last executing test programs: 7.276061892s ago: executing program 1 (id=720): unshare(0x22020400) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x94) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10) pwrite64(r0, 0x0, 0x0, 0x1) 7.09385076s ago: executing program 1 (id=722): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) r2 = epoll_create1(0x80000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @none, 0x4, 0x2}, 0xe) getsockopt$bt_l2cap_L2CAP_OPTIONS(r5, 0x6, 0x1, 0x0, &(0x7f0000000040)) listen(r4, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000140), 0x4) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r7 = accept(r3, 0x0, 0x0) sendmsg$AUDIT_USER_AVC(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[], 0x454}}, 0x0) shutdown(r7, 0x1) recvfrom(r6, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000002c0)={0x10000018}) sendmsg$NFT_MSG_GETSET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x14, 0xa, 0xa, 0x301, 0x0, 0x0, {0x9, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4040080}, 0x8004) 6.897397533s ago: executing program 1 (id=725): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01000000040000000800000005"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) (async, rerun: 32) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0x20, &(0x7f0000000000)={&(0x7f0000000380)=""/200, 0xc8, 0x0, &(0x7f0000000580)=""/95, 0x5f}}, 0x10) (rerun: 32) bpf$TOKEN_CREATE(0x24, &(0x7f0000000480)={0x0, r2}, 0x8) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_GET(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x14, r5, 0x32b, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x8000) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r4) (async, rerun: 64) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r3}, 0x94) (rerun: 64) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r6, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff03076844268cb89e14f005dd1be0ffff00fe3a21632f77fbac14141de007031762079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x8, 0x60000000}, 0x1e) epoll_create1(0x0) (async) r7 = socket(0xa, 0x1, 0x0) bind$inet6(r7, &(0x7f00000000c0)={0xa, 0xe64, 0xffffff01, @loopback, 0xc3}, 0x1c) (async, rerun: 64) r8 = socket(0x200000000000011, 0x2, 0xd) (rerun: 64) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) bind$packet(r8, &(0x7f0000000080)={0x11, 0x800, r9, 0x1, 0x0, 0x6, @multicast}, 0x14) (async) syz_emit_ethernet(0x32, &(0x7f0000001140)=ANY=[@ANYBLOB="aaaaaaaaaaaa000000000000800045000024000000021017907800000000000000004e224e2300109078e204008b1fca4b000f4d92b8473e27da3d143a40daef718cdc59f4a155f80400000000001000a9fa2759e27dac8a639c4c7f06294847d6178d9d0b49ce5b2d53dc636f60db50418b07faef197eb0e771ef99f07e49fdb54bb7a2f156a836fdacbcbf2f365861a0786c36733dd1553f420349efada57247031848a932d05f87913f544b6d9660abb6b2441d9f6cc18f4cb34360c076eca61884176715ac3f72000000000000000000"], 0x0) (async) close(r1) 6.784327317s ago: executing program 1 (id=727): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000090900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a300000000028000480240001800a0001007175657565000000140002800600014000020000060003400001000014"], 0xd8}}, 0x4000040) 6.638853351s ago: executing program 1 (id=732): r0 = socket(0x10, 0x80002, 0x0) close(0x3) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000002840)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000100)=0x60, 0x80400) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[], 0x3c}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, 0x0}, 0x94) socket(0x11, 0x800000003, 0x0) bpf$MAP_CREATE(0x700000000000000, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000900)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x0, 0xfc5b, 0x10000}, 0x28) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x9, 0x2, 0x56d, 0x3, 0x2, 0xffffffffffffffff, 0x4}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r1}, 0x38) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r1}, 0x38) socket$can_raw(0x1d, 0x3, 0x1) socket$inet_sctp(0x2, 0x5, 0x84) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private2, 0x9}]}, &(0x7f00000002c0)=0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x17, 0x4, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000380)={0x0, 0x7, 0x2}, &(0x7f00000003c0)=0x8) 5.313674329s ago: executing program 1 (id=749): socket$kcm(0x10, 0x0, 0x4) socket$xdp(0x2c, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES32=r2, @ANYBLOB="000000000000000014004000000001006261746164760000040002800c001a"], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x40) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) r6 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r6, &(0x7f0000000140)={0xa, 0x4e23, 0xfffffffe, @private1, 0xb}, 0x1c) r7 = socket$igmp(0x2, 0x3, 0x2) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_user\x00', 0x0, 0x0) sendmsg$NFQNL_MSG_VERDICT(r8, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)={0x168, 0x1, 0x3, 0x3, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFQA_CT={0x54, 0xb, 0x0, 0x1, [@CTA_TUPLE_ORIG={0x48, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0xd}]}, @NFQA_VLAN={0x14, 0x13, 0x0, 0x1, [@NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x88a8}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x400}]}, @NFQA_PAYLOAD={0xdd, 0xa, "866b03efb6ec88c5f74429cd1348cbef479125f6ebb2c5a86e48a93a74836be89907ddda8ef7c816b3c2963ae8108d66b90ec7c89c470cde295f6711d43a8709f665a9370c2e81da308a4076e027adb0650cbaa39d3a8e6ff4680d42a49a2644ba58ec2b891df4fe2960422277f5228066cbbc4b0262667461fa4da42936e34156c572f3eac06fad44300c9fd969211a0b85804d939d23d3ba9f55fe6b73b7486065842aa714b147b1359c160f96307b6a77861ed0a9444a9ad30b66629a479663a8f1aa9a416a5ca3a9b41fc07852eb8c97bc95874ec780e1"}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffe, 0x8}}]}, 0x168}, 0x1, 0x0, 0x0, 0x8001}, 0x40000) setsockopt$MRT_FLUSH(r7, 0x0, 0xd4, &(0x7f0000000040)=0xc, 0x4) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x30, 0x2, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x30}}, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="300000001d0001000000000004086aa42d"], 0x30}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="540000000206010220000000000000000500000005000100060000000d000300686173683a6e6574000000000900020073797a31000000000c00078008000640000000400500050002000000050004"], 0x54}}, 0x0) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)=',', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 3.901824514s ago: executing program 0 (id=762): r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)="3900000013000318680907070000000f0000ff3f04000000170a001700000000040037000d00030001332564aa58b92f4411f6bbf44dc48f57", 0x20}], 0x1) 3.78415523s ago: executing program 0 (id=763): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)={0x30, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x1000000}, @NL80211_ATTR_CQM_RSSI_THOLD={0x8, 0x1, [0x7]}]}]}, 0x30}}, 0x0) sendmsg$NL80211_CMD_SET_REG(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000600)={0x210, r4, 0x4, 0x70bd2c, 0x25dfdbfd, {}, [@NL80211_ATTR_REG_RULES={0x78, 0x22, 0x0, 0x1, [{0x54, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xffff8000}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x2}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x5}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x4}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x5}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x2}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x2a0}, @NL80211_ATTR_REG_RULE_FLAGS={0x8}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0xa0}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x3}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x5}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x20000}]}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0xfb}, @NL80211_ATTR_REG_RULES={0x18, 0x22, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xb73}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x7}]}]}, @NL80211_ATTR_REG_RULES={0x148, 0x22, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x7}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x1}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x10000}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x8001}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x6}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x10001}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x4}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x1ff}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x7ff}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x48}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x9}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x8}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x7}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x1000}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x6}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x6}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x1}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x7}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x5}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x80000001}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x6}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0xfffffff9}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x5}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x10000}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x80000000}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0xa}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0xd50}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x7}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0x3}]}, {0x44, 0x0, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x80000001}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x2}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x10000}, @NL80211_ATTR_FREQ_RANGE_START={0x8}, @NL80211_ATTR_REG_RULE_FLAGS={0x8, 0x1, 0xcc9d}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x400}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xb81}]}]}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x210}, 0x1, 0x0, 0x0, 0x1}, 0x4) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r0}, 0x8) socket$nl_xfrm(0x10, 0x3, 0x6) r5 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r5, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xb}, 0x8}, 0x1c) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000e40)=@nat={'nat\x00', 0x1b, 0x5, 0x530, 0x0, 0x228, 0xffffffff, 0x340, 0x228, 0x460, 0x460, 0xffffffff, 0x460, 0x460, 0x5, &(0x7f0000000200), {[{{@uncond, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x2, @ipv6=@local, @ipv4=@multicast2, @icmp_id=0x68, @port=0x4e23}}}, {{@uncond, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@hbh={{0x48}, {0x9, 0x2, 0x0, [0xf8bb, 0x3ff, 0xc, 0x9, 0x7, 0xb43, 0x3e, 0x484, 0x4, 0x0, 0xf, 0x0, 0x1, 0x0, 0x5, 0x8], 0x4}}]}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x7, @ipv4=@private=0x4, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x42}}, @icmp_id=0x68, @gre_key=0xdbea}}}, {{@ipv6={@local, @mcast1, [0xff, 0xff, 0xff000000], [0x0, 0x0, 0xffffffff], 'veth1_to_bridge\x00', 'veth0_virt_wifi\x00', {0xff}, {0xff}, 0x32, 0x5, 0x1, 0x20}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@mh={{0x28}, {"8617"}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x18, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4=@broadcast, @gre_key=0xa, @icmp_id=0x68}}}, {{@uncond, 0x0, 0xd8, 0x120, 0x0, {}, [@common=@ah={{0x30}, {[0x4d3, 0x4d3], 0x7fff}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x2, @ipv6=@empty, @ipv4=@local, @icmp_id=0x67, @port=0x4e20}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590) r6 = socket$inet6(0xa, 0x80002, 0x0) sendmmsg$inet6(r6, &(0x7f0000000e00)=[{{&(0x7f00000002c0)={0xa, 0x4e22, 0xf58, @mcast2}, 0x1c, 0x0}}], 0x1, 0x4040884) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000940)='sys_exit\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYRESHEX, @ANYRES32=0x0, @ANYBLOB="8111000000000000140003006272696467655f736c6176655f30000008000400d40000001c0016801800018014000b00328a5589"], 0x58}}, 0x0) 3.523919033s ago: executing program 3 (id=764): socket$kcm(0x10, 0x0, 0x4) socket$xdp(0x2c, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES32=r2, @ANYBLOB="000000000000000014004000000001006261746164760000040002800c001a"], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x40) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) r6 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r6, &(0x7f0000000140)={0xa, 0x4e23, 0xfffffffe, @private1, 0xb}, 0x1c) r7 = socket$igmp(0x2, 0x3, 0x2) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.usage_user\x00', 0x0, 0x0) sendmsg$NFQNL_MSG_VERDICT(r8, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="680100000103030000000000000000000200000754000b80480001801400018008000100ffffffff08000200000000000c00028005000100880000000600034000000000060003400001000006000340000300000c0002800500010084000000080007400000000d140013800600014088a800000600024004000000dd000a00866b03efb6ec88c5f74429cd1348cbef479125f6ebb2c5a86e48a93a74836be89907ddda8ef7c816b3c2963ae8108d66b90ec7c89c470cde295f6711d43a8709f665a9370c2e81da308a4076e027adb0650c44ba58ec2b891df4fe2960422277f5228066cbbc4b0262667461fa4da42936e34156c572f3eac06fad44300c9fd969211a0b85804d939d23d3ba9f55fe6b73b7486065842aa714b147b1359c160f96307b6a77861ed0a9444a9ad30b66629a479663a8f1aa9a416a5ca3a9b41fc07852eb8c97bc95874ec780e10000000c000200fffffffe0000000800"/360], 0x168}, 0x1, 0x0, 0x0, 0x8001}, 0x40000) setsockopt$MRT_FLUSH(r7, 0x0, 0xd4, &(0x7f0000000040)=0xc, 0x4) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000083f0a4b2bc5cf772bf04000200000000000313000563100000000900020073797a300000"], 0x30}}, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="300000001d0001000000000004086aa42d"], 0x30}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="540000000206010200000000000000000500000005000100060000000d000300686173683a6e6574000000000900020073797a31000000000c00078008000640000000400500050002000000050004"], 0x54}}, 0x0) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007800c0001800800ffffff0c000280080001407f000001"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)=',', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 3.348715788s ago: executing program 0 (id=766): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a010400000000f4ff000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c08000140000000020800014000000030080002400000000308000140000000120800034000000000080003400000000a"], 0x122}}, 0x10) 3.240610885s ago: executing program 2 (id=767): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r3, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0xaa}}, 0x8) r4 = epoll_create1(0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000003880)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c9f4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75055df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83766b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b556381768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42ddd5f393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05bea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8dc0d472672286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8455029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a82a6ef09d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd60b1a715c366da2b37ac7e9e3033f8ec04db1c2412e02ccd0617d9fb646c4897750d068c936c3558a94b05d7c65c0d458c0d70d0aa864bc1e324d3f69b1b4061627da875a4b5c2668ab0990623fe6f3b54cd1c79da4baf256f88750c18486330589473e267fa44e220cf40db662b570c2a2fbba9a34a3dd7bbd8368fe506daa62b45797d4b397905a69e58eb436c08cc78963197adb1b16ad83a1a9b420e74c6bcdf1ed0b306141a83bf1268e954ad069257fbfaa1a7ea582badc1a7f2a5b0965f3535872d85c0bc3a233a3ea85df6a8ed76f0f803d54b7bef77d8ea71621f8a78dd17c3b58c5c7476ed6191acbb949e77f7cac81c543f7751e5e1000"/4545], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r5, 0xffffffffffffffff, 0x2f}, 0x20) socketpair$unix(0x1, 0x3, 0x0, 0x0) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/12], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_crypto(0x10, 0x3, 0x15) close(0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)) socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x80001, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x15, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0xb4}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r9, 0x0, &(0x7f0000000040)=""/73}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000004c0)=0x14) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1f00000001000000000040830400000080100000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="040000000300"/24], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x8, 0x7, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x7}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @initr0={0x18, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x81}, @jmp={0x5, 0x0, 0x8, 0x9, 0x5, 0xffffffffffffffe0, 0x8}]}, &(0x7f00000002c0)='syzkaller\x00', 0xfffffff9, 0x84, &(0x7f0000000400)=""/132, 0x40f00, 0xc, '\x00', r10, @cgroup_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x8, 0x2}, 0x8, 0x10, &(0x7f0000000540)={0x4, 0x7, 0x7fff, 0x186}, 0x10, 0x0, r8, 0x8, &(0x7f0000000600)=[0xffffffffffffffff, r6, r9, r6, r9, r9, r6, r11], &(0x7f0000000640)=[{0x3, 0x5, 0x1, 0x4}, {0x3, 0x1, 0x9, 0x7}, {0x5, 0x3, 0x0, 0xc}, {0x2, 0x5, 0x1, 0x7}, {0x0, 0x5, 0x1, 0xc}, {0x2, 0x5, 0xd, 0xa}, {0x0, 0x5, 0xfffffffe, 0x4}, {0x3, 0x3, 0x9, 0x6}], 0x10, 0xa0b}, 0x94) setsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f0000000040)=0x60, 0x2) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000007c0)={0x34, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}]}, 0x34}}, 0x0) 2.981862423s ago: executing program 0 (id=768): r0 = socket$can_bcm(0x1d, 0x2, 0x2) close(r0) socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = epoll_create1(0x80000) nanosleep(&(0x7f0000000140), &(0x7f0000000000)) unshare(0x6a040000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="12000000d30000000800000002"], 0x48) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newlink={0x60, 0x10, 0x437, 0x10, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x54583, 0x1}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @sit={{0x8}, {0x34, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @broadcast}, @IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0x6}, @IFLA_IPTUN_TTL={0x5, 0x4, 0x1}, @IFLA_IPTUN_ENCAP_TYPE={0x6}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e23}, @IFLA_IPTUN_LINK={0x8}]}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000000280)={'ip_vti0\x00', &(0x7f0000000440)={'erspan0\x00', 0x0, 0x10, 0x8000, 0x5, 0x0, {{0x15, 0x4, 0x3, 0x1, 0x54, 0x64, 0x0, 0x7f, 0x2f, 0x0, @loopback, @multicast2, {[@rr={0x7, 0xb, 0xb8, [@multicast2, @remote]}, @timestamp={0x44, 0x10, 0xc6, 0x0, 0x9, [0x7fff, 0xffffffff, 0x7]}, @timestamp_addr={0x44, 0x24, 0x10, 0x1, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x200}, {@multicast1, 0x2bcf}, {@rand_addr=0x64010100, 0xe0000}, {@rand_addr=0x64010101, 0xe2}]}]}}}}}) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r6}, 0x10) r7 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r7, 0x6, 0x1d, 0x0, &(0x7f0000000140)=0xfffffffffffffe9d) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000380001070000ef067c6c580e08"], 0x14}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r8) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0x10000000}) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="ec0000002100390d000000000000000000000000000000000000000000000000e000000200000000000000000000000000000000000000000000a000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c001100ff010000000000000000000000000001ffffffff000000000000000000000000ac1414aa000000000000000000000000ac141400000000000000000000000000000000000000000011000a00ff010000000000000000000000000001ffffffff"], 0xec}}, 0x0) socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000180)=0x200200, 0x4) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x30, 0x0, 0x1, 0x0, 0x0, {0x4, 0x74, 0x609}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x2, @loopback}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond0\x00'}]}, 0x30}, 0x1, 0xffffffff00000003}, 0x0) r10 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000500), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x20, r10, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x7fffffffffffffff}, @NLBL_CIPSOV4_A_TAGLST={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000080}, 0x20000080) 2.891152353s ago: executing program 3 (id=769): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000090900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a300000000028000480240001800a0001007175657565000000140002800600014000020000060003400001000014000000"], 0xd8}}, 0x4000040) 2.730757587s ago: executing program 3 (id=770): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000002100294100000400ffdbdf250a0000000000000000000000080018004e204e24080017004e234e23"], 0x2c}}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) 2.534118824s ago: executing program 3 (id=771): socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000600)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) socket$l2tp(0x2, 0x2, 0x73) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) socket$kcm(0x2, 0x3, 0x2) socket(0xa, 0x3, 0x3a) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) socket$kcm(0x10, 0x2, 0x4) socket$inet6_udplite(0xa, 0x2, 0x88) socket$can_bcm(0x1d, 0x2, 0x2) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="03800000000a0000240012800c0001006d6163766c616e00140002800800010008000000062102000100000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00]'], 0x54}, 0x1, 0x0, 0x0, 0x280608c0}, 0x0) 2.463808154s ago: executing program 4 (id=772): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e746572009c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000700003806c000080080003400000000260000b80440001800c000100636f756e746572"], 0x130}, 0x1, 0x0, 0x0, 0x8000}, 0x8880) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x25dfdbfb, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}, {0x10, 0x2, [@TCA_RED_FLAGS={0xc, 0x4, {0xf, 0x8}}]}}]}, 0x3c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb01001800000000000000540000005400000002000000000000000100000d000000000000000004000000000000000200000d0000"], 0x0, 0x6e, 0x0, 0x1}, 0x28) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001300010000000000000000", @ANYRES32=r7, @ANYBLOB="000000000000000010000c800c0022"], 0x30}, 0x1, 0x0, 0x0, 0x8004}, 0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x100007, 0x4, 0x25, 0x1, 0xffffffffffffffff, 0x400000}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240), &(0x7f0000000240)="29b0", 0x2000cc0, r9}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240), 0x0, 0x2, r9}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000002c0)={r9, &(0x7f00000001c0)="9ad632f5d53e48b6657ac4023f35075a16eb3cd6a7c702f40ba6afaa0a2688b116772543345b3481c7567ab81d592796b779f8b6381dba2ccb0b5df6d2ea94662d5ee6acae65c6707085e30d018346441108cecc52195b6111285d68b63567f3fab09b4333c21b74d82150f85d38e6ed6c614a1aeab5e8a32da64fcd89f4728285a5e06a481c880d6a4524cc62e9e1c7724a702c34ac960dda193ba98e1d79ef14ade033cd1e7f86d9bca8eb9894a2d8ae8959a5add1153afb072f1ffe1414c777a1436e1ae82f11aee820c8bdceebbe00cf554a4bb70b8df8d13967ad5a41c6d1fca22ce87de3cd1a9ba642f437cbe376177bb25e1a2e95d372fcf1ed", &(0x7f0000000040)=""/30}, 0x20) r10 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000ac0), r8) sendmsg$NLBL_CALIPSO_C_ADD(r8, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000000)={0x24, r10, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0xc840}, 0x20020000) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000100)={'ip6gre0\x00', 0x0}) r11 = socket$nl_route(0x10, 0x3, 0x0) r12 = socket(0x1, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'batadv0\x00'}) getsockname$packet(r12, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=@newlink={0x48, 0x10, 0x401, 0x0, 0x4, {0x0, 0x0, 0x0, r13, 0x0, 0x41400}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, r13, 0x0, 0x343}}}}}}]}, 0x48}}, 0x0) sendmsg$NLBL_CALIPSO_C_REMOVE(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="3ec33dd5", @ANYRES16=r10, @ANYBLOB="010025bd7000ffdbdf25020000000800010003000000"], 0x1c}, 0x1, 0x0, 0x0, 0x40005}, 0x8000) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[], 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 2.190600135s ago: executing program 2 (id=773): r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$RDMA_NLDEV_CMD_STAT_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20044000}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004"], 0x50) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffff"], 0x398}}, 0x0) 2.097985517s ago: executing program 3 (id=774): r0 = socket$can_bcm(0x1d, 0x2, 0x2) close(r0) socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = epoll_create1(0x80000) nanosleep(&(0x7f0000000140), &(0x7f0000000000)) unshare(0x6a040000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="12000000d30000000800000002"], 0x48) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newlink={0x60, 0x10, 0x437, 0x10, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x54583, 0x1}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @sit={{0x8}, {0x34, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @broadcast}, @IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0x6}, @IFLA_IPTUN_TTL={0x5, 0x4, 0x1}, @IFLA_IPTUN_ENCAP_TYPE={0x6}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e23}, @IFLA_IPTUN_LINK={0x8}]}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000000280)={'ip_vti0\x00', &(0x7f0000000440)={'erspan0\x00', 0x0, 0x10, 0x8000, 0x5, 0x0, {{0x15, 0x4, 0x3, 0x1, 0x54, 0x64, 0x0, 0x7f, 0x2f, 0x0, @loopback, @multicast2, {[@rr={0x7, 0xb, 0xb8, [@multicast2, @remote]}, @timestamp={0x44, 0x10, 0xc6, 0x0, 0x9, [0x7fff, 0xffffffff, 0x7]}, @timestamp_addr={0x44, 0x24, 0x10, 0x1, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x200}, {@multicast1, 0x2bcf}, {@rand_addr=0x64010100, 0xe0000}, {@rand_addr=0x64010101, 0xe2}]}]}}}}}) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r6}, 0x10) r7 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r7, 0x6, 0x1d, 0x0, &(0x7f0000000140)=0xfffffffffffffe9d) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000380001070000ef067c6c580e08"], 0x14}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r8) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0x10000000}) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="ec0000002100390d000000000000000000000000000000000000000000000000e000000200000000000000000000000000000000000000000000a000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c001100ff010000000000000000000000000001ffffffff000000000000000000000000ac1414aa000000000000000000000000ac141400000000000000000000000000000000000000000011000a00ff010000000000000000000000000001ffffffff"], 0xec}}, 0x0) r10 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000180)=0x200200, 0x4) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x30, 0x0, 0x1, 0x0, 0x0, {0x4, 0x74, 0x609}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x2, @loopback}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond0\x00'}]}, 0x30}, 0x1, 0xffffffff00000003}, 0x0) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000500), 0xffffffffffffffff) getsockopt$XDP_STATISTICS(r10, 0x11b, 0x7, &(0x7f00000003c0), &(0x7f0000000400)=0x18) 1.762232955s ago: executing program 2 (id=775): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x84, @mcast1, 0x7fff}, 0x1c) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="000086dd0500c00108005400000060ec970001983a00fc000018c6ba350000003c0000000700ff020000000000000000000000000001"], 0xfdef) 1.621066106s ago: executing program 4 (id=776): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket(0x2a, 0x2, 0x0) getsockname$packet(r1, 0x0, &(0x7f0000001480)) socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r2) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r3, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r4, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) 1.589157394s ago: executing program 0 (id=777): r0 = socket(0x10, 0x80002, 0x0) close(0x3) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000002840)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000100)=0x60, 0x80400) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[], 0x3c}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, 0x0}, 0x94) socket(0x11, 0x800000003, 0x0) bpf$MAP_CREATE(0x700000000000000, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000900)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x0, 0xfc5b, 0x10000}, 0x28) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x9, 0x2, 0x56d, 0x3, 0x2, 0xffffffffffffffff, 0x4}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r1}, 0x38) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r1}, 0x38) socket$can_raw(0x1d, 0x3, 0x1) socket$inet_sctp(0x2, 0x5, 0x84) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private2, 0x9}]}, &(0x7f00000002c0)=0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x17, 0x4, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000380)={0x0, 0x7, 0x2}, &(0x7f00000003c0)=0x8) 1.362356265s ago: executing program 4 (id=778): socket$inet(0x10, 0x3, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800006, 0x7000001, 0x6e073, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRESDEC=r1, @ANYBLOB="060100000000000000000000000c000300000000", @ANYRES32=0x0, @ANYRES32=r2, @ANYBLOB="00000000fdffffff0400"/28], 0x50) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000cf8e72a14b08b667d8db634c6484203ae1af21f34a602fb55747c3b671d1e91dfafa1d63dc98b430b1c1dda286e27098b2ff006b486cc8ed9a8924a4b075273a8762c8161774ea9f4ac145dde340a12cc1c0a501f363073fd9a9a3a4d2c5e0808914b28572fcb66c72a7c1120de9d051b3b7e35be95276e1781956caa625274ce42b0f98b4037c29bd728712cb61f7212c6dd2820fae6e5e1bee995de3f311bf7873396dc00cc2bcd7e368a6c85ddcea079836762340f5490e2ace60843b2de48cb400"/227, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x9, 0xf, &(0x7f0000000640)=ANY=[@ANYBLOB="18084000a500000000001811006c7587db465732a82f5a58a6b4f3458867c6af268f7e3d5f1f064fa4b6c1160301e27aaf1d0ea378423e3c9005ebe47b46ce54ecec30b1609bce5479632c4d33c2b47957a4b4e412bfb5f0d48c827e51b69e3a86b8fe6c667d54d87c2539273e5d261b6040a985e364c0bacdd5a06add2b96ffea04a24fbed9c92bcb8d596fa370f6e4fc5c649e", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca900000000000035090100000000009500000000000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r4, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYRES16=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) syz_emit_ethernet(0x1aa, &(0x7f0000000cc0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa008100000086dd602e5cea01703c0020010000000000000000000000000002ff0200000000000000000000000000012b0a0101"], 0x0) unshare(0x26020480) bind$alg(0xffffffffffffffff, 0x0, 0x0) r5 = syz_init_net_socket$ax25(0x3, 0x3, 0xc3) setsockopt$sock_int(r5, 0x1, 0x4102fc33d3fa21, &(0x7f00000001c0)=0x7, 0x4) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4400000010000305000000040000000000000000", @ANYRES32=0x0, @ANYBLOB="1546010000000000140012800b0001006d6163736563000078ff028008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n'], 0x44}}, 0x0) 1.038110512s ago: executing program 4 (id=779): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000007c0)={0x34, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x99}]}, 0x34}}, 0x0) (fail_nth: 5) 1.03767786s ago: executing program 2 (id=780): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000090900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a300000000028000480240001800a0001007175657565000000140002800600014000020000060003400001000014000000"], 0xd8}}, 0x4000040) 500.192871ms ago: executing program 3 (id=781): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$inet6(0xa, 0x2, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000240)=ANY=[@ANYBLOB="0380c2000000bbbbbbbbbbbb0800b3b64412e2a995346791504c4f07234500e82f0000000000019078ac1e0001ac5414aa0b00907401010000452905"], 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000006000000a20000000000a03000000000000000000070000040900010073797a300000000088000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d44001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000003ef0001800e000100636f6e6e6c696d69740000000c000280080001400000e41f08000340000001"], 0xd0}, 0x1, 0x0, 0x0, 0x60000800}, 0x4000024) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000"], 0x0, 0x3}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000002cc0)=[{0x0}, {0x0}], 0x2}, 0xa1}], 0x2, 0x0, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000500)=ANY=[@ANYBLOB="3c0100001000130429bd700000000000ac1414bb00000000000000000000000020010000000000000000000000000000000000004e2400000200002021000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="e000000100000000000000000000000000000000320000550000000000000000ad1329eca3eb8efc0100000000000000000000000000000000fcffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000060000040000000000000000f9ffffff0000080000000000000000000200018168000000000000004c001200706372797074287063727970742865636861696e69762867636d5f6261736528637472286165726e69292c67686173682d675c6e65726963292929290004000080000000"], 0x13c}, 0x1, 0x0, 0x0, 0x612fc0b6c779297b}, 0x20000080) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x10000}) ioctl(r5, 0x8b22, &(0x7f0000000040)) sendmsg$NL80211_CMD_GET_MPATH(r3, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r4], 0x5c}, 0x1, 0x0, 0x0, 0x20020800}, 0x4800) 395.564601ms ago: executing program 2 (id=782): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000100)={0x0, 0x1, {0x1, @usage=0x1000000000003, 0x0, 0xc, 0x8, 0x7, 0x1000000000, 0xfffffffffffffff8, 0x40, @struct={0x73f, 0x3}, 0x101, 0x945, [0x9, 0x80000000, 0xfcf6, 0x4, 0x80000000, 0x1]}, {0x1759, @struct={0x1, 0x180}, 0x0, 0x400, 0x200, 0x4, 0x0, 0xf, 0x20, @usage=0x1, 0x7, 0x2, [0xfffffffffffffffc, 0x1, 0x4, 0x7fff, 0x10, 0x9]}, {0xac3, @struct={0x2, 0x9}, 0x0, 0x2, 0x2, 0x1, 0x5dea760e, 0x7, 0x17, @struct={0x53e5, 0x8}, 0x8, 0x9, [0xb7, 0x0, 0x1, 0xa4, 0x9, 0x6]}, {0x7fffffffffffffff, 0x4, 0x4}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000580)={r1, 0x6d794da, 0x1000}) r2 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r2, 0x0, 0x8, 0x0, 0x1) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r5, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r4, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x240008c8) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0xd, 0xc, &(0x7f0000000b40)=ANY=[@ANYBLOB="1800000021990000000000000000000085000000bb000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000485000000ba00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x224eeb85387f3f80, 0x66, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc85}, 0x94) 394.295706ms ago: executing program 4 (id=783): getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0x0, 0x0, 0x43, 0x0, "0aaa8ff5a212a1bd3bbda613efd9c8b4965dca66db42f66a86e5781cf86717055a7c1d13e6507e5a774ef95f2fc1b947e03d5c8379123f2f1d34b0882e83d41b67cb9ff147c6d33a097d2269351b3ed3"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x34, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6803e10951cd4b347113e55eb289519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a68473ba07d945c3b03e10950cd4b347113e55eb4285bf274bca67efbff2fdf98328de9434031348589bf28046d14810000000e3ffffff00"}, 0xd8) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) r6 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r6, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000ffffff", 0x58}], 0x1) 300.49187ms ago: executing program 0 (id=784): r0 = socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18030000000000000000000000000000851000000600000018100000", @ANYRES32=r3, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000260300000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) setsockopt$sock_int(r2, 0x1, 0x10, &(0x7f0000000380)=0x38800000, 0x4) sendmmsg(r2, &(0x7f0000001c00), 0x400000000000159, 0x40840) sendmsg$NFT_BATCH(r1, 0x0, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0xfffffd66, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}}, 0x0) close(r1) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r4}, 0x10) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@remote, 0x0, 0x2}, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r5 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r5, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r6, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0) 89.722784ms ago: executing program 4 (id=785): r0 = socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$RDMA_NLDEV_CMD_STAT_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20044000}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004"], 0x50) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) 0s ago: executing program 2 (id=786): getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0x0, 0x0, 0x43, 0x0, "0aaa8ff5a212a1bd3bbda613efd9c8b4965dca66db42f66a86e5781cf86717055a7c1d13e6507e5a774ef95f2fc1b947e03d5c8379123f2f1d34b0882e83d41b67cb9ff147c6d33a097d2269351b3ed3"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x34, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6803e10951cd4b347113e55eb289519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a68473ba07d945c3b03e10950cd4b347113e55eb4285bf274bca67efbff2fdf98328de9434031348589bf28046d14810000000e3ffffff00"}, 0xd8) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) r6 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r6, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000feffff", 0x58}], 0x1) kernel console output (not intermixed with test programs): 95.423670][ T5848] bridge_slave_1: entered promiscuous mode [ 95.431459][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 95.444626][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.452293][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.460143][ T5846] bridge_slave_1: entered allmulticast mode [ 95.470882][ T5846] bridge_slave_1: entered promiscuous mode [ 95.602392][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.647842][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.686883][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.708261][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.809215][ T5848] team0: Port device team_slave_0 added [ 95.871434][ T5848] team0: Port device team_slave_1 added [ 95.908789][ T5846] team0: Port device team_slave_0 added [ 95.919563][ T5846] team0: Port device team_slave_1 added [ 95.944847][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.952554][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.960136][ T5854] bridge_slave_0: entered allmulticast mode [ 95.969164][ T5854] bridge_slave_0: entered promiscuous mode [ 95.993870][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.001375][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.028074][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.084834][ T5853] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.092698][ T5853] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.100534][ T5853] bridge_slave_0: entered allmulticast mode [ 96.109447][ T5853] bridge_slave_0: entered promiscuous mode [ 96.117754][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.125902][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.134385][ T5854] bridge_slave_1: entered allmulticast mode [ 96.142667][ T5854] bridge_slave_1: entered promiscuous mode [ 96.164320][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.171405][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.198178][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.217481][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.225016][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.232957][ T5847] bridge_slave_0: entered allmulticast mode [ 96.240583][ T5847] bridge_slave_0: entered promiscuous mode [ 96.250646][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.259995][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.260262][ T5861] Bluetooth: hci3: command tx timeout [ 96.269101][ T5847] bridge_slave_1: entered allmulticast mode [ 96.272001][ T5847] bridge_slave_1: entered promiscuous mode [ 96.275022][ T5863] Bluetooth: hci1: command tx timeout [ 96.309574][ T5853] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.317513][ T5853] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.325766][ T5853] bridge_slave_1: entered allmulticast mode [ 96.332128][ T5861] Bluetooth: hci0: command tx timeout [ 96.332187][ T5169] Bluetooth: hci2: command tx timeout [ 96.341369][ T5853] bridge_slave_1: entered promiscuous mode [ 96.344886][ T5863] Bluetooth: hci4: command tx timeout [ 96.384415][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.398239][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.427285][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.434689][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.461673][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.474925][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.482008][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.508997][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.604147][ T5853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.646003][ T5854] team0: Port device team_slave_0 added [ 96.657076][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.672193][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.685688][ T5853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.712777][ T5854] team0: Port device team_slave_1 added [ 96.774546][ T5848] hsr_slave_0: entered promiscuous mode [ 96.781610][ T5848] hsr_slave_1: entered promiscuous mode [ 96.851159][ T5853] team0: Port device team_slave_0 added [ 96.873854][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.880933][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.907933][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.922651][ T5847] team0: Port device team_slave_0 added [ 96.935349][ T5846] hsr_slave_0: entered promiscuous mode [ 96.941897][ T5846] hsr_slave_1: entered promiscuous mode [ 96.948197][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 96.956095][ T5846] Cannot create hsr debugfs directory [ 96.963855][ T5853] team0: Port device team_slave_1 added [ 96.981247][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.988831][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.016193][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.037539][ T5847] team0: Port device team_slave_1 added [ 97.201100][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.209096][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.236054][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.248074][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.255531][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.281894][ T5853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.296333][ T24] cfg80211: failed to load regulatory.db [ 97.300088][ T5853] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.310085][ T5853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.336713][ T5853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.376759][ T5854] hsr_slave_0: entered promiscuous mode [ 97.384506][ T5854] hsr_slave_1: entered promiscuous mode [ 97.391458][ T5854] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.399505][ T5854] Cannot create hsr debugfs directory [ 97.407523][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.415866][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.443676][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.691486][ T5847] hsr_slave_0: entered promiscuous mode [ 97.699993][ T5847] hsr_slave_1: entered promiscuous mode [ 97.707682][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.716268][ T5847] Cannot create hsr debugfs directory [ 97.729216][ T5853] hsr_slave_0: entered promiscuous mode [ 97.736118][ T5853] hsr_slave_1: entered promiscuous mode [ 97.742794][ T5853] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.750394][ T5853] Cannot create hsr debugfs directory [ 98.156907][ T5846] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 98.213692][ T5846] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 98.257772][ T5846] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 98.279561][ T5846] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 98.332845][ T5169] Bluetooth: hci1: command tx timeout [ 98.342608][ T5863] Bluetooth: hci3: command tx timeout [ 98.369026][ T5848] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 98.396581][ T5848] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 98.412388][ T5863] Bluetooth: hci4: command tx timeout [ 98.412917][ T5169] Bluetooth: hci2: command tx timeout [ 98.418427][ T5863] Bluetooth: hci0: command tx timeout [ 98.444936][ T5848] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 98.461613][ T5848] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 98.549075][ T5854] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 98.573847][ T5854] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 98.606582][ T5854] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 98.618700][ T5854] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 98.715425][ T5853] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 98.729671][ T5853] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 98.766438][ T5853] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 98.806385][ T5853] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 98.875756][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.893381][ T5847] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 98.904346][ T5847] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 98.918994][ T5847] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 98.948072][ T5847] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 99.009985][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.043945][ T667] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.051917][ T667] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.078963][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.139705][ T667] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.146942][ T667] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.173840][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.245203][ T3080] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.253100][ T3080] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.267622][ T3080] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.275938][ T3080] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.381490][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.447559][ T5854] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.548077][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.555340][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.587463][ T667] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.594714][ T667] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.629509][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.736607][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.767730][ T5853] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.818542][ T667] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.825897][ T667] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.866609][ T667] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.873916][ T667] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.899091][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.935330][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.942585][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.966012][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.000468][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.020377][ T667] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.027605][ T667] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.288451][ T5848] veth0_vlan: entered promiscuous mode [ 100.306845][ T5846] veth0_vlan: entered promiscuous mode [ 100.349192][ T5846] veth1_vlan: entered promiscuous mode [ 100.378339][ T5848] veth1_vlan: entered promiscuous mode [ 100.412493][ T5863] Bluetooth: hci3: command tx timeout [ 100.412509][ T5169] Bluetooth: hci1: command tx timeout [ 100.490604][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.492536][ T5863] Bluetooth: hci0: command tx timeout [ 100.503384][ T5863] Bluetooth: hci2: command tx timeout [ 100.509021][ T5863] Bluetooth: hci4: command tx timeout [ 100.609436][ T5848] veth0_macvtap: entered promiscuous mode [ 100.647449][ T5846] veth0_macvtap: entered promiscuous mode [ 100.698320][ T5848] veth1_macvtap: entered promiscuous mode [ 100.719600][ T5846] veth1_macvtap: entered promiscuous mode [ 100.777820][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.807995][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.866353][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.879152][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.919680][ T667] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.938665][ T667] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.949926][ T667] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.974823][ T667] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.017959][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.034606][ T667] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.043493][ T667] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.058033][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.091498][ T667] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.131400][ T667] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.311268][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.320619][ T667] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.336179][ T667] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.340271][ T5853] veth0_vlan: entered promiscuous mode [ 101.350287][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.387574][ T5847] veth0_vlan: entered promiscuous mode [ 101.448837][ T667] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.456372][ T5853] veth1_vlan: entered promiscuous mode [ 101.460406][ T667] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.484082][ T5847] veth1_vlan: entered promiscuous mode [ 101.515807][ T5854] veth0_vlan: entered promiscuous mode [ 101.538454][ T5854] veth1_vlan: entered promiscuous mode [ 101.558092][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.567964][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.674486][ T5853] veth0_macvtap: entered promiscuous mode [ 101.675671][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 101.691817][ T5853] veth1_macvtap: entered promiscuous mode [ 101.761085][ T5847] veth0_macvtap: entered promiscuous mode [ 101.805577][ T5847] veth1_macvtap: entered promiscuous mode [ 101.876090][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.933671][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.970315][ T5968] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.026838][ T5854] veth0_macvtap: entered promiscuous mode [ 102.046749][ T667] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.065621][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.095179][ T667] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.108373][ T667] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.199062][ T5968] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.225455][ T5854] veth1_macvtap: entered promiscuous mode [ 102.236506][ T667] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.363003][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.418775][ T5968] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.471410][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.486098][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.496410][ T5863] Bluetooth: hci3: command tx timeout [ 102.502631][ T5863] Bluetooth: hci1: command tx timeout [ 102.509755][ T5975] tap0: tun_chr_ioctl cmd 1074025677 [ 102.516423][ T5975] tap0: linktype set to 776 [ 102.561041][ T5968] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.574043][ T5863] Bluetooth: hci2: command tx timeout [ 102.574075][ T5861] Bluetooth: hci0: command tx timeout [ 102.579799][ T5863] Bluetooth: hci4: command tx timeout [ 102.597528][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.609492][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.630846][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.675397][ T5975] netlink: 'syz.3.7': attribute type 13 has an invalid length. [ 102.678107][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.697252][ T5975] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7'. [ 102.726364][ T3477] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.762245][ T3477] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.788424][ T3080] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.817952][ T5971] syz.2.3 (5971) used greatest stack depth: 19688 bytes left [ 102.846607][ T3080] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.897364][ T3080] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.906456][ T3080] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.923747][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.931654][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.962033][ T3080] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.976927][ T3080] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.056330][ T3477] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.099354][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.141142][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.171092][ T3080] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.185358][ T5968] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.220643][ T3080] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.270253][ T5981] sch_fq: defrate 4294967293 ignored. [ 103.350172][ T5968] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.416244][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.433167][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.457063][ T5990] netlink: 'syz.1.2': attribute type 13 has an invalid length. [ 103.503247][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.529143][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.553858][ T5990] netlink: 'syz.1.2': attribute type 17 has an invalid length. [ 103.564831][ T5968] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.577821][ T5992] Illegal XDP return value 4294967282 on prog (id 8) dev N/A, expect packet loss! [ 103.747053][ T5985] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2'. [ 103.770190][ T5990] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 103.843382][ T5999] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 103.938004][ T6002] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1'. [ 104.004488][ T6003] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1'. [ 104.056789][ T6002] gretap0: entered promiscuous mode [ 104.057651][ T5985] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 104.226275][ T6008] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5'. [ 104.265803][ T6009] netlink: 'syz.0.10': attribute type 1 has an invalid length. [ 104.508618][ T6012] Bluetooth: MGMT ver 1.23 [ 104.561886][ T6012] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11'. [ 104.589854][ T6014] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12'. [ 105.255511][ T6024] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15'. [ 105.397507][ T6025] netlink: 'syz.1.16': attribute type 1 has an invalid length. [ 105.979958][ T6034] netlink: 'syz.4.18': attribute type 1 has an invalid length. [ 106.011213][ T6036] netlink: 'syz.2.19': attribute type 1 has an invalid length. [ 106.402443][ T6049] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 106.507228][ T6049] netlink: 32 bytes leftover after parsing attributes in process `syz.0.22'. [ 106.565170][ T6049] warning: `syz.0.22' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 106.654772][ T6046] x_tables: unsorted underflow at hook 4 [ 106.694953][ T6053] ieee802154 phy0 wpan0: encryption failed: -22 [ 106.808209][ T6054] netlink: 'syz.4.23': attribute type 1 has an invalid length. [ 107.202586][ T6061] netlink: 'syz.1.27': attribute type 1 has an invalid length. [ 107.229089][ T6061] netlink: 224 bytes leftover after parsing attributes in process `syz.1.27'. [ 107.288500][ T6068] netlink: 'syz.2.30': attribute type 64 has an invalid length. [ 107.457260][ T6069] xt_CT: No such helper "snmp" [ 108.674626][ T6093] __nla_validate_parse: 1 callbacks suppressed [ 108.674648][ T6093] netlink: 4 bytes leftover after parsing attributes in process `syz.4.34'. [ 108.771520][ T6099] netlink: 4 bytes leftover after parsing attributes in process `syz.1.36'. [ 108.786826][ T10] IPVS: starting estimator thread 0... [ 108.840339][ T6094] netlink: 'syz.0.35': attribute type 7 has an invalid length. [ 108.878926][ T6096] lo speed is unknown, defaulting to 1000 [ 108.892311][ T6100] IPVS: using max 31 ests per chain, 74400 per kthread [ 108.959538][ T6096] lo speed is unknown, defaulting to 1000 [ 108.982819][ T6096] lo speed is unknown, defaulting to 1000 [ 108.996211][ T6096] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 109.026519][ T6096] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 109.035122][ T6102] sch_fq: defrate 4294967293 ignored. [ 109.067866][ T6096] lo speed is unknown, defaulting to 1000 [ 109.077001][ T6096] lo speed is unknown, defaulting to 1000 [ 109.094448][ T6096] lo speed is unknown, defaulting to 1000 [ 109.134664][ T6096] lo speed is unknown, defaulting to 1000 [ 109.143146][ T6096] lo speed is unknown, defaulting to 1000 [ 109.339231][ T6106] dvmrp0: entered allmulticast mode [ 109.403764][ T6105] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 109.443477][ T6105] netlink: 8 bytes leftover after parsing attributes in process `syz.3.38'. [ 109.486573][ T6105] veth0: entered promiscuous mode [ 109.506530][ T6105] veth0: left promiscuous mode [ 109.570763][ T5979] IPVS: starting estimator thread 0... [ 109.694479][ T6115] IPVS: using max 31 ests per chain, 74400 per kthread [ 109.716972][ T6111] netlink: 4 bytes leftover after parsing attributes in process `syz.0.41'. [ 109.781088][ T6114] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 110.063452][ T6123] Zero length message leads to an empty skb [ 110.104874][ T6123] netlink: 4 bytes leftover after parsing attributes in process `syz.0.44'. [ 110.309686][ T6125] netlink: 'syz.3.45': attribute type 1 has an invalid length. [ 110.590172][ T6127] netlink: 4 bytes leftover after parsing attributes in process `syz.0.46'. [ 110.627936][ T6129] netlink: 8 bytes leftover after parsing attributes in process `syz.1.47'. [ 110.647803][ T6129] netlink: 4 bytes leftover after parsing attributes in process `syz.1.47'. [ 110.680704][ T6129] batadv0: entered promiscuous mode [ 110.692014][ T6129] macsec1: entered allmulticast mode [ 110.705099][ T6129] batadv0: entered allmulticast mode [ 111.080515][ T6139] netlink: 4 bytes leftover after parsing attributes in process `syz.0.51'. [ 111.139462][ T6136] netlink: 'syz.1.50': attribute type 1 has an invalid length. [ 111.275606][ T6141] sch_fq: defrate 4294967293 ignored. [ 111.580846][ T6147] netlink: 4 bytes leftover after parsing attributes in process `syz.3.54'. [ 111.659827][ T6148] netlink: 'syz.1.55': attribute type 1 has an invalid length. [ 111.953075][ T6154] netlink: 'syz.3.57': attribute type 1 has an invalid length. [ 112.038434][ T6156] ip6gretap0: entered promiscuous mode [ 112.048485][ T6156] vlan2: entered promiscuous mode [ 112.559798][ T6163] FAULT_INJECTION: forcing a failure. [ 112.559798][ T6163] name failslab, interval 1, probability 0, space 0, times 1 [ 112.624922][ T6163] CPU: 1 UID: 0 PID: 6163 Comm: syz.3.61 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 112.624952][ T6163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 112.624971][ T6163] Call Trace: [ 112.624979][ T6163] [ 112.624989][ T6163] dump_stack_lvl+0x189/0x250 [ 112.625026][ T6163] ? __pfx____ratelimit+0x10/0x10 [ 112.625054][ T6163] ? __pfx_dump_stack_lvl+0x10/0x10 [ 112.625078][ T6163] ? __pfx__printk+0x10/0x10 [ 112.625114][ T6163] ? ref_tracker_alloc+0x318/0x460 [ 112.625148][ T6163] should_fail_ex+0x414/0x560 [ 112.625182][ T6163] should_failslab+0xa8/0x100 [ 112.625211][ T6163] kmem_cache_alloc_noprof+0x73/0x3c0 [ 112.625234][ T6163] ? skb_clone+0x212/0x3a0 [ 112.625259][ T6163] skb_clone+0x212/0x3a0 [ 112.625283][ T6163] __netlink_deliver_tap+0x404/0x850 [ 112.625326][ T6163] ? netlink_deliver_tap+0x2e/0x1b0 [ 112.625355][ T6163] netlink_deliver_tap+0x19c/0x1b0 [ 112.625385][ T6163] netlink_unicast+0x730/0x8e0 [ 112.625422][ T6163] netlink_sendmsg+0x805/0xb30 [ 112.625462][ T6163] ? __pfx_netlink_sendmsg+0x10/0x10 [ 112.625494][ T6163] ? aa_sock_msg_perm+0x94/0x160 [ 112.625525][ T6163] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 112.625555][ T6163] ? __pfx_netlink_sendmsg+0x10/0x10 [ 112.625584][ T6163] __sock_sendmsg+0x21c/0x270 [ 112.625612][ T6163] ____sys_sendmsg+0x505/0x830 [ 112.625650][ T6163] ? __pfx_____sys_sendmsg+0x10/0x10 [ 112.625703][ T6163] ? import_iovec+0x74/0xa0 [ 112.625731][ T6163] ___sys_sendmsg+0x21f/0x2a0 [ 112.625753][ T6163] ? __pfx____sys_sendmsg+0x10/0x10 [ 112.625813][ T6163] ? __fget_files+0x2a/0x420 [ 112.625837][ T6163] ? __fget_files+0x3a0/0x420 [ 112.625875][ T6163] __x64_sys_sendmsg+0x19b/0x260 [ 112.625898][ T6163] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 112.625928][ T6163] ? __pfx_ksys_write+0x10/0x10 [ 112.625948][ T6163] ? rcu_is_watching+0x15/0xb0 [ 112.625978][ T6163] ? do_syscall_64+0xbe/0x3b0 [ 112.626011][ T6163] do_syscall_64+0xfa/0x3b0 [ 112.626037][ T6163] ? lockdep_hardirqs_on+0x9c/0x150 [ 112.626064][ T6163] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.626083][ T6163] ? clear_bhb_loop+0x60/0xb0 [ 112.626108][ T6163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.626127][ T6163] RIP: 0033:0x7f2158f8e929 [ 112.626150][ T6163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.626167][ T6163] RSP: 002b:00007f2159d59038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 112.626188][ T6163] RAX: ffffffffffffffda RBX: 00007f21591b5fa0 RCX: 00007f2158f8e929 [ 112.626202][ T6163] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003 [ 112.626215][ T6163] RBP: 00007f2159d59090 R08: 0000000000000000 R09: 0000000000000000 [ 112.626227][ T6163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.626238][ T6163] R13: 0000000000000000 R14: 00007f21591b5fa0 R15: 00007ffc9dd4fd28 [ 112.626271][ T6163] [ 114.176512][ T6188] __nla_validate_parse: 3 callbacks suppressed [ 114.176529][ T6188] netlink: 4 bytes leftover after parsing attributes in process `syz.0.68'. [ 114.790421][ T6201] netlink: 8 bytes leftover after parsing attributes in process `syz.1.72'. [ 114.806755][ T6201] veth0: entered promiscuous mode [ 114.825227][ T6201] veth0: left promiscuous mode [ 115.225775][ T6209] netlink: 'syz.3.75': attribute type 64 has an invalid length. [ 115.234593][ T6209] netlink: 4 bytes leftover after parsing attributes in process `syz.3.75'. [ 115.623953][ T6222] syz.0.78 uses obsolete (PF_INET,SOCK_PACKET) [ 115.674980][ T6221] netlink: 48 bytes leftover after parsing attributes in process `syz.3.75'. [ 116.192355][ T6228] netlink: 'syz.0.79': attribute type 1 has an invalid length. [ 116.236347][ T6083] Set syz1 is full, maxelem 65536 reached [ 116.500523][ T6232] netlink: 'syz.0.84': attribute type 1 has an invalid length. [ 116.653367][ T6232] bond1: entered promiscuous mode [ 116.659360][ T6232] 8021q: adding VLAN 0 to HW filter on device bond1 [ 116.689223][ T6235] sch_fq: defrate 4294967293 ignored. [ 116.807828][ T6236] 8021q: adding VLAN 0 to HW filter on device bond1 [ 116.850563][ T6236] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 116.883523][ T6236] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 116.949976][ T6236] bond1: (slave vcan1): making interface the new active one [ 116.977595][ T6236] vcan1: entered promiscuous mode [ 116.995043][ T6236] bond1: (slave vcan1): Enslaving as an active interface with an up link [ 117.382952][ T6256] netlink: 4 bytes leftover after parsing attributes in process `syz.0.87'. [ 117.400944][ T6255] ieee802154 phy1 wpan1: encryption failed: -22 [ 117.761398][ T6262] lo speed is unknown, defaulting to 1000 [ 117.783264][ T6270] netlink: 4 bytes leftover after parsing attributes in process `syz.3.90'. [ 118.129650][ T6278] netlink: 4 bytes leftover after parsing attributes in process `syz.4.96'. [ 118.174901][ T6281] netlink: 'syz.2.97': attribute type 1 has an invalid length. [ 118.535854][ T6286] netlink: 'syz.4.98': attribute type 1 has an invalid length. [ 118.672666][ T6290] sch_fq: defrate 4294967293 ignored. [ 118.726936][ T6293] netlink: 4 bytes leftover after parsing attributes in process `syz.3.102'. [ 119.059783][ T6298] netlink: 'syz.4.104': attribute type 1 has an invalid length. [ 119.263334][ T6309] FAULT_INJECTION: forcing a failure. [ 119.263334][ T6309] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 119.292800][ T6307] netlink: 4 bytes leftover after parsing attributes in process `syz.0.108'. [ 119.321654][ T6309] CPU: 1 UID: 0 PID: 6309 Comm: syz.2.107 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 119.321682][ T6309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 119.321698][ T6309] Call Trace: [ 119.321706][ T6309] [ 119.321719][ T6309] dump_stack_lvl+0x189/0x250 [ 119.321757][ T6309] ? __pfx____ratelimit+0x10/0x10 [ 119.321784][ T6309] ? __pfx_dump_stack_lvl+0x10/0x10 [ 119.321808][ T6309] ? __pfx__printk+0x10/0x10 [ 119.321836][ T6309] ? __might_fault+0xb0/0x130 [ 119.321872][ T6309] should_fail_ex+0x414/0x560 [ 119.321908][ T6309] _copy_from_iter+0x1db/0x16f0 [ 119.321929][ T6309] ? __alloc_frozen_pages_noprof+0x1d6/0x370 [ 119.321969][ T6309] ? __pfx__copy_from_iter+0x10/0x10 [ 119.321991][ T6309] ? policy_nodemask+0x27c/0x720 [ 119.322014][ T6309] ? aa_file_perm+0x11f/0xed0 [ 119.322039][ T6309] ? page_copy_sane+0x4e/0x280 [ 119.322061][ T6309] copy_page_from_iter+0xdd/0x170 [ 119.322095][ T6309] anon_pipe_write+0x99a/0x1360 [ 119.322148][ T6309] ? __pfx_anon_pipe_write+0x10/0x10 [ 119.322174][ T6309] ? common_file_perm+0x199/0x200 [ 119.322206][ T6309] ? bpf_lsm_file_permission+0x9/0x20 [ 119.322226][ T6309] ? security_file_permission+0x75/0x290 [ 119.322261][ T6309] vfs_write+0x54b/0xa90 [ 119.322290][ T6309] ? __pfx_anon_pipe_write+0x10/0x10 [ 119.322317][ T6309] ? __pfx_vfs_write+0x10/0x10 [ 119.322351][ T6309] ? __fget_files+0x2a/0x420 [ 119.322388][ T6309] ksys_write+0x145/0x250 [ 119.322414][ T6309] ? __pfx_ksys_write+0x10/0x10 [ 119.322435][ T6309] ? rcu_is_watching+0x15/0xb0 [ 119.322465][ T6309] ? do_syscall_64+0xbe/0x3b0 [ 119.322499][ T6309] do_syscall_64+0xfa/0x3b0 [ 119.322525][ T6309] ? lockdep_hardirqs_on+0x9c/0x150 [ 119.322551][ T6309] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.322571][ T6309] ? clear_bhb_loop+0x60/0xb0 [ 119.322596][ T6309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.322616][ T6309] RIP: 0033:0x7faca2d8e929 [ 119.322640][ T6309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.322657][ T6309] RSP: 002b:00007faca3ca7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 119.322684][ T6309] RAX: ffffffffffffffda RBX: 00007faca2fb5fa0 RCX: 00007faca2d8e929 [ 119.322699][ T6309] RDX: 00000000fffffdef RSI: 00002000000001c0 RDI: 0000000000000000 [ 119.322712][ T6309] RBP: 00007faca3ca7090 R08: 0000000000000000 R09: 0000000000000000 [ 119.322724][ T6309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 119.322735][ T6309] R13: 0000000000000000 R14: 00007faca2fb5fa0 R15: 00007ffc060274d8 [ 119.322769][ T6309] [ 119.770068][ T6314] netlink: 'syz.3.110': attribute type 1 has an invalid length. [ 119.940562][ T6314] bond1: entered promiscuous mode [ 119.946356][ T6314] 8021q: adding VLAN 0 to HW filter on device bond1 [ 119.985716][ T6318] 8021q: adding VLAN 0 to HW filter on device bond1 [ 120.000205][ T6318] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 120.026037][ T6318] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 120.045377][ T6318] bond1: (slave vcan1): making interface the new active one [ 120.060440][ T6318] vcan1: entered promiscuous mode [ 120.071436][ T6318] bond1: (slave vcan1): Enslaving as an active interface with an up link [ 120.108494][ T6323] sch_fq: defrate 4294967293 ignored. [ 120.153463][ T6321] syzkaller0: entered promiscuous mode [ 120.181966][ T6321] syzkaller0: entered allmulticast mode [ 120.190495][ T6327] netlink: 4 bytes leftover after parsing attributes in process `syz.4.115'. [ 120.278411][ T6331] netlink: 4 bytes leftover after parsing attributes in process `syz.2.116'. [ 120.462074][ T6335] netlink: 'syz.3.118': attribute type 1 has an invalid length. [ 120.507226][ T6335] netlink: 16 bytes leftover after parsing attributes in process `syz.3.118'. [ 120.566074][ T6338] x_tables: duplicate underflow at hook 1 [ 120.705121][ T6341] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 120.738391][ T6350] netlink: 'syz.3.122': attribute type 9 has an invalid length. [ 120.788888][ T6350] netlink: 212260 bytes leftover after parsing attributes in process `syz.3.122'. [ 120.799793][ T6349] netlink: 68 bytes leftover after parsing attributes in process `syz.4.123'. [ 120.979516][ T6358] netlink: 9 bytes leftover after parsing attributes in process `syz.2.126'. [ 121.035894][ T6360] netlink: 4 bytes leftover after parsing attributes in process `syz.1.124'. [ 121.073060][ T6358] gretap0: entered promiscuous mode [ 121.092614][ T6363] sch_fq: defrate 4294967293 ignored. [ 121.169692][ T6364] netlink: 'syz.0.128': attribute type 1 has an invalid length. [ 121.296470][ T6370] FAULT_INJECTION: forcing a failure. [ 121.296470][ T6370] name failslab, interval 1, probability 0, space 0, times 0 [ 121.350243][ T6370] CPU: 0 UID: 0 PID: 6370 Comm: syz.4.130 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 121.350271][ T6370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 121.350283][ T6370] Call Trace: [ 121.350291][ T6370] [ 121.350300][ T6370] dump_stack_lvl+0x189/0x250 [ 121.350331][ T6370] ? __pfx____ratelimit+0x10/0x10 [ 121.350360][ T6370] ? __pfx_dump_stack_lvl+0x10/0x10 [ 121.350385][ T6370] ? __pfx__printk+0x10/0x10 [ 121.350421][ T6370] ? ref_tracker_alloc+0x318/0x460 [ 121.350455][ T6370] should_fail_ex+0x414/0x560 [ 121.350489][ T6370] should_failslab+0xa8/0x100 [ 121.350518][ T6370] kmem_cache_alloc_noprof+0x73/0x3c0 [ 121.350541][ T6370] ? skb_clone+0x212/0x3a0 [ 121.350566][ T6370] skb_clone+0x212/0x3a0 [ 121.350591][ T6370] __netlink_deliver_tap+0x404/0x850 [ 121.350635][ T6370] ? netlink_deliver_tap+0x2e/0x1b0 [ 121.350665][ T6370] netlink_deliver_tap+0x19c/0x1b0 [ 121.350704][ T6370] netlink_unicast+0x730/0x8e0 [ 121.350742][ T6370] netlink_sendmsg+0x805/0xb30 [ 121.350781][ T6370] ? __pfx_netlink_sendmsg+0x10/0x10 [ 121.350811][ T6370] ? aa_sock_msg_perm+0x94/0x160 [ 121.350843][ T6370] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 121.350872][ T6370] ? __pfx_netlink_sendmsg+0x10/0x10 [ 121.350902][ T6370] __sock_sendmsg+0x21c/0x270 [ 121.350930][ T6370] ____sys_sendmsg+0x505/0x830 [ 121.350967][ T6370] ? __pfx_____sys_sendmsg+0x10/0x10 [ 121.351008][ T6370] ? import_iovec+0x74/0xa0 [ 121.351035][ T6370] ___sys_sendmsg+0x21f/0x2a0 [ 121.351057][ T6370] ? __pfx____sys_sendmsg+0x10/0x10 [ 121.351118][ T6370] ? __fget_files+0x2a/0x420 [ 121.351148][ T6370] ? __fget_files+0x3a0/0x420 [ 121.351187][ T6370] __x64_sys_sendmsg+0x19b/0x260 [ 121.351210][ T6370] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 121.351241][ T6370] ? __pfx_ksys_write+0x10/0x10 [ 121.351262][ T6370] ? rcu_is_watching+0x15/0xb0 [ 121.351290][ T6370] ? do_syscall_64+0xbe/0x3b0 [ 121.351323][ T6370] do_syscall_64+0xfa/0x3b0 [ 121.351349][ T6370] ? lockdep_hardirqs_on+0x9c/0x150 [ 121.351375][ T6370] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.351396][ T6370] ? clear_bhb_loop+0x60/0xb0 [ 121.351420][ T6370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.351439][ T6370] RIP: 0033:0x7fd1f198e929 [ 121.351459][ T6370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 121.351476][ T6370] RSP: 002b:00007fd1f271a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 121.351496][ T6370] RAX: ffffffffffffffda RBX: 00007fd1f1bb5fa0 RCX: 00007fd1f198e929 [ 121.351511][ T6370] RDX: 0000000020044810 RSI: 00002000000003c0 RDI: 0000000000000004 [ 121.351523][ T6370] RBP: 00007fd1f271a090 R08: 0000000000000000 R09: 0000000000000000 [ 121.351535][ T6370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 121.351547][ T6370] R13: 0000000000000000 R14: 00007fd1f1bb5fa0 R15: 00007ffe295757e8 [ 121.351578][ T6370] [ 121.379905][ T6364] bond2: entered promiscuous mode [ 121.397260][ T6377] netlink: 4 bytes leftover after parsing attributes in process `syz.2.129'. [ 121.401467][ T6370] netlink: 4 bytes leftover after parsing attributes in process `syz.4.130'. [ 121.413576][ T6364] 8021q: adding VLAN 0 to HW filter on device bond2 [ 121.703483][ T6365] 8021q: adding VLAN 0 to HW filter on device bond2 [ 121.710847][ T6365] bond2: (slave vcan2): The slave device specified does not support setting the MAC address [ 121.721362][ T6365] bond2: (slave vcan2): Setting fail_over_mac to active for active-backup mode [ 121.736284][ T6365] bond2: (slave vcan2): making interface the new active one [ 121.745560][ T6365] vcan2: entered promiscuous mode [ 121.787783][ T6365] bond2: (slave vcan2): Enslaving as an active interface with an up link [ 121.789159][ T6379] FAULT_INJECTION: forcing a failure. [ 121.789159][ T6379] name failslab, interval 1, probability 0, space 0, times 0 [ 121.812398][ T6379] CPU: 1 UID: 0 PID: 6379 Comm: syz.3.132 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 121.812429][ T6379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 121.812442][ T6379] Call Trace: [ 121.812450][ T6379] [ 121.812458][ T6379] dump_stack_lvl+0x189/0x250 [ 121.812489][ T6379] ? __pfx____ratelimit+0x10/0x10 [ 121.812517][ T6379] ? __pfx_dump_stack_lvl+0x10/0x10 [ 121.812542][ T6379] ? __pfx__printk+0x10/0x10 [ 121.812573][ T6379] ? __pfx___might_resched+0x10/0x10 [ 121.812598][ T6379] ? fs_reclaim_acquire+0x7d/0x100 [ 121.812643][ T6379] should_fail_ex+0x414/0x560 [ 121.812679][ T6379] should_failslab+0xa8/0x100 [ 121.812707][ T6379] __kmalloc_noprof+0xcb/0x4f0 [ 121.812728][ T6379] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 121.812750][ T6379] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 121.812779][ T6379] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 121.812810][ T6379] genl_family_rcv_msg_doit+0xb8/0x300 [ 121.812840][ T6379] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 121.812865][ T6379] ? rcu_is_watching+0x15/0xb0 [ 121.812892][ T6379] ? apparmor_capable+0x137/0x1b0 [ 121.812917][ T6379] ? bpf_lsm_capable+0x9/0x20 [ 121.812939][ T6379] ? security_capable+0x7e/0x2e0 [ 121.812976][ T6379] genl_rcv_msg+0x60e/0x790 [ 121.813005][ T6379] ? __pfx_genl_rcv_msg+0x10/0x10 [ 121.813023][ T6379] ? ref_tracker_free+0x63a/0x7d0 [ 121.813051][ T6379] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 121.813071][ T6379] ? __pfx_nl80211_start_ap+0x10/0x10 [ 121.813092][ T6379] ? __pfx_nl80211_post_doit+0x10/0x10 [ 121.813114][ T6379] ? __pfx_ref_tracker_free+0x10/0x10 [ 121.813156][ T6379] netlink_rcv_skb+0x205/0x470 [ 121.813186][ T6379] ? __pfx_genl_rcv_msg+0x10/0x10 [ 121.813208][ T6379] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 121.813255][ T6379] ? down_read+0x1ad/0x2e0 [ 121.813288][ T6379] genl_rcv+0x28/0x40 [ 121.813307][ T6379] netlink_unicast+0x759/0x8e0 [ 121.813344][ T6379] netlink_sendmsg+0x805/0xb30 [ 121.813383][ T6379] ? __pfx_netlink_sendmsg+0x10/0x10 [ 121.813416][ T6379] ? aa_sock_msg_perm+0x94/0x160 [ 121.813447][ T6379] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 121.813476][ T6379] ? __pfx_netlink_sendmsg+0x10/0x10 [ 121.813505][ T6379] __sock_sendmsg+0x21c/0x270 [ 121.813531][ T6379] ____sys_sendmsg+0x505/0x830 [ 121.813563][ T6379] ? __pfx_____sys_sendmsg+0x10/0x10 [ 121.813599][ T6379] ? import_iovec+0x74/0xa0 [ 121.813623][ T6379] ___sys_sendmsg+0x21f/0x2a0 [ 121.813650][ T6379] ? __pfx____sys_sendmsg+0x10/0x10 [ 121.813699][ T6379] ? __fget_files+0x2a/0x420 [ 121.813719][ T6379] ? __fget_files+0x3a0/0x420 [ 121.813753][ T6379] __x64_sys_sendmsg+0x19b/0x260 [ 121.813774][ T6379] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 121.813798][ T6379] ? __pfx_ksys_write+0x10/0x10 [ 121.813814][ T6379] ? rcu_is_watching+0x15/0xb0 [ 121.813838][ T6379] ? do_syscall_64+0xbe/0x3b0 [ 121.813864][ T6379] do_syscall_64+0xfa/0x3b0 [ 121.813888][ T6379] ? lockdep_hardirqs_on+0x9c/0x150 [ 121.813910][ T6379] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.813926][ T6379] ? clear_bhb_loop+0x60/0xb0 [ 121.813945][ T6379] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.813960][ T6379] RIP: 0033:0x7f2158f8e929 [ 121.813977][ T6379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 121.813991][ T6379] RSP: 002b:00007f2159d59038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 121.814011][ T6379] RAX: ffffffffffffffda RBX: 00007f21591b5fa0 RCX: 00007f2158f8e929 [ 121.814022][ T6379] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003 [ 121.814032][ T6379] RBP: 00007f2159d59090 R08: 0000000000000000 R09: 0000000000000000 [ 121.814042][ T6379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 121.814053][ T6379] R13: 0000000000000000 R14: 00007f21591b5fa0 R15: 00007ffc9dd4fd28 [ 121.814080][ T6379] [ 122.535662][ T6393] xt_recent: Unsupported userspace flags (00000048) [ 122.740721][ T6399] netlink: 'syz.0.140': attribute type 4 has an invalid length. [ 122.802862][ T6401] netlink: 'syz.2.141': attribute type 10 has an invalid length. [ 123.037141][ T6404] netlink: 'syz.1.144': attribute type 1 has an invalid length. [ 123.159338][ T6404] bond1: entered promiscuous mode [ 123.176265][ T5938] IPVS: starting estimator thread 0... [ 123.196548][ T6404] 8021q: adding VLAN 0 to HW filter on device bond1 [ 123.282003][ T6418] IPVS: using max 27 ests per chain, 64800 per kthread [ 123.455058][ T6414] 8021q: adding VLAN 0 to HW filter on device bond1 [ 123.464633][ T6414] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 123.475151][ T6414] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 123.488866][ T6414] bond1: (slave vcan1): making interface the new active one [ 123.500000][ T6414] vcan1: entered promiscuous mode [ 123.507311][ T6414] bond1: (slave vcan1): Enslaving as an active interface with an up link [ 123.578547][ T6413] tap0: tun_chr_ioctl cmd 1074025677 [ 123.592803][ T6413] tap0: linktype set to 823 [ 123.798085][ T6433] veth0: entered promiscuous mode [ 123.826650][ T6433] veth0: left promiscuous mode [ 123.941610][ T6441] netlink: 'syz.0.154': attribute type 13 has an invalid length. [ 123.989917][ T6439] sch_fq: defrate 4294967293 ignored. [ 124.249163][ T6451] netlink: 'syz.4.159': attribute type 2 has an invalid length. [ 124.595386][ T6461] netlink: 'syz.4.165': attribute type 1 has an invalid length. [ 124.745161][ T6470] __nla_validate_parse: 7 callbacks suppressed [ 124.745180][ T6470] netlink: 20 bytes leftover after parsing attributes in process `syz.2.168'. [ 125.052020][ T6478] block nbd0: server does not support multiple connections per device. [ 125.063548][ T6478] block nbd0: shutting down sockets [ 125.190556][ T6489] netlink: 76 bytes leftover after parsing attributes in process `syz.2.175'. [ 125.454265][ T6494] "syz.0.177" (6494) uses obsolete ecb(arc4) skcipher [ 125.523620][ T6506] netlink: 9 bytes leftover after parsing attributes in process `syz.4.181'. [ 125.537311][ T6506] gretap0: entered promiscuous mode [ 125.595604][ T6507] netlink: 'syz.1.180': attribute type 4 has an invalid length. [ 125.648737][ T6507] netlink: 'syz.1.180': attribute type 4 has an invalid length. [ 125.781078][ T6512] netlink: 'syz.4.183': attribute type 1 has an invalid length. [ 125.821547][ T6512] bond1: entered promiscuous mode [ 125.827256][ T6512] 8021q: adding VLAN 0 to HW filter on device bond1 [ 125.885436][ T6518] 8021q: adding VLAN 0 to HW filter on device bond1 [ 125.938398][ T6518] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 126.011990][ T6518] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 126.045936][ T6518] bond1: (slave vcan1): making interface the new active one [ 126.063686][ T6518] vcan1: entered promiscuous mode [ 126.071310][ T6518] bond1: (slave vcan1): Enslaving as an active interface with an up link [ 126.224769][ T6529] netlink: 4 bytes leftover after parsing attributes in process `syz.2.187'. [ 126.436590][ T6534] netlink: 4 bytes leftover after parsing attributes in process `syz.0.189'. [ 126.625105][ T6539] netlink: 4 bytes leftover after parsing attributes in process `syz.4.191'. [ 126.674757][ T6543] sch_fq: defrate 4294967293 ignored. [ 126.823018][ T6541] batadv_slave_1: entered promiscuous mode [ 126.874193][ T6541] batadv_slave_1: left promiscuous mode [ 127.188096][ T6556] netlink: 'syz.4.198': attribute type 1 has an invalid length. [ 127.269711][ T6556] bond2: entered promiscuous mode [ 127.287210][ T6556] 8021q: adding VLAN 0 to HW filter on device bond2 [ 127.323401][ T6561] netlink: 4 bytes leftover after parsing attributes in process `syz.2.199'. [ 127.360938][ T6558] 8021q: adding VLAN 0 to HW filter on device bond2 [ 127.383464][ T6558] bond2: (slave vcan2): The slave device specified does not support setting the MAC address [ 127.394580][ T6558] bond2: (slave vcan2): Setting fail_over_mac to active for active-backup mode [ 127.410576][ T6558] bond2: (slave vcan2): making interface the new active one [ 127.419922][ T6558] vcan2: entered promiscuous mode [ 127.437151][ T6558] bond2: (slave vcan2): Enslaving as an active interface with an up link [ 127.454225][ T6563] netlink: 24 bytes leftover after parsing attributes in process `syz.1.200'. [ 128.002046][ T6579] netlink: 8 bytes leftover after parsing attributes in process `syz.4.205'. [ 128.029020][ T6579] veth0: entered promiscuous mode [ 128.073829][ T6579] veth0: left promiscuous mode [ 128.234752][ T6584] netlink: 'syz.0.206': attribute type 4 has an invalid length. [ 128.280887][ T6589] netlink: 4 bytes leftover after parsing attributes in process `syz.2.208'. [ 128.591052][ T6600] netlink: 'syz.0.211': attribute type 1 has an invalid length. [ 128.798348][ T6600] bond3: entered promiscuous mode [ 128.834046][ T6600] 8021q: adding VLAN 0 to HW filter on device bond3 [ 128.869948][ T6595] 8021q: adding VLAN 0 to HW filter on device bond3 [ 128.880730][ T6595] bond3: (slave vcan3): The slave device specified does not support setting the MAC address [ 128.891561][ T6595] bond3: (slave vcan3): Setting fail_over_mac to active for active-backup mode [ 128.906973][ T6595] bond3: (slave vcan3): making interface the new active one [ 128.914792][ T6595] vcan3: entered promiscuous mode [ 128.930002][ T6595] bond3: (slave vcan3): Enslaving as an active interface with an up link [ 129.236832][ T6621] netlink: 'syz.1.219': attribute type 1 has an invalid length. [ 129.603718][ T6631] FAULT_INJECTION: forcing a failure. [ 129.603718][ T6631] name failslab, interval 1, probability 0, space 0, times 0 [ 129.637390][ T6631] CPU: 0 UID: 0 PID: 6631 Comm: syz.0.223 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 129.637420][ T6631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.637433][ T6631] Call Trace: [ 129.637441][ T6631] [ 129.637450][ T6631] dump_stack_lvl+0x189/0x250 [ 129.637480][ T6631] ? __pfx____ratelimit+0x10/0x10 [ 129.637508][ T6631] ? __pfx_dump_stack_lvl+0x10/0x10 [ 129.637533][ T6631] ? __pfx__printk+0x10/0x10 [ 129.637557][ T6631] ? xfrm_policy_lookup_bytype+0x11ef/0x1250 [ 129.637598][ T6631] ? __lock_acquire+0xab9/0xd20 [ 129.637622][ T6631] should_fail_ex+0x414/0x560 [ 129.637656][ T6631] should_failslab+0xa8/0x100 [ 129.637682][ T6631] kmem_cache_alloc_noprof+0x73/0x3c0 [ 129.637705][ T6631] ? dst_alloc+0x105/0x170 [ 129.637730][ T6631] dst_alloc+0x105/0x170 [ 129.637755][ T6631] xfrm_alloc_dst+0x76/0x160 [ 129.637776][ T6631] xfrm_lookup_with_ifid+0x77e/0x1a70 [ 129.637815][ T6631] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10 [ 129.637852][ T6631] ? sk_dst_check+0x25/0x480 [ 129.637898][ T6631] xfrm_lookup_route+0x3c/0x1c0 [ 129.637929][ T6631] ip6_sk_dst_lookup_flow+0x790/0x980 [ 129.637964][ T6631] ? udpv6_sendmsg+0x16ea/0x2700 [ 129.638000][ T6631] udpv6_sendmsg+0x18df/0x2700 [ 129.638050][ T6631] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 129.638077][ T6631] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 129.638114][ T6631] ? __lock_acquire+0xab9/0xd20 [ 129.638153][ T6631] ? __local_bh_enable_ip+0x12d/0x1c0 [ 129.638176][ T6631] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 129.638208][ T6631] ? inet_send_prepare+0x1b9/0x270 [ 129.638234][ T6631] ? inet_send_prepare+0x1b9/0x270 [ 129.638261][ T6631] ? inet6_sendmsg+0xe4/0x120 [ 129.638288][ T6631] __sock_sendmsg+0xe5/0x270 [ 129.638316][ T6631] ____sys_sendmsg+0x52d/0x830 [ 129.638355][ T6631] ? __pfx_____sys_sendmsg+0x10/0x10 [ 129.638398][ T6631] ? import_iovec+0x74/0xa0 [ 129.638425][ T6631] ___sys_sendmsg+0x21f/0x2a0 [ 129.638447][ T6631] ? __pfx____sys_sendmsg+0x10/0x10 [ 129.638508][ T6631] ? __fget_files+0x2a/0x420 [ 129.638534][ T6631] ? __fget_files+0x3a0/0x420 [ 129.638572][ T6631] __sys_sendmmsg+0x227/0x430 [ 129.638599][ T6631] ? __pfx___sys_sendmmsg+0x10/0x10 [ 129.638615][ T6631] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 129.638666][ T6631] ? ksys_write+0x22a/0x250 [ 129.638686][ T6631] ? __pfx_ksys_write+0x10/0x10 [ 129.638702][ T6631] ? rcu_is_watching+0x15/0xb0 [ 129.638727][ T6631] __x64_sys_sendmmsg+0xa0/0xc0 [ 129.638744][ T6631] do_syscall_64+0xfa/0x3b0 [ 129.638765][ T6631] ? lockdep_hardirqs_on+0x9c/0x150 [ 129.638786][ T6631] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.638802][ T6631] ? clear_bhb_loop+0x60/0xb0 [ 129.638821][ T6631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.638837][ T6631] RIP: 0033:0x7f590558e929 [ 129.638852][ T6631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.638865][ T6631] RSP: 002b:00007f5906475038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 129.638888][ T6631] RAX: ffffffffffffffda RBX: 00007f59057b5fa0 RCX: 00007f590558e929 [ 129.638900][ T6631] RDX: 0000000000000001 RSI: 0000200000000e00 RDI: 0000000000000005 [ 129.638910][ T6631] RBP: 00007f5906475090 R08: 0000000000000000 R09: 0000000000000000 [ 129.638920][ T6631] R10: 0000000004040884 R11: 0000000000000246 R12: 0000000000000001 [ 129.638929][ T6631] R13: 0000000000000000 R14: 00007f59057b5fa0 R15: 00007ffe28124ed8 [ 129.638954][ T6631] [ 130.082535][ T6631] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 130.303696][ T6640] netlink: 'syz.1.227': attribute type 1 has an invalid length. [ 130.342391][ T6640] bond2: entered promiscuous mode [ 130.347699][ T6645] netlink: 'syz.2.226': attribute type 9 has an invalid length. [ 130.347935][ T6640] 8021q: adding VLAN 0 to HW filter on device bond2 [ 130.373078][ T6645] __nla_validate_parse: 5 callbacks suppressed [ 130.373097][ T6645] netlink: 204732 bytes leftover after parsing attributes in process `syz.2.226'. [ 130.428712][ T6647] 8021q: adding VLAN 0 to HW filter on device bond2 [ 130.446370][ T6647] bond2: (slave vcan2): The slave device specified does not support setting the MAC address [ 130.458874][ T6647] bond2: (slave vcan2): Setting fail_over_mac to active for active-backup mode [ 130.512646][ T6647] bond2: (slave vcan2): making interface the new active one [ 130.523801][ T6647] vcan2: entered promiscuous mode [ 130.526855][ T6652] netlink: 28 bytes leftover after parsing attributes in process `syz.0.230'. [ 130.531054][ T6647] bond2: (slave vcan2): Enslaving as an active interface with an up link [ 130.552327][ T6653] netlink: 4 bytes leftover after parsing attributes in process `syz.4.229'. [ 130.556070][ T6652] netlink: 'syz.0.230': attribute type 7 has an invalid length. [ 130.582969][ T6652] netlink: 4 bytes leftover after parsing attributes in process `syz.0.230'. [ 130.618082][ T6652] batadv_slave_1: entered promiscuous mode [ 130.625318][ T6652] erspan0: entered promiscuous mode [ 130.633079][ T6652] hsr1: Slave A (gretap0) is not up; please bring it up to get a fully working HSR network [ 130.902560][ T6659] netlink: 24 bytes leftover after parsing attributes in process `syz.0.233'. [ 131.135593][ T6667] netlink: 204 bytes leftover after parsing attributes in process `syz.2.236'. [ 131.161970][ T6667] netlink: 16 bytes leftover after parsing attributes in process `syz.2.236'. [ 131.549471][ T6677] netlink: 8 bytes leftover after parsing attributes in process `syz.0.240'. [ 131.587009][ T6677] veth0: entered promiscuous mode [ 131.596881][ T6679] validate_nla: 1 callbacks suppressed [ 131.596898][ T6679] netlink: 'syz.2.241': attribute type 1 has an invalid length. [ 131.613898][ T6677] veth0: left promiscuous mode [ 131.744763][ T6679] bond1: entered promiscuous mode [ 131.767632][ T6679] 8021q: adding VLAN 0 to HW filter on device bond1 [ 131.911631][ T6681] 8021q: adding VLAN 0 to HW filter on device bond1 [ 131.932452][ T6681] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 131.975911][ T6681] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 132.016590][ T6685] netlink: 40 bytes leftover after parsing attributes in process `syz.1.243'. [ 132.017724][ T6681] bond1: (slave vcan1): making interface the new active one [ 132.079048][ T6681] vcan1: entered promiscuous mode [ 132.099811][ T6681] bond1: (slave vcan1): Enslaving as an active interface with an up link [ 132.748789][ T5918] hid-generic 0005:16BF:5505.0001: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa [ 132.878670][ T6713] netlink: 4 bytes leftover after parsing attributes in process `syz.3.252'. [ 133.004169][ T6713] batadv0: entered promiscuous mode [ 133.020015][ T6713] macsec1: entered allmulticast mode [ 133.028858][ T6716] FAULT_INJECTION: forcing a failure. [ 133.028858][ T6716] name failslab, interval 1, probability 0, space 0, times 0 [ 133.066880][ T6713] batadv0: entered allmulticast mode [ 133.072657][ T6711] fido_id[6711]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci4/hci4:200/report_descriptor': No such file or directory [ 133.088391][ T6716] CPU: 0 UID: 0 PID: 6716 Comm: syz.1.254 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 133.088417][ T6716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 133.088428][ T6716] Call Trace: [ 133.088437][ T6716] [ 133.088445][ T6716] dump_stack_lvl+0x189/0x250 [ 133.088474][ T6716] ? __pfx____ratelimit+0x10/0x10 [ 133.088503][ T6716] ? __pfx_dump_stack_lvl+0x10/0x10 [ 133.088527][ T6716] ? __pfx__printk+0x10/0x10 [ 133.088559][ T6716] ? percpu_counter_add_batch+0xea/0x1e0 [ 133.088605][ T6716] should_fail_ex+0x414/0x560 [ 133.088640][ T6716] should_failslab+0xa8/0x100 [ 133.088670][ T6716] kmem_cache_alloc_noprof+0x73/0x3c0 [ 133.088694][ T6716] ? dst_alloc+0x105/0x170 [ 133.088721][ T6716] dst_alloc+0x105/0x170 [ 133.088747][ T6716] ip6_blackhole_route+0x59/0x340 [ 133.088781][ T6716] xfrm_lookup_route+0xd7/0x1c0 [ 133.088813][ T6716] ip6_sk_dst_lookup_flow+0x790/0x980 [ 133.088849][ T6716] ? udpv6_sendmsg+0x16ea/0x2700 [ 133.088884][ T6716] udpv6_sendmsg+0x18df/0x2700 [ 133.088928][ T6716] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 133.088955][ T6716] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 133.088992][ T6716] ? __lock_acquire+0xab9/0xd20 [ 133.089033][ T6716] ? __local_bh_enable_ip+0x12d/0x1c0 [ 133.089056][ T6716] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 133.089085][ T6716] ? inet_send_prepare+0x1b9/0x270 [ 133.089111][ T6716] ? inet_send_prepare+0x1b9/0x270 [ 133.089135][ T6716] ? inet6_sendmsg+0xe4/0x120 [ 133.089162][ T6716] __sock_sendmsg+0xe5/0x270 [ 133.089191][ T6716] ____sys_sendmsg+0x52d/0x830 [ 133.089230][ T6716] ? __pfx_____sys_sendmsg+0x10/0x10 [ 133.089273][ T6716] ? import_iovec+0x74/0xa0 [ 133.089306][ T6716] ___sys_sendmsg+0x21f/0x2a0 [ 133.089329][ T6716] ? __pfx____sys_sendmsg+0x10/0x10 [ 133.089391][ T6716] ? __fget_files+0x2a/0x420 [ 133.089417][ T6716] ? __fget_files+0x3a0/0x420 [ 133.089456][ T6716] __sys_sendmmsg+0x227/0x430 [ 133.089482][ T6716] ? __pfx___sys_sendmmsg+0x10/0x10 [ 133.089499][ T6716] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 133.089557][ T6716] ? ksys_write+0x22a/0x250 [ 133.089590][ T6716] ? __pfx_ksys_write+0x10/0x10 [ 133.089610][ T6716] ? rcu_is_watching+0x15/0xb0 [ 133.089643][ T6716] __x64_sys_sendmmsg+0xa0/0xc0 [ 133.089665][ T6716] do_syscall_64+0xfa/0x3b0 [ 133.089692][ T6716] ? lockdep_hardirqs_on+0x9c/0x150 [ 133.089718][ T6716] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.089738][ T6716] ? clear_bhb_loop+0x60/0xb0 [ 133.089764][ T6716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.089784][ T6716] RIP: 0033:0x7f987738e929 [ 133.089802][ T6716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.089819][ T6716] RSP: 002b:00007f98781eb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 133.089840][ T6716] RAX: ffffffffffffffda RBX: 00007f98775b5fa0 RCX: 00007f987738e929 [ 133.089855][ T6716] RDX: 0000000000000001 RSI: 0000200000000e00 RDI: 0000000000000005 [ 133.089868][ T6716] RBP: 00007f98781eb090 R08: 0000000000000000 R09: 0000000000000000 [ 133.089880][ T6716] R10: 0000000004040884 R11: 0000000000000246 R12: 0000000000000001 [ 133.089892][ T6716] R13: 0000000000000000 R14: 00007f98775b5fa0 R15: 00007ffea5a2fd88 [ 133.089926][ T6716] [ 133.438479][ T6713] batadv0: left allmulticast mode [ 133.444571][ T6713] batadv0: left promiscuous mode [ 133.579632][ T6716] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 133.740071][ T6727] FAULT_INJECTION: forcing a failure. [ 133.740071][ T6727] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 133.756596][ T6727] CPU: 0 UID: 0 PID: 6727 Comm: syz.0.259 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 133.756658][ T6727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 133.756671][ T6727] Call Trace: [ 133.756680][ T6727] [ 133.756690][ T6727] dump_stack_lvl+0x189/0x250 [ 133.756721][ T6727] ? __pfx____ratelimit+0x10/0x10 [ 133.756749][ T6727] ? __pfx_dump_stack_lvl+0x10/0x10 [ 133.756774][ T6727] ? __pfx__printk+0x10/0x10 [ 133.756802][ T6727] ? __might_fault+0xb0/0x130 [ 133.756839][ T6727] should_fail_ex+0x414/0x560 [ 133.756875][ T6727] _copy_from_iter+0x1db/0x16f0 [ 133.756900][ T6727] ? rcu_is_watching+0x15/0xb0 [ 133.756927][ T6727] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 133.756953][ T6727] ? __pfx__copy_from_iter+0x10/0x10 [ 133.756976][ T6727] ? __build_skb_around+0x257/0x3e0 [ 133.757009][ T6727] ? netlink_sendmsg+0x642/0xb30 [ 133.757036][ T6727] ? skb_put+0x11b/0x210 [ 133.757069][ T6727] netlink_sendmsg+0x6b2/0xb30 [ 133.757108][ T6727] ? __pfx_netlink_sendmsg+0x10/0x10 [ 133.757140][ T6727] ? aa_sock_msg_perm+0x94/0x160 [ 133.757172][ T6727] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 133.757203][ T6727] ? __pfx_netlink_sendmsg+0x10/0x10 [ 133.757233][ T6727] __sock_sendmsg+0x21c/0x270 [ 133.757261][ T6727] ____sys_sendmsg+0x505/0x830 [ 133.757300][ T6727] ? __pfx_____sys_sendmsg+0x10/0x10 [ 133.757342][ T6727] ? import_iovec+0x74/0xa0 [ 133.757369][ T6727] ___sys_sendmsg+0x21f/0x2a0 [ 133.757392][ T6727] ? __pfx____sys_sendmsg+0x10/0x10 [ 133.757452][ T6727] ? __fget_files+0x2a/0x420 [ 133.757478][ T6727] ? __fget_files+0x3a0/0x420 [ 133.757516][ T6727] __x64_sys_sendmsg+0x19b/0x260 [ 133.757539][ T6727] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 133.757569][ T6727] ? __pfx_ksys_write+0x10/0x10 [ 133.757590][ T6727] ? rcu_is_watching+0x15/0xb0 [ 133.757625][ T6727] ? do_syscall_64+0xbe/0x3b0 [ 133.757658][ T6727] do_syscall_64+0xfa/0x3b0 [ 133.757684][ T6727] ? lockdep_hardirqs_on+0x9c/0x150 [ 133.757710][ T6727] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.757730][ T6727] ? clear_bhb_loop+0x60/0xb0 [ 133.757755][ T6727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.757775][ T6727] RIP: 0033:0x7f590558e929 [ 133.757793][ T6727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.757809][ T6727] RSP: 002b:00007f5906475038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 133.757831][ T6727] RAX: ffffffffffffffda RBX: 00007f59057b5fa0 RCX: 00007f590558e929 [ 133.757845][ T6727] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000012 [ 133.757858][ T6727] RBP: 00007f5906475090 R08: 0000000000000000 R09: 0000000000000000 [ 133.757870][ T6727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.757882][ T6727] R13: 0000000000000000 R14: 00007f59057b5fa0 R15: 00007ffe28124ed8 [ 133.757914][ T6727] [ 134.223781][ T6736] netlink: 'syz.2.257': attribute type 1 has an invalid length. [ 134.298323][ T6736] bond2: entered promiscuous mode [ 134.311000][ T6736] 8021q: adding VLAN 0 to HW filter on device bond2 [ 134.365915][ T6740] netlink: 'syz.3.264': attribute type 7 has an invalid length. [ 134.375244][ T6740] netlink: 'syz.3.264': attribute type 8 has an invalid length. [ 134.438192][ T6725] 8021q: adding VLAN 0 to HW filter on device bond2 [ 134.482497][ T6725] bond2: (slave vcan2): The slave device specified does not support setting the MAC address [ 134.531575][ T6725] bond2: (slave vcan2): Setting fail_over_mac to active for active-backup mode [ 134.561705][ T6725] bond2: (slave vcan2): making interface the new active one [ 134.593586][ T6725] vcan2: entered promiscuous mode [ 134.619357][ T6725] bond2: (slave vcan2): Enslaving as an active interface with an up link [ 134.666868][ T6740] gretap0: entered promiscuous mode [ 134.683948][ T6740] batadv_slave_1: entered promiscuous mode [ 134.715873][ T6740] erspan0: entered promiscuous mode [ 134.722746][ T6740] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 134.757131][ T6740] Cannot create hsr debugfs directory [ 134.808303][ T6732] batadv0: entered promiscuous mode [ 134.822017][ T6732] vlan2: entered promiscuous mode [ 135.660757][ T6777] netlink: 'syz.3.279': attribute type 1 has an invalid length. [ 135.728283][ T6777] __nla_validate_parse: 7 callbacks suppressed [ 135.728302][ T6777] netlink: 16166 bytes leftover after parsing attributes in process `syz.3.279'. [ 135.749545][ T6779] netlink: 'syz.0.280': attribute type 9 has an invalid length. [ 135.850576][ T6786] netlink: 88 bytes leftover after parsing attributes in process `syz.0.280'. [ 135.918664][ T6786] netlink: 8 bytes leftover after parsing attributes in process `syz.0.280'. [ 136.387448][ T6807] netlink: 4 bytes leftover after parsing attributes in process `syz.3.286'. [ 136.447990][ T6809] netlink: 64 bytes leftover after parsing attributes in process `syz.1.288'. [ 136.466967][ T6810] netlink: 9 bytes leftover after parsing attributes in process `syz.0.289'. [ 136.780482][ T6818] netlink: 'syz.1.292': attribute type 1 has an invalid length. [ 137.069537][ T6825] netlink: 4 bytes leftover after parsing attributes in process `syz.3.294'. [ 137.364851][ T6838] FAULT_INJECTION: forcing a failure. [ 137.364851][ T6838] name failslab, interval 1, probability 0, space 0, times 0 [ 137.391089][ T6836] netlink: 4 bytes leftover after parsing attributes in process `syz.1.301'. [ 137.435328][ T6838] CPU: 1 UID: 0 PID: 6838 Comm: syz.3.302 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 137.435359][ T6838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 137.435371][ T6838] Call Trace: [ 137.435379][ T6838] [ 137.435388][ T6838] dump_stack_lvl+0x189/0x250 [ 137.435418][ T6838] ? __pfx____ratelimit+0x10/0x10 [ 137.435446][ T6838] ? __pfx_dump_stack_lvl+0x10/0x10 [ 137.435470][ T6838] ? __pfx__printk+0x10/0x10 [ 137.435493][ T6838] ? __kasan_slab_alloc+0x6c/0x80 [ 137.435516][ T6838] ? xfrm_lookup_route+0xd7/0x1c0 [ 137.435542][ T6838] ? udpv6_sendmsg+0x18df/0x2700 [ 137.435568][ T6838] ? __sock_sendmsg+0xe5/0x270 [ 137.435589][ T6838] ? ____sys_sendmsg+0x52d/0x830 [ 137.435618][ T6838] ? __sys_sendmmsg+0x227/0x430 [ 137.435633][ T6838] ? __x64_sys_sendmmsg+0xa0/0xc0 [ 137.435649][ T6838] ? do_syscall_64+0xfa/0x3b0 [ 137.435675][ T6838] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.435700][ T6838] should_fail_ex+0x414/0x560 [ 137.435735][ T6838] should_failslab+0xa8/0x100 [ 137.435762][ T6838] __kmalloc_node_noprof+0xd1/0x4e0 [ 137.435784][ T6838] ? alloc_slab_obj_exts+0x39/0xa0 [ 137.435812][ T6838] alloc_slab_obj_exts+0x39/0xa0 [ 137.435834][ T6838] __memcg_slab_post_alloc_hook+0x31e/0x7f0 [ 137.435879][ T6838] kmem_cache_alloc_noprof+0x2bf/0x3c0 [ 137.435902][ T6838] ? dst_alloc+0x105/0x170 [ 137.435927][ T6838] dst_alloc+0x105/0x170 [ 137.435952][ T6838] ip6_blackhole_route+0x59/0x340 [ 137.435984][ T6838] xfrm_lookup_route+0xd7/0x1c0 [ 137.436016][ T6838] ip6_sk_dst_lookup_flow+0x790/0x980 [ 137.436049][ T6838] ? udpv6_sendmsg+0x16ea/0x2700 [ 137.436082][ T6838] udpv6_sendmsg+0x18df/0x2700 [ 137.436123][ T6838] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 137.436151][ T6838] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 137.436188][ T6838] ? __lock_acquire+0xab9/0xd20 [ 137.436227][ T6838] ? __local_bh_enable_ip+0x12d/0x1c0 [ 137.436251][ T6838] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 137.436280][ T6838] ? inet_send_prepare+0x1b9/0x270 [ 137.436306][ T6838] ? inet_send_prepare+0x1b9/0x270 [ 137.436345][ T6838] ? inet6_sendmsg+0xe4/0x120 [ 137.436369][ T6838] __sock_sendmsg+0xe5/0x270 [ 137.436393][ T6838] ____sys_sendmsg+0x52d/0x830 [ 137.436427][ T6838] ? __pfx_____sys_sendmsg+0x10/0x10 [ 137.436470][ T6838] ? import_iovec+0x74/0xa0 [ 137.436496][ T6838] ___sys_sendmsg+0x21f/0x2a0 [ 137.436517][ T6838] ? __pfx____sys_sendmsg+0x10/0x10 [ 137.436578][ T6838] ? __fget_files+0x2a/0x420 [ 137.436603][ T6838] ? __fget_files+0x3a0/0x420 [ 137.436638][ T6838] __sys_sendmmsg+0x227/0x430 [ 137.436662][ T6838] ? __pfx___sys_sendmmsg+0x10/0x10 [ 137.436679][ T6838] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 137.436738][ T6838] ? ksys_write+0x22a/0x250 [ 137.436764][ T6838] ? __pfx_ksys_write+0x10/0x10 [ 137.436782][ T6838] ? rcu_is_watching+0x15/0xb0 [ 137.436812][ T6838] __x64_sys_sendmmsg+0xa0/0xc0 [ 137.436833][ T6838] do_syscall_64+0xfa/0x3b0 [ 137.436858][ T6838] ? lockdep_hardirqs_on+0x9c/0x150 [ 137.436884][ T6838] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.436904][ T6838] ? clear_bhb_loop+0x60/0xb0 [ 137.436929][ T6838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.436948][ T6838] RIP: 0033:0x7f2158f8e929 [ 137.436966][ T6838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 137.436983][ T6838] RSP: 002b:00007f2159d59038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 137.437005][ T6838] RAX: ffffffffffffffda RBX: 00007f21591b5fa0 RCX: 00007f2158f8e929 [ 137.437020][ T6838] RDX: 0000000000000001 RSI: 0000200000000e00 RDI: 0000000000000005 [ 137.437032][ T6838] RBP: 00007f2159d59090 R08: 0000000000000000 R09: 0000000000000000 [ 137.437045][ T6838] R10: 0000000004040884 R11: 0000000000000246 R12: 0000000000000001 [ 137.437057][ T6838] R13: 0000000000000000 R14: 00007f21591b5fa0 R15: 00007ffc9dd4fd28 [ 137.437089][ T6838] [ 137.470968][ T6839] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 137.508929][ T6841] netlink: 4 bytes leftover after parsing attributes in process `syz.0.303'. [ 137.603882][ T6843] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 137.630261][ T6841] batadv0: entered promiscuous mode [ 137.900775][ T6841] macsec1: entered allmulticast mode [ 137.920878][ T6841] batadv0: entered allmulticast mode [ 137.948411][ T6841] batadv0: left allmulticast mode [ 137.954745][ T6841] batadv0: left promiscuous mode [ 138.075126][ T6847] lo speed is unknown, defaulting to 1000 [ 138.249192][ T6854] FAULT_INJECTION: forcing a failure. [ 138.249192][ T6854] name failslab, interval 1, probability 0, space 0, times 0 [ 138.258465][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.320028][ T6854] CPU: 1 UID: 0 PID: 6854 Comm: syz.2.308 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 138.320058][ T6854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 138.320070][ T6854] Call Trace: [ 138.320079][ T6854] [ 138.320088][ T6854] dump_stack_lvl+0x189/0x250 [ 138.320118][ T6854] ? __pfx____ratelimit+0x10/0x10 [ 138.320155][ T6854] ? __pfx_dump_stack_lvl+0x10/0x10 [ 138.320180][ T6854] ? __pfx__printk+0x10/0x10 [ 138.320215][ T6854] ? ref_tracker_alloc+0x318/0x460 [ 138.320251][ T6854] should_fail_ex+0x414/0x560 [ 138.320285][ T6854] should_failslab+0xa8/0x100 [ 138.320314][ T6854] kmem_cache_alloc_noprof+0x73/0x3c0 [ 138.320337][ T6854] ? skb_clone+0x212/0x3a0 [ 138.320362][ T6854] skb_clone+0x212/0x3a0 [ 138.320387][ T6854] __netlink_deliver_tap+0x404/0x850 [ 138.320431][ T6854] ? netlink_deliver_tap+0x2e/0x1b0 [ 138.320460][ T6854] netlink_deliver_tap+0x19c/0x1b0 [ 138.320490][ T6854] netlink_unicast+0x730/0x8e0 [ 138.320537][ T6854] netlink_sendmsg+0x805/0xb30 [ 138.320576][ T6854] ? __pfx_netlink_sendmsg+0x10/0x10 [ 138.320620][ T6854] ? aa_sock_msg_perm+0x94/0x160 [ 138.320652][ T6854] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 138.320681][ T6854] ? __pfx_netlink_sendmsg+0x10/0x10 [ 138.320710][ T6854] __sock_sendmsg+0x21c/0x270 [ 138.320738][ T6854] ____sys_sendmsg+0x505/0x830 [ 138.320777][ T6854] ? __pfx_____sys_sendmsg+0x10/0x10 [ 138.320820][ T6854] ? import_iovec+0x74/0xa0 [ 138.320848][ T6854] ___sys_sendmsg+0x21f/0x2a0 [ 138.320871][ T6854] ? __pfx____sys_sendmsg+0x10/0x10 [ 138.320934][ T6854] ? __fget_files+0x2a/0x420 [ 138.320959][ T6854] ? __fget_files+0x3a0/0x420 [ 138.320998][ T6854] __x64_sys_sendmsg+0x19b/0x260 [ 138.321021][ T6854] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 138.321057][ T6854] ? __pfx_ksys_write+0x10/0x10 [ 138.321077][ T6854] ? rcu_is_watching+0x15/0xb0 [ 138.321108][ T6854] ? do_syscall_64+0xbe/0x3b0 [ 138.321150][ T6854] do_syscall_64+0xfa/0x3b0 [ 138.321177][ T6854] ? lockdep_hardirqs_on+0x9c/0x150 [ 138.321203][ T6854] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.321222][ T6854] ? clear_bhb_loop+0x60/0xb0 [ 138.321248][ T6854] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.321267][ T6854] RIP: 0033:0x7faca2d8e929 [ 138.321286][ T6854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.321302][ T6854] RSP: 002b:00007faca3ca7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 138.321324][ T6854] RAX: ffffffffffffffda RBX: 00007faca2fb5fa0 RCX: 00007faca2d8e929 [ 138.321339][ T6854] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000012 [ 138.321351][ T6854] RBP: 00007faca3ca7090 R08: 0000000000000000 R09: 0000000000000000 [ 138.321363][ T6854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 138.321374][ T6854] R13: 0000000000000000 R14: 00007faca2fb5fa0 R15: 00007ffc060274d8 [ 138.321405][ T6854] [ 138.612426][ T6854] netlink: 4 bytes leftover after parsing attributes in process `syz.2.308'. [ 138.628807][ T6854] batadv0: entered promiscuous mode [ 138.634417][ T6854] macsec1: entered allmulticast mode [ 138.639742][ T6854] batadv0: entered allmulticast mode [ 138.684578][ T6854] batadv0: left allmulticast mode [ 138.689746][ T6854] batadv0: left promiscuous mode [ 138.835146][ T6860] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 138.882192][ T6862] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 138.901698][ T6853] lo speed is unknown, defaulting to 1000 [ 139.006518][ T6867] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 139.580094][ T6882] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 139.606109][ T6882] syzkaller0: entered promiscuous mode [ 139.612608][ T6882] syzkaller0: entered allmulticast mode [ 139.883396][ T6898] netlink: 'syz.1.322': attribute type 1 has an invalid length. [ 140.000174][ T6898] bond3: entered promiscuous mode [ 140.019412][ T6898] 8021q: adding VLAN 0 to HW filter on device bond3 [ 140.079556][ T6903] 8021q: adding VLAN 0 to HW filter on device bond3 [ 140.098325][ T6903] bond3: (slave vcan3): The slave device specified does not support setting the MAC address [ 140.129618][ T6903] bond3: (slave vcan3): Setting fail_over_mac to active for active-backup mode [ 140.180740][ T6903] bond3: (slave vcan3): making interface the new active one [ 140.190839][ T6903] vcan3: entered promiscuous mode [ 140.199196][ T6903] bond3: (slave vcan3): Enslaving as an active interface with an up link [ 140.890929][ T6930] x_tables: duplicate underflow at hook 1 [ 142.224871][ T6943] __nla_validate_parse: 8 callbacks suppressed [ 142.224896][ T6943] netlink: 104 bytes leftover after parsing attributes in process `syz.4.335'. [ 142.252828][ T6942] netlink: 8 bytes leftover after parsing attributes in process `syz.1.334'. [ 142.406532][ T6946] netlink: 'syz.2.337': attribute type 1 has an invalid length. [ 142.445878][ T6950] netlink: 4 bytes leftover after parsing attributes in process `syz.3.338'. [ 142.589573][ T6946] bond3: entered promiscuous mode [ 142.620277][ T6946] 8021q: adding VLAN 0 to HW filter on device bond3 [ 142.683184][ T6950] batadv0: entered promiscuous mode [ 142.692776][ T6950] macsec1: entered allmulticast mode [ 142.708412][ T6950] batadv0: entered allmulticast mode [ 142.719783][ T6950] batadv0: left allmulticast mode [ 142.724573][ T6959] netlink: 24 bytes leftover after parsing attributes in process `syz.0.339'. [ 142.740632][ T6950] batadv0: left promiscuous mode [ 142.799026][ T6951] 8021q: adding VLAN 0 to HW filter on device bond3 [ 142.811362][ T6951] bond3: (slave vcan3): The slave device specified does not support setting the MAC address [ 142.821949][ T6951] bond3: (slave vcan3): Setting fail_over_mac to active for active-backup mode [ 142.847210][ T6951] bond3: (slave vcan3): making interface the new active one [ 142.854918][ T6951] vcan3: entered promiscuous mode [ 142.862185][ T6951] bond3: (slave vcan3): Enslaving as an active interface with an up link [ 142.871672][ T6964] netlink: 28 bytes leftover after parsing attributes in process `syz.4.343'. [ 142.902713][ T6964] netlink: 'syz.4.343': attribute type 7 has an invalid length. [ 142.925521][ T6964] netlink: 'syz.4.343': attribute type 8 has an invalid length. [ 142.934829][ T6964] netlink: 4 bytes leftover after parsing attributes in process `syz.4.343'. [ 143.116206][ T6970] netlink: 204 bytes leftover after parsing attributes in process `syz.3.344'. [ 143.126965][ T6964] batadv_slave_1: entered promiscuous mode [ 143.156109][ T6970] netlink: 16 bytes leftover after parsing attributes in process `syz.3.344'. [ 143.168732][ T6964] erspan0: entered promiscuous mode [ 143.193698][ T6964] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 143.204015][ T6964] Cannot create hsr debugfs directory [ 143.209914][ T6964] hsr1: Slave A (gretap0) is not up; please bring it up to get a fully working HSR network [ 143.232858][ T6973] netlink: 4 bytes leftover after parsing attributes in process `syz.2.345'. [ 143.257188][ T6973] batadv0: entered promiscuous mode [ 143.262838][ T6973] macsec1: entered allmulticast mode [ 143.281153][ T6973] batadv0: entered allmulticast mode [ 143.361058][ T6973] batadv0: left allmulticast mode [ 143.379560][ T6973] batadv0: left promiscuous mode [ 143.569467][ T6985] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 143.791274][ T6997] netlink: 8 bytes leftover after parsing attributes in process `syz.1.355'. [ 143.923349][ T7000] netlink: 'syz.4.356': attribute type 1 has an invalid length. [ 143.995683][ T7000] bond3: entered promiscuous mode [ 144.001426][ T7000] 8021q: adding VLAN 0 to HW filter on device bond3 [ 144.046433][ T7005] 8021q: adding VLAN 0 to HW filter on device bond3 [ 144.071166][ T7005] bond3: (slave vcan3): The slave device specified does not support setting the MAC address [ 144.087840][ T7005] bond3: (slave vcan3): Setting fail_over_mac to active for active-backup mode [ 144.118959][ T7005] bond3: (slave vcan3): making interface the new active one [ 144.150038][ T7005] vcan3: entered promiscuous mode [ 144.169984][ T7005] bond3: (slave vcan3): Enslaving as an active interface with an up link [ 144.243559][ T7010] veth1: entered promiscuous mode [ 144.271411][ T7010] veth1: left promiscuous mode [ 144.816163][ T7037] sch_fq: defrate 4294967293 ignored. [ 145.759986][ T7068] syzkaller0: entered promiscuous mode [ 145.784158][ T7068] syzkaller0: entered allmulticast mode [ 146.119193][ T7071] lo speed is unknown, defaulting to 1000 [ 146.520139][ T7096] xt_recent: Unsupported userspace flags (00000048) [ 146.578913][ T7101] sch_fq: defrate 4294967293 ignored. [ 146.718216][ T7106] netlink: 'syz.2.393': attribute type 7 has an invalid length. [ 146.727711][ T7106] netlink: 'syz.2.393': attribute type 8 has an invalid length. [ 146.745112][ T7106] batadv_slave_1: entered promiscuous mode [ 146.752463][ T7106] erspan0: entered promiscuous mode [ 146.759073][ T7106] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 146.767385][ T7106] Cannot create hsr debugfs directory [ 146.773227][ T7106] hsr1: Slave A (gretap0) is not up; please bring it up to get a fully working HSR network [ 147.026927][ T7110] netlink: 'syz.0.394': attribute type 64 has an invalid length. [ 147.650930][ T7121] bridge_slave_0: left allmulticast mode [ 147.755184][ T7121] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.839884][ T7121] bridge_slave_1: left allmulticast mode [ 147.874595][ T7121] bridge_slave_1: left promiscuous mode [ 147.916365][ T7121] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.950492][ T7121] bond0: (slave bond_slave_0): Releasing backup interface [ 147.996144][ T7121] bond0: (slave bond_slave_1): Releasing backup interface [ 148.038698][ T7121] team0: Port device team_slave_0 removed [ 148.063070][ T7121] team0: Port device team_slave_1 removed [ 148.069637][ T7121] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 148.085352][ T7121] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 148.095882][ T7121] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 148.103660][ T7121] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 148.126852][ T7121] bond1: (slave vcan1): Releasing backup interface [ 148.133897][ T7121] vcan1: left promiscuous mode [ 148.155948][ T7121] bond2: (slave vcan2): Releasing backup interface [ 148.162625][ T7121] vcan2: left promiscuous mode [ 148.179735][ T7121] bond3: (slave vcan3): Releasing backup interface [ 148.187603][ T7121] vcan3: left promiscuous mode [ 148.237097][ T7133] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 148.327592][ T7121] syz.2.397 (7121) used greatest stack depth: 18712 bytes left [ 148.589261][ T7144] __nla_validate_parse: 14 callbacks suppressed [ 148.589282][ T7144] netlink: 24 bytes leftover after parsing attributes in process `syz.4.404'. [ 148.673768][ T7146] netlink: 8 bytes leftover after parsing attributes in process `syz.0.406'. [ 148.702909][ T7151] netlink: 'syz.3.407': attribute type 1 has an invalid length. [ 148.710935][ T7146] veth0: entered promiscuous mode [ 148.726859][ T7146] veth0: left promiscuous mode [ 148.974673][ T7159] netlink: 8 bytes leftover after parsing attributes in process `syz.1.410'. [ 149.031257][ T7159] netlink: 'syz.1.410': attribute type 2 has an invalid length. [ 149.087944][ T7162] netlink: 76 bytes leftover after parsing attributes in process `syz.3.411'. [ 149.137140][ T7164] netlink: 4 bytes leftover after parsing attributes in process `syz.4.412'. [ 149.205562][ T7168] netlink: 5 bytes leftover after parsing attributes in process `syz.1.415'. [ 149.339481][ T7170] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 149.419193][ T7173] RDS: rds_bind could not find a transport for ::4000:0:20:0, load rds_tcp or rds_rdma? [ 149.657387][ T7186] xt_recent: Unsupported userspace flags (00000048) [ 149.695040][ T7188] netlink: 204 bytes leftover after parsing attributes in process `syz.4.423'. [ 149.704405][ T7188] netlink: 16 bytes leftover after parsing attributes in process `syz.4.423'. [ 149.940286][ T7196] netlink: 28 bytes leftover after parsing attributes in process `syz.0.427'. [ 149.978378][ T7196] netlink: 'syz.0.427': attribute type 7 has an invalid length. [ 149.996190][ T7196] netlink: 'syz.0.427': attribute type 8 has an invalid length. [ 150.006389][ T7198] netlink: 4 bytes leftover after parsing attributes in process `syz.3.428'. [ 150.016724][ T5861] Bluetooth: hci4: command tx timeout [ 150.047708][ T7198] batadv0: entered promiscuous mode [ 150.058109][ T7198] macsec1: entered allmulticast mode [ 150.071556][ T7198] batadv0: entered allmulticast mode [ 150.094810][ T7198] batadv0: left allmulticast mode [ 150.102398][ T7198] batadv0: left promiscuous mode [ 150.258338][ T7204] netlink: 'syz.2.432': attribute type 5 has an invalid length. [ 150.436155][ T7208] sch_fq: defrate 4294967293 ignored. [ 150.609418][ T7216] bridge_slave_0: left allmulticast mode [ 150.638930][ T7216] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.694008][ T7223] IPVS: length: 160 != 8 [ 150.704123][ T7225] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 150.760875][ T7216] bridge_slave_1: left allmulticast mode [ 150.798944][ T7224] netlink: 'syz.3.434': attribute type 10 has an invalid length. [ 150.848024][ T7216] bridge_slave_1: left promiscuous mode [ 150.877379][ T7216] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.923932][ T7216] bond0: (slave bond_slave_0): Releasing backup interface [ 150.968634][ T7216] bond0: (slave bond_slave_1): Releasing backup interface [ 151.009092][ T7216] team0: Port device team_slave_0 removed [ 151.056911][ T7216] team0: Port device team_slave_1 removed [ 151.068439][ T7216] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 151.077014][ T7216] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 151.093937][ T7216] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 151.102437][ T7216] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 151.120452][ T7216] bond1: (slave vcan1): Releasing backup interface [ 151.128987][ T7216] vcan1: left promiscuous mode [ 151.241021][ T7224] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 151.677760][ T7247] netlink: 'syz.2.445': attribute type 1 has an invalid length. [ 151.686545][ T7255] netlink: 'syz.4.448': attribute type 64 has an invalid length. [ 152.084982][ T7247] bond4: entered promiscuous mode [ 152.090649][ T7247] 8021q: adding VLAN 0 to HW filter on device bond4 [ 152.133412][ T7253] 8021q: adding VLAN 0 to HW filter on device bond4 [ 152.140568][ T7253] bond4: (slave vcan4): The slave device specified does not support setting the MAC address [ 152.156024][ T7253] bond4: (slave vcan4): Setting fail_over_mac to active for active-backup mode [ 152.170580][ T7253] bond4: (slave vcan4): making interface the new active one [ 152.181068][ T7253] vcan4: entered promiscuous mode [ 152.188436][ T7253] bond4: (slave vcan4): Enslaving as an active interface with an up link [ 152.199497][ T7256] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 152.471605][ T7278] x_tables: duplicate underflow at hook 1 [ 152.814807][ T7289] sch_fq: defrate 4294967293 ignored. [ 153.152188][ T7302] tipc: Enabling of bearer <5dp:s> rejected, media not registered [ 153.164440][ T7304] xt_recent: Unsupported userspace flags (00000048) [ 153.467693][ T7315] x_tables: duplicate underflow at hook 1 [ 153.557985][ T7313] batadv0: entered promiscuous mode [ 153.576388][ T7313] macsec1: entered allmulticast mode [ 153.595099][ T7313] batadv0: entered allmulticast mode [ 153.676363][ T7313] batadv0: left allmulticast mode [ 153.692009][ T7313] batadv0: left promiscuous mode [ 155.124371][ T7350] FAULT_INJECTION: forcing a failure. [ 155.124371][ T7350] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 155.184556][ T7350] CPU: 0 UID: 0 PID: 7350 Comm: syz.0.480 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 155.184586][ T7350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 155.184598][ T7350] Call Trace: [ 155.184606][ T7350] [ 155.184616][ T7350] dump_stack_lvl+0x189/0x250 [ 155.184646][ T7350] ? __pfx____ratelimit+0x10/0x10 [ 155.184673][ T7350] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.184697][ T7350] ? __pfx__printk+0x10/0x10 [ 155.184724][ T7350] ? __might_fault+0xb0/0x130 [ 155.184769][ T7350] should_fail_ex+0x414/0x560 [ 155.184804][ T7350] _copy_from_user+0x2d/0xb0 [ 155.184828][ T7350] do_ip_vs_set_ctl+0x2d3/0xa60 [ 155.184855][ T7350] ? __pfx_do_ip_vs_set_ctl+0x10/0x10 [ 155.184872][ T7350] ? rcu_is_watching+0x15/0xb0 [ 155.184914][ T7350] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 155.184950][ T7350] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 155.184976][ T7350] ? aa_sk_perm+0x81e/0x950 [ 155.185009][ T7350] ? __pfx_aa_sk_perm+0x10/0x10 [ 155.185044][ T7350] nf_setsockopt+0x26f/0x290 [ 155.185065][ T7350] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 155.185094][ T7350] do_sock_setsockopt+0x25a/0x3e0 [ 155.185128][ T7350] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 155.185164][ T7350] ? __fget_files+0x2a/0x420 [ 155.185200][ T7350] __x64_sys_setsockopt+0x18b/0x220 [ 155.185238][ T7350] do_syscall_64+0xfa/0x3b0 [ 155.185265][ T7350] ? lockdep_hardirqs_on+0x9c/0x150 [ 155.185290][ T7350] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.185310][ T7350] ? clear_bhb_loop+0x60/0xb0 [ 155.185334][ T7350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.185353][ T7350] RIP: 0033:0x7f590558e929 [ 155.185371][ T7350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.185387][ T7350] RSP: 002b:00007f5906475038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 155.185409][ T7350] RAX: ffffffffffffffda RBX: 00007f59057b5fa0 RCX: 00007f590558e929 [ 155.185423][ T7350] RDX: 0000000000000487 RSI: 0000000000000000 RDI: 0000000000000003 [ 155.185435][ T7350] RBP: 00007f5906475090 R08: 0000000000000044 R09: 0000000000000000 [ 155.185447][ T7350] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.185460][ T7350] R13: 0000000000000000 R14: 00007f59057b5fa0 R15: 00007ffe28124ed8 [ 155.185491][ T7350] [ 155.519842][ T7352] netlink: 'syz.1.481': attribute type 1 has an invalid length. [ 155.596757][ T7356] x_tables: duplicate underflow at hook 1 [ 155.639760][ T7358] netlink: 'syz.0.483': attribute type 1 has an invalid length. [ 155.757733][ T7352] bond4: entered promiscuous mode [ 155.768157][ T7352] 8021q: adding VLAN 0 to HW filter on device bond4 [ 155.825089][ T7353] 8021q: adding VLAN 0 to HW filter on device bond4 [ 155.835144][ T7353] bond4: (slave vcan4): The slave device specified does not support setting the MAC address [ 155.870291][ T7353] bond4: (slave vcan4): Setting fail_over_mac to active for active-backup mode [ 155.886431][ T7353] bond4: (slave vcan4): making interface the new active one [ 155.894795][ T7353] vcan4: entered promiscuous mode [ 155.903513][ T7353] bond4: (slave vcan4): Enslaving as an active interface with an up link [ 155.953967][ T7358] bond4: entered promiscuous mode [ 155.959830][ T7358] 8021q: adding VLAN 0 to HW filter on device bond4 [ 155.993597][ T7360] 8021q: adding VLAN 0 to HW filter on device bond4 [ 156.001471][ T7360] bond4: (slave vcan4): The slave device specified does not support setting the MAC address [ 156.017648][ T7360] bond4: (slave vcan4): Setting fail_over_mac to active for active-backup mode [ 156.034839][ T7360] bond4: (slave vcan4): making interface the new active one [ 156.042499][ T7360] vcan4: entered promiscuous mode [ 156.049424][ T7360] bond4: (slave vcan4): Enslaving as an active interface with an up link [ 156.108129][ T7310] lo speed is unknown, defaulting to 1000 [ 156.228368][ T7371] sch_fq: defrate 4294967293 ignored. [ 156.449170][ T7382] __nla_validate_parse: 44 callbacks suppressed [ 156.449190][ T7382] netlink: 4 bytes leftover after parsing attributes in process `syz.4.491'. [ 156.504471][ T7387] netlink: 12 bytes leftover after parsing attributes in process `syz.4.491'. [ 156.869550][ T7393] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 156.955924][ T7397] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 157.152755][ T7403] sch_fq: defrate 4294967293 ignored. [ 157.365610][ T7405] FAULT_INJECTION: forcing a failure. [ 157.365610][ T7405] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 157.416899][ T7405] CPU: 0 UID: 0 PID: 7405 Comm: syz.3.500 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 157.416929][ T7405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 157.416941][ T7405] Call Trace: [ 157.416949][ T7405] [ 157.416957][ T7405] dump_stack_lvl+0x189/0x250 [ 157.416994][ T7405] ? __pfx____ratelimit+0x10/0x10 [ 157.417022][ T7405] ? __pfx_dump_stack_lvl+0x10/0x10 [ 157.417045][ T7405] ? __pfx__printk+0x10/0x10 [ 157.417072][ T7405] ? fs_reclaim_acquire+0x7d/0x100 [ 157.417108][ T7405] should_fail_ex+0x414/0x560 [ 157.417142][ T7405] prepare_alloc_pages+0x213/0x610 [ 157.417178][ T7405] __alloc_frozen_pages_noprof+0x123/0x370 [ 157.417211][ T7405] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 157.417245][ T7405] ? __pfx__copy_from_iter+0x10/0x10 [ 157.417266][ T7405] ? policy_nodemask+0x27c/0x720 [ 157.417297][ T7405] alloc_pages_mpol+0x232/0x4a0 [ 157.417328][ T7405] alloc_pages_noprof+0xa9/0x190 [ 157.417354][ T7405] anon_pipe_write+0xb85/0x1360 [ 157.417393][ T7405] ? anon_pipe_write+0xbc1/0x1360 [ 157.417437][ T7405] ? __pfx_anon_pipe_write+0x10/0x10 [ 157.417464][ T7405] ? __pfx_autoremove_wake_function+0x10/0x10 [ 157.417496][ T7405] ? bpf_lsm_file_permission+0x9/0x20 [ 157.417515][ T7405] ? security_file_permission+0x75/0x290 [ 157.417550][ T7405] vfs_write+0x54b/0xa90 [ 157.417577][ T7405] ? __pfx_anon_pipe_write+0x10/0x10 [ 157.417605][ T7405] ? __pfx_vfs_write+0x10/0x10 [ 157.417638][ T7405] ? __fget_files+0x2a/0x420 [ 157.417674][ T7405] ksys_write+0x145/0x250 [ 157.417699][ T7405] ? __pfx_ksys_write+0x10/0x10 [ 157.417717][ T7405] ? rcu_is_watching+0x15/0xb0 [ 157.417747][ T7405] ? do_syscall_64+0xbe/0x3b0 [ 157.417787][ T7405] do_syscall_64+0xfa/0x3b0 [ 157.417812][ T7405] ? lockdep_hardirqs_on+0x9c/0x150 [ 157.417838][ T7405] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.417858][ T7405] ? clear_bhb_loop+0x60/0xb0 [ 157.417882][ T7405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.417901][ T7405] RIP: 0033:0x7f2158f8e929 [ 157.417920][ T7405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.417936][ T7405] RSP: 002b:00007f2159d59038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 157.417958][ T7405] RAX: ffffffffffffffda RBX: 00007f21591b5fa0 RCX: 00007f2158f8e929 [ 157.417972][ T7405] RDX: 00000000fffffdef RSI: 00002000000001c0 RDI: 0000000000000000 [ 157.417985][ T7405] RBP: 00007f2159d59090 R08: 0000000000000000 R09: 0000000000000000 [ 157.417997][ T7405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 157.418008][ T7405] R13: 0000000000000000 R14: 00007f21591b5fa0 R15: 00007ffc9dd4fd28 [ 157.418038][ T7405] [ 157.753275][ T7412] gretap0: entered allmulticast mode [ 157.907519][ T7416] netlink: 'syz.1.505': attribute type 21 has an invalid length. [ 158.169430][ T7430] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.306400][ T7432] netlink: 4 bytes leftover after parsing attributes in process `syz.3.510'. [ 158.323953][ T7432] batadv0: entered promiscuous mode [ 158.329917][ T7432] macsec1: entered allmulticast mode [ 158.355298][ T7432] batadv0: entered allmulticast mode [ 158.408218][ T7432] batadv0: left allmulticast mode [ 158.424326][ T7432] batadv0: left promiscuous mode [ 158.851983][ T7461] netlink: 9 bytes leftover after parsing attributes in process `syz.0.519'. [ 158.900078][ T7461] gretap0: left allmulticast mode [ 159.015368][ T7466] x_tables: duplicate underflow at hook 1 [ 159.180103][ T7470] lo speed is unknown, defaulting to 1000 [ 159.239804][ T7475] xt_hashlimit: size too large, truncated to 1048576 [ 159.550612][ T7489] netlink: 16 bytes leftover after parsing attributes in process `syz.2.523'. [ 159.641940][ T7491] netlink: 'syz.1.525': attribute type 64 has an invalid length. [ 159.654219][ T7491] netlink: 4 bytes leftover after parsing attributes in process `syz.1.525'. [ 159.921422][ T7499] xt_recent: Unsupported userspace flags (00000048) [ 160.258170][ T7511] netlink: 8 bytes leftover after parsing attributes in process `syz.3.531'. [ 160.271843][ T7511] netlink: 4 bytes leftover after parsing attributes in process `syz.3.531'. [ 160.290832][ T7511] netlink: 'syz.3.531': attribute type 1 has an invalid length. [ 160.308251][ T7511] netlink: 10 bytes leftover after parsing attributes in process `syz.3.531'. [ 160.498736][ T7516] x_tables: duplicate underflow at hook 1 [ 160.508524][ T7512] netlink: 5 bytes leftover after parsing attributes in process `syz.4.532'. [ 160.704382][ T7526] FAULT_INJECTION: forcing a failure. [ 160.704382][ T7526] name failslab, interval 1, probability 0, space 0, times 0 [ 160.743729][ T7526] CPU: 0 UID: 0 PID: 7526 Comm: syz.0.536 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 160.743775][ T7526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 160.743788][ T7526] Call Trace: [ 160.743797][ T7526] [ 160.743806][ T7526] dump_stack_lvl+0x189/0x250 [ 160.743836][ T7526] ? __pfx____ratelimit+0x10/0x10 [ 160.743864][ T7526] ? __pfx_dump_stack_lvl+0x10/0x10 [ 160.743888][ T7526] ? __pfx__printk+0x10/0x10 [ 160.743921][ T7526] ? __pfx___might_resched+0x10/0x10 [ 160.743944][ T7526] ? fs_reclaim_acquire+0x7d/0x100 [ 160.743978][ T7526] should_fail_ex+0x414/0x560 [ 160.744013][ T7526] should_failslab+0xa8/0x100 [ 160.744040][ T7526] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 160.744065][ T7526] ? __alloc_skb+0x112/0x2d0 [ 160.744098][ T7526] __alloc_skb+0x112/0x2d0 [ 160.744131][ T7526] netlink_ack+0x146/0xa50 [ 160.744156][ T7526] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 160.744181][ T7526] ? ref_tracker_free+0x63a/0x7d0 [ 160.744209][ T7526] ? __copy_skb_header+0xa7/0x550 [ 160.744231][ T7526] ? __pfx_ref_tracker_free+0x10/0x10 [ 160.744261][ T7526] ? __skb_clone+0x63/0x7a0 [ 160.744289][ T7526] netlink_rcv_skb+0x28c/0x470 [ 160.744324][ T7526] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 160.744354][ T7526] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 160.744395][ T7526] ? netlink_deliver_tap+0x2e/0x1b0 [ 160.744422][ T7526] ? netlink_deliver_tap+0x2e/0x1b0 [ 160.744456][ T7526] netlink_unicast+0x759/0x8e0 [ 160.744491][ T7526] netlink_sendmsg+0x805/0xb30 [ 160.744528][ T7526] ? __pfx_netlink_sendmsg+0x10/0x10 [ 160.744560][ T7526] ? aa_sock_msg_perm+0x94/0x160 [ 160.744591][ T7526] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 160.744621][ T7526] ? __pfx_netlink_sendmsg+0x10/0x10 [ 160.744651][ T7526] __sock_sendmsg+0x21c/0x270 [ 160.744679][ T7526] sock_write_iter+0x258/0x330 [ 160.744705][ T7526] ? __pfx_sock_write_iter+0x10/0x10 [ 160.744742][ T7526] ? __pfx_aa_file_perm+0x10/0x10 [ 160.744773][ T7526] do_iter_readv_writev+0x56b/0x7f0 [ 160.744802][ T7526] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 160.744833][ T7526] ? bpf_lsm_file_permission+0x9/0x20 [ 160.744851][ T7526] ? security_file_permission+0x75/0x290 [ 160.744878][ T7526] ? rw_verify_area+0x258/0x650 [ 160.744904][ T7526] vfs_writev+0x31a/0x960 [ 160.744938][ T7526] ? __lock_acquire+0xab9/0xd20 [ 160.744962][ T7526] ? __pfx_vfs_writev+0x10/0x10 [ 160.745006][ T7526] ? __fget_files+0x2a/0x420 [ 160.745038][ T7526] ? __fget_files+0x3a0/0x420 [ 160.745063][ T7526] ? __fget_files+0x2a/0x420 [ 160.745100][ T7526] do_writev+0x14d/0x2d0 [ 160.745131][ T7526] ? __pfx_do_writev+0x10/0x10 [ 160.745156][ T7526] ? rcu_is_watching+0x15/0xb0 [ 160.745186][ T7526] ? do_syscall_64+0xbe/0x3b0 [ 160.745218][ T7526] do_syscall_64+0xfa/0x3b0 [ 160.745245][ T7526] ? lockdep_hardirqs_on+0x9c/0x150 [ 160.745270][ T7526] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.745290][ T7526] ? clear_bhb_loop+0x60/0xb0 [ 160.745321][ T7526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.745340][ T7526] RIP: 0033:0x7f590558e929 [ 160.745358][ T7526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.745375][ T7526] RSP: 002b:00007f5906475038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 160.745396][ T7526] RAX: ffffffffffffffda RBX: 00007f59057b5fa0 RCX: 00007f590558e929 [ 160.745410][ T7526] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003 [ 160.745422][ T7526] RBP: 00007f5906475090 R08: 0000000000000000 R09: 0000000000000000 [ 160.745434][ T7526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 160.745445][ T7526] R13: 0000000000000000 R14: 00007f59057b5fa0 R15: 00007ffe28124ed8 [ 160.745477][ T7526] [ 161.741329][ T7547] __nla_validate_parse: 1 callbacks suppressed [ 161.741349][ T7547] netlink: 28 bytes leftover after parsing attributes in process `syz.0.542'. [ 161.768269][ T7547] netlink: 'syz.0.542': attribute type 7 has an invalid length. [ 161.776574][ T7547] netlink: 'syz.0.542': attribute type 8 has an invalid length. [ 161.777857][ T7539] bond0: (slave wlan1): Releasing backup interface [ 161.784744][ T7547] netlink: 4 bytes leftover after parsing attributes in process `syz.0.542'. [ 161.824865][ T7551] x_tables: duplicate underflow at hook 1 [ 161.906377][ T7543] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2 [ 161.954993][ T7546] netlink: 27 bytes leftover after parsing attributes in process `syz.4.545'. [ 161.961296][ T7543] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0 [ 162.080301][ T7550] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 162.127481][ T7550] syzkaller0: entered promiscuous mode [ 162.141906][ T7550] syzkaller0: entered allmulticast mode [ 162.284961][ T7566] netlink: 'syz.0.549': attribute type 64 has an invalid length. [ 162.368446][ T7568] netlink: 60 bytes leftover after parsing attributes in process `syz.0.549'. [ 162.373378][ T7565] Bluetooth: MGMT ver 1.23 [ 162.768517][ T7576] netlink: 'syz.1.552': attribute type 3 has an invalid length. [ 162.967412][ T7576] netlink: 4 bytes leftover after parsing attributes in process `syz.1.552'. [ 163.137299][ T7583] openvswitch: netlink: IP tunnel dst address not specified [ 166.228711][ T7587] netlink: 32 bytes leftover after parsing attributes in process `syz.1.555'. [ 166.457831][ T7592] netlink: 8 bytes leftover after parsing attributes in process `syz.4.557'. [ 166.573791][ T7598] netlink: 16 bytes leftover after parsing attributes in process `syz.4.557'. [ 166.682104][ T7600] netlink: 892 bytes leftover after parsing attributes in process `syz.2.561'. [ 166.868999][ T7604] lo speed is unknown, defaulting to 1000 [ 166.928620][ T7602] lo speed is unknown, defaulting to 1000 [ 166.930914][ T7607] netlink: 4 bytes leftover after parsing attributes in process `syz.4.563'. [ 166.947575][ T7610] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 167.143666][ T7613] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 167.255270][ T7609] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 167.369065][ T7609] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 167.412657][ T7622] sch_fq: defrate 4294967293 ignored. [ 167.578567][ T7624] netlink: 27 bytes leftover after parsing attributes in process `syz.4.567'. [ 167.666766][ T7561] Set syz1 is full, maxelem 65536 reached [ 167.826684][ T7625] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 167.886509][ T7625] syzkaller0: entered promiscuous mode [ 167.900089][ T7625] syzkaller0: entered allmulticast mode [ 168.200206][ T7645] lo speed is unknown, defaulting to 1000 [ 168.201081][ T7649] netlink: 5 bytes leftover after parsing attributes in process `syz.2.573'. [ 168.767533][ T7663] netlink: 4 bytes leftover after parsing attributes in process `syz.3.577'. [ 170.050314][ T7666] sch_fq: defrate 4294967293 ignored. [ 170.467563][ T7680] netlink: 4 bytes leftover after parsing attributes in process `syz.2.583'. [ 170.496533][ T7680] batadv0: entered promiscuous mode [ 170.513318][ T7680] macsec1: entered allmulticast mode [ 170.526265][ T7680] batadv0: entered allmulticast mode [ 170.551211][ T7680] batadv0: left allmulticast mode [ 170.568347][ T7680] batadv0: left promiscuous mode [ 170.617103][ T7684] netlink: 5 bytes leftover after parsing attributes in process `syz.3.585'. [ 171.036609][ T7689] IPVS: sync thread started: state = MASTER, mcast_ifn = wg0, syncid = 1, id = 0 [ 171.226975][ T7697] netlink: 64 bytes leftover after parsing attributes in process `syz.3.592'. [ 171.327638][ T7701] netlink: 27 bytes leftover after parsing attributes in process `syz.4.589'. [ 171.403563][ T7695] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 171.476426][ T7695] syzkaller0: entered promiscuous mode [ 171.484353][ T7695] syzkaller0: entered allmulticast mode [ 171.508913][ T7709] netlink: 4 bytes leftover after parsing attributes in process `syz.0.591'. [ 171.958325][ T7721] lo speed is unknown, defaulting to 1000 [ 172.491001][ T7732] x_tables: duplicate underflow at hook 1 [ 172.770925][ T7734] netlink: 4 bytes leftover after parsing attributes in process `syz.0.601'. [ 173.796872][ T7734] batadv0: entered promiscuous mode [ 173.812046][ T7734] macsec1: entered allmulticast mode [ 173.818021][ T7734] batadv0: entered allmulticast mode [ 173.861141][ T7734] batadv0: left allmulticast mode [ 173.879049][ T7734] batadv0: left promiscuous mode [ 174.023083][ T7741] xt_recent: Unsupported userspace flags (00000048) [ 174.214469][ T7742] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 174.236059][ T5219] udevd[5219]: worker [7597] terminated by signal 33 (Unknown signal 33) [ 174.262250][ T5219] udevd[5219]: worker [7597] failed while handling '/devices/virtual/block/loop0' [ 174.293870][ T7742] team0: Failed to send port change of device batadv1 via netlink (err -105) [ 174.381620][ T7742] team0: Failed to send options change via netlink (err -105) [ 174.449555][ T7742] team0: Port device batadv1 added [ 174.580363][ T7750] netlink: 868 bytes leftover after parsing attributes in process `syz.0.607'. [ 174.860648][ T7756] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 174.946494][ T7759] netlink: 40 bytes leftover after parsing attributes in process `syz.4.612'. [ 174.996077][ T7760] ip6tnl0: entered promiscuous mode [ 175.001353][ T7760] ip6tnl0: entered allmulticast mode [ 175.145636][ T7767] netlink: 5 bytes leftover after parsing attributes in process `syz.4.615'. [ 175.199617][ T7764] sch_fq: defrate 4294967293 ignored. [ 175.368381][ T7773] netlink: 8 bytes leftover after parsing attributes in process `syz.3.616'. [ 175.420397][ T7783] netlink: 8 bytes leftover after parsing attributes in process `syz.4.618'. [ 175.576054][ T7788] netlink: 'syz.0.621': attribute type 1 has an invalid length. [ 175.841245][ T7796] netlink: 40 bytes leftover after parsing attributes in process `syz.2.625'. [ 176.077559][ T7812] netlink: 4 bytes leftover after parsing attributes in process `syz.0.628'. [ 176.372922][ T7830] netlink: 'syz.3.634': attribute type 64 has an invalid length. [ 176.427470][ T7833] netlink: 40 bytes leftover after parsing attributes in process `syz.0.637'. [ 176.459856][ T7836] netlink: 4 bytes leftover after parsing attributes in process `syz.3.634'. [ 176.963403][ T7856] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 177.332219][ T7872] openvswitch: netlink: IP tunnel dst address not specified [ 177.658728][ T7876] x_tables: duplicate underflow at hook 1 [ 177.779601][ T7883] netlink: 4 bytes leftover after parsing attributes in process `syz.0.656'. [ 177.810144][ T7883] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 177.827645][ T7883] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 177.872703][ T7883] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 177.927307][ T7883] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 177.949066][ T7894] netlink: 64 bytes leftover after parsing attributes in process `syz.1.660'. [ 178.542153][ T7914] netlink: 4 bytes leftover after parsing attributes in process `syz.0.666'. [ 178.742817][ T7922] sch_fq: defrate 4294967293 ignored. [ 178.746682][ T7924] netlink: 'syz.2.669': attribute type 64 has an invalid length. [ 178.830015][ T7928] netlink: 4 bytes leftover after parsing attributes in process `syz.2.669'. [ 179.134565][ T7940] netlink: 9 bytes leftover after parsing attributes in process `syz.0.674'. [ 179.189260][ T7936] lo speed is unknown, defaulting to 1000 [ 179.300846][ T7942] netlink: 32 bytes leftover after parsing attributes in process `syz.0.675'. [ 179.313342][ T7942] trusted_key: syz.0.675 sent an empty control message without MSG_MORE. [ 179.377988][ T7944] netlink: 892 bytes leftover after parsing attributes in process `syz.4.676'. [ 180.291279][ T7956] netlink: 4 bytes leftover after parsing attributes in process `syz.0.680'. [ 180.447424][ T7960] netlink: 28 bytes leftover after parsing attributes in process `syz.0.682'. [ 180.479868][ T7960] netlink: 'syz.0.682': attribute type 7 has an invalid length. [ 180.488285][ T7960] netlink: 'syz.0.682': attribute type 8 has an invalid length. [ 180.508708][ T7960] netlink: 4 bytes leftover after parsing attributes in process `syz.0.682'. [ 180.657539][ T7964] tipc: Started in network mode [ 180.685600][ T7964] tipc: Node identity , cluster identity 4711 [ 180.692691][ T7964] tipc: Failed to obtain node identity [ 180.717221][ T7964] tipc: Enabling of bearer rejected, failed to enable media [ 181.255921][ T7981] netlink: 'syz.1.690': attribute type 21 has an invalid length. [ 181.335991][ T7981] netlink: 'syz.1.690': attribute type 22 has an invalid length. [ 181.346367][ T7981] netlink: 'syz.1.690': attribute type 23 has an invalid length. [ 181.357353][ T7981] netlink: 'syz.1.690': attribute type 25 has an invalid length. [ 181.368348][ T7981] netlink: 'syz.1.690': attribute type 26 has an invalid length. [ 181.530261][ T7990] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 181.725102][ T7997] netlink: 'syz.0.696': attribute type 20 has an invalid length. [ 181.733206][ T7997] netlink: 'syz.0.696': attribute type 21 has an invalid length. [ 181.741099][ T7997] netlink: 'syz.0.696': attribute type 23 has an invalid length. [ 181.749035][ T7997] netlink: 'syz.0.696': attribute type 25 has an invalid length. [ 181.757661][ T7997] netlink: 'syz.0.696': attribute type 27 has an invalid length. [ 182.153954][ T8006] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 182.357730][ T8012] FAULT_INJECTION: forcing a failure. [ 182.357730][ T8012] name failslab, interval 1, probability 0, space 0, times 0 [ 182.374862][ T8012] CPU: 1 UID: 0 PID: 8012 Comm: syz.0.702 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 182.374892][ T8012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 182.374903][ T8012] Call Trace: [ 182.374911][ T8012] [ 182.374920][ T8012] dump_stack_lvl+0x189/0x250 [ 182.374952][ T8012] ? __pfx____ratelimit+0x10/0x10 [ 182.374980][ T8012] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.375005][ T8012] ? __pfx__printk+0x10/0x10 [ 182.375039][ T8012] ? __pfx___might_resched+0x10/0x10 [ 182.375069][ T8012] should_fail_ex+0x414/0x560 [ 182.375105][ T8012] should_failslab+0xa8/0x100 [ 182.375134][ T8012] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 182.375160][ T8012] ? __alloc_skb+0x112/0x2d0 [ 182.375193][ T8012] __alloc_skb+0x112/0x2d0 [ 182.375227][ T8012] netlink_sendmsg+0x5c6/0xb30 [ 182.375267][ T8012] ? __pfx_netlink_sendmsg+0x10/0x10 [ 182.375300][ T8012] ? aa_sock_msg_perm+0x94/0x160 [ 182.375331][ T8012] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 182.375361][ T8012] ? __pfx_netlink_sendmsg+0x10/0x10 [ 182.375397][ T8012] __sock_sendmsg+0x21c/0x270 [ 182.375426][ T8012] ____sys_sendmsg+0x505/0x830 [ 182.375464][ T8012] ? __pfx_____sys_sendmsg+0x10/0x10 [ 182.375507][ T8012] ? import_iovec+0x74/0xa0 [ 182.375535][ T8012] ___sys_sendmsg+0x21f/0x2a0 [ 182.375557][ T8012] ? __pfx____sys_sendmsg+0x10/0x10 [ 182.375617][ T8012] ? __fget_files+0x2a/0x420 [ 182.375643][ T8012] ? __fget_files+0x3a0/0x420 [ 182.375681][ T8012] __x64_sys_sendmsg+0x19b/0x260 [ 182.375704][ T8012] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 182.375735][ T8012] ? __pfx_ksys_write+0x10/0x10 [ 182.375756][ T8012] ? rcu_is_watching+0x15/0xb0 [ 182.375790][ T8012] ? do_syscall_64+0xbe/0x3b0 [ 182.375823][ T8012] do_syscall_64+0xfa/0x3b0 [ 182.375849][ T8012] ? lockdep_hardirqs_on+0x9c/0x150 [ 182.375875][ T8012] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.375895][ T8012] ? clear_bhb_loop+0x60/0xb0 [ 182.375921][ T8012] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.375940][ T8012] RIP: 0033:0x7f590558e929 [ 182.375958][ T8012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.375975][ T8012] RSP: 002b:00007f5906475038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 182.375997][ T8012] RAX: ffffffffffffffda RBX: 00007f59057b5fa0 RCX: 00007f590558e929 [ 182.376012][ T8012] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 182.376024][ T8012] RBP: 00007f5906475090 R08: 0000000000000000 R09: 0000000000000000 [ 182.376036][ T8012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 182.376048][ T8012] R13: 0000000000000000 R14: 00007f59057b5fa0 R15: 00007ffe28124ed8 [ 182.376080][ T8012] [ 182.868163][ T8018] __nla_validate_parse: 5 callbacks suppressed [ 182.868181][ T8018] netlink: 4 bytes leftover after parsing attributes in process `syz.4.705'. [ 182.945738][ T8022] netlink: 4 bytes leftover after parsing attributes in process `syz.4.707'. [ 183.096209][ T8026] netlink: 204 bytes leftover after parsing attributes in process `syz.4.709'. [ 183.106130][ T8026] netlink: 16 bytes leftover after parsing attributes in process `syz.4.709'. [ 183.428624][ T8032] syzkaller0: entered promiscuous mode [ 183.451854][ T8032] syzkaller0: entered allmulticast mode [ 183.694537][ T8034] netlink: 5 bytes leftover after parsing attributes in process `syz.4.713'. [ 183.847350][ T8036] netlink: 8 bytes leftover after parsing attributes in process `syz.4.714'. [ 183.996032][ T8043] syz_tun: entered allmulticast mode [ 184.011489][ T8041] syz_tun: left allmulticast mode [ 184.482855][ T8057] netlink: 64 bytes leftover after parsing attributes in process `syz.4.724'. [ 184.492076][ T8055] netlink: 9 bytes leftover after parsing attributes in process `syz.0.723'. [ 184.579997][ T7841] Set syz1 is full, maxelem 65536 reached [ 184.602216][ T7934] Set syz1 is full, maxelem 65536 reached [ 184.791913][ T8071] netlink: 204 bytes leftover after parsing attributes in process `syz.3.729'. [ 184.822118][ T8071] netlink: 16 bytes leftover after parsing attributes in process `syz.3.729'. [ 184.887569][ T8078] xt_recent: Unsupported userspace flags (00000048) [ 185.098958][ T8085] lo speed is unknown, defaulting to 1000 [ 185.486942][ T8102] FAULT_INJECTION: forcing a failure. [ 185.486942][ T8102] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 185.543550][ T8102] CPU: 0 UID: 0 PID: 8102 Comm: syz.3.743 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 185.543581][ T8102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 185.543594][ T8102] Call Trace: [ 185.543602][ T8102] [ 185.543611][ T8102] dump_stack_lvl+0x189/0x250 [ 185.543642][ T8102] ? __pfx____ratelimit+0x10/0x10 [ 185.543671][ T8102] ? __pfx_dump_stack_lvl+0x10/0x10 [ 185.543695][ T8102] ? __pfx__printk+0x10/0x10 [ 185.543723][ T8102] ? __might_fault+0xb0/0x130 [ 185.543759][ T8102] should_fail_ex+0x414/0x560 [ 185.543793][ T8102] _copy_from_iter+0x1db/0x16f0 [ 185.543818][ T8102] ? rcu_is_watching+0x15/0xb0 [ 185.543844][ T8102] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 185.543871][ T8102] ? __pfx__copy_from_iter+0x10/0x10 [ 185.543893][ T8102] ? __build_skb_around+0x257/0x3e0 [ 185.543927][ T8102] ? netlink_sendmsg+0x642/0xb30 [ 185.543958][ T8102] ? skb_put+0x11b/0x210 [ 185.543992][ T8102] netlink_sendmsg+0x6b2/0xb30 [ 185.544031][ T8102] ? __pfx_netlink_sendmsg+0x10/0x10 [ 185.544064][ T8102] ? aa_sock_msg_perm+0x94/0x160 [ 185.544096][ T8102] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 185.544126][ T8102] ? __pfx_netlink_sendmsg+0x10/0x10 [ 185.544155][ T8102] __sock_sendmsg+0x21c/0x270 [ 185.544183][ T8102] ____sys_sendmsg+0x505/0x830 [ 185.544229][ T8102] ? __pfx_____sys_sendmsg+0x10/0x10 [ 185.544271][ T8102] ? import_iovec+0x74/0xa0 [ 185.544299][ T8102] ___sys_sendmsg+0x21f/0x2a0 [ 185.544320][ T8102] ? __pfx____sys_sendmsg+0x10/0x10 [ 185.544379][ T8102] ? __fget_files+0x2a/0x420 [ 185.544406][ T8102] ? __fget_files+0x3a0/0x420 [ 185.544444][ T8102] __x64_sys_sendmsg+0x19b/0x260 [ 185.544467][ T8102] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 185.544497][ T8102] ? __pfx_ksys_write+0x10/0x10 [ 185.544518][ T8102] ? rcu_is_watching+0x15/0xb0 [ 185.544547][ T8102] ? do_syscall_64+0xbe/0x3b0 [ 185.544580][ T8102] do_syscall_64+0xfa/0x3b0 [ 185.544607][ T8102] ? lockdep_hardirqs_on+0x9c/0x150 [ 185.544633][ T8102] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.544653][ T8102] ? clear_bhb_loop+0x60/0xb0 [ 185.544678][ T8102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.544698][ T8102] RIP: 0033:0x7f2158f8e929 [ 185.544716][ T8102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.544733][ T8102] RSP: 002b:00007f2159d59038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 185.544755][ T8102] RAX: ffffffffffffffda RBX: 00007f21591b5fa0 RCX: 00007f2158f8e929 [ 185.544769][ T8102] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 185.544782][ T8102] RBP: 00007f2159d59090 R08: 0000000000000000 R09: 0000000000000000 [ 185.544793][ T8102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.544804][ T8102] R13: 0000000000000000 R14: 00007f21591b5fa0 R15: 00007ffc9dd4fd28 [ 185.544835][ T8102] [ 186.530877][ T8139] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 186.880237][ T8150] lo speed is unknown, defaulting to 1000 [ 187.777598][ T8172] x_tables: duplicate underflow at hook 1 [ 187.944878][ T8177] validate_nla: 6 callbacks suppressed [ 187.944897][ T8177] netlink: 'syz.3.764': attribute type 64 has an invalid length. [ 188.031786][ T8181] __nla_validate_parse: 7 callbacks suppressed [ 188.031805][ T8181] netlink: 4 bytes leftover after parsing attributes in process `syz.3.764'. [ 188.154266][ T8186] netlink: 20 bytes leftover after parsing attributes in process `syz.3.764'. [ 188.207742][ T8186] netlink: 12 bytes leftover after parsing attributes in process `syz.3.764'. [ 188.477846][ T8193] lo speed is unknown, defaulting to 1000 [ 188.941320][ T8201] netlink: 8 bytes leftover after parsing attributes in process `syz.3.771'. [ 188.996987][ T8203] netlink: 52 bytes leftover after parsing attributes in process `syz.4.772'. [ 189.016341][ T8203] netlink: 52 bytes leftover after parsing attributes in process `syz.4.772'. [ 189.035167][ T8203] netlink: 52 bytes leftover after parsing attributes in process `syz.4.772'. [ 189.120755][ T8203] netlink: 16 bytes leftover after parsing attributes in process `syz.4.772'. [ 189.275238][ T8207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.773'. [ 189.314238][ T8193] netlink: 156 bytes leftover after parsing attributes in process `syz.0.768'. [ 189.522037][ T8209] lo speed is unknown, defaulting to 1000 [ 190.401871][ T8230] FAULT_INJECTION: forcing a failure. [ 190.401871][ T8230] name failslab, interval 1, probability 0, space 0, times 0 [ 190.449413][ T8230] CPU: 1 UID: 0 PID: 8230 Comm: syz.4.779 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 190.449443][ T8230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 190.449457][ T8230] Call Trace: [ 190.449465][ T8230] [ 190.449475][ T8230] dump_stack_lvl+0x189/0x250 [ 190.449505][ T8230] ? __pfx____ratelimit+0x10/0x10 [ 190.449533][ T8230] ? __pfx_dump_stack_lvl+0x10/0x10 [ 190.449558][ T8230] ? __pfx__printk+0x10/0x10 [ 190.449595][ T8230] ? ref_tracker_alloc+0x318/0x460 [ 190.449629][ T8230] should_fail_ex+0x414/0x560 [ 190.449664][ T8230] should_failslab+0xa8/0x100 [ 190.449693][ T8230] kmem_cache_alloc_noprof+0x73/0x3c0 [ 190.449717][ T8230] ? skb_clone+0x212/0x3a0 [ 190.449743][ T8230] skb_clone+0x212/0x3a0 [ 190.449768][ T8230] __netlink_deliver_tap+0x404/0x850 [ 190.449811][ T8230] ? netlink_deliver_tap+0x2e/0x1b0 [ 190.449842][ T8230] netlink_deliver_tap+0x19c/0x1b0 [ 190.449872][ T8230] netlink_unicast+0x730/0x8e0 [ 190.449910][ T8230] netlink_sendmsg+0x805/0xb30 [ 190.449949][ T8230] ? __pfx_netlink_sendmsg+0x10/0x10 [ 190.449982][ T8230] ? aa_sock_msg_perm+0x94/0x160 [ 190.450015][ T8230] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 190.450054][ T8230] ? __pfx_netlink_sendmsg+0x10/0x10 [ 190.450084][ T8230] __sock_sendmsg+0x21c/0x270 [ 190.450112][ T8230] ____sys_sendmsg+0x505/0x830 [ 190.450151][ T8230] ? __pfx_____sys_sendmsg+0x10/0x10 [ 190.450197][ T8230] ? import_iovec+0x74/0xa0 [ 190.450225][ T8230] ___sys_sendmsg+0x21f/0x2a0 [ 190.450248][ T8230] ? __pfx____sys_sendmsg+0x10/0x10 [ 190.450308][ T8230] ? __fget_files+0x2a/0x420 [ 190.450334][ T8230] ? __fget_files+0x3a0/0x420 [ 190.450373][ T8230] __x64_sys_sendmsg+0x19b/0x260 [ 190.450396][ T8230] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 190.450427][ T8230] ? __pfx_ksys_write+0x10/0x10 [ 190.450448][ T8230] ? rcu_is_watching+0x15/0xb0 [ 190.450479][ T8230] ? do_syscall_64+0xbe/0x3b0 [ 190.450511][ T8230] do_syscall_64+0xfa/0x3b0 [ 190.450538][ T8230] ? lockdep_hardirqs_on+0x9c/0x150 [ 190.450565][ T8230] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.450585][ T8230] ? clear_bhb_loop+0x60/0xb0 [ 190.450610][ T8230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.450631][ T8230] RIP: 0033:0x7fd1f198e929 [ 190.450649][ T8230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 190.450667][ T8230] RSP: 002b:00007fd1f271a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 190.450689][ T8230] RAX: ffffffffffffffda RBX: 00007fd1f1bb5fa0 RCX: 00007fd1f198e929 [ 190.450704][ T8230] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 190.450717][ T8230] RBP: 00007fd1f271a090 R08: 0000000000000000 R09: 0000000000000000 [ 190.450730][ T8230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 190.450742][ T8230] R13: 0000000000000000 R14: 00007fd1f1bb5fa0 R15: 00007ffe295757e8 [ 190.450774][ T8230] [ 190.982036][ T3080] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 191.130867][ T667] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 191.185463][ T8240] netlink: 'syz.0.784': attribute type 1 has an invalid length. [ 191.289797][ T8240] bond5: entered promiscuous mode [ 191.291922][ T3080] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.303187][ T8240] 8021q: adding VLAN 0 to HW filter on device bond5 [ 191.374740][ T3080] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.448684][ T8243] 8021q: adding VLAN 0 to HW filter on device bond5 [ 191.483814][ T12] ------------[ cut here ]------------ [ 191.489607][ T12] WARNING: CPU: 1 PID: 12 at net/wireless/ibss.c:37 __cfg80211_ibss_joined+0x3ca/0x440 [ 191.499475][ T12] Modules linked in: [ 191.499893][ T8243] bond5: (slave vcan5): The slave device specified does not support setting the MAC address [ 191.503742][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 191.526030][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 191.534501][ T8243] bond5: (slave vcan5): Setting fail_over_mac to active for active-backup mode [ 191.537134][ T12] Workqueue: cfg80211 cfg80211_event_work [ 191.551797][ T12] RIP: 0010:__cfg80211_ibss_joined+0x3ca/0x440 [ 191.558334][ T12] Code: 00 00 00 75 69 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 08 a0 a3 00 cc e8 32 05 f0 f6 90 0f 0b 90 eb bd e8 27 05 f0 f6 90 <0f> 0b 90 4c 8b 6c 24 18 eb ad e8 17 05 f0 f6 90 0f 0b 90 e9 de fd [ 191.578273][ T12] RSP: 0018:ffffc900001178e0 EFLAGS: 00010293 [ 191.584528][ T12] RAX: ffffffff8ad032a9 RBX: dffffc0000000000 RCX: ffff88801d2dda00 [ 191.592683][ T12] RDX: 0000000000000000 RSI: ffffffff8d9a0779 RDI: ffffffff8be29e00 [ 191.600701][ T12] RBP: ffffc900001179b8 R08: ffffffff8fa23ef7 R09: 1ffffffff1f447de [ 191.609091][ T12] R10: dffffc0000000000 R11: fffffbfff1f447df R12: ffff88805a418d90 [ 191.617478][ T12] R13: 1ffff92000022f24 R14: ffff888029dc3338 R15: 0000000000000006 [ 191.625736][ T12] FS: 0000000000000000(0000) GS:ffff888125d0f000(0000) knlGS:0000000000000000 [ 191.635706][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 191.643088][ T12] CR2: 0000555588b6f808 CR3: 00000000327b6000 CR4: 00000000003526f0 [ 191.651140][ T12] Call Trace: [ 191.651417][ T8243] bond5: (slave vcan5): making interface the new active one [ 191.654508][ T12] [ 191.654526][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 191.654569][ T12] ? __pfx___cfg80211_ibss_joined+0x10/0x10 [ 191.676147][ T12] ? cfg80211_event_work+0x24/0x60 [ 191.681324][ T12] ? __pfx___mutex_lock+0x10/0x10 [ 191.686547][ T12] cfg80211_process_wdev_events+0x38a/0x4f0 [ 191.692839][ T12] cfg80211_process_rdev_events+0xa1/0x110 [ 191.692852][ T8243] vcan5: entered promiscuous mode [ 191.692881][ T12] cfg80211_event_work+0x2c/0x60 [ 191.708814][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 191.714747][ T12] process_scheduled_works+0xae1/0x17b0 [ 191.720382][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 191.726535][ T12] worker_thread+0x8a0/0xda0 [ 191.731212][ T12] kthread+0x70e/0x8a0 [ 191.735393][ T12] ? __pfx_worker_thread+0x10/0x10 [ 191.741359][ T12] ? __pfx_kthread+0x10/0x10 [ 191.742432][ T8243] bond5: (slave vcan5): Enslaving as an active interface with an up link [ 191.746793][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 191.759723][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 191.765015][ T12] ? __pfx_kthread+0x10/0x10 [ 191.769654][ T12] ret_from_fork+0x3fc/0x770 [ 191.774599][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 191.779762][ T12] ? __switch_to_asm+0x39/0x70 [ 191.784640][ T12] ? __switch_to_asm+0x33/0x70 [ 191.789445][ T12] ? __pfx_kthread+0x10/0x10 [ 191.794227][ T12] ret_from_fork_asm+0x1a/0x30 [ 191.799073][ T12] [ 191.802204][ T12] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 191.809530][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 191.821638][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 191.831735][ T12] Workqueue: cfg80211 cfg80211_event_work [ 191.837521][ T12] Call Trace: [ 191.840833][ T12] [ 191.843793][ T12] dump_stack_lvl+0x99/0x250 [ 191.848430][ T12] ? __asan_memcpy+0x40/0x70 [ 191.853059][ T12] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.858309][ T12] ? __pfx__printk+0x10/0x10 [ 191.862973][ T12] panic+0x2db/0x790 [ 191.866921][ T12] ? __pfx_panic+0x10/0x10 [ 191.871359][ T12] ? show_trace_log_lvl+0x4fb/0x550 [ 191.876590][ T12] ? ret_from_fork_asm+0x1a/0x30 [ 191.881552][ T12] __warn+0x31b/0x4b0 [ 191.885542][ T12] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 191.891102][ T12] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 191.896658][ T12] report_bug+0x2be/0x4f0 [ 191.901174][ T12] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 191.906852][ T12] ? __cfg80211_ibss_joined+0x3ca/0x440 [ 191.912458][ T12] ? __cfg80211_ibss_joined+0x3cc/0x440 [ 191.918022][ T12] handle_bug+0x84/0x160 [ 191.922289][ T12] exc_invalid_op+0x1a/0x50 [ 191.926813][ T12] asm_exc_invalid_op+0x1a/0x20 [ 191.931856][ T12] RIP: 0010:__cfg80211_ibss_joined+0x3ca/0x440 [ 191.938127][ T12] Code: 00 00 00 75 69 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d e9 08 a0 a3 00 cc e8 32 05 f0 f6 90 0f 0b 90 eb bd e8 27 05 f0 f6 90 <0f> 0b 90 4c 8b 6c 24 18 eb ad e8 17 05 f0 f6 90 0f 0b 90 e9 de fd [ 191.957766][ T12] RSP: 0018:ffffc900001178e0 EFLAGS: 00010293 [ 191.963863][ T12] RAX: ffffffff8ad032a9 RBX: dffffc0000000000 RCX: ffff88801d2dda00 [ 191.971860][ T12] RDX: 0000000000000000 RSI: ffffffff8d9a0779 RDI: ffffffff8be29e00 [ 191.979857][ T12] RBP: ffffc900001179b8 R08: ffffffff8fa23ef7 R09: 1ffffffff1f447de [ 191.987854][ T12] R10: dffffc0000000000 R11: fffffbfff1f447df R12: ffff88805a418d90 [ 191.996291][ T12] R13: 1ffff92000022f24 R14: ffff888029dc3338 R15: 0000000000000006 [ 192.004396][ T12] ? __cfg80211_ibss_joined+0x3c9/0x440 [ 192.009988][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 192.015217][ T12] ? __pfx___cfg80211_ibss_joined+0x10/0x10 [ 192.021133][ T12] ? cfg80211_event_work+0x24/0x60 [ 192.026297][ T12] ? __pfx___mutex_lock+0x10/0x10 [ 192.031352][ T12] cfg80211_process_wdev_events+0x38a/0x4f0 [ 192.037279][ T12] cfg80211_process_rdev_events+0xa1/0x110 [ 192.043123][ T12] cfg80211_event_work+0x2c/0x60 [ 192.048120][ T12] ? process_scheduled_works+0x9ef/0x17b0 [ 192.053953][ T12] process_scheduled_works+0xae1/0x17b0 [ 192.059555][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 192.065592][ T12] worker_thread+0x8a0/0xda0 [ 192.070337][ T12] kthread+0x70e/0x8a0 [ 192.074466][ T12] ? __pfx_worker_thread+0x10/0x10 [ 192.079605][ T12] ? __pfx_kthread+0x10/0x10 [ 192.084235][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 192.089469][ T12] ? lockdep_hardirqs_on+0x9c/0x150 [ 192.094697][ T12] ? __pfx_kthread+0x10/0x10 [ 192.099418][ T12] ret_from_fork+0x3fc/0x770 [ 192.104035][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 192.109170][ T12] ? __switch_to_asm+0x39/0x70 [ 192.113950][ T12] ? __switch_to_asm+0x33/0x70 [ 192.118739][ T12] ? __pfx_kthread+0x10/0x10 [ 192.123345][ T12] ret_from_fork_asm+0x1a/0x30 [ 192.128164][ T12] [ 192.131488][ T12] Kernel Offset: disabled [ 192.135908][ T12] Rebooting in 86400 seconds..