600b5002d050000050019000000000006001a0103000000050074000200000005001301010000002600be006d33135993e08f97eca4bc38fb93367af919558117ab8f28b2b3f22473adf9e4d67f00000c"], 0x84}, 0x1, 0x0, 0x0, 0x8000}, 0x2400c010) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400000022000103243d7002fddbdf2501000000"], 0x14}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = getpid() r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RELOAD(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, 0x0, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r6}}]}, 0x3c}}, 0x4000084) sendmsg$DEVLINK_CMD_SB_GET(r5, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYRES16, @ANYBLOB="10002bbd7000fedbdf250b0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b000b000000080001007063690011000200303030303a30303a31302e300000000008000b00060000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00edb400000d0001006e657409007673696d0000000f0002006e657464657673696d30000008000b0034060000080001007063690011000200303030303a30303a31302e300000000005000b0000800000"], 0xd4}, 0x1, 0x0, 0x0, 0x1}, 0x20000004) r8 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001340)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4870000000000000200000000000e0ff95000000000000002ba7e1d30cb599e83f040000f300000000bd01212fb56f040026fbfefc41056bd8174b79ed317142fa9ea4158123751c5c652fbc1626cca2a2ad75806150ae0209e62f55ee988e6e06c8206ac6939fc404004900c788b277be1cb79b0a4dcf3ed410f6accd3641110bec4e90a634199e07f8f6eb9604000e011ea665c45a3449abe802f5ab3e89cf6cfdffffffb8580218ce740068720000074e8b1715807ea0ca469e468eea13c9a77e1c89c5082a703fd2f73902ebcfcf49822775985bf313405b367e81c700000040000000000200000000005335000000143ea7042ab40c7cb70cc8943a6d60d7c4900282e147d08e0af4b29df814f5691db43a5c00000004000000000089faff01210cce39bf405f1e846c12423a164a330100846f26ad03dd65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d6155102b1ced1e8019e63c850bf895abba14f6fbd7fb5e2a431ab914040000000000010092c9f4609646b6c5c29647d2f950a959cf9938d6dfcb8ed2cbdc2ba9d580609e31c3fa90812a533ce206e7e57a79d6fce424c2200af6c7784a1975fabc0c4dd418c005479ecab19bdfb15a32a4fd67ce446adb431d7e74853b7978639be2463308af07db79240acaf0910300000077d05d988d6efdffdf48dca02113a38300cabf2b5543ffc166955709009e000000000061622718551c20ec23812770d72c700a44e113d17088fdd00600000f7889b8d7044f56ff030000000000006cd4970400cac6f45a6922ded2e29514af463f740586903500090000000000000000be34b10f9d640dd782ac0cbc0abcf72846903243d0d0f4bc7fb0a0d7c5000032daaf281c450e64c33aac8ff7e7d1c94c4505a9839688b008c370494f6734b771546d9552d3bb2da0d000000000000000009125c97f0400f5e1671bc5eb7739daa7820a91cb0e732df2ae1d39c747e00a4fbfe8942fa859cd28bdaa1509309926c77fbcb15ec58b42b4bfaf5a6b649dd5f13cd776e6c7c4b5c4b0de20e0c81efb5e392a13cdd2ce219e6733b378553ead4c8cc530b62c36364e6505992209bdbc6203da7a3797246a6adef071102f0aa2c40095ddd05176f5cb8bd99e1ba0f9568f3e3876bba7bf973334e7919a080000000000000004fb996ad919f7e9672ce107000000ad882f2aead166c94500be902ee7dabc768eb9ec13f334aae90981ecaf5f744f22f2e45afe2c9e863fef0ad9d1ac32276cffe5f1fc21390797d0244cf1ce269d10525745caaa3f77d1b80116cb385a0242010000000100000091a0116f4693133138583da5e10b434697b0443b7b4ddfb3ace29e16e5a881336aad0974269a1025e2a9a135c0508af1aec2926627b43bba1229a7466bdca64f514b7911458da09fe8681916d408d753226a83ae2424ccd3fc508216aea86833030f569d61dc998620fcf4eeb92e7bc511df63c53b82514493b8f3c74f44ba184d40e87612024da1a1ebe316923865f037c01d71b5de81121046d84b18acb5cbea7eecad9b6dd46ed83515cd911e0e5f00019be25b5910a3193e90be231a05fd82e6003969c3f081ff1d0eb50a04d14644234828cbb5aaa0ece702abdd425fa25ae04a2315c89064df633700000000d9e5953ea67310993d01000000000000003ac753358791b1490273ca535e05b11d815237743a5b79ad45de2a3c91257f02c2f30f55136628090702f70000d0055b238f466e1442f8ec7a5b394228035039ceeb452dca75f9ff5332b4c4777a58a0aa9a821667c685492a1689ad4218cea744b332ab232a09cf1ec375627074ce2d3d7619936768a84a1465fff4610cf8838b28319e0f79533d87eedba55955434f132ab7b8840558b3f918d675a79907a72a8252cd3fbaea5d3006a03507838231a335ae759ed25534f2e90a7def4b3d4af7fd47ab1a701e4b7a7dfc1d12775ed0a31bc7b5855880aa767e68196c7aa5ac115724b6cb8fcebb67719eccd87b06b38566cf61ad2f307a79d2ce9801837bf0bd3af0271de700eef2795d28cb0017000000000000000000e052d93194121b774d21a0317d0346078400004652c769fd3d3e661a2fb511164f1502ab2ac4eb3f19c042163e0bdb88b82de384a8055e8b1e24294b0546cce481ff5618b7b9585dbb64d66debf219fa479abf22f3d64fe82e466ea6f278ea00cee8a2088359946e72f80bb1c9cfcde57b79625e2979fe689a5a246cbbdf6ad488f43f46b2536f175f46dfb27d5229"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x2, 0x0, @dev={0xfe, 0x80, '\x00', 0x43}}, 0x1c) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r10 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl(r10, 0x8b2c, &(0x7f0000000040)) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r9, 0x18000000000002a0, 0x34, 0x62, &(0x7f0000000380)="b9e403c6630d698cb8a00b04339c", 0x0, 0x172, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r11 = socket$alg(0x26, 0x5, 0x0) bind$alg(r11, &(0x7f0000000480)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, 0x0, 0x0) r12 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r12, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x8, 0x3, 0x460, 0xf0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x390, 0xffffffff, 0xffffffff, 0x390, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {}, {}, 0x2f, 0x0, 0x3}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@local, 'nicvf0\x00', {0x3f66}}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3d}}, [0xffffffff], [], 'wg1\x00', 'gre0\x00', {}, {0xff}}, 0x0, 0x258, 0x2a0, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x563e4515, 0x0, 0x7, 0x3fc, 0x20}}}, @common=@inet=@hashlimit3={{0x158}, {'veth0_vlan\x00', {0x3, 0x0, 0x48, 0x0, 0x15ab, 0x1000, 0x6, 0x5}}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x2, 0x5, {0x6}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x4c0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000080)={'nicvf0\x00', 0x1}) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000080)={0x4}, 0x1f) 2.895924939s ago: executing program 4 (id=2723): mmap(&(0x7f000059f000/0x4000)=nil, 0x4000, 0x1, 0x110, 0xffffffffffffffff, 0xdf20c000) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) mmap(&(0x7f0000544000/0x2000)=nil, 0x2000, 0x300000b, 0x100010, r1, 0x2296d000) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0xfffffffffffffec7, &(0x7f0000000580)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="1502ffffffa100001c00128009000100766c616e000000000c000280060001000000000008000500", @ANYRES32=0x0, @ANYRES16], 0x4c}, 0x1, 0xba01, 0x0, 0x85}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r5) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) syz_emit_ethernet(0x66, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaabeaaaaaaffffffffffff86dd6000000000302b00fc020000000000000000000000000000fe800000000000000000ffff000000aa21000000003090780d87aedaaa7fc9a56dc2d42b221003a116f525637ae5e186d69b1c57326a7371394d0c6bae77d286"], 0x0) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) sendto$inet6(r0, &(0x7f0000000080)="a4c21f6c955ddb8ab6fee9ccda6480ba21eddf44af1da0f713ea4ab64f50e88a31573e77110cae6d42dfc9bc06ba9a90a0fe66b2ea95220d457545", 0x3b, 0x1, &(0x7f00000000c0)={0xa, 0x4e23, 0x3, @private0, 0x8}, 0x1c) listen(r6, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100000000000000000001000000280001801400040000000100000000000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000840) mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x0) 2.64994039s ago: executing program 4 (id=2724): bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x19, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="181800000000000000000000000000008500000010000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003900000095"], &(0x7f00000001c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00, 0x64, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94) 2.247860129s ago: executing program 4 (id=2725): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[], 0x50) sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000180)={0xb8, 0x0, 0x8, 0x70bd26, 0x25dfdbfd, {}, [@handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x8}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x5}, @handle=@pci={{0x8}, {0x11}}, @handle=@pci={{0x8}, {0x11}}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0xb8}, 0x1, 0x0, 0x0, 0x20040005}, 0x20000000) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r0, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$inet6(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{}, 0x0, &(0x7f00000000c0)}, 0x20) connect$netrom(0xffffffffffffffff, 0x0, 0x0) sendto$netrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000380)={0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502"], 0x3c}}, 0x10) sendmsg$NL80211_CMD_SET_POWER_SAVE(r1, &(0x7f0000000600)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x54, 0x0, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x90}, {0xc}}]}, 0x54}, 0x1, 0x0, 0x0, 0x95}, 0x0) 2.009021613s ago: executing program 4 (id=2726): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf79d}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010800000000000000000b00000008000300", @ANYRES32=r3, @ANYBLOB="0a0006000802110000000000380050800800030001ac0f0011000100cabee339084eeef109002471f400000008000700"], 0x60}}, 0x0) 1.716673287s ago: executing program 3 (id=2727): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="3000000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="000000001041000008001c00", @ANYRES32, @ANYBLOB='\b\x00.\x00\x00\x00\x00\x00'], 0x30}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000018c0)={'team0\x00', 0x0}) (async) r4 = socket$inet_udp(0x2, 0x2, 0x0) (async) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000e80)=ANY=[@ANYBLOB="4000000010003b1500"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100677470000c00028008000200", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r3, @ANYBLOB="5c2a99d37a49a8bd95bb17b2f1b7b60e854fc0a03eeb310abde9bac2a55b328e57f42a87b6c7b93b9597fa49512f8e05bccbd143a527aba89580a02626ed2bee02cfda914152b4c8249eb1b2ca76dea47dab0993"], 0x40}}, 0xc8c0) (async) sendmmsg$inet(r0, 0x0, 0x0, 0x10000) r5 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_SET_FEATURE(r5, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004001}, 0x40000) (async) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32=0x1, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000e7c1ba31376606e400000000000000"], 0x48) (async) socket(0x1e, 0x3, 0x3a) (async) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendto$packet(r6, &(0x7f0000000580)="30208100d69b855f", 0x8, 0x0, &(0x7f0000000340)={0x11, 0x8100, r7, 0x1, 0x0, 0x6, @local}, 0x14) (async) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002ac0)=ANY=[@ANYRES16=r7], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0xfffffffc}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r8}, 0x10) (async) openat$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x2, 0x0) (async) r9 = socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) (async) r10 = socket(0x840000000002, 0x3, 0xff) (async) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r11, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000700)=@newtaction={0xf0, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0xdc, 0x1, [@m_police={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x27, 0x6, "c310a7743fb660426a8a1fedf05d761c27d5f6fecd2f449f4639a33a1fadf00194cc8b"}, {0xc}, {0xc}}}, @m_gact={0x84, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x2, 0x0, 0x2}}]}, {0x3f, 0x6, "ee3daa2770a46e672ed42efc279eacd5f75e0000dcb3d695a2eaefabab0435f53a73381abdbce9ecf2a6300abc24ca9e3507d7209d83fabb0b731c"}, {0xc}, {0xc}}}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x84040}, 0x0) connect$inet(r10, &(0x7f0000000280)={0x2, 0x4e22, @remote}, 0x10) (async) sendmmsg$inet(r10, &(0x7f0000005240)=[{{0x0, 0xfffffdef, 0x0, 0x0, 0x0, 0x0, 0x10}, 0xfffffdef}], 0x4000095, 0x401eb94) socket$alg(0x26, 0x5, 0x0) 1.054717885s ago: executing program 4 (id=2728): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000002b0009ef"], 0x14}}, 0x84) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{0x1, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)}, 0x20) r2 = socket(0x1, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f670600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b52710aeee835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5bc6d3fd0500000022eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe326c2ed0a432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1b172191d359645fae2d074ea5724ab77ea04fe507938b1213cdd4a92860e59808689382734d24b3123dd40c6d612c8a19948cd257748b1e7324adddbe61d51013f7d6b313c6df7b7b29678d70fc94dcc3e99e2472e78968ed94e7a54988656e8fff6b1d9b9993c71edd5cc10a2bea8d94d751b77fa7c48c712af35a9ffe670e8fa451942f48741119496bc30137e1202aed6bb5cd5c2d0256d049e4a335e2ea5545e5624be2391c37c0a2ae3bbb5b58778b85424bcdb84358359b2cb2782fc0e82f17b12d641ce6a72ab0ac794f878140897703bebe4420115d26675f27598841965fa91088252"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r4, @ANYRES32=r3, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r4, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6=r2}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000240)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000200)='%pi6 \x00'}, 0x20) pipe(&(0x7f0000019480)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f00000000c0)=[{&(0x7f0000000180)='\b\x00', 0x2}], 0x1, 0x1) close(r7) splice(r6, 0x0, r7, 0x0, 0x10500, 0x0) r8 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000480)=@generic={&(0x7f0000000440)='./file0\x00'}, 0x18) r9 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b52710aeee835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5bc6d3fd0500000022eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe326c2ed0a432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r10, r9, 0x26, 0x0, 0x0, @void, @value}, 0x10) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={@map=r10, 0x26, 0x0, 0xf51, &(0x7f0000001440)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ppoll(&(0x7f0000000500)=[{r11}], 0x1, 0x0, 0x0, 0x0) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r12, 0xc0189436, &(0x7f0000000140)) r13 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000004c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x5, 0x0, @void, @value, @void, @value}, 0x50) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000540)={r0, 0x4, 0x4, 0x6bdc00000}) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1c, 0x27, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x8}, [@ldst={0x2, 0x1, 0x1, 0x2, 0x5, 0xfffffffffffffff8, 0x4}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @exit, @alu={0x4, 0x0, 0x0, 0xa, 0x6, 0x6, 0x8}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x401}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x200}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_val={0x18, 0xa, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x9}]}, &(0x7f00000003c0)='syzkaller\x00', 0x5, 0x1e, &(0x7f0000000400)=""/30, 0x40f00, 0x3, '\x00', 0x0, @fallback=0x2c6c3f2fffdd1010, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r8, 0x3, &(0x7f0000000580)=[r10, r11, r12, r13, r14, 0x1], &(0x7f00000005c0)=[{0x5, 0x3, 0xf, 0x2}, {0x5, 0x5, 0x10, 0x1}, {0x4, 0x4, 0x3, 0xa}], 0x10, 0x429, @void, @value}, 0x94) 847.862744ms ago: executing program 3 (id=2729): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x2, @mcast1={0xff, 0x7}}}, {{0xa, 0x4e21, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b0000005e140602000000000e0027001000000002800000121f", 0x2e}], 0x1}, 0x0) (async) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b0000005e140602000000000e0027001000000002800000121f", 0x2e}], 0x1}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) (async) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r2) sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000003c0)={0x20, r3, 0x5, 0x0, 0x0, {0x22}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}}, 0x2000c094) syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) (async) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000340), 0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001080), r5) ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f00000010c0)={'wpan0\x00'}) (async) ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f00000010c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r5, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001100)={0x40, r6, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_DEVKEY={0x24, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x6}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0202}}, @NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x20000080) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r2, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x54, r4, 0x78a4f882e555cbc0, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_SEC_LEVEL={0xc, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_SEC_LEVEL={0x14, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x2}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x5}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x41005}, 0x0) (async) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r2, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x54, r4, 0x78a4f882e555cbc0, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_SEC_LEVEL={0xc, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5, 0x4, 0x1}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_SEC_LEVEL={0x14, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x2}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x5}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x41005}, 0x0) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000140)={0x6, 0x0}, 0x8) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000180)={r8, 0x8, 0x18}, 0xc) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={r8, 0x81, 0x8}, 0xc) close(0x3) 714.350407ms ago: executing program 0 (id=2730): socket$netlink(0x10, 0x3, 0xc) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x1f, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x10}, 0xc801) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="4c000000100039042bbd7000fddbdf2500000000", @ANYRES32=r2, @ANYBLOB="000005ff1c2e1b3b0000000000007fac29d280f457710018000280040012454e88995f0d50cb0000000000000000000000006c3b969205ea90d86e1349710da4499aec960cd242c1c3c4fe2309000000000000008f523d3e15c192177b3635cbf3b90b033b8fec666a3d2fdbe3edefe82e1b22e286fdac2dec7ecb790b6c904449a6449972ee10323ef2cfd76b4e77bba04396e9d715dfb804f3302c996431bdf843e796c873904edf6d1470b2ada57ead2b6bdd8a1362980e9a5fda720b96a169266628f6835bede7de3c325f7605264f7523830728e0879b1b3f170e379f013e1db9f576f47857ab2bfa39037fd981a2cab7f318e9dd60df44d7afd1b63f137d52afa9d518b5f9b65a65017e2a94bc17aa8744a9718788abae497436bde1e9773598169e", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2, @ANYBLOB], 0x4c}}, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$SO_COOKIE(r5, 0x1, 0x39, &(0x7f0000000040), &(0x7f0000000180)=0x8) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="9c0000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100040000003c0002802c00018014000300fe8000000020000000000000000000aa14000400fe8800000000000000000800000000010c000280050001000000000008000740000000000600124000040000"], 0x9c}}, 0x0) 444.353318ms ago: executing program 3 (id=2731): r0 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xc, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="720ac4ff00000000711081000000000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4084}, 0x20000010) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006, 0x0, 0x0, 0x7f}]}, 0x10) socket$netlink(0x10, 0x3, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0x9) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendmmsg(r3, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000ac0)='<', 0x1}], 0x1}}], 0x1, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0) accept4$rose(r5, 0x0, 0x0, 0x800) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000005100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa080006000a"], 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x10) 299.945698ms ago: executing program 0 (id=2732): r0 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004040)=[{{0x0, 0x0, 0x0}, 0xffffffff}], 0x1, 0x23, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10) connect$inet(r0, &(0x7f0000000280)={0x2, 0x4, @multicast1}, 0x10) sendmmsg$inet(r0, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x7e1f, 0x0, 0x0, 0x0, 0x0, 0x500}, 0xee0000b0}, {{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000001100)="15b26f226e2966667482d50903b0a8d92ccd9e69d5cc4cb3d467a670b237a9225fb56c0f7ea725dee27c4bb43bb50c6748c83b71d59f0537405dfab648c096607340fac939a2efd31cbe2f8ca29c409e87ea0974b7bceff9afef5d07d691575f5115f2f961ad488e3386036913e98181a6034febaab853a3e928b9035b0e3a8e1cb393c70f6d0448970e0af2476f8b923ee09c19deca55d58f70e8eeff55dda6381cb96afe97196c0af0a8fd450a1447a1a521e2c211fb84cbcf4aebd31298972ec6bea1764fbde5500fa30c5f2459cff4d7f123ab94cfd5762d586ec7a28abc2f8c9e608f8f964b96ecb0883d60d444f317834a3d734cb304051a60d1a084a84da8f9a23a1b9d4951c0a81985c63ae193f40e9deb358b2f08553324fd6086be9e70e5061568abefebcda50e70f4dab2e4dc0cf6d85aced044d7005326922886194895267165f7f592036ebe11dcf1cad98f5cda766eaea90fb4cb5e793525126c7594f8599055192d63a81d3cd26aadd50983f1c3f1d4655c1b5f59e80f733e3abc4792b760729fd26298ef15141cf76cc4", 0xc3}, {&(0x7f0000000d80)="7d68e6de85f9b0cbc9d710267f321ec64eab043ecad9af7e01e9463218ec45924a99867163e468d36a682fadd749caa325e685d75559a87139e02fae7271be8f55671cfd32a09896278d1941370174720838039d0989bc3394b8a4c4f4a30f0496be313d6d60fe47966c634a3ee1f659e8ef310647725bda0130d5de5028220a4cf5fc808a75694738ee26cb21302b4bba4265b845a5d5dce706d9820c6936b122f9658446d74a9016b94424971dd443a6907eb5c73b6b200e92b23f2c36a214729b0bc231511e4c", 0xc8}, {&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4fa22880cc96a03f07888575aedb001d5a74bb2f906797912b5ac080a0a3d361425f1a92ab03bbe65d5dcb235f43b5ad1162a16ebdc647baac013bf076945126cdd5a080853976a97ad55184601102fbb8df86b21aa8162858d74465c5fb7dc766602a3567f6eaf441f85ec50ca7fb3a4fdb450d1420531da25d01a412958a5e3895c59542238cf8e188e7fb5641eb24a5f1819bf8d2e9dd6c1d0e93564d723e311db9cd268bb1e477036e822b135cdbaf40f812aa7db01d22c829ab01ae24997dae96ddeed49e62d285701d5419e3f94a8b95790cf5a296ed15bffae1f71470c6a6eda872528844a2df42590d898630263cab5cccec57b7cea365ad8c91bfbe7cb419635ce6bf340a56115c0ad922b6fade9538e543bc5def2a85d35ab16d20c219c4733837be2c14ba4d3d32c3a6882ce6857626f55109b4cdcb634425d710bf3108f9b31b4af0cc17a58e49e871a56126dd8bed08e038ba64008587237b3442d28032e52fc9fae1a5784ba59d0edfa03d38352724903ed6f6970b3f4dfa6e40bf933b6765c6ee648174765f1e8ec71b80cac86abd065a3005b40a43a665707cc590997c5048183006a9dd8026d39def05950183b3d4f12f4e1644ef78cddac7c5569985c2c232bb350f28857675339e53f63a868704d2e0b38993dc57a02d3e297fc9a5b9384622841018c303a05bac25d509df5a2d0e3232927283fcc3ec67e4fa7b71d22f115cf693851dcceab4bce38cbfbb32829e211cdcb6a359e14fe416663541050d340aef2555dbd292bd9cbab8fcf20378149cc994569c2bc95fb33fd2d9321b8ac8e5160b02e202492f470eb719a8f2ac3a4be37ea0918b54b14789b7aa228d47f7b13fd9af608740c5a8fe02109a7cc0e555b22628ef790e513ecadfd338d30aed8ca219e64ee4fb0bd0e21e5101bf2072ffa071eb1aa0454caccc015ff1e166813f819a142b56a22e4ff387bb319288a0ef747c6fc8fdee3a0e193b0d086eb816e97e0322fcdaa30da61cd26ac9d8d0748fccd911ce0fd4adc953e9486e137fe66bc8aedfd5b78c562ebfc578ac9f96a453311766564541e16955e30b95914e9411a0b4cd95e0d8732d5ff7a4f921ef41d986a195334266585353b16b9449955523913a30c087532bcb899f733af3abea59baea174cf04359547a633b5f8a582ae3ef12a1d0125bef8c6e8c9fb589d3597c5ab3879491b0c5e3607203f06836a6805d3f7979c4325f9fecb2aceddedb272237132460cda812ef7d613a585898d59f92ef68ec95f12b47b440f6d899ecbfab48055e0c1605ba4cd9dbc17c4cbfec8a953ebbd38c45a6737a57ee58e21a20e530171137968ae4f0d0366cdb0b9d6a4667b011fcd7cd9e77364e5221989d8f0d80793260e748e3bd394849c090c744f6044328304cd6f02e941c5405647daffc1fd2f2864b37f92bbf4931c8e4a7c6bafd0ea79d39d330e70e6776bf6a926de227e5a43653bba04883e98d67bb64aa86e8bf271ba87604bc598e47f2992c7618ad25068860a481554b53352c7339de7e79c3bd1aed5bef8f398432858c888a5d8651969ea40eb3d486e9fe61d49b20500fdfd1548f567da970103d36730657c35d03d2c36b142665f62203b1fb12d616478cfef6f38b34cda87a634dd06d359f33e98b94a5e5b46b2a8d73126352d1d5b65af75055455cc903e384c41876fbdff935d047284d9d203b147a6ba0e9cb50beef7798886c33d2f2f0c0d9abe0e32c7c809f8b0b28fc59471987353c862a311776b8275bf319d5cb9a59f8f103b6e567ef5dd8859973cc3fe41e356bf5bd3186240e49286977eca36a8ad44185973b276cd7958b73e14a221b7fd567818bebf54ad27ee95161bd2aeeb356482ff467500a7d36f0464f58a591ec6b728f984ec78d0abe14c6d3411ac3ffc4c3179d1f95d029f26cceb545723519d3d4209a2b1243e78767273c13dc2bd320512674b6f1a50313bae7b9d16aebb476dbc829e8fd8dd46a1696efaff5795cf75de57c90f05ed9ef4a5cdfbf20d3d9ed95fb4114b1d5c9ade0856212e7ba330ce5bccf2c993dff89112b28bd3b17d3fcfacef7590f62bf948977dd79e2d8025946c80bf263e34035409b5ba1443d4929727180761bd56d258c3670a0aa4de21111fc3172367582de2d164ff3a18d0696b8dd8e5c1423b2ea1e2c0cfe141e4cf04f8cdaed48976b94c40d6a581300458661bbdbfeeb4969af6319eb1798843d0872f68f0c6537bbc9c7dd1e9b0564bf442d8d25f8aa884aba1df074d374f99750d9227bb821ba0355f60de2829a5c8cd47c89d29a2e3d7d53d59db5c3ace8f484664202c210c68a3b33076fb00d59938e84fbad6d6618c0bb89cf94035fa2de4da351e0d71df416450ea7ec3af33aa5c0313c63e654bd79c73b39dc1933636956761058d76648746daca469f8fce62c17a8160cdefc6a927eef9ec4a8dd684e46f35282546ce2362ab8afedd39bf699fd7c2cde538f52ea43c08558f42ba77b2986b800c45fa76a130b30919b3e1d504573e3c1e7dd2dc5d81379df53d736511f1da4ad8791e46adb27bb5c38129e89edda0aed99dcc03fe400f7d05d48e3e9e17744e8487f8ac464c86f7332211fb9799e9d27a6832d5f17ccd1a2da255f6da047e4728dd80860c04391bca4b7833f0346866401ec20033bcf6dfa85fd1520de5a03b4f9f6f5d2f8d7b6e7d7df1cbe5c05e23e080cf335639c94c48aaeb0bfebbe79530d67d35fb101c91839954c0e50dd4b90a86428b22b0be1e906fee30f68d7ce4bf9c68eafe695f07f5e4e4d473d77104b7b1b5dcfeb84e8c83624c0068d4e1cccfe740f8e5d5699603f8481ef2a1f2d4b8fd2314c5cb1985fe34cf8ede7d2e8bddea269422490903489c7f5951114d7ccb29a19455a987d538955712a460243105b25ccb6e6f34c370a6bbb234bee150dbcea5188e45305253f1014f7c0b5d60d517d2d05707f5ca9249a921d6c5307caf41deca0509b49102d801320db65c00f6e1c05fb8c2e1cc554673bf6168dd64086b19af28eec508fd0c304837e802173ac9947c4d73929c61d9632ab929a25f2a04350954612c2de705c1c25215284fe933fc8ccfd30ab3fc9ff5e04dd68d4720d95a29d6da176ac9d332c9ce77358f3c262777ea828fe6473638bc77be2aa586a3733e275744bc42c3742c1ad8f89d25c31958902f2f498c58fc85e9b78fb7a331734cb081cfa9ccfd262df927c0ff46983f8765af4add3532de2b91f2436df028", 0x9fd}], 0x3}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000001700)="a6", 0x1}], 0x300}}], 0x3, 0x0) 173.76441ms ago: executing program 3 (id=2733): mmap(&(0x7f000059f000/0x4000)=nil, 0x4000, 0x1, 0x110, 0xffffffffffffffff, 0xdf20c000) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) mmap(&(0x7f0000544000/0x2000)=nil, 0x2000, 0x300000b, 0x100010, r1, 0x2296d000) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0xfffffffffffffec7, &(0x7f0000000580)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="1502ffffffa100001c00128009000100766c616e000000000c000280060001000000000008000500", @ANYRES32=0x0, @ANYRES16], 0x4c}, 0x1, 0xba01, 0x0, 0x85}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r5) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) syz_emit_ethernet(0x66, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaabeaaaaaaffffffffffff86dd6000000000302b00fc020000000000000000000000000000fe800000000000000000ffff000000aa21000000003090780d87aedaaa7fc9a56dc2d42b221003a116f525637ae5e186d69b1c57326a7371394d0c6bae77d286"], 0x0) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) sendto$inet6(r0, &(0x7f0000000080)="a4c21f6c955ddb8ab6fee9ccda6480ba21eddf44af1da0f713ea4ab64f50e88a31573e77110cae6d42dfc9bc06ba9a90a0fe66b2ea95220d457545", 0x3b, 0x1, &(0x7f00000000c0)={0xa, 0x4e23, 0x3, @private0, 0x8}, 0x1c) listen(r6, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100000000000000000001000000280001801400040000000100000000000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000840) mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r2, 0x0) 49.48059ms ago: executing program 4 (id=2734): unshare(0x6a040000) r0 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@loopback={0x600}, 0x8000000, 0x0, 0x1, 0xa, 0x4}, 0x20) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f00000001c0)={@local, @empty, 0x0}, &(0x7f0000000200)=0xc) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000200), 0xffffffc1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r3, 0x0) mmap(&(0x7f00007a6000/0x3000)=nil, 0x3000, 0x100000c, 0x22051, r3, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000006c0)={0xffffffffffffffff, 0xe0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000002c0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x6, &(0x7f0000000300)=[0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8a, &(0x7f0000000380)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0x4e, 0x8, 0x8, &(0x7f0000000440)}}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000780)={{0x1, 0xffffffffffffffff}, &(0x7f0000000700), &(0x7f0000000740)='%pS \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000800)={0x1, 0xffffffffffffffff}, 0x4) r8 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000840)={0x0, 0x6, 0x8}, 0xc) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000880)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xffffff7a, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x20, 0x16, &(0x7f0000000000)=@raw=[@alu={0x3, 0x1, 0x8, 0x4, 0x5, 0x30, 0x1}, @call={0x85, 0x0, 0x0, 0x31}, @alu={0x7, 0x0, 0x4, 0x5, 0x3, 0x18, 0xfffffffffffffff0}, @call={0x85, 0x0, 0x0, 0xab}, @generic={0x9, 0x0, 0x5, 0x2, 0x200}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}], &(0x7f00000000c0)='syzkaller\x00', 0x2, 0xab, &(0x7f0000000100)=""/171, 0x40f00, 0x13, '\x00', r2, @fallback=0x21, r3, 0x8, &(0x7f0000000240)={0xa, 0x5}, 0x8, 0x10, &(0x7f0000000280)={0x0, 0x3, 0x10000, 0x323}, 0x10, r4, 0xffffffffffffffff, 0x8, &(0x7f00000008c0)=[r5, 0x1, r6, r7, r8, r9, r10], &(0x7f0000000900)=[{0x4, 0x3, 0xf, 0x1}, {0x0, 0x3, 0x7, 0x9}, {0x4, 0x3, 0xd, 0x4}, {0x1, 0x5, 0xe, 0xc}, {0x5, 0x4, 0x6, 0x4}, {0x5, 0x5, 0xf, 0x4}, {0x2, 0x5, 0xf, 0x3}, {0x3, 0x1, 0xf, 0x4}], 0x10, 0x1000, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, 0x0, 0x50) r11 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_buf(r11, 0x0, 0x2a, &(0x7f0000000500)="c1de6d7233a30dc5a0ac84df9225d4325a15a7295cf7e6df47390d5db02c64d88b844ff1427d351f48a4ee972e301f7d400bf2477dff5ebaac66161928c38e510398d46a398f38d1c8b8a3c60b42f680764d90379445541ca10a19abe4d5248c9825e0ecc59bbd10723a2addf3dd6766e76d57027ab42d4c2c7b0132782314c5c321bc6cae3b9cd1", 0x88) r12 = socket$igmp(0x2, 0x3, 0x2) setsockopt$EBT_SO_SET_ENTRIES(r12, 0x0, 0x80, &(0x7f0000000480)=@broute={'broute\x00', 0x5e04, 0x0, 0x90, [0x0, 0x0, 0x200000000500], 0x2, 0x0, &(0x7f0000000500)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}]}, 0x108) 0s ago: executing program 0 (id=2735): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[], 0x50) sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000180)={0xb8, 0x0, 0x8, 0x70bd26, 0x25dfdbfd, {}, [@handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x8}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x5}, @handle=@pci={{0x8}, {0x11}}, @handle=@pci={{0x8}, {0x11}}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0xb8}, 0x1, 0x0, 0x0, 0x20040005}, 0x20000000) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r0, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$inet6(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{}, 0x0, &(0x7f00000000c0)}, 0x20) connect$netrom(0xffffffffffffffff, 0x0, 0x0) sendto$netrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000380)={0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502"], 0x3c}}, 0x10) sendmsg$NL80211_CMD_SET_POWER_SAVE(r1, &(0x7f0000000600)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x54, 0x0, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x90}, {0xc}}]}, 0x54}, 0x1, 0x0, 0x0, 0x95}, 0x0) kernel console output (not intermixed with test programs): e_snprint+0x71/0xf0 [ 249.800014][T10439] ? __lock_acquire+0xad5/0xd80 [ 249.800037][T10439] ? __pfx_ieee802154_llsec_del_seclevel+0x10/0x10 [ 249.800087][T10439] netlink_rcv_skb+0x208/0x480 [ 249.800110][T10439] ? __pfx_genl_rcv_msg+0x10/0x10 [ 249.800139][T10439] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 249.800186][T10439] ? netlink_deliver_tap+0x2e/0x1b0 [ 249.800215][T10439] genl_rcv+0x28/0x40 [ 249.800240][T10439] netlink_unicast+0x7f8/0x9a0 [ 249.800283][T10439] ? __pfx_netlink_unicast+0x10/0x10 [ 249.800317][T10439] ? skb_put+0x114/0x1f0 [ 249.800346][T10439] netlink_sendmsg+0x8c3/0xcd0 [ 249.800383][T10439] ? __pfx_netlink_sendmsg+0x10/0x10 [ 249.800411][T10439] ? aa_sock_msg_perm+0x91/0x160 [ 249.800447][T10439] ? __pfx_netlink_sendmsg+0x10/0x10 [ 249.800467][T10439] __sock_sendmsg+0x221/0x270 [ 249.800503][T10439] ____sys_sendmsg+0x523/0x860 [ 249.800539][T10439] ? __pfx_____sys_sendmsg+0x10/0x10 [ 249.800562][T10439] ? __fget_files+0x2a/0x420 [ 249.800597][T10439] ? __fget_files+0x2a/0x420 [ 249.800640][T10439] __sys_sendmsg+0x271/0x360 [ 249.800673][T10439] ? __pfx___sys_sendmsg+0x10/0x10 [ 249.800764][T10439] ? do_syscall_64+0xb6/0x230 [ 249.800792][T10439] do_syscall_64+0xf3/0x230 [ 249.800817][T10439] ? clear_bhb_loop+0x45/0xa0 [ 249.800842][T10439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.800863][T10439] RIP: 0033:0x7f4ed1b8d169 [ 249.800883][T10439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 249.800901][T10439] RSP: 002b:00007f4ed2a24038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 249.800924][T10439] RAX: ffffffffffffffda RBX: 00007f4ed1da5fa0 RCX: 00007f4ed1b8d169 [ 249.800940][T10439] RDX: 0000000004040000 RSI: 0000200000000f80 RDI: 0000000000000004 [ 249.800953][T10439] RBP: 00007f4ed2a24090 R08: 0000000000000000 R09: 0000000000000000 [ 249.800966][T10439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 249.800986][T10439] R13: 0000000000000000 R14: 00007f4ed1da5fa0 R15: 00007ffe7c752fa8 [ 249.801020][T10439] [ 250.197365][T10445] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1373'. [ 250.198287][T10448] SET target dimension over the limit! [ 250.951816][T10470] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1379'. [ 251.855793][T10490] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1384'. [ 251.904833][T10490] block nbd0: not configured, cannot reconfigure [ 252.116724][T10477] xt_hashlimit: size too large, truncated to 1048576 [ 252.289909][T10500] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1385'. [ 252.403701][T10504] FAULT_INJECTION: forcing a failure. [ 252.403701][T10504] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 252.418428][T10504] CPU: 0 UID: 0 PID: 10504 Comm: syz.4.1388 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 252.418462][T10504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 252.418477][T10504] Call Trace: [ 252.418486][T10504] [ 252.418495][T10504] dump_stack_lvl+0x241/0x360 [ 252.418546][T10504] ? __pfx_dump_stack_lvl+0x10/0x10 [ 252.418575][T10504] ? __pfx__printk+0x10/0x10 [ 252.418615][T10504] should_fail_ex+0x424/0x570 [ 252.418645][T10504] _copy_from_user+0x2d/0xb0 [ 252.418667][T10504] copy_msghdr_from_user+0xb3/0x580 [ 252.418708][T10504] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 252.418759][T10504] __sys_sendmmsg+0x361/0x7b0 [ 252.418801][T10504] ? __pfx___sys_sendmmsg+0x10/0x10 [ 252.418868][T10504] ? rcu_read_lock_any_held+0xbb/0x160 [ 252.418898][T10504] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 252.418925][T10504] ? vfs_write+0xb29/0xd10 [ 252.418954][T10504] ? ksys_write+0x24e/0x2d0 [ 252.418976][T10504] ? __mutex_unlock_slowpath+0x229/0x800 [ 252.419023][T10504] ? ksys_write+0x275/0x2d0 [ 252.419053][T10504] __x64_sys_sendmmsg+0xa0/0xb0 [ 252.419078][T10504] do_syscall_64+0xf3/0x230 [ 252.419101][T10504] ? clear_bhb_loop+0x45/0xa0 [ 252.419126][T10504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.419145][T10504] RIP: 0033:0x7f4ed1b8d169 [ 252.419164][T10504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.419183][T10504] RSP: 002b:00007f4ed2a24038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 252.419206][T10504] RAX: ffffffffffffffda RBX: 00007f4ed1da5fa0 RCX: 00007f4ed1b8d169 [ 252.419222][T10504] RDX: 0400000000000292 RSI: 0000200000002c40 RDI: 0000000000000003 [ 252.419237][T10504] RBP: 00007f4ed2a24090 R08: 0000000000000000 R09: 0000000000000000 [ 252.419250][T10504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 252.419262][T10504] R13: 0000000000000000 R14: 00007f4ed1da5fa0 R15: 00007ffe7c752fa8 [ 252.419293][T10504] [ 252.428585][T10497] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1382'. [ 253.213853][T10524] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1394'. [ 253.292936][T10528] netlink: 'syz.2.1395': attribute type 8 has an invalid length. [ 253.512464][T10532] bridge0: port 1(vlan4) entered blocking state [ 253.525264][T10532] bridge0: port 1(vlan4) entered disabled state [ 253.532116][T10532] vlan4: entered allmulticast mode [ 253.545032][ T5857] Bluetooth: hci0: command 0x0401 tx timeout [ 253.552251][ T5844] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 253.590298][T10535] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1397'. [ 253.593276][T10532] vlan4: left allmulticast mode [ 253.647017][T10534] netlink: 'syz.0.1397': attribute type 10 has an invalid length. [ 253.650174][T10539] nlmon0: Master is either lo or non-ether device [ 253.675869][T10534] bond0: (slave wlan1): Enslaving as an active interface with a down link [ 253.825812][T10544] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1401'. [ 253.859573][T10546] netlink: 'syz.2.1402': attribute type 4 has an invalid length. [ 253.965352][T10541] nbd: couldn't find device at index 768 [ 254.384977][T10559] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1407'. [ 254.429129][T10559] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1407'. [ 254.464097][T10559] 8021q: VLANs not supported on caif0 [ 254.472442][T10563] FAULT_INJECTION: forcing a failure. [ 254.472442][T10563] name failslab, interval 1, probability 0, space 0, times 0 [ 254.517214][T10563] CPU: 1 UID: 0 PID: 10563 Comm: syz.3.1406 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 254.517250][T10563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 254.517264][T10563] Call Trace: [ 254.517273][T10563] [ 254.517283][T10563] dump_stack_lvl+0x241/0x360 [ 254.517322][T10563] ? __pfx_dump_stack_lvl+0x10/0x10 [ 254.517352][T10563] ? __pfx__printk+0x10/0x10 [ 254.517387][T10563] ? __pfx___might_resched+0x10/0x10 [ 254.517419][T10563] should_fail_ex+0x424/0x570 [ 254.517452][T10563] should_failslab+0xac/0x100 [ 254.517493][T10563] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 254.517533][T10563] ? __alloc_skb+0x1c2/0x480 [ 254.517562][T10563] __alloc_skb+0x1c2/0x480 [ 254.517593][T10563] ? __pfx___alloc_skb+0x10/0x10 [ 254.517629][T10563] netlink_sendmsg+0x638/0xcd0 [ 254.517668][T10563] ? __pfx_netlink_sendmsg+0x10/0x10 [ 254.517696][T10563] ? aa_sock_msg_perm+0x91/0x160 [ 254.517732][T10563] ? __pfx_netlink_sendmsg+0x10/0x10 [ 254.517752][T10563] __sock_sendmsg+0x221/0x270 [ 254.517789][T10563] ____sys_sendmsg+0x523/0x860 [ 254.517830][T10563] ? __pfx_____sys_sendmsg+0x10/0x10 [ 254.517855][T10563] ? __fget_files+0x2a/0x420 [ 254.517890][T10563] ? __fget_files+0x2a/0x420 [ 254.517933][T10563] __sys_sendmsg+0x271/0x360 [ 254.517967][T10563] ? __pfx___sys_sendmsg+0x10/0x10 [ 254.518057][T10563] ? do_syscall_64+0xb6/0x230 [ 254.518085][T10563] do_syscall_64+0xf3/0x230 [ 254.518109][T10563] ? clear_bhb_loop+0x45/0xa0 [ 254.518136][T10563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.518156][T10563] RIP: 0033:0x7f9ed238d169 [ 254.518176][T10563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.518194][T10563] RSP: 002b:00007f9ed31ac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 254.518217][T10563] RAX: ffffffffffffffda RBX: 00007f9ed25a6080 RCX: 00007f9ed238d169 [ 254.518233][T10563] RDX: 0000000000004880 RSI: 0000200000000e40 RDI: 0000000000000004 [ 254.518247][T10563] RBP: 00007f9ed31ac090 R08: 0000000000000000 R09: 0000000000000000 [ 254.518261][T10563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 254.518274][T10563] R13: 0000000000000001 R14: 00007f9ed25a6080 R15: 00007ffe27ddb0b8 [ 254.518308][T10563] [ 254.922316][T10555] xt_hashlimit: size too large, truncated to 1048576 [ 255.157347][T10584] FAULT_INJECTION: forcing a failure. [ 255.157347][T10584] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 255.207469][T10584] CPU: 1 UID: 0 PID: 10584 Comm: syz.2.1412 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 255.207503][T10584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 255.207518][T10584] Call Trace: [ 255.207526][T10584] [ 255.207535][T10584] dump_stack_lvl+0x241/0x360 [ 255.207576][T10584] ? __pfx_dump_stack_lvl+0x10/0x10 [ 255.207608][T10584] ? __pfx__printk+0x10/0x10 [ 255.207648][T10584] should_fail_ex+0x424/0x570 [ 255.207683][T10584] _copy_to_user+0x31/0xb0 [ 255.207709][T10584] simple_read_from_buffer+0xc4/0x170 [ 255.207744][T10584] proc_fail_nth_read+0x1ef/0x260 [ 255.207771][T10584] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 255.207797][T10584] ? rw_verify_area+0x246/0x630 [ 255.207819][T10584] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 255.207843][T10584] vfs_read+0x21f/0xb90 [ 255.207873][T10584] ? __pfx___mutex_lock+0x10/0x10 [ 255.207899][T10584] ? __pfx_vfs_read+0x10/0x10 [ 255.207927][T10584] ? __fget_files+0x2a/0x420 [ 255.207962][T10584] ? __fget_files+0x39d/0x420 [ 255.207992][T10584] ? __fget_files+0x2a/0x420 [ 255.208036][T10584] ksys_read+0x19d/0x2d0 [ 255.208063][T10584] ? __pfx_ksys_read+0x10/0x10 [ 255.208094][T10584] ? do_syscall_64+0xb6/0x230 [ 255.208122][T10584] do_syscall_64+0xf3/0x230 [ 255.208146][T10584] ? clear_bhb_loop+0x45/0xa0 [ 255.208172][T10584] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.208201][T10584] RIP: 0033:0x7f4e08f8bb7c [ 255.208221][T10584] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 255.208239][T10584] RSP: 002b:00007f4e09db1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 255.208262][T10584] RAX: ffffffffffffffda RBX: 00007f4e091a5fa0 RCX: 00007f4e08f8bb7c [ 255.208279][T10584] RDX: 000000000000000f RSI: 00007f4e09db10a0 RDI: 0000000000000004 [ 255.208291][T10584] RBP: 00007f4e09db1090 R08: 0000000000000000 R09: 0000000000000000 [ 255.208304][T10584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 255.208317][T10584] R13: 0000000000000000 R14: 00007f4e091a5fa0 R15: 00007ffe3100cc78 [ 255.208348][T10584] [ 256.020060][T10601] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1417'. [ 256.086981][T10601] block nbd0: not configured, cannot reconfigure [ 256.291739][T10610] FAULT_INJECTION: forcing a failure. [ 256.291739][T10610] name failslab, interval 1, probability 0, space 0, times 0 [ 256.356644][T10610] CPU: 1 UID: 0 PID: 10610 Comm: syz.4.1419 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 256.356683][T10610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 256.356698][T10610] Call Trace: [ 256.356706][T10610] [ 256.356715][T10610] dump_stack_lvl+0x241/0x360 [ 256.356755][T10610] ? __pfx_dump_stack_lvl+0x10/0x10 [ 256.356786][T10610] ? __pfx__printk+0x10/0x10 [ 256.356819][T10610] ? __pfx___might_resched+0x10/0x10 [ 256.356850][T10610] should_fail_ex+0x424/0x570 [ 256.356883][T10610] should_failslab+0xac/0x100 [ 256.356914][T10610] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 256.356945][T10610] ? __alloc_skb+0x1c2/0x480 [ 256.356974][T10610] __alloc_skb+0x1c2/0x480 [ 256.357005][T10610] ? __pfx___alloc_skb+0x10/0x10 [ 256.357032][T10610] ? netlink_autobind+0xd6/0x2f0 [ 256.357054][T10610] ? netlink_autobind+0x2b0/0x2f0 [ 256.357082][T10610] netlink_sendmsg+0x638/0xcd0 [ 256.357119][T10610] ? __pfx_netlink_sendmsg+0x10/0x10 [ 256.357147][T10610] ? aa_sock_msg_perm+0x91/0x160 [ 256.357183][T10610] ? __pfx_netlink_sendmsg+0x10/0x10 [ 256.357203][T10610] __sock_sendmsg+0x221/0x270 [ 256.357241][T10610] ____sys_sendmsg+0x523/0x860 [ 256.357277][T10610] ? __pfx_____sys_sendmsg+0x10/0x10 [ 256.357302][T10610] ? __fget_files+0x2a/0x420 [ 256.357357][T10610] ? __fget_files+0x2a/0x420 [ 256.357397][T10610] __sys_sendmsg+0x271/0x360 [ 256.357428][T10610] ? __pfx___sys_sendmsg+0x10/0x10 [ 256.357513][T10610] ? do_syscall_64+0xb6/0x230 [ 256.357540][T10610] do_syscall_64+0xf3/0x230 [ 256.357564][T10610] ? clear_bhb_loop+0x45/0xa0 [ 256.357590][T10610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.357610][T10610] RIP: 0033:0x7f4ed1b8d169 [ 256.357629][T10610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.357647][T10610] RSP: 002b:00007f4ed2a24038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 256.357669][T10610] RAX: ffffffffffffffda RBX: 00007f4ed1da5fa0 RCX: 00007f4ed1b8d169 [ 256.357685][T10610] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 256.357697][T10610] RBP: 00007f4ed2a24090 R08: 0000000000000000 R09: 0000000000000000 [ 256.357710][T10610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 256.357722][T10610] R13: 0000000000000000 R14: 00007f4ed1da5fa0 R15: 00007ffe7c752fa8 [ 256.357754][T10610] [ 257.113004][T10624] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1425'. [ 257.185862][T10630] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1426'. [ 257.214286][T10623] Bluetooth: MGMT ver 1.23 [ 257.546521][T10643] mac80211_hwsim hwsim3 syzkaller0: entered promiscuous mode [ 257.558352][T10643] mac80211_hwsim hwsim3 syzkaller0: entered allmulticast mode [ 257.658387][T10646] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1432'. [ 257.818292][T10643] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1432'. [ 257.859156][T10643] nbd: device at index 64 is going down [ 258.044199][T10637] xt_hashlimit: size too large, truncated to 1048576 [ 258.138168][T10665] netlink: 'syz.4.1437': attribute type 1 has an invalid length. [ 258.146431][T10665] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1437'. [ 258.413167][T10677] netlink: 'syz.3.1440': attribute type 6 has an invalid length. [ 258.421661][T10677] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1440'. [ 258.580845][T10680] netlink: 'syz.4.1442': attribute type 1 has an invalid length. [ 258.613489][T10680] netlink: 'syz.4.1442': attribute type 2 has an invalid length. [ 258.648159][T10685] sctp: [Deprecated]: syz.1.1441 (pid 10685) Use of struct sctp_assoc_value in delayed_ack socket option. [ 258.648159][T10685] Use struct sctp_sack_info instead [ 258.659107][T10684] bond0: entered promiscuous mode [ 258.728828][T10684] bond0: left promiscuous mode [ 259.197869][T10700] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1446'. [ 259.466786][T10717] netlink: 'syz.2.1452': attribute type 1 has an invalid length. [ 259.506806][T10717] NCSI netlink: No device for ifindex 0 [ 260.249978][T10740] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1457'. [ 260.355141][T10741] xt_hashlimit: size too large, truncated to 1048576 [ 260.868134][T10761] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1462'. [ 260.989044][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.345058][T10778] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1466'. [ 262.407603][T10800] __nla_validate_parse: 1 callbacks suppressed [ 262.407626][T10800] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1475'. [ 262.478790][T10805] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1475'. [ 262.529676][T10805] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1475'. [ 262.685909][T10807] netlink: 'syz.0.1476': attribute type 9 has an invalid length. [ 262.723616][T10807] netlink: 'syz.0.1476': attribute type 6 has an invalid length. [ 263.254445][T10820] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1480'. [ 263.281089][T10820] netlink: 'syz.3.1480': attribute type 7 has an invalid length. [ 263.998332][T10844] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1487'. [ 264.074336][T10848] FAULT_INJECTION: forcing a failure. [ 264.074336][T10848] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 264.092247][T10844] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1487'. [ 264.124825][T10844] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1487'. [ 264.153936][T10848] CPU: 1 UID: 0 PID: 10848 Comm: syz.0.1488 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 264.153970][T10848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 264.153984][T10848] Call Trace: [ 264.153992][T10848] [ 264.154002][T10848] dump_stack_lvl+0x241/0x360 [ 264.154041][T10848] ? __pfx_dump_stack_lvl+0x10/0x10 [ 264.154070][T10848] ? __pfx__printk+0x10/0x10 [ 264.154112][T10848] should_fail_ex+0x424/0x570 [ 264.154143][T10848] _copy_from_user+0x2d/0xb0 [ 264.154167][T10848] kstrtouint_from_user+0xce/0x1a0 [ 264.154201][T10848] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 264.154234][T10848] ? __lock_acquire+0xad5/0xd80 [ 264.154269][T10848] proc_fail_nth_write+0xac/0x2d0 [ 264.154291][T10848] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 264.154320][T10848] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 264.154357][T10848] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 264.154380][T10848] vfs_write+0x2bc/0xd10 [ 264.154410][T10848] ? fdget_pos+0x247/0x310 [ 264.154446][T10848] ? __pfx_vfs_write+0x10/0x10 [ 264.154473][T10848] ? __fget_files+0x2a/0x420 [ 264.154506][T10848] ? __fget_files+0x39d/0x420 [ 264.154539][T10848] ? __fget_files+0x2a/0x420 [ 264.154581][T10848] ksys_write+0x19d/0x2d0 [ 264.154607][T10848] ? __pfx_ksys_write+0x10/0x10 [ 264.154638][T10848] ? do_syscall_64+0xb6/0x230 [ 264.154666][T10848] do_syscall_64+0xf3/0x230 [ 264.154690][T10848] ? clear_bhb_loop+0x45/0xa0 [ 264.154715][T10848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.154736][T10848] RIP: 0033:0x7fe85138bc1f [ 264.154754][T10848] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 264.154773][T10848] RSP: 002b:00007fe8521b0030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 264.154795][T10848] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe85138bc1f [ 264.154810][T10848] RDX: 0000000000000001 RSI: 00007fe8521b00a0 RDI: 0000000000000004 [ 264.154823][T10848] RBP: 00007fe8521b0090 R08: 0000000000000000 R09: 0000000000000000 [ 264.154836][T10848] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 264.154848][T10848] R13: 0000000000000000 R14: 00007fe8515a5fa0 R15: 00007fff0402f518 [ 264.154883][T10848] [ 264.550052][T10826] xt_hashlimit: size too large, truncated to 1048576 [ 264.693784][T10866] SET target dimension over the limit! [ 265.524370][T10882] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 265.641893][T10884] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1502'. [ 265.669912][T10884] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1502'. [ 265.708857][T10884] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1502'. [ 267.081210][T10937] netlink: 'syz.2.1516': attribute type 10 has an invalid length. [ 267.166142][T10937] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 267.183779][T10937] batman_adv: batadv0: Adding interface: virt_wifi0 [ 267.213593][T10937] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 267.304033][T10937] batman_adv: batadv0: Interface activated: virt_wifi0 [ 267.621962][T10948] __nla_validate_parse: 4 callbacks suppressed [ 267.621989][T10948] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1521'. [ 267.710888][T10953] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1522'. [ 267.726942][T10926] xt_hashlimit: size too large, truncated to 1048576 [ 267.751947][T10957] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1521'. [ 267.778072][T10957] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1521'. [ 267.831096][T10957] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1521'. [ 268.804765][T10999] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1533'. [ 268.816685][T10999] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1533'. [ 268.884830][T10999] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1533'. [ 268.938426][T10999] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 269.098118][T11010] netlink: 'syz.0.1536': attribute type 1 has an invalid length. [ 269.647558][T11028] netlink: 'syz.2.1541': attribute type 2 has an invalid length. [ 269.794414][T11033] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1543'. [ 270.306094][T11045] netlink: 'syz.0.1548': attribute type 10 has an invalid length. [ 270.330230][T11045] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1548'. [ 270.366841][T11045] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.395873][T11045] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.418154][T11045] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.438416][T11052] netlink: 'syz.4.1550': attribute type 2 has an invalid length. [ 270.472338][T11045] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.512331][T11036] xt_hashlimit: size too large, truncated to 1048576 [ 270.632808][T11045] team0: Port device geneve0 added [ 271.719337][T11090] 8021q: VLANs not supported on nlmon0 [ 272.454263][T11113] FAULT_INJECTION: forcing a failure. [ 272.454263][T11113] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 272.523521][T11113] CPU: 0 UID: 0 PID: 11113 Comm: syz.0.1569 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 272.523555][T11113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 272.523567][T11113] Call Trace: [ 272.523574][T11113] [ 272.523583][T11113] dump_stack_lvl+0x241/0x360 [ 272.523616][T11113] ? __pfx_dump_stack_lvl+0x10/0x10 [ 272.523642][T11113] ? __pfx__printk+0x10/0x10 [ 272.523684][T11113] should_fail_ex+0x424/0x570 [ 272.523712][T11113] _copy_from_user+0x2d/0xb0 [ 272.523731][T11113] copy_msghdr_from_user+0xb3/0x580 [ 272.523765][T11113] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 272.523791][T11113] ? __fget_files+0x2a/0x420 [ 272.523821][T11113] ? __fget_files+0x2a/0x420 [ 272.523855][T11113] __sys_sendmsg+0x20a/0x360 [ 272.523882][T11113] ? __pfx___sys_sendmsg+0x10/0x10 [ 272.523959][T11113] ? do_syscall_64+0xb6/0x230 [ 272.523983][T11113] do_syscall_64+0xf3/0x230 [ 272.524003][T11113] ? clear_bhb_loop+0x45/0xa0 [ 272.524024][T11113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.524041][T11113] RIP: 0033:0x7fe85138d169 [ 272.524056][T11113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 272.524072][T11113] RSP: 002b:00007fe8521b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 272.524091][T11113] RAX: ffffffffffffffda RBX: 00007fe8515a5fa0 RCX: 00007fe85138d169 [ 272.524104][T11113] RDX: 00000000040040d0 RSI: 0000200000000100 RDI: 0000000000000003 [ 272.524116][T11113] RBP: 00007fe8521b0090 R08: 0000000000000000 R09: 0000000000000000 [ 272.524127][T11113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 272.524137][T11113] R13: 0000000000000000 R14: 00007fe8515a5fa0 R15: 00007fff0402f518 [ 272.524164][T11113] [ 272.973849][T11118] netlink: 'syz.2.1572': attribute type 3 has an invalid length. [ 273.637220][T11133] xt_hashlimit: size too large, truncated to 1048576 [ 276.455895][T11193] __nla_validate_parse: 4 callbacks suppressed [ 276.455918][T11193] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1591'. [ 276.474726][T11190] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1591'. [ 276.840472][T11210] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1591'. [ 276.928677][T11210] netlink: 120 bytes leftover after parsing attributes in process `syz.4.1591'. [ 277.290239][T11210] 8021q: VLANs not supported on ip6_vti0 [ 277.432444][T11227] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1605'. [ 277.641952][T11235] openvswitch: netlink: Key 0 has unexpected len 4 expected 0 [ 278.203405][T11258] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1615'. [ 278.865703][T11275] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1620'. [ 279.586782][T11299] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1632'. [ 279.596545][T11299] block nbd0: not configured, cannot reconfigure [ 279.613712][T11302] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1627'. [ 279.764654][T11310] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1636'. [ 281.906322][T11410] __nla_validate_parse: 4 callbacks suppressed [ 281.906348][T11410] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1673'. [ 282.373668][T11420] nlmon0: Master is either lo or non-ether device [ 282.610704][T11403] xt_hashlimit: size too large, truncated to 1048576 [ 283.628037][T11438] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1683'. [ 283.717993][T11441] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1683'. [ 283.727660][T11441] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1683'. [ 283.770062][T11441] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1683'. [ 283.931764][T11451] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1688'. [ 284.601804][T11468] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1694'. [ 285.136997][T11481] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1698'. [ 285.331533][T11487] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1701'. [ 285.722021][T11499] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1705'. [ 286.934932][T11536] __nla_validate_parse: 2 callbacks suppressed [ 286.934955][T11536] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1718'. [ 287.969791][T11563] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1727'. [ 288.169875][T11574] netlink: 240 bytes leftover after parsing attributes in process `syz.2.1731'. [ 288.378616][T11578] xt_hashlimit: size too large, truncated to 1048576 [ 288.663866][ T5857] Bluetooth: hci4: command 0x0406 tx timeout [ 288.936619][T11598] lo: entered promiscuous mode [ 288.963740][T11598] tunl0: entered promiscuous mode [ 288.969970][T11598] gre0: entered promiscuous mode [ 289.016223][T11598] erspan0: entered promiscuous mode [ 289.021951][T11598] ip_vti0: entered promiscuous mode [ 289.084177][T11598] ip6_vti0: entered promiscuous mode [ 289.090008][T11598] sit0: entered promiscuous mode [ 289.112383][T11598] ip6tnl0: entered promiscuous mode [ 289.124750][T11598] ip6gre0: entered promiscuous mode [ 289.139846][T11598] ip6gretap0: entered promiscuous mode [ 289.141959][T11603] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1738'. [ 289.151667][T11598] bridge0: entered promiscuous mode [ 289.211434][T11598] vcan0: entered promiscuous mode [ 289.217566][T11598] bond0: entered promiscuous mode [ 289.222843][T11598] bond_slave_0: entered promiscuous mode [ 289.269686][T11598] bond_slave_1: entered promiscuous mode [ 289.288578][T11598] mac80211_hwsim hwsim10 wlan1: entered promiscuous mode [ 289.297510][T11598] team0: entered promiscuous mode [ 289.312501][T11598] team_slave_0: entered promiscuous mode [ 289.328201][T11598] team_slave_1: entered promiscuous mode [ 289.340219][T11598] geneve0: entered promiscuous mode [ 289.347590][T11598] nlmon0: entered promiscuous mode [ 289.359714][T11598] caif0: entered promiscuous mode [ 289.441545][T11598] batadv0: entered promiscuous mode [ 289.484173][T11598] veth0: entered promiscuous mode [ 289.489476][T11598] veth1: entered promiscuous mode [ 289.543084][T11598] wg0: entered promiscuous mode [ 289.653727][T11598] wg1: left allmulticast mode [ 289.665213][T11598] wg2: entered promiscuous mode [ 289.691056][T11598] veth0_to_bridge: entered promiscuous mode [ 289.711506][T11598] veth1_to_bridge: entered promiscuous mode [ 289.751457][T11598] veth0_to_bond: entered promiscuous mode [ 289.782057][T11598] veth1_to_bond: entered promiscuous mode [ 289.824073][T11598] veth0_to_team: entered promiscuous mode [ 289.830317][T11598] veth1_to_team: entered promiscuous mode [ 289.861585][T11598] veth0_to_batadv: entered promiscuous mode [ 289.883745][T11598] batadv_slave_0: entered promiscuous mode [ 289.889971][T11598] veth1_to_batadv: entered promiscuous mode [ 289.913799][T11598] batadv_slave_1: entered promiscuous mode [ 289.920208][T11598] xfrm0: entered promiscuous mode [ 289.964161][T11598] veth0_to_hsr: entered promiscuous mode [ 289.983832][T11598] veth1_to_hsr: entered promiscuous mode [ 290.010667][T11598] hsr0: entered promiscuous mode [ 290.026050][T11598] veth1_virt_wifi: entered promiscuous mode [ 290.045735][T11598] veth0_virt_wifi: entered promiscuous mode [ 290.061650][T11598] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 290.103949][T11598] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 290.139202][T11598] vlan0: entered promiscuous mode [ 290.174093][T11598] vlan1: entered promiscuous mode [ 290.189892][T11598] macvlan0: entered promiscuous mode [ 290.220206][T11598] macvlan1: entered promiscuous mode [ 290.250671][T11598] ipvlan0: entered promiscuous mode [ 290.274860][T11598] ipvlan1: entered promiscuous mode [ 290.280652][T11598] macvtap0: entered promiscuous mode [ 290.327578][T11598] macsec0: entered promiscuous mode [ 290.347713][T11598] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.383738][T11598] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.404083][T11598] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.433480][T11598] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.487763][T11598] geneve1: entered promiscuous mode [ 290.493239][T11598] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode [ 290.599581][T11598] mac80211_hwsim hwsim10 syzkaller0: entered promiscuous mode [ 290.656050][T11598] bridge1: entered promiscuous mode [ 290.661607][T11598] netdevsim netdevsim0 eth0: entered promiscuous mode [ 290.703626][T11598] netdevsim netdevsim0 eth1: entered promiscuous mode [ 290.710732][T11598] netdevsim netdevsim0 eth2: entered promiscuous mode [ 290.763720][T11598] netdevsim netdevsim0 eth3: entered promiscuous mode [ 290.781066][T11598] vxlan0: entered promiscuous mode [ 290.811193][T11598] geneve2: entered promiscuous mode [ 290.821029][T11598] vlan2: entered promiscuous mode [ 290.827285][T11598] ieee802154 phy0 wpan0: entered promiscuous mode [ 290.997302][T11631] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1745'. [ 291.656873][T11656] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1754'. [ 291.728043][T11662] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1755'. [ 291.913849][T11666] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1757'. [ 292.281335][T11678] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1760'. [ 292.337922][T11680] netlink: 240 bytes leftover after parsing attributes in process `syz.4.1761'. [ 292.600730][T11684] bond0: entered promiscuous mode [ 292.646931][T11684] bond0: left promiscuous mode [ 292.763077][T11696] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1768'. [ 292.968959][T11704] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1770'. [ 293.050698][T11680] xt_hashlimit: size too large, truncated to 1048576 [ 293.724549][T11728] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1776'. [ 294.203482][T11740] bond0: entered promiscuous mode [ 294.274126][T11740] bond0: left promiscuous mode [ 294.409448][T11751] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1782'. [ 294.470596][T11751] gre0: left promiscuous mode [ 294.750336][T11762] netlink: 240 bytes leftover after parsing attributes in process `syz.2.1786'. [ 294.885863][T11767] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1787'. [ 294.950051][T11762] xt_hashlimit: size too large, truncated to 1048576 [ 294.983470][T11771] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1789'. [ 295.612066][T11791] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1796'. [ 295.794045][T11799] netlink: 'syz.4.1797': attribute type 10 has an invalid length. [ 295.822496][T11799] macvlan0: entered promiscuous mode [ 295.846411][T11799] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 297.166735][T11840] bond0: entered promiscuous mode [ 297.196791][T11840] bond0: left promiscuous mode [ 297.565342][T11852] __nla_validate_parse: 2 callbacks suppressed [ 297.565367][T11852] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1814'. [ 297.735249][T11862] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1817'. [ 298.363146][T11875] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1822'. [ 298.462975][T11852] xt_hashlimit: size too large, truncated to 1048576 [ 298.546712][T11884] pim6reg: entered allmulticast mode [ 298.684664][T11883] pim6reg: left allmulticast mode [ 298.851426][T11889] bond0: entered promiscuous mode [ 298.861090][T11889] bond0: left promiscuous mode [ 299.205468][T11897] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1829'. [ 299.549069][T11908] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1832'. [ 300.044062][T11928] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1838'. [ 300.595460][T11934] bond0: entered promiscuous mode [ 300.626480][T11934] bond0: left promiscuous mode [ 300.638055][T11938] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1840'. [ 300.830230][T11941] xt_hashlimit: size too large, truncated to 1048576 [ 301.270153][T11946] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1842'. [ 301.623956][T11954] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1846'. [ 302.016667][T11965] bond0: entered promiscuous mode [ 302.048924][T11965] bond0: left promiscuous mode [ 302.269607][T11981] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1856'. [ 303.538805][T12003] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1862'. [ 303.665113][T12005] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1863'. [ 303.788727][T12006] xt_hashlimit: size too large, truncated to 1048576 [ 304.607735][T12020] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1867'. [ 304.667488][T12022] bond0: entered promiscuous mode [ 304.672823][T12022] bond_slave_0: entered promiscuous mode [ 304.704075][T12022] bond_slave_1: entered promiscuous mode [ 304.815033][T12022] bond0: left promiscuous mode [ 304.819906][T12022] bond_slave_0: left promiscuous mode [ 304.831944][T12022] bond_slave_1: left promiscuous mode [ 304.894346][T12030] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1870'. [ 305.276166][T12046] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 306.012335][T12073] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1884'. [ 306.512735][T12087] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1889'. [ 306.692426][T12090] xt_hashlimit: size too large, truncated to 1048576 [ 306.781577][T12094] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1891'. [ 307.852040][T12128] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1904'. [ 307.951639][T12132] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1905'. [ 308.615120][T12166] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1918'. [ 308.747574][T12171] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1919'. [ 309.639346][T12200] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1929'. [ 309.665398][T12200] netlink: 248 bytes leftover after parsing attributes in process `syz.4.1929'. [ 310.443627][T12229] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1936'. [ 311.622925][T12273] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1948'. [ 314.099950][T12352] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1965'. [ 315.067389][T12391] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1976'. [ 315.208220][T12397] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1977'. [ 316.462930][T12441] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1990'. [ 316.572051][T12444] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1991'. [ 318.363669][T12490] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2005'. [ 318.560914][T12495] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2007'. [ 319.797994][T12528] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2018'. [ 319.998474][T12534] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2020'. [ 321.213621][T12573] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2031'. [ 321.603117][T12590] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2038'. [ 321.722946][T12601] bridge_slave_1: left allmulticast mode [ 321.759184][T12601] bridge_slave_1: left promiscuous mode [ 321.782168][T12601] bridge0: port 2(bridge_slave_1) entered disabled state [ 321.861898][T12601] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 322.230835][T12611] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2044'. [ 322.432479][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.757117][T12626] FAULT_INJECTION: forcing a failure. [ 322.757117][T12626] name failslab, interval 1, probability 0, space 0, times 0 [ 322.788332][T12626] CPU: 1 UID: 0 PID: 12626 Comm: syz.1.2051 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 322.788367][T12626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 322.788405][T12626] Call Trace: [ 322.788414][T12626] [ 322.788423][T12626] dump_stack_lvl+0x241/0x360 [ 322.788465][T12626] ? __pfx_dump_stack_lvl+0x10/0x10 [ 322.788495][T12626] ? __pfx__printk+0x10/0x10 [ 322.788530][T12626] ? ref_tracker_alloc+0x316/0x4c0 [ 322.788562][T12626] should_fail_ex+0x424/0x570 [ 322.788593][T12626] should_failslab+0xac/0x100 [ 322.788623][T12626] kmem_cache_alloc_noprof+0x78/0x390 [ 322.788650][T12626] ? skb_clone+0x20c/0x390 [ 322.788684][T12626] skb_clone+0x20c/0x390 [ 322.788715][T12626] __netlink_deliver_tap+0x3c4/0x7f0 [ 322.788749][T12626] ? netlink_deliver_tap+0x2e/0x1b0 [ 322.788768][T12626] netlink_deliver_tap+0x19d/0x1b0 [ 322.788791][T12626] __netlink_sendskb+0x60/0xd0 [ 322.788825][T12626] netlink_dump+0xa7f/0xeb0 [ 322.788858][T12626] ? __pfx_netlink_dump+0x10/0x10 [ 322.788897][T12626] ? netlink_recvmsg+0x620/0x1180 [ 322.788922][T12626] ? netlink_recvmsg+0x620/0x1180 [ 322.788949][T12626] netlink_recvmsg+0x6c7/0x1180 [ 322.788980][T12626] ? __pfx_netlink_recvmsg+0x10/0x10 [ 322.789006][T12626] ? __pfx_aa_sk_perm+0x10/0x10 [ 322.789036][T12626] ? __fget_files+0x2a/0x420 [ 322.789066][T12626] ? aa_sock_msg_perm+0x91/0x160 [ 322.789096][T12626] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 322.789126][T12626] ? __pfx_netlink_recvmsg+0x10/0x10 [ 322.789150][T12626] sock_recvmsg+0x22f/0x280 [ 322.789187][T12626] __sys_recvfrom+0x204/0x380 [ 322.789217][T12626] ? __pfx___sys_recvfrom+0x10/0x10 [ 322.789256][T12626] ? lock_vma_under_rcu+0x1f0/0x9a0 [ 322.789315][T12626] __x64_sys_recvfrom+0xde/0x100 [ 322.789344][T12626] do_syscall_64+0xf3/0x230 [ 322.789368][T12626] ? clear_bhb_loop+0x45/0xa0 [ 322.789402][T12626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.789432][T12626] RIP: 0033:0x7fc12198ef34 [ 322.789451][T12626] Code: 89 4c 24 1c e8 ed 5f 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 60 02 00 48 8b 04 [ 322.789469][T12626] RSP: 002b:00007fc122893ed0 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 322.789493][T12626] RAX: ffffffffffffffda RBX: 00007fc122893fc0 RCX: 00007fc12198ef34 [ 322.789508][T12626] RDX: 0000000000001000 RSI: 00007fc122894010 RDI: 0000000000000003 [ 322.789521][T12626] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 322.789533][T12626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 322.789546][T12626] R13: 00007fc122893f68 R14: 00007fc122894010 R15: 0000000000000000 [ 322.789580][T12626] [ 324.146257][T12648] bond0: entered promiscuous mode [ 324.157328][T12648] bond0: left promiscuous mode [ 324.809651][T12669] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2061'. [ 324.854050][T12669] block nbd0: not configured, cannot reconfigure [ 325.233887][T12686] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2064'. [ 325.616797][T12695] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 325.871474][T12708] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2073'. [ 325.897574][T12708] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 326.515545][T12725] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2078'. [ 326.815467][T12730] syzkaller1: tun_chr_ioctl cmd 1074025680 [ 327.761757][T12760] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2089'. [ 328.547588][T12795] netlink: 'syz.4.2095': attribute type 29 has an invalid length. [ 328.563991][T12795] netlink: 'syz.4.2095': attribute type 29 has an invalid length. [ 329.939279][T12833] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2103'. [ 330.036269][T12834] netlink: 136 bytes leftover after parsing attributes in process `syz.3.2105'. [ 330.232908][T12843] netlink: 'syz.1.2103': attribute type 1 has an invalid length. [ 330.435388][T12860] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2114'. [ 330.463342][T12860] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2114'. [ 331.624212][T12892] netlink: 'syz.0.2122': attribute type 15 has an invalid length. [ 331.708722][T12896] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2124'. [ 331.771553][T12898] sctp: [Deprecated]: syz.4.2125 (pid 12898) Use of struct sctp_assoc_value in delayed_ack socket option. [ 331.771553][T12898] Use struct sctp_sack_info instead [ 332.025169][ T8302] bond0: (slave macvlan0): link status definitely down, disabling slave [ 332.095635][T12908] FAULT_INJECTION: forcing a failure. [ 332.095635][T12908] name failslab, interval 1, probability 0, space 0, times 0 [ 332.143381][T12908] CPU: 0 UID: 0 PID: 12908 Comm: syz.2.2128 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 332.143435][T12908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 332.143449][T12908] Call Trace: [ 332.143458][T12908] [ 332.143467][T12908] dump_stack_lvl+0x241/0x360 [ 332.143506][T12908] ? __pfx_dump_stack_lvl+0x10/0x10 [ 332.143535][T12908] ? __pfx__printk+0x10/0x10 [ 332.143569][T12908] ? __pfx___might_resched+0x10/0x10 [ 332.143599][T12908] should_fail_ex+0x424/0x570 [ 332.143632][T12908] should_failslab+0xac/0x100 [ 332.143662][T12908] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 332.143692][T12908] ? __alloc_skb+0x1c2/0x480 [ 332.143727][T12908] __alloc_skb+0x1c2/0x480 [ 332.143749][T12908] ? stack_depot_save_flags+0x44/0x940 [ 332.143780][T12908] ? __pfx___alloc_skb+0x10/0x10 [ 332.143804][T12908] ? kasan_save_track+0x51/0x80 [ 332.143824][T12908] ? kasan_save_free_info+0x40/0x50 [ 332.143853][T12908] ? __kasan_slab_free+0x59/0x70 [ 332.143875][T12908] ? kmem_cache_free+0x197/0x410 [ 332.143901][T12908] ? unix_dgram_sendmsg+0x816/0x1ea0 [ 332.143921][T12908] ? __sock_sendmsg+0x221/0x270 [ 332.143950][T12908] ? ____sys_sendmsg+0x523/0x860 [ 332.143977][T12908] alloc_skb_with_frags+0xc3/0x830 [ 332.144021][T12908] sock_alloc_send_pskb+0x91c/0xa70 [ 332.144071][T12908] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 332.144120][T12908] unix_dgram_sendmsg+0x6d4/0x1ea0 [ 332.144158][T12908] ? aa_sk_perm+0x96f/0xac0 [ 332.144189][T12908] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 332.144215][T12908] ? __import_iovec+0x3c2/0x830 [ 332.144237][T12908] ? aa_sock_msg_perm+0x91/0x160 [ 332.144266][T12908] ? unix_seqpacket_sendmsg+0x110/0x1e0 [ 332.144293][T12908] ? __pfx_unix_seqpacket_sendmsg+0x10/0x10 [ 332.144315][T12908] __sock_sendmsg+0x221/0x270 [ 332.144350][T12908] ____sys_sendmsg+0x523/0x860 [ 332.144386][T12908] ? __pfx_____sys_sendmsg+0x10/0x10 [ 332.144431][T12908] __sys_sendmmsg+0x3a0/0x7b0 [ 332.144470][T12908] ? __pfx___sys_sendmmsg+0x10/0x10 [ 332.144535][T12908] ? rcu_read_lock_any_held+0xbb/0x160 [ 332.144562][T12908] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 332.144593][T12908] ? vfs_write+0xb29/0xd10 [ 332.144626][T12908] ? ksys_write+0x24e/0x2d0 [ 332.144652][T12908] ? __mutex_unlock_slowpath+0x229/0x800 [ 332.144717][T12908] ? ksys_write+0x275/0x2d0 [ 332.144751][T12908] __x64_sys_sendmmsg+0xa0/0xb0 [ 332.144780][T12908] do_syscall_64+0xf3/0x230 [ 332.144803][T12908] ? clear_bhb_loop+0x45/0xa0 [ 332.144828][T12908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.144848][T12908] RIP: 0033:0x7f4e08f8d169 [ 332.144869][T12908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 332.144886][T12908] RSP: 002b:00007f4e09db1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 332.144908][T12908] RAX: ffffffffffffffda RBX: 00007f4e091a5fa0 RCX: 00007f4e08f8d169 [ 332.144924][T12908] RDX: 0400000000000292 RSI: 0000200000002c40 RDI: 0000000000000003 [ 332.144938][T12908] RBP: 00007f4e09db1090 R08: 0000000000000000 R09: 0000000000000000 [ 332.144951][T12908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 332.144964][T12908] R13: 0000000000000000 R14: 00007f4e091a5fa0 R15: 00007ffe3100cc78 [ 332.144997][T12908] [ 333.074133][T12924] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2135'. [ 333.413956][T12937] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2142'. [ 334.048939][T12966] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2148'. [ 334.092464][T12968] FAULT_INJECTION: forcing a failure. [ 334.092464][T12968] name failslab, interval 1, probability 0, space 0, times 0 [ 334.108450][T12968] CPU: 0 UID: 0 PID: 12968 Comm: syz.1.2149 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 334.108484][T12968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 334.108498][T12968] Call Trace: [ 334.108507][T12968] [ 334.108524][T12968] dump_stack_lvl+0x241/0x360 [ 334.108563][T12968] ? __pfx_dump_stack_lvl+0x10/0x10 [ 334.108593][T12968] ? __pfx__printk+0x10/0x10 [ 334.108627][T12968] ? __pfx___might_resched+0x10/0x10 [ 334.108658][T12968] should_fail_ex+0x424/0x570 [ 334.108690][T12968] should_failslab+0xac/0x100 [ 334.108722][T12968] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 334.108753][T12968] ? __alloc_skb+0x1c2/0x480 [ 334.108783][T12968] __alloc_skb+0x1c2/0x480 [ 334.108829][T12968] ? __pfx___alloc_skb+0x10/0x10 [ 334.108865][T12968] netlink_sendmsg+0x638/0xcd0 [ 334.108907][T12968] ? __pfx_netlink_sendmsg+0x10/0x10 [ 334.108935][T12968] ? aa_sock_msg_perm+0x91/0x160 [ 334.108971][T12968] ? __pfx_netlink_sendmsg+0x10/0x10 [ 334.108991][T12968] __sock_sendmsg+0x221/0x270 [ 334.109028][T12968] ____sys_sendmsg+0x523/0x860 [ 334.109065][T12968] ? __pfx_____sys_sendmsg+0x10/0x10 [ 334.109090][T12968] ? __fget_files+0x2a/0x420 [ 334.109125][T12968] ? __fget_files+0x2a/0x420 [ 334.109168][T12968] __sys_sendmsg+0x271/0x360 [ 334.109201][T12968] ? __pfx___sys_sendmsg+0x10/0x10 [ 334.109287][T12968] ? do_syscall_64+0xb6/0x230 [ 334.109316][T12968] do_syscall_64+0xf3/0x230 [ 334.109340][T12968] ? clear_bhb_loop+0x45/0xa0 [ 334.109365][T12968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.109386][T12968] RIP: 0033:0x7fc12198d169 [ 334.109405][T12968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 334.109423][T12968] RSP: 002b:00007fc122895038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 334.109447][T12968] RAX: ffffffffffffffda RBX: 00007fc121ba5fa0 RCX: 00007fc12198d169 [ 334.109463][T12968] RDX: 0000000000004880 RSI: 0000200000000e40 RDI: 0000000000000004 [ 334.109476][T12968] RBP: 00007fc122895090 R08: 0000000000000000 R09: 0000000000000000 [ 334.109489][T12968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 334.109502][T12968] R13: 0000000000000000 R14: 00007fc121ba5fa0 R15: 00007ffd120ec398 [ 334.109543][T12968] [ 334.542605][T12975] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2151'. [ 334.613228][T12978] netlink: 'syz.4.2152': attribute type 39 has an invalid length. [ 334.645771][T12975] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2151'. [ 334.720522][T12975] 8021q: VLANs not supported on vxcan1 [ 334.776087][T12981] ip6_vti0: entered promiscuous mode [ 334.939479][T12977] ip6_vti0: left promiscuous mode [ 335.060664][T13002] __nla_validate_parse: 1 callbacks suppressed [ 335.060688][T13002] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2160'. [ 335.073651][ T5844] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 335.076693][ T5857] Bluetooth: hci0: command 0x0401 tx timeout [ 335.168376][T13005] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2161'. [ 335.249827][T13007] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2162'. [ 335.520272][T13002] xt_hashlimit: size too large, truncated to 1048576 [ 335.682519][T13007] xt_hashlimit: size too large, truncated to 1048576 [ 336.103777][T13026] FAULT_INJECTION: forcing a failure. [ 336.103777][T13026] name failslab, interval 1, probability 0, space 0, times 0 [ 336.117886][T13026] CPU: 0 UID: 0 PID: 13026 Comm: syz.1.2166 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 336.117916][T13026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 336.117929][T13026] Call Trace: [ 336.117937][T13026] [ 336.117946][T13026] dump_stack_lvl+0x241/0x360 [ 336.117983][T13026] ? __pfx_dump_stack_lvl+0x10/0x10 [ 336.118013][T13026] ? __pfx__printk+0x10/0x10 [ 336.118045][T13026] ? __pfx___might_resched+0x10/0x10 [ 336.118077][T13026] should_fail_ex+0x424/0x570 [ 336.118107][T13026] should_failslab+0xac/0x100 [ 336.118138][T13026] __kmalloc_cache_noprof+0x73/0x370 [ 336.118166][T13026] ? rtnl_newlink+0x144/0x1fe0 [ 336.118193][T13026] rtnl_newlink+0x144/0x1fe0 [ 336.118212][T13026] ? stack_depot_save_flags+0x44/0x940 [ 336.118247][T13026] ? kasan_save_track+0x51/0x80 [ 336.118266][T13026] ? kasan_save_track+0x3f/0x80 [ 336.118288][T13026] ? __pfx_rtnl_newlink+0x10/0x10 [ 336.118313][T13026] ? dev_hard_start_xmit+0x2d9/0x830 [ 336.118338][T13026] ? __dev_queue_xmit+0x1b80/0x3f60 [ 336.118363][T13026] ? __netlink_deliver_tap+0x561/0x7f0 [ 336.118383][T13026] ? netlink_deliver_tap+0x19d/0x1b0 [ 336.118401][T13026] ? netlink_unicast+0x7c6/0x9a0 [ 336.118430][T13026] ? netlink_sendmsg+0x8c3/0xcd0 [ 336.118448][T13026] ? __sock_sendmsg+0x221/0x270 [ 336.118477][T13026] ? ____sys_sendmsg+0x523/0x860 [ 336.118500][T13026] ? __sys_sendmsg+0x271/0x360 [ 336.118523][T13026] ? do_syscall_64+0xf3/0x230 [ 336.118544][T13026] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.118603][T13026] ? kasan_quarantine_put+0xdc/0x230 [ 336.118623][T13026] ? lockdep_hardirqs_on+0x9d/0x150 [ 336.118649][T13026] ? nlmon_xmit+0xaf/0x100 [ 336.118679][T13026] ? __local_bh_enable_ip+0x168/0x200 [ 336.118697][T13026] ? lockdep_hardirqs_on+0x9d/0x150 [ 336.118728][T13026] ? aa_get_newest_label+0x101/0x6f0 [ 336.118764][T13026] ? __lock_acquire+0xad5/0xd80 [ 336.118807][T13026] ? __pfx_rtnl_newlink+0x10/0x10 [ 336.118829][T13026] rtnetlink_rcv_msg+0x80f/0xd70 [ 336.118848][T13026] ? rtnetlink_rcv_msg+0x1ba/0xd70 [ 336.118874][T13026] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 336.118902][T13026] ? ref_tracker_free+0x63e/0x7e0 [ 336.118938][T13026] netlink_rcv_skb+0x208/0x480 [ 336.118960][T13026] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 336.118982][T13026] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 336.119023][T13026] ? netlink_deliver_tap+0x2e/0x1b0 [ 336.119047][T13026] ? netlink_deliver_tap+0x2e/0x1b0 [ 336.119071][T13026] netlink_unicast+0x7f8/0x9a0 [ 336.119112][T13026] ? __pfx_netlink_unicast+0x10/0x10 [ 336.119139][T13026] ? __rcu_read_unlock+0xa1/0x110 [ 336.119161][T13026] ? skb_put+0x114/0x1f0 [ 336.119190][T13026] netlink_sendmsg+0x8c3/0xcd0 [ 336.119225][T13026] ? __pfx_netlink_sendmsg+0x10/0x10 [ 336.119252][T13026] ? aa_sock_msg_perm+0x91/0x160 [ 336.119286][T13026] ? __pfx_netlink_sendmsg+0x10/0x10 [ 336.119312][T13026] __sock_sendmsg+0x221/0x270 [ 336.119347][T13026] ____sys_sendmsg+0x523/0x860 [ 336.119383][T13026] ? __pfx_____sys_sendmsg+0x10/0x10 [ 336.119407][T13026] ? __fget_files+0x2a/0x420 [ 336.119441][T13026] ? __fget_files+0x2a/0x420 [ 336.119482][T13026] __sys_sendmsg+0x271/0x360 [ 336.119514][T13026] ? __pfx___sys_sendmsg+0x10/0x10 [ 336.119600][T13026] ? do_syscall_64+0xb6/0x230 [ 336.119627][T13026] do_syscall_64+0xf3/0x230 [ 336.119651][T13026] ? clear_bhb_loop+0x45/0xa0 [ 336.119675][T13026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.119696][T13026] RIP: 0033:0x7fc12198d169 [ 336.119715][T13026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 336.119732][T13026] RSP: 002b:00007fc122895038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 336.119763][T13026] RAX: ffffffffffffffda RBX: 00007fc121ba5fa0 RCX: 00007fc12198d169 [ 336.119778][T13026] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 336.119792][T13026] RBP: 00007fc122895090 R08: 0000000000000000 R09: 0000000000000000 [ 336.119804][T13026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 336.119817][T13026] R13: 0000000000000000 R14: 00007fc121ba5fa0 R15: 00007ffd120ec398 [ 336.119850][T13026] [ 337.061176][T13040] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 337.187340][T13046] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2173'. [ 337.367851][T13056] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2176'. [ 337.399787][T13056] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2176'. [ 337.570528][T13066] xt_hashlimit: size too large, truncated to 1048576 [ 337.980066][T13080] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2182'. [ 338.000260][T13080] block nbd0: not configured, cannot reconfigure [ 338.464189][T13097] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2187'. [ 338.692618][T13107] FAULT_INJECTION: forcing a failure. [ 338.692618][T13107] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 338.701995][T13105] bridge0: entered promiscuous mode [ 338.711816][T13105] macvlan2: entered promiscuous mode [ 338.722255][T13107] CPU: 0 UID: 0 PID: 13107 Comm: syz.1.2190 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 338.722290][T13107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 338.722302][T13107] Call Trace: [ 338.722310][T13107] [ 338.722318][T13107] dump_stack_lvl+0x241/0x360 [ 338.722355][T13107] ? __pfx_dump_stack_lvl+0x10/0x10 [ 338.722385][T13107] ? __pfx__printk+0x10/0x10 [ 338.722424][T13107] should_fail_ex+0x424/0x570 [ 338.722454][T13107] _copy_from_iter+0x211/0x1c70 [ 338.722492][T13107] ? __build_skb_around+0x247/0x3d0 [ 338.722522][T13107] ? __alloc_skb+0x298/0x480 [ 338.722543][T13107] ? __pfx__copy_from_iter+0x10/0x10 [ 338.722578][T13107] ? __pfx___alloc_skb+0x10/0x10 [ 338.722604][T13107] ? skb_put+0x114/0x1f0 [ 338.722634][T13107] netlink_sendmsg+0x73c/0xcd0 [ 338.722669][T13107] ? __pfx_netlink_sendmsg+0x10/0x10 [ 338.722695][T13107] ? aa_sock_msg_perm+0x91/0x160 [ 338.722731][T13107] ? __pfx_netlink_sendmsg+0x10/0x10 [ 338.722776][T13107] __sock_sendmsg+0x221/0x270 [ 338.722822][T13107] ____sys_sendmsg+0x523/0x860 [ 338.722859][T13107] ? __pfx_____sys_sendmsg+0x10/0x10 [ 338.722881][T13107] ? __fget_files+0x2a/0x420 [ 338.722916][T13107] ? __fget_files+0x2a/0x420 [ 338.722957][T13107] __sys_sendmsg+0x271/0x360 [ 338.722989][T13107] ? __pfx___sys_sendmsg+0x10/0x10 [ 338.723069][T13107] ? do_syscall_64+0xb6/0x230 [ 338.723095][T13107] do_syscall_64+0xf3/0x230 [ 338.723117][T13107] ? clear_bhb_loop+0x45/0xa0 [ 338.723141][T13107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 338.723160][T13107] RIP: 0033:0x7fc12198d169 [ 338.723178][T13107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 338.723197][T13107] RSP: 002b:00007fc122895038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 338.723219][T13107] RAX: ffffffffffffffda RBX: 00007fc121ba5fa0 RCX: 00007fc12198d169 [ 338.723234][T13107] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 338.723248][T13107] RBP: 00007fc122895090 R08: 0000000000000000 R09: 0000000000000000 [ 338.723259][T13107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 338.723275][T13107] R13: 0000000000000000 R14: 00007fc121ba5fa0 R15: 00007ffd120ec398 [ 338.723304][T13107] [ 338.732131][T13105] bridge0: port 3(macvlan2) entered blocking state [ 338.998203][T13105] bridge0: port 3(macvlan2) entered disabled state [ 339.005251][T13105] macvlan2: entered allmulticast mode [ 339.010769][T13105] bridge0: entered allmulticast mode [ 339.047173][T13105] macvlan2: left allmulticast mode [ 339.052647][T13105] bridge0: left allmulticast mode [ 339.069574][T13105] bridge0: left promiscuous mode [ 340.008972][T13132] sctp: [Deprecated]: syz.2.2200 (pid 13132) Use of struct sctp_assoc_value in delayed_ack socket option. [ 340.008972][T13132] Use struct sctp_sack_info instead [ 341.045963][T13159] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2207'. [ 341.367532][T13168] sctp: [Deprecated]: syz.4.2211 (pid 13168) Use of struct sctp_assoc_value in delayed_ack socket option. [ 341.367532][T13168] Use struct sctp_sack_info instead [ 342.961575][T13198] pim6reg: entered allmulticast mode [ 342.996916][T13197] pim6reg: left allmulticast mode [ 343.356235][T13205] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2221'. [ 343.556059][T13210] sctp: [Deprecated]: syz.3.2223 (pid 13210) Use of struct sctp_assoc_value in delayed_ack socket option. [ 343.556059][T13210] Use struct sctp_sack_info instead [ 343.820668][T13218] lo: left promiscuous mode [ 343.830067][T13218] tunl0: left promiscuous mode [ 343.856168][T13218] gretap0: left promiscuous mode [ 343.880056][T13218] erspan0: left promiscuous mode [ 343.921686][T13218] ip_vti0: left promiscuous mode [ 343.941271][T13218] ip6_vti0: left promiscuous mode [ 343.952132][T13218] sit0: left promiscuous mode [ 343.983145][T13218] ip6tnl0: left promiscuous mode [ 344.007726][T13218] ip6gre0: left promiscuous mode [ 344.050338][T13218] ip6gretap0: left promiscuous mode [ 344.072119][T13218] bridge0: left promiscuous mode [ 344.086357][T13218] vcan0: left promiscuous mode [ 344.104054][T13218] 8021q: adding VLAN 0 to HW filter on device bond0 [ 344.119033][T13218] team0: left promiscuous mode [ 344.127137][T13218] 8021q: adding VLAN 0 to HW filter on device team0 [ 344.139342][T13218] nlmon0: left promiscuous mode [ 344.146016][T13218] caif0: left promiscuous mode [ 344.150844][T13218] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 344.199052][T13220] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 344.248562][ T13] bond0: (slave bond_slave_0): link status definitely down, disabling slave [ 344.258626][ T13] bond0: (slave bond_slave_1): link status definitely down, disabling slave [ 344.275351][ T13] bond0: now running without any active interface! [ 344.305444][T13218] syz.0.2226 (13218) used greatest stack depth: 18680 bytes left [ 345.026829][T13250] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2233'. [ 345.212296][T13262] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2234'. [ 345.334902][T13262] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2234'. [ 345.494906][T13270] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2236'. [ 346.009636][T13276] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2238'. [ 346.024305][T13278] sctp: [Deprecated]: syz.1.2239 (pid 13278) Use of struct sctp_assoc_value in delayed_ack socket option. [ 346.024305][T13278] Use struct sctp_sack_info instead [ 346.217899][T13272] bridge0: port 2(gretap0) entered disabled state [ 346.248648][T13272] netlink: 136 bytes leftover after parsing attributes in process `syz.3.2248'. [ 346.374085][T13281] xt_hashlimit: size too large, truncated to 1048576 [ 347.418812][T13312] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2249'. [ 348.104144][T13329] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2254'. [ 348.304772][T13336] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2255'. [ 348.347759][T13336] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2255'. [ 348.536116][T13349] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2260'. [ 348.575318][T13342] xt_hashlimit: size too large, truncated to 1048576 [ 348.591614][T13348] sctp: [Deprecated]: syz.3.2259 (pid 13348) Use of struct sctp_assoc_value in delayed_ack socket option. [ 348.591614][T13348] Use struct sctp_sack_info instead [ 349.088362][T13371] FAULT_INJECTION: forcing a failure. [ 349.088362][T13371] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 349.129588][T13371] CPU: 1 UID: 0 PID: 13371 Comm: syz.1.2267 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 349.129623][T13371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 349.129637][T13371] Call Trace: [ 349.129646][T13371] [ 349.129656][T13371] dump_stack_lvl+0x241/0x360 [ 349.129695][T13371] ? __pfx_dump_stack_lvl+0x10/0x10 [ 349.129725][T13371] ? __pfx__printk+0x10/0x10 [ 349.129784][T13371] should_fail_ex+0x424/0x570 [ 349.129818][T13371] _copy_from_user+0x2d/0xb0 [ 349.129843][T13371] do_sock_getsockopt+0x1d5/0x740 [ 349.129879][T13371] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 349.129904][T13371] ? __fget_files+0x2a/0x420 [ 349.129939][T13371] ? __fget_files+0x39d/0x420 [ 349.129971][T13371] ? __fget_files+0x2a/0x420 [ 349.130013][T13371] __x64_sys_getsockopt+0x2a3/0x370 [ 349.130049][T13371] ? __pfx___x64_sys_getsockopt+0x10/0x10 [ 349.130082][T13371] ? do_syscall_64+0xb6/0x230 [ 349.130112][T13371] do_syscall_64+0xf3/0x230 [ 349.130138][T13371] ? clear_bhb_loop+0x45/0xa0 [ 349.130165][T13371] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.130187][T13371] RIP: 0033:0x7fc12198d169 [ 349.130208][T13371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 349.130227][T13371] RSP: 002b:00007fc122895038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 349.130251][T13371] RAX: ffffffffffffffda RBX: 00007fc121ba5fa0 RCX: 00007fc12198d169 [ 349.130267][T13371] RDX: 0000000000000014 RSI: 0000000000000084 RDI: 0000000000000004 [ 349.130281][T13371] RBP: 00007fc122895090 R08: 0000000000000000 R09: 0000000000000000 [ 349.130295][T13371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 349.130308][T13371] R13: 0000000000000000 R14: 00007fc121ba5fa0 R15: 00007ffd120ec398 [ 349.130349][T13371] [ 349.386704][T13374] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2268'. [ 349.451808][T13377] FAULT_INJECTION: forcing a failure. [ 349.451808][T13377] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 349.498548][T13377] CPU: 1 UID: 0 PID: 13377 Comm: syz.0.2270 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 349.498581][T13377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 349.498594][T13377] Call Trace: [ 349.498603][T13377] [ 349.498611][T13377] dump_stack_lvl+0x241/0x360 [ 349.498649][T13377] ? __pfx_dump_stack_lvl+0x10/0x10 [ 349.498679][T13377] ? __pfx__printk+0x10/0x10 [ 349.498722][T13377] should_fail_ex+0x424/0x570 [ 349.498754][T13377] _copy_from_user+0x2d/0xb0 [ 349.498777][T13377] __sys_bpf+0x1c5/0x8b0 [ 349.498801][T13377] ? __pfx___sys_bpf+0x10/0x10 [ 349.498836][T13377] ? ksys_write+0x275/0x2d0 [ 349.498874][T13377] __x64_sys_bpf+0x7c/0x90 [ 349.498905][T13377] do_syscall_64+0xf3/0x230 [ 349.498931][T13377] ? clear_bhb_loop+0x45/0xa0 [ 349.498964][T13377] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 349.498985][T13377] RIP: 0033:0x7fe85138d169 [ 349.499004][T13377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 349.499022][T13377] RSP: 002b:00007fe8521b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 349.499045][T13377] RAX: ffffffffffffffda RBX: 00007fe8515a5fa0 RCX: 00007fe85138d169 [ 349.499060][T13377] RDX: 0000000000000094 RSI: 0000200000000700 RDI: 0000000000000005 [ 349.499074][T13377] RBP: 00007fe8521b0090 R08: 0000000000000000 R09: 0000000000000000 [ 349.499087][T13377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 349.499099][T13377] R13: 0000000000000001 R14: 00007fe8515a5fa0 R15: 00007fff0402f518 [ 349.499132][T13377] [ 350.151890][T13392] sctp: [Deprecated]: syz.1.2274 (pid 13392) Use of struct sctp_assoc_value in delayed_ack socket option. [ 350.151890][T13392] Use struct sctp_sack_info instead [ 350.314157][T13399] FAULT_INJECTION: forcing a failure. [ 350.314157][T13399] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 350.367308][T13399] CPU: 0 UID: 0 PID: 13399 Comm: syz.2.2277 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 350.367344][T13399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 350.367358][T13399] Call Trace: [ 350.367367][T13399] [ 350.367376][T13399] dump_stack_lvl+0x241/0x360 [ 350.367416][T13399] ? __pfx_dump_stack_lvl+0x10/0x10 [ 350.367447][T13399] ? __pfx__printk+0x10/0x10 [ 350.367492][T13399] should_fail_ex+0x424/0x570 [ 350.367525][T13399] _copy_from_user+0x2d/0xb0 [ 350.367548][T13399] copy_msghdr_from_user+0xb3/0x580 [ 350.367590][T13399] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 350.367658][T13399] ? __fget_files+0x2a/0x420 [ 350.367694][T13399] ? __fget_files+0x2a/0x420 [ 350.367737][T13399] __sys_sendmsg+0x20a/0x360 [ 350.367771][T13399] ? __pfx___sys_sendmsg+0x10/0x10 [ 350.367861][T13399] ? do_syscall_64+0xb6/0x230 [ 350.367890][T13399] do_syscall_64+0xf3/0x230 [ 350.367914][T13399] ? clear_bhb_loop+0x45/0xa0 [ 350.367941][T13399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.367962][T13399] RIP: 0033:0x7f4e08f8d169 [ 350.367980][T13399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 350.367998][T13399] RSP: 002b:00007f4e09db1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 350.368022][T13399] RAX: ffffffffffffffda RBX: 00007f4e091a5fa0 RCX: 00007f4e08f8d169 [ 350.368039][T13399] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 350.368053][T13399] RBP: 00007f4e09db1090 R08: 0000000000000000 R09: 0000000000000000 [ 350.368066][T13399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 350.368079][T13399] R13: 0000000000000000 R14: 00007f4e091a5fa0 R15: 00007ffe3100cc78 [ 350.368112][T13399] [ 350.734719][T13414] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2281'. [ 351.260412][T13426] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2287'. [ 351.301482][T13429] sctp: [Deprecated]: syz.2.2288 (pid 13429) Use of struct sctp_assoc_value in delayed_ack socket option. [ 351.301482][T13429] Use struct sctp_sack_info instead [ 351.311545][T13426] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2287'. [ 351.532306][T13439] FAULT_INJECTION: forcing a failure. [ 351.532306][T13439] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 351.572419][T13439] CPU: 1 UID: 0 PID: 13439 Comm: syz.2.2290 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 351.572454][T13439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 351.572469][T13439] Call Trace: [ 351.572478][T13439] [ 351.572518][T13439] dump_stack_lvl+0x241/0x360 [ 351.572564][T13439] ? __pfx_dump_stack_lvl+0x10/0x10 [ 351.572594][T13439] ? __pfx__printk+0x10/0x10 [ 351.572638][T13439] should_fail_ex+0x424/0x570 [ 351.572672][T13439] _copy_from_user+0x2d/0xb0 [ 351.572696][T13439] copy_msghdr_from_user+0xb3/0x580 [ 351.572737][T13439] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 351.572769][T13439] ? __fget_files+0x2a/0x420 [ 351.572804][T13439] ? __fget_files+0x2a/0x420 [ 351.572846][T13439] __sys_sendmsg+0x20a/0x360 [ 351.572881][T13439] ? __pfx___sys_sendmsg+0x10/0x10 [ 351.572969][T13439] ? do_syscall_64+0xb6/0x230 [ 351.572998][T13439] do_syscall_64+0xf3/0x230 [ 351.573022][T13439] ? clear_bhb_loop+0x45/0xa0 [ 351.573047][T13439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.573068][T13439] RIP: 0033:0x7f4e08f8d169 [ 351.573088][T13439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 351.573106][T13439] RSP: 002b:00007f4e09d90038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 351.573129][T13439] RAX: ffffffffffffffda RBX: 00007f4e091a6080 RCX: 00007f4e08f8d169 [ 351.573144][T13439] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 000000000000000d [ 351.573157][T13439] RBP: 00007f4e09d90090 R08: 0000000000000000 R09: 0000000000000000 [ 351.573170][T13439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 351.573183][T13439] R13: 0000000000000001 R14: 00007f4e091a6080 R15: 00007ffe3100cc78 [ 351.573217][T13439] [ 351.996443][T13426] xt_hashlimit: size too large, truncated to 1048576 [ 352.372014][T13455] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2295'. [ 352.626030][T13468] sctp: [Deprecated]: syz.1.2300 (pid 13468) Use of struct sctp_assoc_value in delayed_ack socket option. [ 352.626030][T13468] Use struct sctp_sack_info instead [ 353.062093][T13484] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2307'. [ 353.268667][T13491] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2309'. [ 353.278113][T13491] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2309'. [ 353.292304][T13490] netlink: 'syz.2.2308': attribute type 1 has an invalid length. [ 353.301098][T13490] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2308'. [ 353.504956][T13492] xt_hashlimit: size too large, truncated to 1048576 [ 353.698109][T13504] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2314'. [ 353.738033][T13504] FAULT_INJECTION: forcing a failure. [ 353.738033][T13504] name failslab, interval 1, probability 0, space 0, times 0 [ 353.770728][T13504] CPU: 0 UID: 0 PID: 13504 Comm: syz.3.2314 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 353.770762][T13504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 353.770775][T13504] Call Trace: [ 353.770783][T13504] [ 353.770792][T13504] dump_stack_lvl+0x241/0x360 [ 353.770830][T13504] ? __pfx_dump_stack_lvl+0x10/0x10 [ 353.770859][T13504] ? __pfx__printk+0x10/0x10 [ 353.770892][T13504] ? __pfx___might_resched+0x10/0x10 [ 353.770923][T13504] should_fail_ex+0x424/0x570 [ 353.770954][T13504] should_failslab+0xac/0x100 [ 353.770985][T13504] __kmalloc_noprof+0xdf/0x4d0 [ 353.771012][T13504] ? __nla_parse+0x40/0x60 [ 353.771039][T13504] ? nft_obj_init+0x1fc/0x360 [ 353.771076][T13504] nft_obj_init+0x1fc/0x360 [ 353.771110][T13504] nf_tables_newobj+0xdcc/0x18b0 [ 353.771155][T13504] ? __pfx_nf_tables_newobj+0x10/0x10 [ 353.771191][T13504] ? __nla_parse+0x40/0x60 [ 353.771224][T13504] nfnetlink_rcv+0x12eb/0x28f0 [ 353.771292][T13504] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 353.771377][T13504] ? skb_clone+0x240/0x390 [ 353.771419][T13504] ? netlink_deliver_tap+0x2e/0x1b0 [ 353.771444][T13504] ? netlink_deliver_tap+0x2e/0x1b0 [ 353.771467][T13504] netlink_unicast+0x7f8/0x9a0 [ 353.771509][T13504] ? __pfx_netlink_unicast+0x10/0x10 [ 353.771543][T13504] ? skb_put+0x114/0x1f0 [ 353.771573][T13504] netlink_sendmsg+0x8c3/0xcd0 [ 353.771620][T13504] ? __pfx_netlink_sendmsg+0x10/0x10 [ 353.771648][T13504] ? aa_sock_msg_perm+0x91/0x160 [ 353.771684][T13504] ? __pfx_netlink_sendmsg+0x10/0x10 [ 353.771704][T13504] __sock_sendmsg+0x221/0x270 [ 353.771740][T13504] ____sys_sendmsg+0x523/0x860 [ 353.771778][T13504] ? __pfx_____sys_sendmsg+0x10/0x10 [ 353.771802][T13504] ? __fget_files+0x2a/0x420 [ 353.771837][T13504] ? __fget_files+0x2a/0x420 [ 353.771880][T13504] __sys_sendmsg+0x271/0x360 [ 353.771914][T13504] ? __pfx___sys_sendmsg+0x10/0x10 [ 353.772003][T13504] ? do_syscall_64+0xb6/0x230 [ 353.772031][T13504] do_syscall_64+0xf3/0x230 [ 353.772055][T13504] ? clear_bhb_loop+0x45/0xa0 [ 353.772080][T13504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.772101][T13504] RIP: 0033:0x7f9ed238d169 [ 353.772120][T13504] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 353.772138][T13504] RSP: 002b:00007f9ed31cd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 353.772161][T13504] RAX: ffffffffffffffda RBX: 00007f9ed25a5fa0 RCX: 00007f9ed238d169 [ 353.772176][T13504] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 353.772190][T13504] RBP: 00007f9ed31cd090 R08: 0000000000000000 R09: 0000000000000000 [ 353.772203][T13504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 353.772216][T13504] R13: 0000000000000000 R14: 00007f9ed25a5fa0 R15: 00007ffe27ddb0b8 [ 353.772250][T13504] [ 354.362153][T13520] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2319'. [ 355.138540][T13549] netlink: 236 bytes leftover after parsing attributes in process `syz.3.2326'. [ 355.888355][T13575] FAULT_INJECTION: forcing a failure. [ 355.888355][T13575] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 355.943587][T13575] CPU: 0 UID: 0 PID: 13575 Comm: syz.4.2334 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 355.943622][T13575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 355.943636][T13575] Call Trace: [ 355.943644][T13575] [ 355.943653][T13575] dump_stack_lvl+0x241/0x360 [ 355.943695][T13575] ? __pfx_dump_stack_lvl+0x10/0x10 [ 355.943726][T13575] ? __pfx__printk+0x10/0x10 [ 355.943781][T13575] should_fail_ex+0x424/0x570 [ 355.943812][T13575] _copy_from_user+0x2d/0xb0 [ 355.943835][T13575] copy_msghdr_from_user+0xb3/0x580 [ 355.943875][T13575] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 355.943904][T13575] ? __fget_files+0x2a/0x420 [ 355.943938][T13575] ? __fget_files+0x2a/0x420 [ 355.943978][T13575] __sys_sendmsg+0x20a/0x360 [ 355.944010][T13575] ? __pfx___sys_sendmsg+0x10/0x10 [ 355.944103][T13575] ? do_syscall_64+0xb6/0x230 [ 355.944132][T13575] do_syscall_64+0xf3/0x230 [ 355.944154][T13575] ? clear_bhb_loop+0x45/0xa0 [ 355.944179][T13575] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.944198][T13575] RIP: 0033:0x7f4ed1b8d169 [ 355.944216][T13575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 355.944234][T13575] RSP: 002b:00007f4ed2a03038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 355.944256][T13575] RAX: ffffffffffffffda RBX: 00007f4ed1da6080 RCX: 00007f4ed1b8d169 [ 355.944272][T13575] RDX: 0000000004000840 RSI: 0000200000000400 RDI: 0000000000000011 [ 355.944286][T13575] RBP: 00007f4ed2a03090 R08: 0000000000000000 R09: 0000000000000000 [ 355.944298][T13575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 355.944319][T13575] R13: 0000000000000000 R14: 00007f4ed1da6080 R15: 00007ffe7c752fa8 [ 355.944351][T13575] [ 356.297956][T13570] xt_hashlimit: size too large, truncated to 1048576 [ 356.725310][T13587] __nla_validate_parse: 5 callbacks suppressed [ 356.725334][T13587] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2338'. [ 357.740189][T13629] tipc: Enabling of bearer rejected, already enabled [ 357.817921][T13637] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2348'. [ 358.092398][T13647] x_tables: duplicate underflow at hook 4 [ 358.136388][T13647] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2349'. [ 358.166074][T13647] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2349'. [ 358.197070][T13647] netlink: 'syz.1.2349': attribute type 1 has an invalid length. [ 358.240485][T13647] netlink: 10 bytes leftover after parsing attributes in process `syz.1.2349'. [ 358.260179][T13651] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2351'. [ 358.292334][T13651] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2351'. [ 358.484933][T13654] xt_hashlimit: size too large, truncated to 1048576 [ 358.890473][T13674] IPv6: sit1: Disabled Multicast RS [ 359.439218][T13700] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2363'. [ 359.733735][T13712] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2365'. [ 360.071068][T13728] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2369'. [ 360.164802][T13733] SET target dimension over the limit! [ 361.363872][T13772] bridge_slave_0: left allmulticast mode [ 361.394699][T13772] bridge_slave_0: left promiscuous mode [ 361.415769][T13772] bridge0: port 1(bridge_slave_0) entered disabled state [ 361.494186][T13772] bridge_slave_1: left allmulticast mode [ 361.511664][T13772] bridge_slave_1: left promiscuous mode [ 361.529939][T13772] bridge0: port 2(bridge_slave_1) entered disabled state [ 361.587224][T13772] bond0: (slave bond_slave_0): Releasing backup interface [ 361.603036][T13772] bond0: (slave bond_slave_1): Releasing backup interface [ 361.645792][T13772] team0: Port device team_slave_0 removed [ 361.666487][T13772] team0: Port device team_slave_1 removed [ 361.674196][T13772] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 361.688573][T13772] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 361.714735][T13772] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 361.722226][T13772] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 361.832444][T13772] bond0: (slave macvlan0): Releasing backup interface [ 362.069627][T13776] xt_hashlimit: size too large, truncated to 1048576 [ 362.369457][T13813] __nla_validate_parse: 4 callbacks suppressed [ 362.369479][T13813] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2386'. [ 362.800778][T13829] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2390'. [ 362.845006][T13829] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2390'. [ 362.855789][T13829] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2390'. [ 362.988652][ T5844] Bluetooth: hci0: command 0x0401 tx timeout [ 362.989200][ T5857] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 363.639841][T13848] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2395'. [ 363.765329][T13852] netlink: 136 bytes leftover after parsing attributes in process `syz.2.2396'. [ 363.888666][T13858] netlink: 'syz.3.2399': attribute type 10 has an invalid length. [ 363.908081][T13858] veth1_macvtap: left promiscuous mode [ 363.984469][T13864] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2401'. [ 364.065063][T13871] FAULT_INJECTION: forcing a failure. [ 364.065063][T13871] name failslab, interval 1, probability 0, space 0, times 0 [ 364.087310][T13873] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2402'. [ 364.104460][T13871] CPU: 1 UID: 0 PID: 13871 Comm: syz.0.2403 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 364.104495][T13871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 364.104509][T13871] Call Trace: [ 364.104518][T13871] [ 364.104528][T13871] dump_stack_lvl+0x241/0x360 [ 364.104570][T13871] ? __pfx_dump_stack_lvl+0x10/0x10 [ 364.104601][T13871] ? __pfx__printk+0x10/0x10 [ 364.104636][T13871] ? __pfx___might_resched+0x10/0x10 [ 364.104668][T13871] should_fail_ex+0x424/0x570 [ 364.104701][T13871] should_failslab+0xac/0x100 [ 364.104734][T13871] __kmalloc_noprof+0xdf/0x4d0 [ 364.104761][T13871] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 364.104793][T13871] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 364.104832][T13871] tomoyo_realpath_from_path+0xcf/0x5e0 [ 364.104881][T13871] tomoyo_path_number_perm+0x245/0x790 [ 364.104914][T13871] ? tomoyo_path_number_perm+0x215/0x790 [ 364.104944][T13871] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 364.104992][T13871] ? ksys_write+0x24e/0x2d0 [ 364.105024][T13871] ? __lock_acquire+0xad5/0xd80 [ 364.105066][T13871] ? __fget_files+0x2a/0x420 [ 364.105098][T13871] ? __fget_files+0x2a/0x420 [ 364.105132][T13871] ? __fget_files+0x2a/0x420 [ 364.105169][T13871] security_file_ioctl+0xc6/0x2a0 [ 364.105203][T13871] __se_sys_ioctl+0x46/0x160 [ 364.105231][T13871] do_syscall_64+0xf3/0x230 [ 364.105256][T13871] ? clear_bhb_loop+0x45/0xa0 [ 364.105281][T13871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.105302][T13871] RIP: 0033:0x7fe85138d169 [ 364.105321][T13871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 364.105338][T13871] RSP: 002b:00007fe8521b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 364.105361][T13871] RAX: ffffffffffffffda RBX: 00007fe8515a5fa0 RCX: 00007fe85138d169 [ 364.105377][T13871] RDX: 00002000000002c0 RSI: 00000000000089f1 RDI: 0000000000000003 [ 364.105390][T13871] RBP: 00007fe8521b0090 R08: 0000000000000000 R09: 0000000000000000 [ 364.105404][T13871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 364.105416][T13871] R13: 0000000000000000 R14: 00007fe8515a5fa0 R15: 00007fff0402f518 [ 364.105450][T13871] [ 364.105459][T13871] ERROR: Out of memory at tomoyo_realpath_from_path. [ 364.589724][T13888] netlink: 14568 bytes leftover after parsing attributes in process `syz.0.2406'. [ 364.630814][T13888] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2406'. [ 365.557548][T13926] bridge_slave_0: default FDB implementation only supports local addresses [ 365.925398][T13947] netlink: 'syz.0.2427': attribute type 8 has an invalid length. [ 366.384128][T13968] FAULT_INJECTION: forcing a failure. [ 366.384128][T13968] name failslab, interval 1, probability 0, space 0, times 0 [ 366.438255][T13968] CPU: 1 UID: 0 PID: 13968 Comm: syz.3.2434 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 366.438289][T13968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 366.438302][T13968] Call Trace: [ 366.438311][T13968] [ 366.438320][T13968] dump_stack_lvl+0x241/0x360 [ 366.438360][T13968] ? __pfx_dump_stack_lvl+0x10/0x10 [ 366.438390][T13968] ? __pfx__printk+0x10/0x10 [ 366.438424][T13968] ? __pfx___might_resched+0x10/0x10 [ 366.438452][T13968] should_fail_ex+0x424/0x570 [ 366.438485][T13968] should_failslab+0xac/0x100 [ 366.438516][T13968] __kmalloc_noprof+0xdf/0x4d0 [ 366.438543][T13968] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 366.438575][T13968] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 366.438613][T13968] tomoyo_realpath_from_path+0xcf/0x5e0 [ 366.438658][T13968] tomoyo_path_number_perm+0x245/0x790 [ 366.438690][T13968] ? tomoyo_path_number_perm+0x215/0x790 [ 366.438720][T13968] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 366.438754][T13968] ? ksys_write+0x24e/0x2d0 [ 366.438786][T13968] ? __lock_acquire+0xad5/0xd80 [ 366.438829][T13968] ? __fget_files+0x2a/0x420 [ 366.438859][T13968] ? __fget_files+0x2a/0x420 [ 366.438893][T13968] ? __fget_files+0x2a/0x420 [ 366.438930][T13968] security_file_ioctl+0xc6/0x2a0 [ 366.438958][T13968] __se_sys_ioctl+0x46/0x160 [ 366.438985][T13968] do_syscall_64+0xf3/0x230 [ 366.439010][T13968] ? clear_bhb_loop+0x45/0xa0 [ 366.439036][T13968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.439057][T13968] RIP: 0033:0x7f9ed238d169 [ 366.439076][T13968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.439098][T13968] RSP: 002b:00007f9ed31cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 366.439121][T13968] RAX: ffffffffffffffda RBX: 00007f9ed25a5fa0 RCX: 00007f9ed238d169 [ 366.439136][T13968] RDX: 0000200000000040 RSI: 0000000000008b2a RDI: 000000000000000a [ 366.439150][T13968] RBP: 00007f9ed31cd090 R08: 0000000000000000 R09: 0000000000000000 [ 366.439163][T13968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 366.439175][T13968] R13: 0000000000000000 R14: 00007f9ed25a5fa0 R15: 00007ffe27ddb0b8 [ 366.439208][T13968] [ 366.440432][T13968] ERROR: Out of memory at tomoyo_realpath_from_path. [ 366.940148][T13964] xt_hashlimit: size too large, truncated to 1048576 [ 367.244247][T13983] x_tables: duplicate underflow at hook 3 [ 367.402039][T13989] __nla_validate_parse: 7 callbacks suppressed [ 367.402065][T13989] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2443'. [ 367.504988][T13997] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2443'. [ 368.239729][T14034] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2456'. [ 368.307133][T14036] Unknown options in mask 1f4 [ 368.508129][T14041] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2459'. [ 368.556498][T14043] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2458'. [ 368.982592][T14055] netlink: 892 bytes leftover after parsing attributes in process `syz.0.2464'. [ 369.166513][T14060] trusted_key: syz.3.2465 sent an empty control message without MSG_MORE. [ 369.218358][T14057] sit0: entered promiscuous mode [ 369.230804][T14057] netlink: 'syz.3.2465': attribute type 1 has an invalid length. [ 369.238771][T14057] netlink: 1 bytes leftover after parsing attributes in process `syz.3.2465'. [ 369.337111][T14064] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2467'. [ 369.371955][T14067] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2468'. [ 369.424281][T14069] FAULT_INJECTION: forcing a failure. [ 369.424281][T14069] name failslab, interval 1, probability 0, space 0, times 0 [ 369.471502][T14069] CPU: 0 UID: 0 PID: 14069 Comm: syz.3.2469 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 369.471534][T14069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 369.471547][T14069] Call Trace: [ 369.471555][T14069] [ 369.471564][T14069] dump_stack_lvl+0x241/0x360 [ 369.471600][T14069] ? __pfx_dump_stack_lvl+0x10/0x10 [ 369.471629][T14069] ? __pfx__printk+0x10/0x10 [ 369.471661][T14069] ? __pfx___might_resched+0x10/0x10 [ 369.471700][T14069] should_fail_ex+0x424/0x570 [ 369.471731][T14069] should_failslab+0xac/0x100 [ 369.471761][T14069] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 369.471791][T14069] ? __alloc_skb+0x1c2/0x480 [ 369.471819][T14069] __alloc_skb+0x1c2/0x480 [ 369.471849][T14069] ? __pfx___alloc_skb+0x10/0x10 [ 369.471871][T14069] ? __pfx_rtnl_newlink+0x10/0x10 [ 369.471897][T14069] ? netlink_ack_tlv_len+0x6e/0x200 [ 369.471920][T14069] netlink_ack+0x147/0xa70 [ 369.471937][T14069] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 369.471966][T14069] ? ref_tracker_free+0x63e/0x7e0 [ 369.472002][T14069] netlink_rcv_skb+0x296/0x480 [ 369.472025][T14069] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 369.472048][T14069] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 369.472089][T14069] ? netlink_deliver_tap+0x2e/0x1b0 [ 369.472114][T14069] ? netlink_deliver_tap+0x2e/0x1b0 [ 369.472138][T14069] netlink_unicast+0x7f8/0x9a0 [ 369.472180][T14069] ? __pfx_netlink_unicast+0x10/0x10 [ 369.472214][T14069] ? skb_put+0x114/0x1f0 [ 369.472243][T14069] netlink_sendmsg+0x8c3/0xcd0 [ 369.472279][T14069] ? __pfx_netlink_sendmsg+0x10/0x10 [ 369.472310][T14069] ? aa_sock_msg_perm+0x91/0x160 [ 369.472346][T14069] ? __pfx_netlink_sendmsg+0x10/0x10 [ 369.472366][T14069] __sock_sendmsg+0x221/0x270 [ 369.472402][T14069] ____sys_sendmsg+0x523/0x860 [ 369.472438][T14069] ? __pfx_____sys_sendmsg+0x10/0x10 [ 369.472463][T14069] ? __fget_files+0x2a/0x420 [ 369.472497][T14069] ? __fget_files+0x2a/0x420 [ 369.472539][T14069] __sys_sendmsg+0x271/0x360 [ 369.472572][T14069] ? __pfx___sys_sendmsg+0x10/0x10 [ 369.472658][T14069] ? do_syscall_64+0xb6/0x230 [ 369.472686][T14069] do_syscall_64+0xf3/0x230 [ 369.472717][T14069] ? clear_bhb_loop+0x45/0xa0 [ 369.472743][T14069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.472763][T14069] RIP: 0033:0x7f9ed238d169 [ 369.472782][T14069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 369.472800][T14069] RSP: 002b:00007f9ed31cd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 369.472823][T14069] RAX: ffffffffffffffda RBX: 00007f9ed25a5fa0 RCX: 00007f9ed238d169 [ 369.472839][T14069] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 369.472852][T14069] RBP: 00007f9ed31cd090 R08: 0000000000000000 R09: 0000000000000000 [ 369.472865][T14069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 369.472878][T14069] R13: 0000000000000000 R14: 00007f9ed25a5fa0 R15: 00007ffe27ddb0b8 [ 369.472911][T14069] [ 370.211021][T14094] netlink: 892 bytes leftover after parsing attributes in process `syz.1.2476'. [ 370.490277][T14109] FAULT_INJECTION: forcing a failure. [ 370.490277][T14109] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 370.530376][T14109] CPU: 1 UID: 0 PID: 14109 Comm: syz.1.2479 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 370.530414][T14109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 370.530429][T14109] Call Trace: [ 370.530438][T14109] [ 370.530447][T14109] dump_stack_lvl+0x241/0x360 [ 370.530489][T14109] ? __pfx_dump_stack_lvl+0x10/0x10 [ 370.530522][T14109] ? __pfx__printk+0x10/0x10 [ 370.530566][T14109] should_fail_ex+0x424/0x570 [ 370.530599][T14109] _copy_from_user+0x2d/0xb0 [ 370.530623][T14109] copy_msghdr_from_user+0xb3/0x580 [ 370.530677][T14109] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 370.530708][T14109] ? __fget_files+0x2a/0x420 [ 370.530745][T14109] ? __fget_files+0x2a/0x420 [ 370.530788][T14109] __sys_sendmsg+0x20a/0x360 [ 370.530822][T14109] ? __pfx___sys_sendmsg+0x10/0x10 [ 370.530915][T14109] ? do_syscall_64+0xb6/0x230 [ 370.530944][T14109] do_syscall_64+0xf3/0x230 [ 370.530970][T14109] ? clear_bhb_loop+0x45/0xa0 [ 370.530996][T14109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.531018][T14109] RIP: 0033:0x7fc12198d169 [ 370.531037][T14109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 370.531057][T14109] RSP: 002b:00007fc122874038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 370.531080][T14109] RAX: ffffffffffffffda RBX: 00007fc121ba6080 RCX: 00007fc12198d169 [ 370.531096][T14109] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000006 [ 370.531111][T14109] RBP: 00007fc122874090 R08: 0000000000000000 R09: 0000000000000000 [ 370.531124][T14109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 370.531137][T14109] R13: 0000000000000001 R14: 00007fc121ba6080 R15: 00007ffd120ec398 [ 370.531171][T14109] [ 370.926660][T14115] xt_bpf: check failed: parse error [ 371.779284][T14157] tipc: Enabling of bearer rejected, failed to enable media [ 372.188434][T14180] FAULT_INJECTION: forcing a failure. [ 372.188434][T14180] name failslab, interval 1, probability 0, space 0, times 0 [ 372.253586][T14180] CPU: 0 UID: 0 PID: 14180 Comm: syz.4.2497 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 372.253618][T14180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 372.253631][T14180] Call Trace: [ 372.253639][T14180] [ 372.253647][T14180] dump_stack_lvl+0x241/0x360 [ 372.253685][T14180] ? __pfx_dump_stack_lvl+0x10/0x10 [ 372.253714][T14180] ? __pfx__printk+0x10/0x10 [ 372.253746][T14180] ? __pfx___might_resched+0x10/0x10 [ 372.253776][T14180] should_fail_ex+0x424/0x570 [ 372.253806][T14180] should_failslab+0xac/0x100 [ 372.253835][T14180] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 372.253864][T14180] ? __alloc_skb+0x1c2/0x480 [ 372.253892][T14180] __alloc_skb+0x1c2/0x480 [ 372.253922][T14180] ? __pfx___alloc_skb+0x10/0x10 [ 372.253957][T14180] netlink_sendmsg+0x638/0xcd0 [ 372.253994][T14180] ? __pfx_netlink_sendmsg+0x10/0x10 [ 372.254022][T14180] ? aa_sock_msg_perm+0x91/0x160 [ 372.254057][T14180] ? __pfx_netlink_sendmsg+0x10/0x10 [ 372.254078][T14180] __sock_sendmsg+0x221/0x270 [ 372.254114][T14180] ____sys_sendmsg+0x523/0x860 [ 372.254151][T14180] ? __pfx_____sys_sendmsg+0x10/0x10 [ 372.254176][T14180] ? __fget_files+0x2a/0x420 [ 372.254212][T14180] ? __fget_files+0x2a/0x420 [ 372.254253][T14180] __sys_sendmsg+0x271/0x360 [ 372.254286][T14180] ? __pfx___sys_sendmsg+0x10/0x10 [ 372.254372][T14180] ? do_syscall_64+0xb6/0x230 [ 372.254400][T14180] do_syscall_64+0xf3/0x230 [ 372.254423][T14180] ? clear_bhb_loop+0x45/0xa0 [ 372.254457][T14180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.254478][T14180] RIP: 0033:0x7f4ed1b8d169 [ 372.254497][T14180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 372.254515][T14180] RSP: 002b:00007f4ed2a03038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 372.254538][T14180] RAX: ffffffffffffffda RBX: 00007f4ed1da6080 RCX: 00007f4ed1b8d169 [ 372.254554][T14180] RDX: 0000000000004880 RSI: 0000200000000e40 RDI: 0000000000000004 [ 372.254567][T14180] RBP: 00007f4ed2a03090 R08: 0000000000000000 R09: 0000000000000000 [ 372.254581][T14180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 372.254594][T14180] R13: 0000000000000001 R14: 00007f4ed1da6080 R15: 00007ffe7c752fa8 [ 372.254627][T14180] [ 372.504369][T14183] __nla_validate_parse: 2 callbacks suppressed [ 372.504394][T14183] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2498'. [ 372.580987][T14183] 8021q: adding VLAN 0 to HW filter on device bond2 [ 372.643715][T14196] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2499'. [ 372.664714][T14184] 8021q: adding VLAN 0 to HW filter on device bond2 [ 372.671874][T14184] bond2: (slave wireguard0): The slave device specified does not support setting the MAC address [ 372.683775][T14184] bond2: (slave wireguard0): Error -95 calling set_mac_address [ 372.791901][T14202] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2505'. [ 372.932425][T14211] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2507'. [ 373.058471][T14218] netlink: 'syz.4.2510': attribute type 2 has an invalid length. [ 373.428860][T14236] FAULT_INJECTION: forcing a failure. [ 373.428860][T14236] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 373.458706][T14236] CPU: 1 UID: 0 PID: 14236 Comm: syz.1.2514 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 373.458745][T14236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 373.458758][T14236] Call Trace: [ 373.458767][T14236] [ 373.458776][T14236] dump_stack_lvl+0x241/0x360 [ 373.458816][T14236] ? __pfx_dump_stack_lvl+0x10/0x10 [ 373.458846][T14236] ? __pfx__printk+0x10/0x10 [ 373.458888][T14236] should_fail_ex+0x424/0x570 [ 373.458921][T14236] _copy_to_user+0x31/0xb0 [ 373.458946][T14236] simple_read_from_buffer+0xc4/0x170 [ 373.458981][T14236] proc_fail_nth_read+0x1ef/0x260 [ 373.459006][T14236] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 373.459030][T14236] ? rw_verify_area+0x246/0x630 [ 373.459051][T14236] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 373.459075][T14236] vfs_read+0x21f/0xb90 [ 373.459104][T14236] ? __pfx___mutex_lock+0x10/0x10 [ 373.459130][T14236] ? __pfx_vfs_read+0x10/0x10 [ 373.459156][T14236] ? __fget_files+0x2a/0x420 [ 373.459189][T14236] ? __fget_files+0x39d/0x420 [ 373.459218][T14236] ? __fget_files+0x2a/0x420 [ 373.459283][T14236] ksys_read+0x19d/0x2d0 [ 373.459309][T14236] ? __pfx_ksys_read+0x10/0x10 [ 373.459339][T14236] ? do_syscall_64+0xb6/0x230 [ 373.459366][T14236] do_syscall_64+0xf3/0x230 [ 373.459390][T14236] ? clear_bhb_loop+0x45/0xa0 [ 373.459416][T14236] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 373.459437][T14236] RIP: 0033:0x7fc12198bb7c [ 373.459456][T14236] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 373.459474][T14236] RSP: 002b:00007fc122895030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 373.459498][T14236] RAX: ffffffffffffffda RBX: 00007fc121ba5fa0 RCX: 00007fc12198bb7c [ 373.459513][T14236] RDX: 000000000000000f RSI: 00007fc1228950a0 RDI: 0000000000000004 [ 373.459526][T14236] RBP: 00007fc122895090 R08: 0000000000000000 R09: 0000000000000000 [ 373.459539][T14236] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000002 [ 373.459552][T14236] R13: 0000000000000000 R14: 00007fc121ba5fa0 R15: 00007ffd120ec398 [ 373.459585][T14236] [ 374.049683][T14248] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2518'. [ 374.246685][T14252] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2519'. [ 374.345481][T14252] bond0: option lacp_rate: mode dependency failed, not supported in mode balance-rr(0) [ 375.056568][T14269] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2529'. [ 375.433464][T14285] wireguard0: entered promiscuous mode [ 375.464537][T14285] wireguard0: entered allmulticast mode [ 375.888730][T14293] sctp: [Deprecated]: syz.3.2532 (pid 14293) Use of struct sctp_assoc_value in delayed_ack socket option. [ 375.888730][T14293] Use struct sctp_sack_info instead [ 376.084473][T14298] FAULT_INJECTION: forcing a failure. [ 376.084473][T14298] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 376.221312][T14298] CPU: 0 UID: 0 PID: 14298 Comm: syz.1.2534 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 376.221345][T14298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 376.221358][T14298] Call Trace: [ 376.221367][T14298] [ 376.221377][T14298] dump_stack_lvl+0x241/0x360 [ 376.221415][T14298] ? __pfx_dump_stack_lvl+0x10/0x10 [ 376.221445][T14298] ? __pfx__printk+0x10/0x10 [ 376.221487][T14298] should_fail_ex+0x424/0x570 [ 376.221521][T14298] _copy_from_user+0x2d/0xb0 [ 376.221544][T14298] copy_msghdr_from_user+0xb3/0x580 [ 376.221582][T14298] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 376.221611][T14298] ? __fget_files+0x2a/0x420 [ 376.221645][T14298] ? __fget_files+0x2a/0x420 [ 376.221683][T14298] __sys_sendmsg+0x20a/0x360 [ 376.221712][T14298] ? __pfx___sys_sendmsg+0x10/0x10 [ 376.221795][T14298] ? do_syscall_64+0xb6/0x230 [ 376.221823][T14298] do_syscall_64+0xf3/0x230 [ 376.221847][T14298] ? clear_bhb_loop+0x45/0xa0 [ 376.221873][T14298] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.221893][T14298] RIP: 0033:0x7fc12198d169 [ 376.221912][T14298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 376.221930][T14298] RSP: 002b:00007fc122895038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 376.221952][T14298] RAX: ffffffffffffffda RBX: 00007fc121ba5fa0 RCX: 00007fc12198d169 [ 376.221967][T14298] RDX: 0000000000000080 RSI: 0000200000000600 RDI: 0000000000000003 [ 376.221981][T14298] RBP: 00007fc122895090 R08: 0000000000000000 R09: 0000000000000000 [ 376.221994][T14298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 376.222006][T14298] R13: 0000000000000000 R14: 00007fc121ba5fa0 R15: 00007ffd120ec398 [ 376.222039][T14298] [ 377.068400][T14319] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2541'. [ 377.206807][T14324] netlink: 868 bytes leftover after parsing attributes in process `syz.2.2542'. [ 377.485391][T14332] sctp: [Deprecated]: syz.2.2545 (pid 14332) Use of struct sctp_assoc_value in delayed_ack socket option. [ 377.485391][T14332] Use struct sctp_sack_info instead [ 378.335520][T14364] FAULT_INJECTION: forcing a failure. [ 378.335520][T14364] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 378.353337][T14364] CPU: 1 UID: 0 PID: 14364 Comm: syz.2.2551 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 378.353371][T14364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 378.353385][T14364] Call Trace: [ 378.353393][T14364] [ 378.353403][T14364] dump_stack_lvl+0x241/0x360 [ 378.353442][T14364] ? __pfx_dump_stack_lvl+0x10/0x10 [ 378.353471][T14364] ? __pfx__printk+0x10/0x10 [ 378.353513][T14364] should_fail_ex+0x424/0x570 [ 378.353545][T14364] _copy_from_user+0x2d/0xb0 [ 378.353568][T14364] sctp_getsockopt_associnfo+0xd2/0x990 [ 378.353595][T14364] ? __local_bh_enable_ip+0x168/0x200 [ 378.353613][T14364] ? lockdep_hardirqs_on+0x9d/0x150 [ 378.353641][T14364] ? __pfx_sctp_getsockopt_associnfo+0x10/0x10 [ 378.353666][T14364] ? sctp_getsockopt+0x13a/0xbb0 [ 378.353710][T14364] sctp_getsockopt+0x938/0xbb0 [ 378.353738][T14364] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 378.353762][T14364] do_sock_getsockopt+0x391/0x740 [ 378.353795][T14364] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 378.353818][T14364] ? __fget_files+0x2a/0x420 [ 378.353860][T14364] ? __fget_files+0x39d/0x420 [ 378.353889][T14364] ? __fget_files+0x2a/0x420 [ 378.353929][T14364] __x64_sys_getsockopt+0x2a3/0x370 [ 378.353964][T14364] ? __pfx___x64_sys_getsockopt+0x10/0x10 [ 378.353998][T14364] ? do_syscall_64+0xb6/0x230 [ 378.354025][T14364] do_syscall_64+0xf3/0x230 [ 378.354048][T14364] ? clear_bhb_loop+0x45/0xa0 [ 378.354073][T14364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.354093][T14364] RIP: 0033:0x7f4e08f8d169 [ 378.354112][T14364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 378.354130][T14364] RSP: 002b:00007f4e09db1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 378.354153][T14364] RAX: ffffffffffffffda RBX: 00007f4e091a5fa0 RCX: 00007f4e08f8d169 [ 378.354168][T14364] RDX: 0000000000000001 RSI: 0000000000000084 RDI: 0000000000000004 [ 378.354180][T14364] RBP: 00007f4e09db1090 R08: 0000200000001000 R09: 0000000000000000 [ 378.354194][T14364] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 378.354207][T14364] R13: 0000000000000000 R14: 00007f4e091a5fa0 R15: 00007ffe3100cc78 [ 378.354241][T14364] [ 378.935455][T14371] xt_CT: No such helper "snmp" [ 379.025201][T14375] : renamed from bond0 [ 379.284687][T14381] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2556'. [ 379.331336][T14385] sctp: [Deprecated]: syz.3.2558 (pid 14385) Use of struct sctp_assoc_value in delayed_ack socket option. [ 379.331336][T14385] Use struct sctp_sack_info instead [ 379.361750][T14386] xt_recent: hitcount (486539264) is larger than allowed maximum (65535) [ 379.589262][T14393] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2559'. [ 380.249066][T14413] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2563'. [ 381.261765][T14444] sctp: [Deprecated]: syz.0.2570 (pid 14444) Use of struct sctp_assoc_value in delayed_ack socket option. [ 381.261765][T14444] Use struct sctp_sack_info instead [ 381.709769][T14454] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2574'. [ 382.092100][T14465] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2577'. [ 382.103450][T14465] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2577'. [ 382.530136][T14478] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2579'. [ 382.671159][T14484] sctp: [Deprecated]: syz.1.2581 (pid 14484) Use of struct sctp_assoc_value in delayed_ack socket option. [ 382.671159][T14484] Use struct sctp_sack_info instead [ 383.375961][T14512] veth0_to_bond: entered promiscuous mode [ 383.457871][T14512] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2589'. [ 383.667087][T14512] veth0_to_bond (unregistering): left promiscuous mode [ 383.870882][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.292601][T14533] sctp: [Deprecated]: syz.3.2592 (pid 14533) Use of struct sctp_assoc_value in delayed_ack socket option. [ 384.292601][T14533] Use struct sctp_sack_info instead [ 384.604678][T14542] netlink: 860 bytes leftover after parsing attributes in process `syz.3.2595'. [ 433.079986][T14549] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.090199][T14552] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2598'. [ 433.123862][T14549] netdevsim netdevsim3 eth3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 433.159795][T14559] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2598'. [ 433.236207][T14549] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.246984][T14549] netdevsim netdevsim3 eth2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 433.292328][T14564] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2602'. [ 433.396706][T14549] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.448766][T14549] netdevsim netdevsim3 eth1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 433.567987][T14549] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.597094][T14549] netdevsim netdevsim3 eth0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 433.863983][T14549] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 433.872431][T14549] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 434.017719][T14584] sctp: [Deprecated]: syz.0.2606 (pid 14584) Use of struct sctp_assoc_value in delayed_ack socket option. [ 434.017719][T14584] Use struct sctp_sack_info instead [ 434.167990][T14549] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 434.189612][T14549] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 434.260515][T14549] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 434.273524][T14549] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 434.538722][T14549] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 434.623652][T14549] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 434.670680][T14603] netlink: 860 bytes leftover after parsing attributes in process `syz.0.2610'. [ 434.946147][T14607] netlink: 'syz.3.2612': attribute type 3 has an invalid length. [ 435.150444][T14616] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 435.170659][T14616] netdevsim netdevsim3 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 435.225491][T14615] x_tables: ip_tables: udp match: only valid for protocol 17 [ 435.354787][T14616] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 435.384790][T14616] netdevsim netdevsim3 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 435.547574][T14627] ip6gre1: entered promiscuous mode [ 435.781322][T14639] sctp: [Deprecated]: syz.2.2618 (pid 14639) Use of struct sctp_assoc_value in delayed_ack socket option. [ 435.781322][T14639] Use struct sctp_sack_info instead [ 436.585810][T14616] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 436.613513][T14616] netdevsim netdevsim3 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 438.284055][T14643] ipip0: entered promiscuous mode [ 438.336817][T14616] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 438.381751][T14616] netdevsim netdevsim3 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 438.412344][T14658] netlink: 772 bytes leftover after parsing attributes in process `syz.1.2623'. [ 438.580220][T14667] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2627'. [ 438.633170][T14616] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 438.658502][T14616] netdevsim netdevsim3 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 438.702214][T14616] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 438.720665][T14616] netdevsim netdevsim3 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 438.784727][T14616] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 438.815635][T14616] netdevsim netdevsim3 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 438.875373][T14677] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2625'. [ 438.884506][T14616] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 438.911400][T14616] netdevsim netdevsim3 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 438.911966][T14677] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2625'. [ 439.098726][T14677] xt_hashlimit: size too large, truncated to 1048576 [ 439.962314][T14697] tipc: New replicast peer: 255.255.255.255 [ 439.973131][T14701] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2635'. [ 440.016351][T14697] tipc: Enabled bearer , priority 10 [ 440.025346][T14705] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2635'. [ 440.064320][T14703] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2634'. [ 440.426646][T14712] netlink: 772 bytes leftover after parsing attributes in process `syz.2.2637'. [ 440.540775][T14716] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2639'. [ 440.955323][T14726] netlink: 'syz.2.2642': attribute type 4 has an invalid length. [ 441.049521][T14729] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2643'. [ 441.745342][T14738] xt_hashlimit: size too large, truncated to 1048576 [ 441.785065][ T5844] Bluetooth: hci0: command 0x0401 tx timeout [ 441.791211][ T5857] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 442.834501][ T9929] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 442.842389][ T9929] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 443.858865][T14782] __nla_validate_parse: 3 callbacks suppressed [ 443.858889][T14782] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2657'. [ 443.989116][T14785] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2659'. [ 444.038365][T14785] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2659'. [ 444.675526][T14803] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2666'. [ 444.764235][T14785] xt_hashlimit: size too large, truncated to 1048576 [ 445.309142][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.489025][T14811] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2668'. [ 445.540098][T14815] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2671'. [ 445.941655][T14835] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2676'. [ 446.046025][T14829] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2673'. [ 446.199155][T14840] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2678'. [ 446.223360][T14840] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2678'. [ 446.342219][T14843] xt_hashlimit: size too large, truncated to 1048576 [ 447.455236][T14869] netlink: 'syz.1.2685': attribute type 10 has an invalid length. [ 447.532139][T14869] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 447.562307][T14869] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 447.590579][T14869] batman_adv: batadv0: Adding interface: virt_wifi0 [ 447.613945][T14869] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 447.653755][T14869] batman_adv: batadv0: Interface activated: virt_wifi0 [ 448.633512][T14894] netlink: 'syz.1.2692': attribute type 4 has an invalid length. [ 449.672773][T14919] __nla_validate_parse: 5 callbacks suppressed [ 449.672794][T14919] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2696'. [ 449.712482][T14921] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2697'. [ 449.763739][T14921] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2697'. [ 449.882293][T14922] xt_hashlimit: size too large, truncated to 1048576 [ 450.231936][T14937] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2704'. [ 450.488013][T14942] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 450.534195][T14942] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 450.655684][T14944] tipc: Enabling of bearer rejected, already enabled [ 450.832600][T14952] FAULT_INJECTION: forcing a failure. [ 450.832600][T14952] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 450.851559][T14952] CPU: 0 UID: 0 PID: 14952 Comm: syz.0.2708 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 450.851596][T14952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 450.851610][T14952] Call Trace: [ 450.851619][T14952] [ 450.851629][T14952] dump_stack_lvl+0x241/0x360 [ 450.851672][T14952] ? __pfx_dump_stack_lvl+0x10/0x10 [ 450.851703][T14952] ? __pfx__printk+0x10/0x10 [ 450.851748][T14952] should_fail_ex+0x424/0x570 [ 450.851781][T14952] _copy_from_iter+0x211/0x1c70 [ 450.851822][T14952] ? __build_skb_around+0x247/0x3d0 [ 450.851859][T14952] ? __alloc_skb+0x298/0x480 [ 450.851882][T14952] ? __pfx__copy_from_iter+0x10/0x10 [ 450.851918][T14952] ? __pfx___alloc_skb+0x10/0x10 [ 450.851945][T14952] ? skb_put+0x114/0x1f0 [ 450.851976][T14952] netlink_sendmsg+0x73c/0xcd0 [ 450.852015][T14952] ? __pfx_netlink_sendmsg+0x10/0x10 [ 450.852042][T14952] ? aa_sock_msg_perm+0x91/0x160 [ 450.852079][T14952] ? __pfx_netlink_sendmsg+0x10/0x10 [ 450.852100][T14952] __sock_sendmsg+0x221/0x270 [ 450.852139][T14952] ____sys_sendmsg+0x523/0x860 [ 450.852177][T14952] ? __pfx_____sys_sendmsg+0x10/0x10 [ 450.852202][T14952] ? __fget_files+0x2a/0x420 [ 450.852239][T14952] ? __fget_files+0x2a/0x420 [ 450.852282][T14952] __sys_sendmsg+0x271/0x360 [ 450.852316][T14952] ? __pfx___sys_sendmsg+0x10/0x10 [ 450.852426][T14952] ? do_syscall_64+0xb6/0x230 [ 450.852456][T14952] do_syscall_64+0xf3/0x230 [ 450.852482][T14952] ? clear_bhb_loop+0x45/0xa0 [ 450.852509][T14952] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.852531][T14952] RIP: 0033:0x7fe85138d169 [ 450.852551][T14952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 450.852570][T14952] RSP: 002b:00007fe8521b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 450.852596][T14952] RAX: ffffffffffffffda RBX: 00007fe8515a5fa0 RCX: 00007fe85138d169 [ 450.852613][T14952] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000006 [ 450.852627][T14952] RBP: 00007fe8521b0090 R08: 0000000000000000 R09: 0000000000000000 [ 450.852641][T14952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 450.852655][T14952] R13: 0000000000000000 R14: 00007fe8515a5fa0 R15: 00007fff0402f518 [ 450.852691][T14952] [ 451.182163][T14954] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2709'. [ 451.207523][T14954] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2709'. [ 451.264829][T14959] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2710'. [ 451.536293][T14954] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2709'. [ 451.545893][T14954] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2709'. [ 451.716569][T14975] FAULT_INJECTION: forcing a failure. [ 451.716569][T14975] name failslab, interval 1, probability 0, space 0, times 0 [ 451.786840][T14975] CPU: 1 UID: 0 PID: 14975 Comm: syz.3.2714 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 451.786877][T14975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 451.786891][T14975] Call Trace: [ 451.786900][T14975] [ 451.786909][T14975] dump_stack_lvl+0x241/0x360 [ 451.786951][T14975] ? __pfx_dump_stack_lvl+0x10/0x10 [ 451.786982][T14975] ? __pfx__printk+0x10/0x10 [ 451.787016][T14975] ? __pfx___might_resched+0x10/0x10 [ 451.787048][T14975] should_fail_ex+0x424/0x570 [ 451.787082][T14975] should_failslab+0xac/0x100 [ 451.787112][T14975] __kmalloc_noprof+0xdf/0x4d0 [ 451.787139][T14975] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 451.787167][T14975] ? apparmor_capable+0x13b/0x1b0 [ 451.787195][T14975] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 451.787234][T14975] genl_rcv_msg+0x819/0xf00 [ 451.787275][T14975] ? __pfx_genl_rcv_msg+0x10/0x10 [ 451.787301][T14975] ? stack_trace_save+0x11a/0x1d0 [ 451.787336][T14975] ? __pfx_stack_trace_save+0x10/0x10 [ 451.787370][T14975] ? stack_depot_save_flags+0x44/0x940 [ 451.787395][T14975] ? stack_trace_snprint+0x71/0xf0 [ 451.787441][T14975] ? __lock_acquire+0xad5/0xd80 [ 451.787465][T14975] ? __pfx_nl802154_pre_doit+0x10/0x10 [ 451.787485][T14975] ? __pfx_nl802154_del_llsec_devkey+0x10/0x10 [ 451.787508][T14975] ? __pfx_nl802154_post_doit+0x10/0x10 [ 451.787546][T14975] netlink_rcv_skb+0x208/0x480 [ 451.787569][T14975] ? __pfx_genl_rcv_msg+0x10/0x10 [ 451.787598][T14975] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 451.787643][T14975] ? netlink_deliver_tap+0x2e/0x1b0 [ 451.787671][T14975] genl_rcv+0x28/0x40 [ 451.787701][T14975] netlink_unicast+0x7f8/0x9a0 [ 451.787752][T14975] ? __pfx_netlink_unicast+0x10/0x10 [ 451.787789][T14975] ? skb_put+0x114/0x1f0 [ 451.787818][T14975] netlink_sendmsg+0x8c3/0xcd0 [ 451.787855][T14975] ? __pfx_netlink_sendmsg+0x10/0x10 [ 451.787884][T14975] ? aa_sock_msg_perm+0x91/0x160 [ 451.787918][T14975] ? __pfx_netlink_sendmsg+0x10/0x10 [ 451.787937][T14975] __sock_sendmsg+0x221/0x270 [ 451.787973][T14975] ____sys_sendmsg+0x523/0x860 [ 451.788010][T14975] ? __pfx_____sys_sendmsg+0x10/0x10 [ 451.788036][T14975] ? __fget_files+0x2a/0x420 [ 451.788072][T14975] ? __fget_files+0x2a/0x420 [ 451.788116][T14975] __sys_sendmsg+0x271/0x360 [ 451.788149][T14975] ? __pfx___sys_sendmsg+0x10/0x10 [ 451.788236][T14975] ? do_syscall_64+0xb6/0x230 [ 451.788264][T14975] do_syscall_64+0xf3/0x230 [ 451.788288][T14975] ? clear_bhb_loop+0x45/0xa0 [ 451.788315][T14975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.788336][T14975] RIP: 0033:0x7f9ed238d169 [ 451.788356][T14975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.788375][T14975] RSP: 002b:00007f9ed31ac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 451.788400][T14975] RAX: ffffffffffffffda RBX: 00007f9ed25a6080 RCX: 00007f9ed238d169 [ 451.788416][T14975] RDX: 0000000000004880 RSI: 0000200000000e40 RDI: 0000000000000004 [ 451.788430][T14975] RBP: 00007f9ed31ac090 R08: 0000000000000000 R09: 0000000000000000 [ 451.788443][T14975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 451.788456][T14975] R13: 0000000000000001 R14: 00007f9ed25a6080 R15: 00007ffe27ddb0b8 [ 451.788492][T14975] [ 452.592138][ T4559] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.772903][ T4559] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.911307][ T4559] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.063995][T14994] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2721'. [ 453.118913][ T4559] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.266880][T14994] xt_hashlimit: size too large, truncated to 1048576 [ 453.426503][ T5844] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 453.443013][ T5844] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 453.461536][ T5844] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 453.479851][ T5844] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 453.491922][ T5844] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 453.992257][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 454.003727][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 454.013743][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 454.039432][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 454.069112][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 454.757461][ T4559] bond0 (unregistering): Released all slaves [ 454.883740][ T4559] bond1 (unregistering): Released all slaves [ 454.900608][ T4559] bond2 (unregistering): Released all slaves [ 455.054816][ T4559] tipc: Left network mode [ 455.366166][T15031] netlink: 'syz.3.2729': attribute type 39 has an invalid length. [ 455.374540][T15028] netlink: 'syz.3.2729': attribute type 39 has an invalid length. [ 455.520851][T15041] __nla_validate_parse: 2 callbacks suppressed [ 455.520878][T15041] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2730'. [ 455.545071][ T5857] Bluetooth: hci4: command tx timeout [ 455.986749][ T4559] hsr_slave_0: left promiscuous mode [ 455.994055][T15053] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2733'. [ 456.046618][ T4559] hsr_slave_1: left promiscuous mode [ 456.058485][ T4559] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 456.070859][ T4559] batman_adv: batadv0: Removing interface: virt_wifi0 [ 456.080397][ T4559] batman_adv: batadv0: Removing interface: macvtap0 [ 456.110099][ T5857] Bluetooth: hci2: command tx timeout [ 456.137676][ T4559] [ 456.140084][ T4559] ====================================================== [ 456.147132][ T4559] WARNING: possible circular locking dependency detected [ 456.154211][ T4559] 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 Not tainted [ 456.161343][ T4559] ------------------------------------------------------ [ 456.168377][ T4559] kworker/u8:7/4559 is trying to acquire lock: [ 456.174572][ T4559] ffff8881453bc768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_netdev_notifier_call+0x1b3/0x1430 [ 456.185219][ T4559] [ 456.185219][ T4559] but task is already holding lock: [ 456.192589][ T4559] ffff88803505cd30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x5a1/0x2500 [ 456.204207][ T4559] [ 456.204207][ T4559] which lock already depends on the new lock. [ 456.204207][ T4559] [ 456.214713][ T4559] [ 456.214713][ T4559] the existing dependency chain (in reverse order) is: [ 456.223820][ T4559] [ 456.223820][ T4559] -> #3 (&dev_instance_lock_key#3){+.+.}-{4:4}: [ 456.232273][ T4559] lock_acquire+0x116/0x2f0 [ 456.237321][ T4559] __mutex_lock+0x1a5/0x10c0 [ 456.242443][ T4559] xsk_bind+0x2fd/0xfb0 [ 456.247166][ T4559] __sys_bind+0x1de/0x290 [ 456.252025][ T4559] __x64_sys_bind+0x7a/0x90 [ 456.257142][ T4559] do_syscall_64+0xf3/0x230 [ 456.262176][ T4559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.268618][ T4559] [ 456.268618][ T4559] -> #2 (&xs->mutex){+.+.}-{4:4}: [ 456.275853][ T4559] lock_acquire+0x116/0x2f0 [ 456.281022][ T4559] __mutex_lock+0x1a5/0x10c0 [ 456.286163][ T4559] xsk_diag_dump+0x5be/0x19d0 [ 456.291372][ T4559] netlink_dump+0x678/0xeb0 [ 456.296427][ T4559] __netlink_dump_start+0x5a2/0x790 [ 456.302151][ T4559] xsk_diag_handler_dump+0x1de/0x270 [ 456.307968][ T4559] sock_diag_rcv_msg+0x489/0x5c0 [ 456.313451][ T4559] netlink_rcv_skb+0x208/0x480 [ 456.318741][ T4559] netlink_unicast+0x7f8/0x9a0 [ 456.324039][ T4559] netlink_sendmsg+0x8c3/0xcd0 [ 456.329331][ T4559] __sock_sendmsg+0x221/0x270 [ 456.334543][ T4559] sock_write_iter+0x2d9/0x3f0 [ 456.339926][ T4559] do_iter_readv_writev+0x71f/0x9d0 [ 456.345741][ T4559] vfs_writev+0x38d/0xbc0 [ 456.350606][ T4559] do_writev+0x1b8/0x360 [ 456.355385][ T4559] do_syscall_64+0xf3/0x230 [ 456.360427][ T4559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.366851][ T4559] [ 456.366851][ T4559] -> #1 (&net->xdp.lock){+.+.}-{4:4}: [ 456.374430][ T4559] lock_acquire+0x116/0x2f0 [ 456.379459][ T4559] __mutex_lock+0x1a5/0x10c0 [ 456.384578][ T4559] xsk_notifier+0x8b/0x230 [ 456.389517][ T4559] notifier_call_chain+0x1a5/0x3f0 [ 456.395163][ T4559] unregister_netdevice_many_notify+0x1572/0x2500 [ 456.402116][ T4559] unregister_netdevice_queue+0x383/0x400 [ 456.408394][ T4559] _cfg80211_unregister_wdev+0x163/0x590 [ 456.414563][ T4559] ieee80211_if_remove+0x25d/0x320 [ 456.420295][ T4559] ieee80211_del_iface+0x19/0x30 [ 456.425859][ T4559] cfg80211_remove_virtual_intf+0x23f/0x410 [ 456.432370][ T4559] genl_rcv_msg+0xb38/0xf00 [ 456.437411][ T4559] netlink_rcv_skb+0x208/0x480 [ 456.442802][ T4559] genl_rcv+0x28/0x40 [ 456.447317][ T4559] netlink_unicast+0x7f8/0x9a0 [ 456.452703][ T4559] netlink_sendmsg+0x8c3/0xcd0 [ 456.458002][ T4559] __sock_sendmsg+0x221/0x270 [ 456.463218][ T4559] ____sys_sendmsg+0x523/0x860 [ 456.468542][ T4559] __sys_sendmsg+0x271/0x360 [ 456.473665][ T4559] do_syscall_64+0xf3/0x230 [ 456.478699][ T4559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.485124][ T4559] [ 456.485124][ T4559] -> #0 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 456.492873][ T4559] validate_chain+0xa69/0x24e0 [ 456.498171][ T4559] __lock_acquire+0xad5/0xd80 [ 456.503406][ T4559] lock_acquire+0x116/0x2f0 [ 456.508528][ T4559] __mutex_lock+0x1a5/0x10c0 [ 456.513653][ T4559] cfg80211_netdev_notifier_call+0x1b3/0x1430 [ 456.520265][ T4559] notifier_call_chain+0x1a5/0x3f0 [ 456.525907][ T4559] __dev_close_many+0x15d/0x760 [ 456.531284][ T4559] dev_close_many+0x250/0x4c0 [ 456.536494][ T4559] unregister_netdevice_many_notify+0x628/0x2500 [ 456.543359][ T4559] default_device_exit_batch+0x7ff/0x880 [ 456.549520][ T4559] ops_undo_list+0x47f/0x8b0 [ 456.554637][ T4559] cleanup_net+0x530/0x940 [ 456.559577][ T4559] process_scheduled_works+0xac3/0x18e0 [ 456.565651][ T4559] worker_thread+0x870/0xd50 [ 456.570770][ T4559] kthread+0x7b7/0x940 [ 456.575373][ T4559] ret_from_fork+0x4b/0x80 [ 456.580403][ T4559] ret_from_fork_asm+0x1a/0x30 [ 456.585722][ T4559] [ 456.585722][ T4559] other info that might help us debug this: [ 456.585722][ T4559] [ 456.595955][ T4559] Chain exists of: [ 456.595955][ T4559] &rdev->wiphy.mtx --> &xs->mutex --> &dev_instance_lock_key#3 [ 456.595955][ T4559] [ 456.609464][ T4559] Possible unsafe locking scenario: [ 456.609464][ T4559] [ 456.617005][ T4559] CPU0 CPU1 [ 456.622374][ T4559] ---- ---- [ 456.628002][ T4559] lock(&dev_instance_lock_key#3); [ 456.633222][ T4559] lock(&xs->mutex); [ 456.639743][ T4559] lock(&dev_instance_lock_key#3); [ 456.647488][ T4559] lock(&rdev->wiphy.mtx); [ 456.652287][ T4559] [ 456.652287][ T4559] *** DEADLOCK *** [ 456.652287][ T4559] [ 456.660437][ T4559] 5 locks held by kworker/u8:7/4559: [ 456.665725][ T4559] #0: ffff88801bef6148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 456.676628][ T4559] #1: ffffc9000e587c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 456.687179][ T4559] #2: ffffffff900f1b50 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x100/0x940 [ 456.696602][ T4559] #3: ffffffff900fe688 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xde/0x880 [ 456.706640][ T4559] #4: ffff88803505cd30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x5a1/0x2500 [ 456.718693][ T4559] [ 456.718693][ T4559] stack backtrace: [ 456.724595][ T4559] CPU: 1 UID: 0 PID: 4559 Comm: kworker/u8:7 Not tainted 6.15.0-rc1-syzkaller-00314-g23f09f01b495 #0 PREEMPT(full) [ 456.724625][ T4559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 456.724640][ T4559] Workqueue: netns cleanup_net [ 456.724665][ T4559] Call Trace: [ 456.724677][ T4559] [ 456.724687][ T4559] dump_stack_lvl+0x241/0x360 [ 456.724718][ T4559] ? __pfx_dump_stack_lvl+0x10/0x10 [ 456.724746][ T4559] ? __pfx__printk+0x10/0x10 [ 456.724774][ T4559] ? print_lock+0x171/0x1a0 [ 456.724800][ T4559] print_circular_bug+0x2e1/0x300 [ 456.724827][ T4559] check_noncircular+0x142/0x160 [ 456.724857][ T4559] validate_chain+0xa69/0x24e0 [ 456.724882][ T4559] ? unwind_next_frame+0xb8/0x23b0 [ 456.724906][ T4559] ? unwind_next_frame+0x1aa4/0x23b0 [ 456.724933][ T4559] ? unwind_next_frame+0xb8/0x23b0 [ 456.724966][ T4559] __lock_acquire+0xad5/0xd80 [ 456.724986][ T4559] lock_acquire+0x116/0x2f0 [ 456.725001][ T4559] ? cfg80211_netdev_notifier_call+0x1b3/0x1430 [ 456.725031][ T4559] __mutex_lock+0x1a5/0x10c0 [ 456.725050][ T4559] ? cfg80211_netdev_notifier_call+0x1b3/0x1430 [ 456.725077][ T4559] ? lockdep_unlock+0x8d/0x120 [ 456.725103][ T4559] ? cfg80211_netdev_notifier_call+0x1b3/0x1430 [ 456.725127][ T4559] ? __pfx___mutex_lock+0x10/0x10 [ 456.725154][ T4559] cfg80211_netdev_notifier_call+0x1b3/0x1430 [ 456.725182][ T4559] ? __pfx_cfg80211_netdev_notifier_call+0x10/0x10 [ 456.725211][ T4559] ? __lock_acquire+0xad5/0xd80 [ 456.725228][ T4559] ? do_raw_spin_lock+0x151/0x370 [ 456.725261][ T4559] ? inetdev_event+0x4fb/0x1740 [ 456.725285][ T4559] ? igmp_netdev_event+0x7c/0x770 [ 456.725307][ T4559] notifier_call_chain+0x1a5/0x3f0 [ 456.725330][ T4559] __dev_close_many+0x15d/0x760 [ 456.725346][ T4559] ? __mutex_lock+0x380/0x10c0 [ 456.725363][ T4559] ? kthread+0x7b7/0x940 [ 456.725384][ T4559] ? __pfx___dev_close_many+0x10/0x10 [ 456.725404][ T4559] dev_close_many+0x250/0x4c0 [ 456.725421][ T4559] ? __pfx_dev_close_many+0x10/0x10 [ 456.725436][ T4559] ? __lock_acquire+0xad5/0xd80 [ 456.725455][ T4559] unregister_netdevice_many_notify+0x628/0x2500 [ 456.725483][ T4559] ? lockdep_hardirqs_on+0x9d/0x150 [ 456.725501][ T4559] ? __local_bh_enable_ip+0x168/0x200 [ 456.725517][ T4559] ? batadv_tt_local_remove+0x119/0x230 [ 456.725543][ T4559] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 456.725558][ T4559] ? batadv_tt_local_remove+0x119/0x230 [ 456.725583][ T4559] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 456.725613][ T4559] ? unregister_netdevice_queue+0x2c4/0x400 [ 456.725639][ T4559] ? batadv_meshif_destroy_netlink+0x1e6/0x270 [ 456.725662][ T4559] default_device_exit_batch+0x7ff/0x880 [ 456.725684][ T4559] ? __pfx_default_device_exit_batch+0x10/0x10 [ 456.725703][ T4559] ? __pfx_rdma_dev_exit_net+0x10/0x10 [ 456.725730][ T4559] ? cfg802154_pernet_exit+0xc3/0xe0 [ 456.725754][ T4559] ? __pfx_default_device_exit_batch+0x10/0x10 [ 456.725772][ T4559] ops_undo_list+0x47f/0x8b0 [ 456.725792][ T4559] ? __pfx_ops_undo_list+0x10/0x10 [ 456.725814][ T4559] cleanup_net+0x530/0x940 [ 456.725833][ T4559] ? __pfx_cleanup_net+0x10/0x10 [ 456.725854][ T4559] ? process_scheduled_works+0x9cb/0x18e0 [ 456.725872][ T4559] process_scheduled_works+0xac3/0x18e0 [ 456.725902][ T4559] ? __pfx_process_scheduled_works+0x10/0x10 [ 456.725924][ T4559] ? assign_work+0x367/0x3d0 [ 456.725965][ T4559] worker_thread+0x870/0xd50 [ 456.725991][ T4559] ? __kthread_parkme+0x1a8/0x200 [ 456.726011][ T4559] ? __pfx_worker_thread+0x10/0x10 [ 456.726030][ T4559] kthread+0x7b7/0x940 [ 456.726052][ T4559] ? __pfx_worker_thread+0x10/0x10 [ 456.726071][ T4559] ? __pfx_kthread+0x10/0x10 [ 456.726092][ T4559] ? __pfx_kthread+0x10/0x10 [ 456.726113][ T4559] ? __pfx_kthread+0x10/0x10 [ 456.726134][ T4559] ? __pfx_kthread+0x10/0x10 [ 456.726155][ T4559] ? _raw_spin_unlock_irq+0x23/0x50 [ 456.726180][ T4559] ? lockdep_hardirqs_on+0x9d/0x150 [ 456.726197][ T4559] ? __pfx_kthread+0x10/0x10 [ 456.726220][ T4559] ret_from_fork+0x4b/0x80 [ 456.726237][ T4559] ? __pfx_kthread+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 456.726258][ T4559] ret_from_fork_asm+0x1a/0x30 [ 456.726280][ T4559] [ 457.288628][ T4559] veth1_macvtap: left promiscuous mode [ 457.306789][ T4559] veth1_vlan: left promiscuous mode [ 457.312199][ T4559] veth0_vlan: left promiscuous mode [ 457.626239][ T5857] Bluetooth: hci4: command tx timeout [ 458.183600][ T5857] Bluetooth: hci2: command tx timeout